SlideShare a Scribd company logo

Access Control

Waseem Hamid Hussain
Waseem Hamid Hussain

This document provides an overview of various authentication methods and access control techniques. It discusses biometric authentication using fingerprints, iris scans, and other physiological traits. It also covers risks of biometric authentication like environmental factors impacting accuracy. Additional topics summarized include use of tokens, multi-factor authentication, single sign-on, and public key infrastructure for identity verification.

Data & Analytics
1 of 17
Download to read offline
MAIN SLIDE TITLE HERE STUDENT NAME HERE RELEVANT IMAGE HERE
TABLE OF CONTENT S. NO. T O P I C SLIDE NO. 1. AC C E S S C O NT R O L 3 - 4 2. BI O M E T R I C AU T H E NT I C AT I O N 5 - 7 3. P HY S I O LO G I C AL BI O M E T R I C C O NT R O LS 8 - 9 4. R I S K S O F BI O M E T R I C AU T HE NT I C AT I O N 10 - 11 5. U S E O F T O K E NS 12 6. M U LT I - F AC T O R AU T H E NT I C AT I O N 13 7. S I NG LE S I G N- O N 14 8. P U BLI C K E Y I NF R AS T R U C T U R E 15 9. S T R AT E G I C P LANNI NG 16 10. R E F E R E NC E S 17
ACCESS CONTROL • ACCESS CONTROL INCLUDES • Identification • Authentication • Authorization • Accountability. • COMMON PRACTICES FOR ACCESS CONTROL • Based on determined roles as well as responsibilities. • Principle of least privilege must be followed. • Access control should be constantly reviewed and audited. • Logging-Off information.
ACCESS CONTROL • COMMON CONTROL TYPES FOR ACCESS CONTROL • TECHNICAL CONTROL • Use of Biometrics • Access Control Cards • Username & Password • Encryption • ADMINISTRATIVE CONTROL • These include security awareness trainings, procedures, supervisory structures, personnel control and testing. • PHYSICAL CONTROL • These include computer security, perimeter security, guards and trained dogs and mantraps. • Protocols for Remote Access Authentication • Access Control Lists (ACL) • Account Restrictions • Policy Enforcement
BIOMETRIC AUTHENTICATION • Verifies users by identifying and measuring users behavioural and physiological features. • Provides stronger access control in contrast to pins/ passwords as they can be forgotten, lost or shared. • Biometric measures maximize between-individual random variances while simultaneously minimizing within-individual variability. • Different type of biometric authentication includes: • Face recognition • Fingerprint scanning • Iris/ retinal scanning • Hand geometry • Vein infrared thermo gram • Palm print and gait
BIOMETRIC AUTHENTICATION • Voice Identification is also used, however in an ambient setting, as it includes obstacles like, eavesdropping, manipulation. • Yet its application for disabled and visually impaired/handicapped users is immeasurable. • Good biometric systems have low false rejection and false acceptance. • Unable to achieve 100% accuracy results in bad users experience and is limiting commercialization of this technology. • BIOMETRIC BEHAVIOUR ASSOCIATION & BEHAVIOUR MEASURES • Biometric techniques are costly & complex in contrast to other methods. • Requires uniqueness of eyes and finger for validation. • Acceptable standard speed of authentication is not more than 5-Seconds. • With enrolment time of up to 2-Minutes. • Throughput of 6-10 per minute.
BIOMETRIC AUTHENTICATION • BIOMETRIC CONTROLS & PSYCHOLOGICAL ANALYSIS • False Reject Rate (FRR) • Authorized individuals are erroneously denied access meaning there is a possibility of the system denying access to an individual who has been matched to the template. • False Accept Rate (FAR) • Unauthorized individuals, without a match template are erroneously allowed access. • Cross Error Rate (CER) • It allows users to compare cross systems and remains the most accurate biometric system.
PHYSIOLOGICAL BIOMETRIC CONTROLS • FINGERPRINT RECOGNITION • Cheap, non-intrusive method is used to develop images of ridges, whorls & fingerprint minutia, which can be static and dynamic. • Only disadvantage of the sensor wearing off, it is affected by swellings and injuries and is prone to deception. • RETINAL SCAN • Includes recording unique components in the blood vessels of the retina and identifying patterns on the rear eyeball. • It has the disadvantages of damaging the eye ball due to the laser and the retina patterns may change as a result of heart diseases or diabetes. • IRIS SCAN • Most accurate among all biometric authentication as iris patterns remain constant throughout adulthood and vary between two eyes on an individual .
PHYSIOLOGICAL BIOMETRIC CONTROLS • KEYSTROKE & CONTROL DYNAMICS ANALYSIS • This involves analysing and recognizing an individual’s unique typing rhythm. It uses flight time and dwell time. • SIGNATURE DYNAMICS SYSTEMS • These use user signatures for reference and recognition. They capture the way the pen is held and the amount of pressure exerted and signing speed. They have the advantage of being non-intrusive but speed wear and changing speed can be a barrier.
RISK OF BIOMETRIC AUTHENTICATION • Camera sensitivity, lighting & angle determines accuracy of facial recognition. • Accessories like glasses and lenses can make a person look different. • Temperature and problem with finger can temper with finger print scans. • Apple’s Touch ID, can be bypassed with the use of latex and accurate sensors. • Several system utilized information such as geo-location. • Problem with keystroke dynamics is that, people varies in their typing speed, and while using different keyboards in varying interfaces. • In addition, right handed individuals type slower with their left hand and vice versa. • Index finger allows users to type faster because of its consistent use & instinctive ability.
RISK OF BIOMETRIC AUTHENTICATION • Camera sensitivity, lighting & angle determines accuracy of facial recognition. • Accessories like glasses and lenses can make a person look different. • Temperature and problem with finger can temper with finger print scans. • Apple’s Touch ID, can be bypassed with the use of latex and accurate sensors. • Several system utilized information such as geo-location. • Problem with keystroke dynamics is that, people varies in their typing speed, and while using different keyboards in varying interfaces. • In addition, right handed individuals type slower with their left hand and vice versa. • Index finger allows users to type faster because of its consistent use & instinctive ability.
USE OF TOKENS • ONE TIME PASSWORD (OTP) • Provides maximum security, with list of passwords, and uses them in sequence. But hackers could sniff password. • Users can authenticate with a pin or token, and don’t need to remember or choose password. • IMPORTANCE • They have been designed to replace session IDs, reducing server load, rationalizing permission management, and offering appropriate tools for supporting a cloud-based or distributed infrastructure. • This process has the advantage of statelessness, the token generated by the server need not be stored anywhere. • DRAWBACKS OF OTPs • This has the disadvantage of trust, users will have to deal with the malware through the SMS as encryption on cellular networks is weak. • OTP can be inconvenient as the user has to copy the OTP from the device that received it to the login form. • TIME BASED OTP • Token are required for every user thus require more investment. • Users need to carry the token with them at all times as they won’t be allowed to access the system otherwise. • Users cannot use the system for a long time without the token. • Connections can be vulnerable to sniffing. • Users need to ensure the safety of their tokens. • Security tokens may not be compatible with all severs or applications.
MULTI-FACTOR AUTHENTICATION • MFA also known as two step authentication is an authentication username, password, and additional authentication such as personal information or a physical token. • It guarantees that the users are who they are. • It requires that users identify themselves by presenting a minimum of 2-pieces of evidence through three major categories. • MFA provides layers of protection to the user by preventing a ripple effect. • Some companies employ a MFA for every user this with SSO makes it very secure and completely eliminates the need for passwords. • IMPORTANCE • MFA offers good end user experience and robust security. • It has the advantage of increasing the system’s security when needed. • Due to the magnitude of loss in case of violation MFA requires additional proof. • MFA AUTHENTICATION CONSIDERATIONS • Users are locked out of their accounts in case of a single mistake. • Though used to keep hackers away, hackers can create their own two step authentication to keep users locked out.
SINGLE SIGN-ON • Users can identify themselves to servers only once through this method. • Users can login multiple times with a single password but compromise in a single authentication can compromise all available resources. • The following should be considered when implementing SSO. • Since one authentication regulates access to resources this process should be secure. • Smart cards and tokens maybe used to strengthen the authentication process. • Password policies need to be enforced implementing minimum password length, complexity of password, minimum time for renewal, and maximum frequency of attempts. • Encryption to protect against sniffing should be used. Logins should be used to detect suspicious login attempts. • Authentication servers must be used. • POTENTIAL RISKS • Authentication and privacy keys are a security concern. • If the SSO server is unavailable the users cannot access any site. • SSO is not suitable for multi-user computers if they remain logged at all times. • They lack back up and better authentication. • If the password is weak it is easy to identify and hack accounts, once hacked all accounts will be compromised.
PUBLIC KEY INFRASTRUCTURE • PKI is defined as a technology that uses mathematical processes and algorithms to facilitate secure transactions using data integrity, data confidentiality, and authentication by Kim. • PKI uses certificates, developed by a trusted certificate authority to prove an individual’s identity. • The user is authenticated by the certificate authority’s private key. • This certificate can be used for authentication to access many applications that check the identity through the digital signature from the CA. • PKI is valuable to applications that require no pre-registration like online transactions. • Users only require a certificate from the certificate authority. • RISKS OF PKI • There is no governing body to enforce the standards of PKI. • CAs are trusted third parties but limitations in security procedures over the years. • It has resulted in less trust in PKI as any compromise in CA can expose the entire PKI security to risks
STRATEGIC PLANNING • Strategic operations define an organization’s strategy or direction and the decisions it takes and the resources it allocates to pursue that strategy. • Organizations need to keep in mind the following: • What the organization is currently doing • Who they are doing it for • How will they excel going forward • Strategic decisions keep in view the next three to five years and consider any potential mishaps. These mishaps may also include untapped opportunities. • These decisions are affected by factors that may be out of the organization’s control, e.g. wars, geopolitical shocks etc. • Organizations’ strategies should also address how they intend to sustain their operations and provide quality products or services to their customers while including capabilities for future innovations. • Strategic planning involves the following steps: • Clarifying Mission & Vision Statements • Identifying Current & Future Market Position • Prioritizing
REFERENCES • Alfred, A. (2016). Node.js: Token-Based Authentication Part 3. Defining Routes and Implementing Token-Based Authentication. • Dasgupta, D., Roy, A., & Nag, A. (January 01, 2017). Multi-Factor Authentication: More secure approach towards authenticating individuals. • Dimov, D., & In Tistarelli, M. (2015). Biometric Authentication. Cham (Alemania: Springer. • Kim, D. (2016). Access control, authentication, and public key infrastructure: Laboratory manual to accompany. • Kung, S. Y., Mak, M.-W., & Lin, S.-H. (2017). Biometric authentication: A machine learning approach. Upper Saddle River: Prentice Hall. • Miller, W. (2015). Foundations of iOS Security: Working with Single Sign-on Authentication. • Roebuck, K. (2017). Security Tokens: High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors. Dayboro: Emereo Pub. • Schmeh, K. (2016). Cryptography and Public Key Infrastructure on the Internet. New York, NY: John Wiley & Sons. • Sampson, A. (2015). Architecting Microsoft Azure Solutions: Multi-factor Authentication Overview. • Stanislav, M. (2015). Two-factor authentication. Ely, Cambridgeshire, United Kingdom: It Governance Publishing.

Recommended

1.palm vein technology(final)
1.palm vein technology(final)1.palm vein technology(final)
1.palm vein technology(final)
Ojal Katiyar
 
Bio metric security
Bio metric securityBio metric security
Bio metric security
Mohamed Safraz
 
Palm vein technology ppt
Palm vein technology pptPalm vein technology ppt
Palm vein technology ppt
Dhara k
 
Airport turnstile - Mairsturnstile.com
Airport turnstile - Mairsturnstile.comAirport turnstile - Mairsturnstile.com
Airport turnstile - Mairsturnstile.com
www.mairsturnstile.com
 
Atm using fingerprint
Atm using fingerprintAtm using fingerprint
Atm using fingerprint
AnIsh Kumar
 
Palm Vein Technology
Palm Vein TechnologyPalm Vein Technology
Palm Vein Technology
sathyakawthar
 
Fingerprint base security system
Fingerprint base security systemFingerprint base security system
Fingerprint base security system
praful borad
 
Factory turnstile - Mairsturnstile.com
Factory turnstile - Mairsturnstile.comFactory turnstile - Mairsturnstile.com
Factory turnstile - Mairsturnstile.com
www.mairsturnstile.com
 

Recommended

1.palm vein technology(final)
1.palm vein technology(final)1.palm vein technology(final)
1.palm vein technology(final)
Ojal Katiyar
 
Bio metric security
Bio metric securityBio metric security
Bio metric security
Mohamed Safraz
 
Palm vein technology ppt
Palm vein technology pptPalm vein technology ppt
Palm vein technology ppt
Dhara k
 
Airport turnstile - Mairsturnstile.com
Airport turnstile - Mairsturnstile.comAirport turnstile - Mairsturnstile.com
Airport turnstile - Mairsturnstile.com
www.mairsturnstile.com
 
Atm using fingerprint
Atm using fingerprintAtm using fingerprint
Atm using fingerprint
AnIsh Kumar
 
Palm Vein Technology
Palm Vein TechnologyPalm Vein Technology
Palm Vein Technology
sathyakawthar
 
Fingerprint base security system
Fingerprint base security systemFingerprint base security system
Fingerprint base security system
praful borad
 
Factory turnstile - Mairsturnstile.com
Factory turnstile - Mairsturnstile.comFactory turnstile - Mairsturnstile.com
Factory turnstile - Mairsturnstile.com
www.mairsturnstile.com
 
Bank locker system
Bank locker systemBank locker system
Bank locker system
Rahul Wagh
 
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGYATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
JOLLUSUDARSHANREDDY
 
Finger print ATM
Finger print ATMFinger print ATM
Finger print ATM
Ankan Biswas
 
High protection ATM system with fingerprint identification technology
High protection ATM system with fingerprint identification technologyHigh protection ATM system with fingerprint identification technology
High protection ATM system with fingerprint identification technology
Alfred Oboi
 
Finger print based door access system
Finger print based door access systemFinger print based door access system
Finger print based door access system
Akshay Govekar
 
FINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
FINGERPRINT BASED LOCKER WITH IMAGE CAPTUREFINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
FINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
Michael George
 
GSM Based Bank Security Control
GSM Based Bank Security ControlGSM Based Bank Security Control
GSM Based Bank Security Control
mohin04
 
Fingerprint based attendance record system
Fingerprint based attendance record systemFingerprint based attendance record system
Fingerprint based attendance record system
Pvrtechnologies Nellore
 
christopher owoicho project
christopher owoicho projectchristopher owoicho project
christopher owoicho project
christopher owoicho
 
ATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSMATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSM
Alpesh Kurhade
 
Fingerprintattendancesystem 131016052949-phpapp01
Fingerprintattendancesystem 131016052949-phpapp01Fingerprintattendancesystem 131016052949-phpapp01
Fingerprintattendancesystem 131016052949-phpapp01
Muhammad Tahir Mehmood
 
Example of access control
Example of access controlExample of access control
Example of access control
Hafiza Abas
 
Best office turnstiles - Mairsturnstile.com
Best office turnstiles - Mairsturnstile.comBest office turnstiles - Mairsturnstile.com
Best office turnstiles - Mairsturnstile.com
www.mairsturnstile.com
 
SOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesSOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phones
Ashish Sutar
 
Finger print recognized atm system
Finger print recognized atm systemFinger print recognized atm system
Finger print recognized atm system
Pvrtechnologies Nellore
 
Fingerprint base security system
Fingerprint base security systemFingerprint base security system
Fingerprint base security system
praful borad
 
Sw week12-b
Sw week12-bSw week12-b
Sw week12-b
Shouta Yoshida
 
FINGERPRINT BASED ATM SYSTEM
FINGERPRINT BASED ATM SYSTEMFINGERPRINT BASED ATM SYSTEM
FINGERPRINT BASED ATM SYSTEM
Journal For Research
 
A86eseminar on biometrics
A86eseminar on biometricsA86eseminar on biometrics
A86eseminar on biometrics
Srishti Sabharwal
 
Finger print authentication for bikes
Finger print authentication for bikes Finger print authentication for bikes
Finger print authentication for bikes
Saiprasad
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Ranjith_Bm
Ranjith_BmRanjith_Bm
Ranjith_Bm
branjith
 

More Related Content

What's hot

Finger print based door access system
Finger print based door access systemFinger print based door access system
Finger print based door access system
Akshay Govekar
 
FINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
FINGERPRINT BASED LOCKER WITH IMAGE CAPTUREFINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
FINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
Michael George
 
Fingerprintattendancesystem 131016052949-phpapp01
Fingerprintattendancesystem 131016052949-phpapp01Fingerprintattendancesystem 131016052949-phpapp01
Fingerprintattendancesystem 131016052949-phpapp01
Muhammad Tahir Mehmood
 
FINGERPRINT BASED ATM SYSTEM
FINGERPRINT BASED ATM SYSTEMFINGERPRINT BASED ATM SYSTEM
FINGERPRINT BASED ATM SYSTEM
Journal For Research
 

What's hot (20)

Bank locker system
Bank locker systemBank locker system
Bank locker system
 
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGYATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
ATM USER ACCOUNT SECURE BY USING GSM TECHNOLOGY
 
Finger print ATM
Finger print ATMFinger print ATM
Finger print ATM
 
High protection ATM system with fingerprint identification technology
High protection ATM system with fingerprint identification technologyHigh protection ATM system with fingerprint identification technology
High protection ATM system with fingerprint identification technology
 
Finger print based door access system
Finger print based door access systemFinger print based door access system
Finger print based door access system
 
FINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
FINGERPRINT BASED LOCKER WITH IMAGE CAPTUREFINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
FINGERPRINT BASED LOCKER WITH IMAGE CAPTURE
 
GSM Based Bank Security Control
GSM Based Bank Security ControlGSM Based Bank Security Control
GSM Based Bank Security Control
 
Fingerprint based attendance record system
Fingerprint based attendance record systemFingerprint based attendance record system
Fingerprint based attendance record system
 
christopher owoicho project
christopher owoicho projectchristopher owoicho project
christopher owoicho project
 
ATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSMATM Security by using Fingerprint Recognition And GSM
ATM Security by using Fingerprint Recognition And GSM
 
Fingerprintattendancesystem 131016052949-phpapp01
Fingerprintattendancesystem 131016052949-phpapp01Fingerprintattendancesystem 131016052949-phpapp01
Fingerprintattendancesystem 131016052949-phpapp01
 
Example of access control
Example of access controlExample of access control
Example of access control
 
Best office turnstiles - Mairsturnstile.com
Best office turnstiles - Mairsturnstile.comBest office turnstiles - Mairsturnstile.com
Best office turnstiles - Mairsturnstile.com
 
SOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesSOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phones
 
Finger print recognized atm system
Finger print recognized atm systemFinger print recognized atm system
Finger print recognized atm system
 
Fingerprint base security system
Fingerprint base security systemFingerprint base security system
Fingerprint base security system
 
Sw week12-b
Sw week12-bSw week12-b
Sw week12-b
 
FINGERPRINT BASED ATM SYSTEM
FINGERPRINT BASED ATM SYSTEMFINGERPRINT BASED ATM SYSTEM
FINGERPRINT BASED ATM SYSTEM
 
A86eseminar on biometrics
A86eseminar on biometricsA86eseminar on biometrics
A86eseminar on biometrics
 
Finger print authentication for bikes
Finger print authentication for bikes Finger print authentication for bikes
Finger print authentication for bikes
 

Similar to Access Control

Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Biometric security tech
Biometric security techBiometric security tech
Biometric security tech
mmubashirkhan
 

Similar to Access Control (20)

User authentication
User authenticationUser authentication
User authentication
 
Ranjith_Bm
Ranjith_BmRanjith_Bm
Ranjith_Bm
 
Biometrics
BiometricsBiometrics
Biometrics
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 
Palmsecure
PalmsecurePalmsecure
Palmsecure
 
Biometrics
BiometricsBiometrics
Biometrics
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
palm vein technology
palm vein technologypalm vein technology
palm vein technology
 
Palm vein Technology
Palm vein TechnologyPalm vein Technology
Palm vein Technology
 
Biometric security tech
Biometric security techBiometric security tech
Biometric security tech
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
Keystroke dynamics
Keystroke dynamicsKeystroke dynamics
Keystroke dynamics
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthautha
 
blue eyes technology 2 by study wars.pptx
blue eyes technology 2 by study wars.pptxblue eyes technology 2 by study wars.pptx
blue eyes technology 2 by study wars.pptx
 
Palm vein technology.pptx
Palm vein technology.pptxPalm vein technology.pptx
Palm vein technology.pptx
 
2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx
 
Unit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptxUnit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptx
 
Biometrics 2.pptx
Biometrics 2.pptxBiometrics 2.pptx
Biometrics 2.pptx
 

Recently uploaded

一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
nscud
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
ewymefz
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
ewymefz
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
vcaxypu
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
ewymefz
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
ukgaet
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
ewymefz
 
Computer Presentation.pptx ecommerce advantage s
Computer Presentation.pptx ecommerce advantage sComputer Presentation.pptx ecommerce advantage s
Computer Presentation.pptx ecommerce advantage s
MAQIB18
 
Introduction-to-Cybersecurit57hhfcbbcxxx
Introduction-to-Cybersecurit57hhfcbbcxxxIntroduction-to-Cybersecurit57hhfcbbcxxx
Introduction-to-Cybersecurit57hhfcbbcxxx
zahraomer517
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
ocavb
 

Recently uploaded (20)

Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
 
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
 
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPsWebinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
 
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
Innovative Methods in Media and Communication Research by Sebastian Kubitschk...
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
 
Uber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis ReportUber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis Report
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
 
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
2024-05-14 - Tableau User Group - TC24 Hot Topics - Tableau Pulse and Einstei...
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
 
Tabula.io Cheatsheet: automate your data workflows
Tabula.io Cheatsheet: automate your data workflowsTabula.io Cheatsheet: automate your data workflows
Tabula.io Cheatsheet: automate your data workflows
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
 
Computer Presentation.pptx ecommerce advantage s
Computer Presentation.pptx ecommerce advantage sComputer Presentation.pptx ecommerce advantage s
Computer Presentation.pptx ecommerce advantage s
 
Introduction-to-Cybersecurit57hhfcbbcxxx
Introduction-to-Cybersecurit57hhfcbbcxxxIntroduction-to-Cybersecurit57hhfcbbcxxx
Introduction-to-Cybersecurit57hhfcbbcxxx
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
 

Access Control

  • 1. MAIN SLIDE TITLE HERE STUDENT NAME HERE RELEVANT IMAGE HERE
  • 2. TABLE OF CONTENT S. NO. T O P I C SLIDE NO. 1. AC C E S S C O NT R O L 3 - 4 2. BI O M E T R I C AU T H E NT I C AT I O N 5 - 7 3. P HY S I O LO G I C AL BI O M E T R I C C O NT R O LS 8 - 9 4. R I S K S O F BI O M E T R I C AU T HE NT I C AT I O N 10 - 11 5. U S E O F T O K E NS 12 6. M U LT I - F AC T O R AU T H E NT I C AT I O N 13 7. S I NG LE S I G N- O N 14 8. P U BLI C K E Y I NF R AS T R U C T U R E 15 9. S T R AT E G I C P LANNI NG 16 10. R E F E R E NC E S 17
  • 3. ACCESS CONTROL • ACCESS CONTROL INCLUDES • Identification • Authentication • Authorization • Accountability. • COMMON PRACTICES FOR ACCESS CONTROL • Based on determined roles as well as responsibilities. • Principle of least privilege must be followed. • Access control should be constantly reviewed and audited. • Logging-Off information.
  • 4. ACCESS CONTROL • COMMON CONTROL TYPES FOR ACCESS CONTROL • TECHNICAL CONTROL • Use of Biometrics • Access Control Cards • Username & Password • Encryption • ADMINISTRATIVE CONTROL • These include security awareness trainings, procedures, supervisory structures, personnel control and testing. • PHYSICAL CONTROL • These include computer security, perimeter security, guards and trained dogs and mantraps. • Protocols for Remote Access Authentication • Access Control Lists (ACL) • Account Restrictions • Policy Enforcement
  • 5. BIOMETRIC AUTHENTICATION • Verifies users by identifying and measuring users behavioural and physiological features. • Provides stronger access control in contrast to pins/ passwords as they can be forgotten, lost or shared. • Biometric measures maximize between-individual random variances while simultaneously minimizing within-individual variability. • Different type of biometric authentication includes: • Face recognition • Fingerprint scanning • Iris/ retinal scanning • Hand geometry • Vein infrared thermo gram • Palm print and gait
  • 6. BIOMETRIC AUTHENTICATION • Voice Identification is also used, however in an ambient setting, as it includes obstacles like, eavesdropping, manipulation. • Yet its application for disabled and visually impaired/handicapped users is immeasurable. • Good biometric systems have low false rejection and false acceptance. • Unable to achieve 100% accuracy results in bad users experience and is limiting commercialization of this technology. • BIOMETRIC BEHAVIOUR ASSOCIATION & BEHAVIOUR MEASURES • Biometric techniques are costly & complex in contrast to other methods. • Requires uniqueness of eyes and finger for validation. • Acceptable standard speed of authentication is not more than 5-Seconds. • With enrolment time of up to 2-Minutes. • Throughput of 6-10 per minute.
  • 7. BIOMETRIC AUTHENTICATION • BIOMETRIC CONTROLS & PSYCHOLOGICAL ANALYSIS • False Reject Rate (FRR) • Authorized individuals are erroneously denied access meaning there is a possibility of the system denying access to an individual who has been matched to the template. • False Accept Rate (FAR) • Unauthorized individuals, without a match template are erroneously allowed access. • Cross Error Rate (CER) • It allows users to compare cross systems and remains the most accurate biometric system.
  • 8. PHYSIOLOGICAL BIOMETRIC CONTROLS • FINGERPRINT RECOGNITION • Cheap, non-intrusive method is used to develop images of ridges, whorls & fingerprint minutia, which can be static and dynamic. • Only disadvantage of the sensor wearing off, it is affected by swellings and injuries and is prone to deception. • RETINAL SCAN • Includes recording unique components in the blood vessels of the retina and identifying patterns on the rear eyeball. • It has the disadvantages of damaging the eye ball due to the laser and the retina patterns may change as a result of heart diseases or diabetes. • IRIS SCAN • Most accurate among all biometric authentication as iris patterns remain constant throughout adulthood and vary between two eyes on an individual .
  • 9. PHYSIOLOGICAL BIOMETRIC CONTROLS • KEYSTROKE & CONTROL DYNAMICS ANALYSIS • This involves analysing and recognizing an individual’s unique typing rhythm. It uses flight time and dwell time. • SIGNATURE DYNAMICS SYSTEMS • These use user signatures for reference and recognition. They capture the way the pen is held and the amount of pressure exerted and signing speed. They have the advantage of being non-intrusive but speed wear and changing speed can be a barrier.
  • 10. RISK OF BIOMETRIC AUTHENTICATION • Camera sensitivity, lighting & angle determines accuracy of facial recognition. • Accessories like glasses and lenses can make a person look different. • Temperature and problem with finger can temper with finger print scans. • Apple’s Touch ID, can be bypassed with the use of latex and accurate sensors. • Several system utilized information such as geo-location. • Problem with keystroke dynamics is that, people varies in their typing speed, and while using different keyboards in varying interfaces. • In addition, right handed individuals type slower with their left hand and vice versa. • Index finger allows users to type faster because of its consistent use & instinctive ability.
  • 11. RISK OF BIOMETRIC AUTHENTICATION • Camera sensitivity, lighting & angle determines accuracy of facial recognition. • Accessories like glasses and lenses can make a person look different. • Temperature and problem with finger can temper with finger print scans. • Apple’s Touch ID, can be bypassed with the use of latex and accurate sensors. • Several system utilized information such as geo-location. • Problem with keystroke dynamics is that, people varies in their typing speed, and while using different keyboards in varying interfaces. • In addition, right handed individuals type slower with their left hand and vice versa. • Index finger allows users to type faster because of its consistent use & instinctive ability.
  • 12. USE OF TOKENS • ONE TIME PASSWORD (OTP) • Provides maximum security, with list of passwords, and uses them in sequence. But hackers could sniff password. • Users can authenticate with a pin or token, and don’t need to remember or choose password. • IMPORTANCE • They have been designed to replace session IDs, reducing server load, rationalizing permission management, and offering appropriate tools for supporting a cloud-based or distributed infrastructure. • This process has the advantage of statelessness, the token generated by the server need not be stored anywhere. • DRAWBACKS OF OTPs • This has the disadvantage of trust, users will have to deal with the malware through the SMS as encryption on cellular networks is weak. • OTP can be inconvenient as the user has to copy the OTP from the device that received it to the login form. • TIME BASED OTP • Token are required for every user thus require more investment. • Users need to carry the token with them at all times as they won’t be allowed to access the system otherwise. • Users cannot use the system for a long time without the token. • Connections can be vulnerable to sniffing. • Users need to ensure the safety of their tokens. • Security tokens may not be compatible with all severs or applications.
  • 13. MULTI-FACTOR AUTHENTICATION • MFA also known as two step authentication is an authentication username, password, and additional authentication such as personal information or a physical token. • It guarantees that the users are who they are. • It requires that users identify themselves by presenting a minimum of 2-pieces of evidence through three major categories. • MFA provides layers of protection to the user by preventing a ripple effect. • Some companies employ a MFA for every user this with SSO makes it very secure and completely eliminates the need for passwords. • IMPORTANCE • MFA offers good end user experience and robust security. • It has the advantage of increasing the system’s security when needed. • Due to the magnitude of loss in case of violation MFA requires additional proof. • MFA AUTHENTICATION CONSIDERATIONS • Users are locked out of their accounts in case of a single mistake. • Though used to keep hackers away, hackers can create their own two step authentication to keep users locked out.
  • 14. SINGLE SIGN-ON • Users can identify themselves to servers only once through this method. • Users can login multiple times with a single password but compromise in a single authentication can compromise all available resources. • The following should be considered when implementing SSO. • Since one authentication regulates access to resources this process should be secure. • Smart cards and tokens maybe used to strengthen the authentication process. • Password policies need to be enforced implementing minimum password length, complexity of password, minimum time for renewal, and maximum frequency of attempts. • Encryption to protect against sniffing should be used. Logins should be used to detect suspicious login attempts. • Authentication servers must be used. • POTENTIAL RISKS • Authentication and privacy keys are a security concern. • If the SSO server is unavailable the users cannot access any site. • SSO is not suitable for multi-user computers if they remain logged at all times. • They lack back up and better authentication. • If the password is weak it is easy to identify and hack accounts, once hacked all accounts will be compromised.
  • 15. PUBLIC KEY INFRASTRUCTURE • PKI is defined as a technology that uses mathematical processes and algorithms to facilitate secure transactions using data integrity, data confidentiality, and authentication by Kim. • PKI uses certificates, developed by a trusted certificate authority to prove an individual’s identity. • The user is authenticated by the certificate authority’s private key. • This certificate can be used for authentication to access many applications that check the identity through the digital signature from the CA. • PKI is valuable to applications that require no pre-registration like online transactions. • Users only require a certificate from the certificate authority. • RISKS OF PKI • There is no governing body to enforce the standards of PKI. • CAs are trusted third parties but limitations in security procedures over the years. • It has resulted in less trust in PKI as any compromise in CA can expose the entire PKI security to risks
  • 16. STRATEGIC PLANNING • Strategic operations define an organization’s strategy or direction and the decisions it takes and the resources it allocates to pursue that strategy. • Organizations need to keep in mind the following: • What the organization is currently doing • Who they are doing it for • How will they excel going forward • Strategic decisions keep in view the next three to five years and consider any potential mishaps. These mishaps may also include untapped opportunities. • These decisions are affected by factors that may be out of the organization’s control, e.g. wars, geopolitical shocks etc. • Organizations’ strategies should also address how they intend to sustain their operations and provide quality products or services to their customers while including capabilities for future innovations. • Strategic planning involves the following steps: • Clarifying Mission & Vision Statements • Identifying Current & Future Market Position • Prioritizing
  • 17. REFERENCES • Alfred, A. (2016). Node.js: Token-Based Authentication Part 3. Defining Routes and Implementing Token-Based Authentication. • Dasgupta, D., Roy, A., & Nag, A. (January 01, 2017). Multi-Factor Authentication: More secure approach towards authenticating individuals. • Dimov, D., & In Tistarelli, M. (2015). Biometric Authentication. Cham (Alemania: Springer. • Kim, D. (2016). Access control, authentication, and public key infrastructure: Laboratory manual to accompany. • Kung, S. Y., Mak, M.-W., & Lin, S.-H. (2017). Biometric authentication: A machine learning approach. Upper Saddle River: Prentice Hall. • Miller, W. (2015). Foundations of iOS Security: Working with Single Sign-on Authentication. • Roebuck, K. (2017). Security Tokens: High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors. Dayboro: Emereo Pub. • Schmeh, K. (2016). Cryptography and Public Key Infrastructure on the Internet. New York, NY: John Wiley & Sons. • Sampson, A. (2015). Architecting Microsoft Azure Solutions: Multi-factor Authentication Overview. • Stanislav, M. (2015). Two-factor authentication. Ely, Cambridgeshire, United Kingdom: It Governance Publishing.