CSC204 – PRACTICAL APPROACH TO

OPERATING SYSTEMS ASSIGNMENT

DIPLOMA IN COMPUTER SCIENCE

SEMESTER OCT 2022 – MARCH 2023

CSC204 – PRACTICAL APPROACH OF OPERATING SYSTEM

ASSIGNMENT: SECTION B (STRUCTURED)

Prepared for:
MOHD ZHAFRI BIN MOHD ZUKHI

Prepared by:
ADAM HAKIM BIN SHAHIDAN
(2021824824)

DATELINE: 31 DECEMBER 2022

UITM, Kedah | 1
 CSC204 – PRACTICAL APPROACH TO
OPERATING SYSTEMS ASSIGNMENT

Instruction:

1. This assignment carries 30% of your total Coursework marks.

2. There are TWO sections in this assignment as below:

i. SECTION A: LAB EXERCISE (CLO2) – 20% (1/12/2022-Due)

ii. SECTION B: STRUCTURED (CLO3) – 10% (22/12/2022-Due)

Students are required to complete both sections.

3. This is an INDIVIDUAL assignment. Strictly follow the rules that NO copying is

allowed. Any act of copying will result in ZERO marks.

4. The duration of this assignment is 5 weeks from today (22/12/2021).

5. Please refer to the guidelines in preparing the cover page for this assignment.

6. Dateline to submit the Assignment is in Week 7 (Thursday—1/12/2022) & Week 10

(Thursday --22/12/2022), by 5 pm. (Any late submission will NOT be entertained, for
any reason).

7. Upon submission, you should upload in softcopy of your assignment to Google

Classroom in assignment section.

8. You will not receive back your assignment. Therefore, it is advisable to make your own
copy for your reference.

9. The respective student must be present upon submitting the assignment. Those who failed
to do so will be graded as ZERO.

UITM, Kedah | 2
 CSC204 – PRACTICAL APPROACH TO
OPERATING SYSTEMS ASSIGNMENT

SECTION B: THEORY/ STRUCTURED (CLO3) – 10%

Provide a detailed explanation/ definition and discussion for the following: -

Chapter 4: Security Technique to Authenticate System User.

Important notes:

• Report must be written in 1500 words with the format:

1. Times New Roman Font
2. Size 12
3. Align justify for all paragraph

• Students may include appropriate diagrams to enhance their explanation.

• Students should provide explanation other than the definitions provided in the
lecture notes.
• Students should organize the information in an effective manner for better grading
in this assignment.

UITM, Kedah | 3
 CSC204 – PRACTICAL APPROACH TO
OPERATING SYSTEMS ASSIGNMENT

Chapter 4: Security Technique to Authenticate System User.

What Is User Authentication?

Cyberattacks may be prevented or permitted by the human-computer interactions on networks.
Taking certain steps to identify and give access to only authorized users is necessary for the
security of your online application. User authentication is the term used to describe the method
through which the application recognizes the user.

Unauthorized users cannot access your device or network thanks to user authentication, a
security procedure. A program asks for customized passwords throughout the login process in
order to provide you permission to use it. A user's authentication is unsuccessful if they are not
authorized to log in to the network.

Advanced technology is used for user authentication. A hacker would have to go above and
beyond in order to get around the guarded network. The attacker will be discovered before they
get access if there are other cybersecurity measures in place, such as intrusion detection systems
on the network.

Why Is User Authentication Important?

Cybercriminals spend their days picking off innocent victims. To keep safe as a frequent online
user, you must secure your gadgets from illegal access. You leave digital traces everywhere you
go online, including when you purchase, learn, and connect with others. Hackers can follow
these traces and use them to attack your device. The bare minimum number of cyber dangers can
be achieved with user authentication. Only if they gain access to your network do the attackers'
stunts have any validity. They are barred from access via authentication. They cannot bring it
down if it is powerful. User authentication upholds secrecy, builds rapport, and ensures privacy.
As long as the authentication process protects them against assaults, visitors to your network will
be willing to wait a few minutes.

UITM, Kedah | 4
 CSC204 – PRACTICAL APPROACH TO
OPERATING SYSTEMS ASSIGNMENT

How Does User Authentication Work?

Users must reassure the website that they are who they claim they are in order to gain access.
The system can approve the user because the ID and key are sufficient to verify the user's
identity. It is crucial to keep in mind that authorization, on the other hand, is what determines
what users may view and do when they log in. Despite the fact that authorization and
authentication are frequently used interchangeably, they both contribute to a safe login
procedure.

User authentication has three tasks:

1. Manage the connection between the human (user) and the website’s server (computer).
2. Verify users’ identities.
3. Approve (or decline) the authentication so the system can move to authorizing the user.

Users fill out the website's login form with their information, which is a reasonably basic
process. The authentication server then compares that data with all of the user credentials that are
currently on file. Users will be authenticated by the system and given access to their accounts
whenever a match is discovered. Users will be asked to input their credentials again and try again
if a match is not discovered. After multiple failed tries, the account might be marked as having
suspicious behavior, or it might need to use an alternate authentication mechanism, like a
password reset or one-time password.

UITM, Kedah | 5
 CSC204 – PRACTICAL APPROACH TO
OPERATING SYSTEMS ASSIGNMENT

There are 5 common security techniques that can be used to authenticate system users:

1. Password authentication

By requesting a password from the user, password authentication is a technique for

confirming the user's identity. When a person tries to access a system, service, or
program, they must first enter a password, which is often a string of characters that they
keep private.

When entering into a computer, visiting a website, or connecting to a network, password

authentication is utilized in a variety of situations. It is a crucial safety measure that aids
in preventing unwanted access to confidential data and resources.

The security of password authentication depends on the usage of strong, original

passwords that are difficult to guess. Using a password manager to store and manage
your passwords and enable additional security features like two-factor authentication
(2FA) is also a smart idea.

2. Two-factor authentication

With two-factor authentication (2FA), a user must supply two distinct authentication
factors in order to prove their identity. In order to prevent unwanted access to a user's
account or device, this procedure is intended to add an additional layer of protection.

There are several different types of authentication factors that can be used in 2FA,
including:

- Something the user knows: This could be a password, a PIN, or a security

question.
- Something the user has: This could be a physical token, such as a key fob or a
smartphone with a one-time passcode (OTP) generator app.
- Something the user is: This could be a biometric factor, such as a fingerprint or a
face scan.

UITM, Kedah | 6
 CSC204 – PRACTICAL APPROACH TO
OPERATING SYSTEMS ASSIGNMENT

Users will be asked to enter one of the aforementioned authentication factors in addition
to their login and password when attempting to access an account or device that has 2FA
enabled. For instance, after entering their password, they might then get a one-time
passcode by SMS or a notification on their smartphone, which they would need to input
to finish the login process.

Since 2FA makes it necessary for an attacker to possess one of the other authentication
factors in addition to the user's password, it can help prevent unauthorized access to
accounts and devices. As a result, it is far more challenging for an attacker to access a
user's account or device.

3. Single sign-on (SSO)

With the use of the authentication technique known as single sign-on (SSO), a user can
log into different applications using just one set of login information (username and
password). Users won't have to remember numerous sets of login information for various
programs, which can make the login procedure easier for them.

The user logs in using their SSO credentials only once, as opposed to having to enter
their login information for each application. After authenticating the user's identity, the
SSO system provides them access to the various applications they are permitted to use.

Using SSO has a variety of advantages, including higher productivity, decreased

password fatigue, and improved security. As the login credentials are centrally managed
and can be readily revoked or updated as needed, SSO can help organizations manage
user access to various apps more easily.

4. Public key infrastructure (PKI)

Digital certificates and public keys can be safely exchanged and managed using a system
called public key infrastructure (PKI). A secure way to exchange information over the
internet is made possible by PKI, which combines public and private keys, digital
certificates, and certificate authorities (CAs).

UITM, Kedah | 7
 CSC204 – PRACTICAL APPROACH TO
OPERATING SYSTEMS ASSIGNMENT

This is how PKI works:

1. A user or device generates a pair of public and private keys. The private key is kept
secret, while the public key is shared with others.

2. The user or device sends their public key and identifying information (such as their
name and email address) to a certificate authority (CA).

3. The CA verifies the user's identity and issues a digital certificate, which is a digitally
signed document that contains the user's public key and identifying information.

4. The user or device stores the digital certificate and private key on their device or in a
secure location.

5. When the user wants to send an encrypted message to someone else, they use their
private key to encrypt the message. The recipient can then use the sender's public key,
which is contained in the digital certificate, to decrypt the message.

PKI is frequently used to protect online transactions, including email communication, e-

commerce, and online banking. It aids in ensuring the legitimacy and consistency of
communications and transactions and aids in preventing unauthorized parties from
intercepting and accessing data.

5. Smart card authentication

One way to verify a user's or a device's identity when using a smart card is through smart
card authentication. A smart card is a tiny plastic card with a computer chip on it that is
used to store and process data.

When using a smart card for authentication, data that confirms the user's or device's
identification is stored on the card. When a user tries to log into a system or service, they
must insert their smart card into a card reader, which scans the data on the card and
verifies the user's or device's identification using that information.

Smart card authentication can be applied in a variety of situations, such as when making
payments, gaining access to secure computer systems, or establishing identity for other

UITM, Kedah | 8
 CSC204 – PRACTICAL APPROACH TO
OPERATING SYSTEMS ASSIGNMENT

purposes. It is frequently used in addition to a password or other kind of authentication as

an extra layer of security.

UITM, Kedah | 9