Professional Documents
Culture Documents
Areas of
risk
Assurance Level
More
specifically is
Four levels of
defined as: assurance
Describes an
organization’s
Level 1
degree of • Little or no confidence in the
The degree of confidence in
certainty that a the vetting process used to
asserted identity's validity
Exploiting
Specific Popular Exploiting
multiple
account password user
password
attack attack mistakes
use
UNIX Implementation
Original scheme
• Up to eight printable characters in length
• 12-bit salt used to modify DES encryption into a
one-way hash function
• Zero value repeatedly encrypted 25 times
• Output translated to 11 character sequence
Dictionary attacks Rainbow table attacks (trade off space for time )
• the attacker generates a large dictionary of possible
• Develop a large dictionary of
passwords
possible passwords and try each
• For each Password Pre-compute tables of hash values for
against the password file
all salts
• Each password must be hashed
• A mammoth table of hash values
using each salt value and then
compared to stored hash values • Can be countered by using a sufficiently large salt value
and a sufficiently large hash length
Vulnerabilities
Make
available
only to
privileged
users
Password cracker
Rule enforcement
• Compile a large dictionary of
passwords not to use( Bad • Specific rules that passwords
Passwords) must adhere to
Bloom filter
• Used to build a table based on dictionary
using hashes
• Check desired password against this
table ( rejecting words on a list that has
been implemented on a number of
systems)
Table 3.2
• Contain:
o An entire microprocessor
• Processor
• Memory
• I/O ports
• Typically include three types of memory:
o Read-only memory (ROM)
• Stores data that does not change during the card’s life (card number, holder name)
o Electrically erasable programmable ROM (EEPROM)
• Holds application data and programs (executed protocols , in telephone card remaining talk
time)
o Random access memory (RAM)
• Holds temporary data generated when applications are executed
Electronic Identity Cards
(eID)
Use of a smart card as a national Most advanced deployment is the
identity card for citizens German card neuer Personalausweis
Electronic
Functions
and Data
for
eID Cards