Access Control: Password-based Cryptography

This lecture covers access control and password-based cryptography, focusing on protocols like Challenge/Response Protocol and Password Authentication Protocol. It also discusses the challenges of password access control, the human factor, and alternate authentication means such as biometrics. A case study on the biometric passport is presented, detailing the objectives of Machine Readable Travel Documents (MRTD) and the security features like biometrics and contactless IC chips. The lecture concludes with examples of existing protocols in password-based cryptography and the history of MRTD development.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related lectures (66)

Related concepts (58)

This course introduces the basics of cryptography. We review several types of cryptographic primitives, when it is safe to use them and how to select the appropriate security parameters. We detail how

Role-based access control

In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control (DAC). Role-based access control is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments.

Password

A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier.

Mandatory access control

In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes.

One-time password

A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has (such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cellphone) as well as something a person knows (such as a PIN).

Access-control list

In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object or facility). An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resourcess. Each entry in a typical ACL specifies a subject and an operation. For instance, If a file object has an ACL that contains , this would give Alice permission to read and write the file and give Bob permission only to read it.

Access Control Policies: Authentication and Authorization COM-402: Information security and privacy

Explores access control policies, authentication methods, and the principles of least privilege, emphasizing the importance of secure and user-friendly authentication protocols.

Password Security

Emphasizes the importance of safeguarding passwords and avoiding sharing them.

Information Security: Communication, Calculation, Threats CS-119(c): Information, Computation, Communication

Explores information security in communication, calculation, and digital threats, emphasizing data protection and access control.

Trust Establishment: Cryptography and Security COM-401: Cryptography and security

Explores trust establishment in cryptography and security, covering secure channels, PKI vulnerabilities, and diverse cryptographic models.

Data Security: Hashing, Salting, and Password Storage COM-402: Information security and privacy

Emphasizes the significance of hashing, salting, and secure password storage in data security, highlighting the use of salt to prevent dictionary attacks and memory hard functions to slow down password cracking.