Authentication Security Problem in Operating System:
Definition and Explanation:
Authentication is the major security problem for operating systems. Protection of the system depends on identifying programs and processes that are executing. Each user using the system should also be identified. A user can be identified by:
- User possession, using such as a key or card
- User knowledge, using an identifier or password
- And user attributes, such as fingerprint, retina pattern, or signature
1. Passwords:
The most used form of security and user validation is by testing the user's knowledge and using a password. Users are normally asked for two things, their user ID, account name or login name and then their password. If the user password is supplied and the password stored in the system match, then the system believes the user is valid.
2. Password Vulnerabilities:
Passwords do not provide total security and have problems. They are common because they are easy to use and understand. The problems with passwords are keeping them secretly. Passwords can be guessed, accidentally exposed, and maliciously transferred from an authorized user to an unauthorized user.
An intruder, either be a human or a program, can try and guess a password by entering obvious information about the user or by brute force. If the intruder gets information such as name, spouse name, etc. it can be easy to guess correctly.
Sometimes there are limitations to what the password can consist of. For example, if it can only be a certain number of characters, it becomes easier to guess the password. A program can be written to produce all the possible numbers of a restricted amount of digits and can find the password in seconds.
Another failure to keeping a password secret is due to visual or electronic monitoring. An intruder can look at the keyboard when the user enters password and steel it By watching what keys they press carefully.
Sometimes, the user willingly gives password to his friends for some help. That can miss-use the trust and use it as an intruder.
Some preventions of this are:
- Use a longer password
- Password should be a combination of both numbers and characters
- Passwords should be case sensitive.
3. Encrypted Passwords:
Encryption is used for more security. A function is used to encode all passwords, and only the encoded passwords are stored. Once a user gives a password, it is directly encoded
and then compared to the stored encoded password.
One problem with this method of password testing is that the system will no longer have control over the passwords. The encrypted password exists in some file. Anyone with access to that file can simply run encryption routines very fast against it, to encrypt each word in the file, and then compare it's results to for example a dictionary. Now if the password exists in the dictionary, then the password is easily cracked.
4. One Time Passwords:
One way to solve password security problems is to use a set of paired passwords. The user is challenged by system and he must respond with the correct answer. First, the system randomly selects and presents one part of the password of a password pair. It then asks the user to supply the second part. If the parts make the pair then the user is valid.
In this one-time password case, the password is different in each instance. Therefore, anyone attempting to steal the password and reuse it will fail.
