Page 199 - DCAP403_Operating System
P. 199

Operating System




                    Notes          Use of smart devices means the added expense of the card itself, as well as the special reader
                                   devices. Careful decisions as to what systems warrant the use of a smart card must be made.
                                   The cost of manufacturing smart cards is higher than that of memory cards but the disparity will
                                   get less and less as more and more manufacturers switch to this technology. On the other hand,
                                   it should be remembered that smart cards, as opposed to memory only cards, can effectively
                                   communicate with relatively ‘dumb’, inexpensive reader devices.

                                   The proper management and administration of smart cards will be a more difficult task than with

                                   typical password administration. It is extremely important that responsibilities and procedures for
                                   smart card administration be carefully implemented. Smart card issuance can be easily achieved
                                   in a distributed fashion, which is well suited to a large organizational environment. However,
                                   just as with password systems, care should be taken to implement consistent procedures across
                                   all involved systems.

                                   10.5.4 Hand-held Password Generators

                                   Hand-held password generators are a state-of-the-art type of smart token. They provide a hybrid
                                   authentication, using both something a user possesses (i.e., the device itself) and something a
                                   user knows (e.g., a 4 to 8 digit PIN). The device is the size of a shirt-pocket calculator, and does
                                   not require a special reader/writer device. One of the main forms of password generators is a
                                   challenge-response calculator.

                                   When using a challenge-response calculator, a user first types his user name into the IT system.
                                   The system then presents a random challenge, for example, in the form of a 7-digit number. The
                                   user is required to type his PIN into the calculator and then enter the challenge generated by
                                   the IT system into the calculator. The generator then provides a corresponding response, which
                                   he then types into the IT system. If the response is valid, the login is permitted and the user is
                                   granted access to the system.
                                   When a password generator is used for access to a computer system in place of the traditional
                                   user name and password combination, an extra level of security is gained. With the challenge
                                   response calculator, each user is given a device that has been uniquely keyed; he cannot use
                                   someone else’s device for access. The host system must have a process or a processor to generate
                                   a challenge response pair for each login attempt, based on the initially supplied user name.
                                   Each challenge is different, so observing a successful challenge-response exchange gives no
                                   information for a subsequent login. Of course, with this system the user must memorize a PIN.

                                   The hand-held password generator can be a low-cost addition to security, but the process is
                                   slightly complicated for the user. He must type two separate entries into the calculator, and then
                                   correctly read the response and type it into the computer. This process increases the chance for
                                   making a mistake.
                                   Overall, this technology can be a useful addition to security, but users may  fi nd  some
                                   inconvenience. Management, if they decide to use this approach, will have to establish a plan for
                                   integrating the technology into their IT systems. There will also be the administrative challenge
                                   for keying and issuing the cards, and keeping the user database up-to-date.

                                   10.5.5 Biometrics


                                   Biometric devices authenticate users to access control systems through some sort of personal

                                   identifier such as a fingerprint, voiceprint, iris scan, retina scan, facial scan, or signature dynamics.

                                   The nice thing about using biometrics is that end-users do not lose or misplace their personal

                                   identifier. It’s hard to leave your fingers at home. However, biometrics have not caught on as

                                   fast as originally anticipated due to the false positives and false negatives that are common when
                                   using biometric technologies.


          192                              LOVELY PROFESSIONAL UNIVERSITY
   194   195   196   197   198   199   200   201   202   203   204