Page 199 - DCAP403_Operating System
P. 199
Operating System
Notes Use of smart devices means the added expense of the card itself, as well as the special reader
devices. Careful decisions as to what systems warrant the use of a smart card must be made.
The cost of manufacturing smart cards is higher than that of memory cards but the disparity will
get less and less as more and more manufacturers switch to this technology. On the other hand,
it should be remembered that smart cards, as opposed to memory only cards, can effectively
communicate with relatively ‘dumb’, inexpensive reader devices.
The proper management and administration of smart cards will be a more difficult task than with
typical password administration. It is extremely important that responsibilities and procedures for
smart card administration be carefully implemented. Smart card issuance can be easily achieved
in a distributed fashion, which is well suited to a large organizational environment. However,
just as with password systems, care should be taken to implement consistent procedures across
all involved systems.
10.5.4 Hand-held Password Generators
Hand-held password generators are a state-of-the-art type of smart token. They provide a hybrid
authentication, using both something a user possesses (i.e., the device itself) and something a
user knows (e.g., a 4 to 8 digit PIN). The device is the size of a shirt-pocket calculator, and does
not require a special reader/writer device. One of the main forms of password generators is a
challenge-response calculator.
When using a challenge-response calculator, a user first types his user name into the IT system.
The system then presents a random challenge, for example, in the form of a 7-digit number. The
user is required to type his PIN into the calculator and then enter the challenge generated by
the IT system into the calculator. The generator then provides a corresponding response, which
he then types into the IT system. If the response is valid, the login is permitted and the user is
granted access to the system.
When a password generator is used for access to a computer system in place of the traditional
user name and password combination, an extra level of security is gained. With the challenge
response calculator, each user is given a device that has been uniquely keyed; he cannot use
someone else’s device for access. The host system must have a process or a processor to generate
a challenge response pair for each login attempt, based on the initially supplied user name.
Each challenge is different, so observing a successful challenge-response exchange gives no
information for a subsequent login. Of course, with this system the user must memorize a PIN.
The hand-held password generator can be a low-cost addition to security, but the process is
slightly complicated for the user. He must type two separate entries into the calculator, and then
correctly read the response and type it into the computer. This process increases the chance for
making a mistake.
Overall, this technology can be a useful addition to security, but users may fi nd some
inconvenience. Management, if they decide to use this approach, will have to establish a plan for
integrating the technology into their IT systems. There will also be the administrative challenge
for keying and issuing the cards, and keeping the user database up-to-date.
10.5.5 Biometrics
Biometric devices authenticate users to access control systems through some sort of personal
identifier such as a fingerprint, voiceprint, iris scan, retina scan, facial scan, or signature dynamics.
The nice thing about using biometrics is that end-users do not lose or misplace their personal
identifier. It’s hard to leave your fingers at home. However, biometrics have not caught on as
fast as originally anticipated due to the false positives and false negatives that are common when
using biometric technologies.
192 LOVELY PROFESSIONAL UNIVERSITY
