One time password:

This is the basic method, which will use different password with every access. As the passwords are easily cracked by the systems, this method will help the user to protect the password from the hackers. Every time the password will change. Before the hackers use any method to crack the password, the user will change the password.

2. Encrypted password:

Normally with any networking system the password from the node to the server will always travel in a plain text format. In the same way within the server database also the password will be stored in a plain text format. It will be easy for any hacker to crack the password. To avoid this kind of attack one should keep the password in an encrypted format. Any encryption method can be used to encrypt the password.

3.4 Smart Cards 3.4.1. Introduction:

A Smart Card is a plastic card the size of a credit card with an integrated circuit built into it. This integrated circuit may consist only of EEPROM in the case of a memory card, or it may also contain ROM, RAM and even a CPU.

Organizations are steadily migrating toward this technology.

The days are numbered for a single mainframe used for computing every directive. Today, the delegation of tasks is being transferred to small, but dedicated smart cards. Their usefulness may soon

exceed that of the standard computer for a variety of applications due, in part, to their portability and ease of use.

A smart card is a mini-computer without the display screen and keyboard. Smart cards contain a microchip with an integrated circuit capable of processing and storing thousands of bytes of electronic data. Due to the portability and size of smart cards they are seen as the next generation of data exchange.

Smart cards contain an operating system just like personal computers. Smart cards can store and process information and are fully interactive. Advanced smart cards also contain a file structure with secret keys and encryption algorithms. Due to the encrypted file system, data can be stored in separated files with full security.

3.4.2 Architecture:

1. Most smart cards have been designed with the look and feel of a credit or debit card, but can function on at least three levels (credit -debit - personal information). Smart cards include a microchip as the central processing unit, random access memory (RAM) and data storage of around 10MB.

2. The smart card is an electronic recording device. Information in the microchip can instantaneously verify the cardholder's identity and any privileges to which the cardholder may be entitled.

Information such as withdrawals, sales, and bills can be processed immediately and if/when necessary; those records can be transmitted to a central computer for file updating.

3. Smart cards are secure, compact and intelligent data carriers.

Smart cards should be regarded as specialized computers capable of processing, storing and safeguarding thousands of bytes of data.

4. Smart cards have electrical contacts and a thin metallic plate just above center line on one side of the card. Beneath this dime-sized plate is an integrated circuit (IC) chip containing a central processing unit (CPU), random access memory (RAM) and non-volatile data storage.

5. Data stored in the smart card's microchip can be accessed only through the chip operating system (COS), providing a high level of data security. This security takes the form of passwords allowing a user to access parts of the IC chip's memory or encryption/decryption measures which translate the bytes stored in memory into useful information.

6. Smart cards typically hold 2,000 to 8,000 electronic bytes of data (the equivalent of several pages of data). Because those bytes can

be electronically coded, the effective storage capacity of each card is significantly increased.

7. Magnetic-stripe cards, such as those issued by banks and credit card companies, lack the security of microchips but remain inexpensive due to their status as a single-purpose card.

8. Smart cards can be a carrier of multiple records for multiple purposes. Once those purposes are maximized, the smart card is often viewed as superior and, ultimately, less expensive.

9. The distributed processing possible with smart cards reduces the need for ever-larger mainframe computers and the expense of local and long-distance phone circuits required to maintain an on-line connection to a central computer.

10. Smart cards are defined by the ISO 7816 standards.

3.4.3. Security aspects:

1. The microprocessor on the smart card is there for security. The host computer and card reader actually "talk" to the microprocessor.

2. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory(RAM), it would be no different than a diskette..

3. Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes of ROM 256 kilobytes of programmable ROM, and a 16-bit microprocessor.

4. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set for applications such as cryptography.

3.4.4. Applications:

 Credit cards

 Electronic cash

 Computer security systems

 Wireless communication

 Loyalty systems (like frequent flyer points)

 Banking

 Satellite TV

 Government identification

3.4.5.Types of Smart Cards

Contact Cards and Contactless Cards

Contact Cards require insertion into a smart card reader with a direct connection to a conductive micro-module on the surface of the card.

Contact less Cards require only close proximity (a few inches) of a reader.

Categories of Smart Cards

 Integrated Circuit (IC) Microprocessor Cards: Allow for adding, deleting, or manipulating information in memory, allowing for a variety of applications and dynamic read/write capabilities. Most Smart Cards in use for mobile applications are of this type.

 IC Memory Cards: Can store data, but do not have a processor on the card.

 Optical Memory Cards: Can only store data, but have a larger memory capacity than IC memory cards.

QUESTIONS:

1. Explain the need of passwords

2. What are the various methods to store the password 3. Write a short note on certificate revocation

4. What are the various applications of smart cards.

5. Write in detail about the functions and advantages of smart cards

6. Write in detail about the various ways to implement biometrics 7. Write a short note on address based authentication

8. Write a short note on cryptographic based authentication 9. What are the various authentication protocols

10. Explain in detail about the key technology used with authentication.



6

SECURITY POLICIES & SECURITY