Modern Operating Systems by Herbert Bos ...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Showing 663 out of 1137
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
##### Page 663
632
SECURITY
CHAP. 9
The algorithm is based on a one-way function, that is, a function
y
=
f
(
x
) that
has the property that given
x
it is easy to find
y
, but given
y
it is computationally
infeasible to find
x
.
The input and output should be the same length, for example,
256 bits.
The user picks a secret password that he memorizes.
He also picks an integer,
n
, which is how many one-time passwords the algorithm is able to generate.
As an
example, consider
n
=
4, although in practice a much larger value of
n
would be
used. If the secret password is
s
, the first password is given by running the one-
way function
n
times:
P
1
=
f
(
f
(
f
(
f
(
s
))))
The second password is given by running the one-way function
n
1 times:
P
2
=
f
(
f
(
f
(
s
)))
f
twice and the fourth password runs it once.
In general,
P
i
1
=
f
(
P
i
). The key fact to note here is that given any password in the sequence,
it is easy to compute the
previous
one in the numerical sequence but impossible to
compute the
next
one. For example, given
P
2
it is easy to find
P
1
but impossible to
find
P
3
.
The server is initialized with
P
0
, which is just
f
(
P
1
). This value is stored in
the password file entry associated with the user’s login name along with the integer
1, indicating that the next password required is
P
1
.
for the first time, he sends his login name to the server, which responds by sending
the integer in the password file, 1.
The user’s machine responds with
P
1
, which
can be computed locally from
s
, which is typed in on the spot. The server then
computes
f
(
P
1
) and compares this to the value stored in the password file (
P
0
). If
the values match, the login is permitted, the integer is incremented to 2, and
P
1
overwrites
P
0
On the next login, the server sends the user a 2, and the user’s machine com-
putes
P
2
.
The server then computes
f
(
P
2
) and compares it to the entry in the
password file. If the values match, the login is permitted, the integer is incre-
mented to 3, and
P
2
overwrites
P
1
in the password file. The property that makes
this scheme work is that even though an intruder may capture
P
i
, he has no way to
compute
P
i
+
1
from it, only
P
i
1
which has already been used and is now worthless.
When all
n
passwords have been used up, the server is reinitialized with a new
secret key.
Challenge-Response Authentication
A variation on the password idea is to have each new user provide a long list of
questions and answers that are then stored on the server securely (e.g., in encrypted
form). The questions should be chosen so that the user does not need to write them
down. Possible questions that could be asked are:

Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades