Modern Operating Systems by Herbert Bos ...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Showing 664 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 664
SEC. 9.6
1. Who is Marjolein’s sister?
On what street was your elementary school?
What did Mrs. Ellis teach?
At login, the server asks one of them at random and checks the answer.
To make
this scheme practical, though, many question-answer pairs would be needed.
Another variation is
When this is used, the user picks an
algorithm when signing up as a user, for example
. When the user logs in, the
server sends the user an argument, say 7, in which case the user types 49.
The al-
gorithm can be different in the morning and afternoon, on different days of the
week, and so on.
If the user’s device has real computing power, such as a personal computer, a
personal digital assistant, or a cell phone, a more powerful form of challenge-re-
sponse can be used.
In advance, the user selects a secret key,
, which is initially
brought to the server system by hand.
A copy is also kept (securely) on the user’s
At login time, the server sends a random number,
, to the user’s com-
puter, which then computes
) and sends that back, where
is a publicly
known function. The server then does the computation itself and checks if the re-
sult sent back agrees with the computation. The advantage of this scheme over a
password is that even if a wiretapper sees and records all the traffic in both direc-
tions, he will learn nothing that helps him next time.
Of course, the function,
, has
to be complicated enough that
cannot be deduced, even given a large set of obser-
vations. Cryptographic hash functions are good choices, with the argument being
the XOR of
These functions are known to be hard to reverse.
9.6.1 Authentication Using a Physical Object
The second method for authenticating users is to check for some physical ob-
ject they have rather than something they know. Metal door keys have been used
for centuries for this purpose.
Nowadays, the physical object used is often a plastic
card that is inserted into a reader associated with the computer. Normally, the user
must not only insert the card, but must also type in a password, to prevent someone
from using a lost or stolen card. Viewed this way, using a bank’s ATM (Automated
Teller Machine) starts out with the user logging in to the bank’s computer via a re-
mote terminal (the ATM machine) using a plastic card and a password (currently a
4-digit PIN code in most countries, but this is just to avoid the expense of putting a
full keyboard on the ATM machine).
Information-bearing plastic cards come in two varieties: magnetic stripe cards
and chip cards. Magnetic stripe cards hold about 140 bytes of information written
on a piece of magnetic tape glued to the back of the card. This information can be
read out by the terminal and then sent to a central computer. Often the information

Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades

Students also viewed documents