695.712.8VL - Authentication Technologies

Cybersecurity
Fall 2023

Description

Authentication plays a strong role in cybersecurity, and is a critical layer underpinning the “CIA triad.” This course will explore current technologies, issues, and policies surrounding practical authentication. Grouped by something you know, something you have, and something you are, topics will include passwords, certificates and public key infrastructures, graphical authentication, smart cards, biometrics, trusted computing, location authentication, identity federation, and a range of other topics determined by class interest. Each topic will be examined from the perspective of technical strengths, weaknesses, mitigations, and human factors, and will include discussions of authentication policies, trends, and privacy perspectives. Related background is developed as needed, allowing students to gain a rich understanding of authentication techniques and the requirements for using them in a secure environment including systems, networks, and the Internet. Students will prepare and present a research project that reflects an understanding of key issues in authentication. Recommended: EN.695.621 Public Key Infrastructure and Managing E-Security.

Instructor

Profile photo of Russell Fink.

Russell Fink

russ.fink@jhu.edu

Course Structure

The course is lecture-oriented.  Each week, there will be a lecture, and online student discussion of relevant events, news, or applications.  There are project-related assignments scattered throughout the course.  

Students will be engaged (and evaluated) through

We all benefit from each other's learning, so students are expected to participate in class.  The projects will be either individual, or group, and are meant to teach the student something about the topic as well as to educate the rest of the class on that topic.

Course Topics

Lesson Plan (some lessons involve multiple lectures)

Lesson

Theme

Topics

Dates (subj to change)

L1

Introduction

  • Introductions
  • Overview, Expectations
  • Trust Concepts
  • Usability
  • Security/Attacks
  • Technologies/Protocols
  • MFA model (know, have, are, do…)
  • Security questions (dog name, etc)

Aug 30

Sep 6 - Labor Day

L2

Authentication/

Something You Know

  • Passwords, Hashing, Storage
  • Entropy calculations
  • Password Salts and Crackers
  • Hashcat

Sep 13 -Project Ideas

L3

Human Factors, Authorization

    • Key Derivation Functions
    • Halting KDF
    • Password managers
  • Mental algorithms
  • Graphical Passwords
  • 2D passwords

    • Sep 20 -Project Topics

    Sep 27

    L4

    Something Others Know

      • PKI, Certificates
      • Certificate authorities and chain of trust
  • OCSP/CRL revocation
  • Federation
  • Browser Trust Cache
  • Attacks, Deep Packet Inspection
  • Attribute Certs, Identity Encryption
  • Email digital signatures, OpenPGP

    • Oct 4 - Proposals Due

    Oct 11 -Proposal Grades ReturnedProjects Approved

    L5

    Something You Have

      • Smart cards
      • Payment cards
  • SecurID / One Time Pads
  • DUO, Yubikey

    • Oct 18

    Oct 25

    SB

    		 
    • Student Background Briefs

    Nov 1 - Project Background Brief

    L6

    Something You Are, Do, and Where You Are

    • Trusted Platform Modules/Trusted boot

    Nov 8 - Project Background Grades Returned (email)

    L7

    Something You Are, Do, and Somewhere You Are

    • Biometrics (incl. rekeyable)
    • PUFs

    Nov 15

    Nov 23 - Thanksgiving

    L8

    Authentication Defenses/ Research

    • Location-based auth
    • Kerberos (form of single sign-on)
    • Moving target networks

    Nov 29 -Draft Papers due for redlining

    SB

    		 
    • Student Briefs
    • Review for Final

    Dec 6 - Project BriefsDraft Redlines due back

    FX

    		  

    Dec 13 -Final ExamTurn in final paperTurn in redlines

    LX

    Additional Topics - may be substituted as the course goes along

    • Federal Identity, Credential, and Access Management (FICAM)
    • Homomorphic One-Way Authentication
    • Behavior-based auth (ZK Protocols?)
    • Intel SGX (or other)
    • SSL/TLS, IPsec VPNs
    • Identity Management
    • DARPA’s Dynamic Coalitions
    • Visual Passwords (e.g. Capchas)
    • Dallas’ Systems Thinking
    • Zero Knowledge Proofs
    • Advanced Authentication Protocols
    • Dolev-Yao Model and Protocol Analysis
    • Formal Methods
    • Byzantine Generals and distributed consensus
    • Diffie Hellman Key Agreement
    • Email Phishing
    • Multifactor protos, issues (sig, non-repud)
    • Phone-based authentication protocols
    • Group Key Agreement (and/or one-way function trees)
    		 

    Course Goals

    To foster critical thinking about authentication technologies and applications in cybersecurity, and to provide a survey of relevant techniques.

    Textbooks

    No textbook.

    Other Materials & Online Resources

    Materials/papers as identified in lectures.

    Required Software

    No software required.

    Student Coursework Requirements

    Class Preparation and Participation

    10%

    Project Proposal

    10%

    Project Background Brief

    20%

    Project Final Brief/Paper

    30%

    Final Examination

    30%

    Grading Policy

    Score Range/ Letter Grade: 100-98= A+... 97-94= A... 93-90= A−... 89-87= B+... 86-83= B... 82-80= B−... 79-77= C+... 76-73= C... 72-70= C−... 69-67= D+... 66-63= D... <63= F

    Course Policies

    Personal Wellbeing

    If you are struggling with anxiety, stress, depression or other mental health related concerns, please consider connecting with the Johns Hopkins Student Assistance Program (JHSAP). If you are concerned about a friend, please encourage that person to seek out our services. JHSAP can be reached at 443-287-7000 or https://jhsap.org/

    Tutoring Website

    Johns Hopkins Engineering for Professionals offers a tutoring connection network that allows students to connect with other Johns Hopkins Engineering students or alumni for tutoring services. This service allows students to search a list of courses to “Find a Tutor” or complete a profile to “Become a Tutor.” More information about this service can be found on the tutoring website (https://tutor.ep.jhu.edu/).

    Academic Policies

    Deadlines for Adding, Dropping and Withdrawing from Courses

    Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.

    Academic Misconduct Policy

    All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.

    This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.

    Students with Disabilities - Accommodations and Accessibility

    Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.

    For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.

    Student Conduct Code

    The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically. 

    For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/

    Classroom Climate

    JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity. 
     
    If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).

    Course Auditing

    When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.