695.712.8VL - Authentication Technologies

Cybersecurity
Fall 2026

Description

Authentication plays a strong role in cybersecurity, and is a critical layer underpinning the “CIA triad.” This course will explore current technologies, issues, and policies surrounding practical authentication. Grouped by something you know, something you have, and something you are, topics will include passwords, certificates and public key infrastructures, graphical authentication, smart cards, biometrics, trusted computing, location authentication, identity federation, and a range of other topics determined by class interest. Each topic will be examined from the perspective of technical strengths, weaknesses, mitigations, and human factors, and will include discussions of authentication policies, trends, and privacy perspectives. Related background is developed as needed, allowing students to gain a rich understanding of authentication techniques and the requirements for using them in a secure environment including systems, networks, and the Internet. Students will prepare and present a research project that reflects an understanding of key issues in authentication. Recommended: EN.695.621 Public Key Infrastructure and Managing E-Security.

Instructor

Profile photo of Russ Fink.

Russ Fink

russ.fink@jhu.edu

Course Structure

The course is lecture-oriented.  Each week, there will be a lecture, and online student discussion of relevant events, news, or applications.  There are project-related assignments scattered throughout the course.  

Students will be engaged (and evaluated) through

We all benefit from each other's learning, so students are expected to participate in class.  The projects will be either individual, or group, and are meant to teach the student something about the topic as well as to educate the rest of the class on that topic.

Course Topics

Lesson Plan (some lessons involve multiple lectures)

Lesson

Theme

Topics

Dates (subj to change)

L1

Introduction

  • Introductions
  • Overview, Expectations
  • Trust Concepts
  • Usability
  • Security/Attacks
  • Technologies/Protocols
  • MFA model (know, have, are, do…)
  • Security questions (dog name, etc)

Aug 30

Sep 6 - Labor Day

L2

Authentication/

Something You Know

  • Passwords, Hashing, Storage
  • Entropy calculations
  • Password Salts and Crackers
  • Hashcat

Sep 13 -Project Ideas

L3

Human Factors, Authorization

    • Key Derivation Functions
    • Halting KDF
    • Password managers
Mental algorithmsGraphical Passwords2D passwords

Sep 20 -Project Topics

Sep 27

L4

Something Others Know

    • PKI, Certificates
    • Certificate authorities and chain of trust
OCSP/CRL revocationFederationBrowser Trust CacheAttacks, Deep Packet InspectionAttribute Certs, Identity EncryptionEmail digital signatures, OpenPGP

Oct 4 - Proposals Due

Oct 11 -Proposal Grades ReturnedProjects Approved

L5

Something You Have

    • Smart cards
    • Payment cards
SecurID / One Time PadsDUO, Yubikey

Oct 18

Oct 25

SB

 
  • Student Background Briefs

Nov 1 - Project Background Brief

L6

Something You Are, Do, and Where You Are

  • Trusted Platform Modules/Trusted boot

Nov 8 - Project Background Grades Returned (email)

L7

Something You Are, Do, and Somewhere You Are

  • Biometrics (incl. rekeyable)
  • PUFs

Nov 15

Nov 23 - Thanksgiving

L8

Authentication Defenses/ Research

  • Location-based auth
  • Kerberos (form of single sign-on)
  • Moving target networks

Nov 29 -Draft Papers due for redlining

SB

 
  • Student Briefs
  • Review for Final

Dec 6 - Project BriefsDraft Redlines due back

FX

  

Dec 13 -Final ExamTurn in final paperTurn in redlines

LX

Additional Topics - may be substituted as the course goes along

  • Federal Identity, Credential, and Access Management (FICAM)
  • Homomorphic One-Way Authentication
  • Behavior-based auth (ZK Protocols?)
  • Intel SGX (or other)
  • SSL/TLS, IPsec VPNs
  • Identity Management
  • DARPA’s Dynamic Coalitions
  • Visual Passwords (e.g. Capchas)
  • Dallas’ Systems Thinking
  • Zero Knowledge Proofs
  • Advanced Authentication Protocols
  • Dolev-Yao Model and Protocol Analysis
  • Formal Methods
  • Byzantine Generals and distributed consensus
  • Diffie Hellman Key Agreement
  • Email Phishing
  • Multifactor protos, issues (sig, non-repud)
  • Phone-based authentication protocols
  • Group Key Agreement (and/or one-way function trees)
 

Course Goals

To foster critical thinking about authentication technologies and applications in cybersecurity, and to provide a survey of relevant techniques.

Textbooks

No textbook.

Other Materials & Online Resources

Materials/papers as identified in lectures.

Required Software

No software required.

Student Coursework Requirements

Class Preparation and Participation

10%

Project Proposal

10%

Project Background Brief

20%

Project Final Brief/Paper

30%

Final Examination

30%

Grading Policy

Score Range/ Letter Grade: 100-98= A+... 97-94= A... 93-90= A−... 89-87= B+... 86-83= B... 82-80= B−... 79-77= C+... 76-73= C... 72-70= C−... 69-67= D+... 66-63= D... <63= F

Course Policies

Personal Wellbeing

If you are struggling with anxiety, stress, depression or other mental health related concerns, please consider connecting with the Johns Hopkins Student Assistance Program (JHSAP). If you are concerned about a friend, please encourage that person to seek out our services. JHSAP can be reached at 443-287-7000 or https://jhsap.org/

Tutoring Website

Johns Hopkins Engineering for Professionals offers a tutoring connection network that allows students to connect with other Johns Hopkins Engineering students or alumni for tutoring services. This service allows students to search a list of courses to “Find a Tutor” or complete a profile to “Become a Tutor.” More information about this service can be found on the tutoring website (https://tutor.ep.jhu.edu/).

Academic Policies

Deadlines for Adding, Dropping, and Withdrawing from Courses

Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar. Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course. 

Academic Misconduct Policy

All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students. This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.

Students with Disabilities - Accommodations and Accessibility

Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Our courses are designed with a proactive approach to accessibility to minimize the need for disability disclosure and accommodation requests, but we recognize that you may need additional support. Students with disabilities (including those with psychological conditions, medical conditions, and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.  For further information or to start the process of requesting accommodations, please contact EP Student Disability Services at ep-disability-svcs@jhu.edu

Student Conduct Code

The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically. For a full description of the code please visit the Student Conduct Code website.

Classroom Climate

JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity. If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).

Course Auditing

When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team (EP-Registration@exchange.johnshopkins.edu) in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.