OPPapers.com

Password Theft

1. INTRODUCTION

1.1. History of Authorization System

The security of digital data has long been a concern of operating system designers. The first time-sharing systems in the early 1960s had password schemes as part of logging in, memory protection hardware, and access control lists on files. By 1970, the means to assure security and protection were considered fundamental to operating systems and were an important consideration in the design of OS kernels.

Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth). Thus, authorization is sometimes seen as both the preliminary setting up of permissions by a system administrator and the actual checking of the permission values that have been set up when a user is getting access.

Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.

Histories listed below are numbers of major events along the way of authorization system since it had been introduced:

1.1.1. One-way Functions to Protect Passwords (1967)

The authentication system (used during login) stores enciphered images of user passwords but not the actual passwords. This protects passwords from being divulged if an attacker happens to read the file.

1.1.2. Public key Cryptography and Digital Signatures (1976)

Public-key cryptography enables two people to communicate...