History of Authorization System
The security of digital data has long been a concern of operating system designers. The first time-sharing systems in the early 1960s had password schemes as part of logging in, memory protection hardware, and access control lists on files. By 1970, the means to assure security and protection were considered fundamental to operating systems and were an important consideration in the design of OS kernels.
Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth). Thus, authorization is sometimes seen as both the preliminary setting up of permissions by a system administrator and the actual checking of the permission values that have been set up when a user is getting access.
Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.
Histories listed below are numbers of major events along the way of authorization system since it had been introduced:
One-way Functions to Protect Passwords (1967)
The authentication system (used during login) stores enciphered images of user passwords but not the actual passwords. This protects passwords from being divulged if an attacker happens to read the file.
Public key Cryptography and Digital Signatures (1976)
Public-key cryptography enables two people to communicate confidentially, or to authenticate each other, without a prearranged exchange of shared cryptographic keys. It also provided the first technical mechanism for digital signatures that cannot be repudiated.
First Vulnerability Study of Passwords (Morris and Thompson 1978)
This study demonstrated that password guessing is far more effective than deciphering password images. It found that a very high percentage of passwords could be guessed from user names, addresses, social security numbers, phones, and other information stored in the user identification files. Password guessing remains a major threat today.
RSA Public-Key Cryptosystem (1978)
The RSA public-key cryptosystem is the oldest unbroken public key cryptosystem that provides both confidentiality and authentication. It is based upon the difficulty of determining the prime factors of a very large number.
Distributed authentication (Kerberos 1988)
Authentication servers allow users and processes to authenticate themselves on any system using one set of data. The data can be updated globally, and the server can pass proof of identity back to the user or process. This proof can be passed to other servers and clients and used as a basis for access control or authorization.
Introduction of Password Theft
We live in a world of passwords. We use them for everything, to access our e-mail and credit cards or others authorization system. In same time, we have so many of them it can be easy to forget which password belongs to which service. Because of their ubiquity, we also tend to reuse our passwords. The ubiquity of passwords, however, has given rise to an entire criminal enterprise focused on acquiring them. Consequently, security experts have suggested for years that to increase security, computer users should vary their passwords frequently, and use different passwords for different services. Few take this advice, but not to some people that hard to memorized...
Bibliography: Beaver, K. and McClure, S., "Hacking For Dummies",
Wiley Publishing, Indiana, 2004, 339 pages
Please join StudyMode to read the full document