Seminar on Iris Scanning

Iris recognition is a method of biometric authentication that uses pattern-recognition techniques based on high-resolution images of the irides of an individual's eyes.

Not to be confused with another, less prevalent, ocular-based technology, retina scanning, iris recognition uses camera technology, with subtle infrared illumination reducing specular reflection from the convex cornea, to create images of the detail-rich, intricate structures of the iris. Converted into digital templates, these images provide mathematical representations of the iris that yield unambiguous positive identification of an individual.

Iris recognition efficacy is rarely impeded by glasses or contact lenses. Iris technology has the smallest outlier (those who cannot use/enroll) group of all biometric technologies. Because of its speed of comparison, iris recognition is the only biometric technology well-suited for one-to-many identification. A key advantage of iris recognition is its stability, or template longevity, as, barring trauma, a single enrollment can last a lifetime.

Reference Material

• IRIS Recognition for Person Identification

• Iris Recognition

• IRIS SCANNING

• An Efficient Iris Recognition for Security Purposes

• How Iris Recognition Works

• Tools for Iris Recognition Engines

• Iris Modeling and Synthesis

Grid network

A grid network is a kind of computer network consisting of a number of (computer) systems connected in a grid topology.

In a regular grid topology, each node in the network is connected with two neighbors along one or more dimensions. If the network is one-dimensional, and the chain of nodes is connected to form a circular loop, the resulting topology is known as a ring. Network systems such as FDDI use two counter-rotating token-passing rings to achieve high reliability and performance. In general, when an n-dimensional grid network is connected circularly in more than one dimension, the resulting network topology is a torus, and the network is called "toroidal". When the number of nodes along each dimension of a toroidal network is 2, the resulting network is called a hypercube.

A parallel computing cluster or multi-core processor is often connected in regular interconnection network such as a de Bruijn graph , a hypercube graph, a hypertree network, a fat tree network, a torus, or cube-connected cycles.

Note that a grid network is not the same as a grid computer (or computational grid) (even though the nodes in a grid network are usually computers, and grid computing obviously requires some kind of computer network to interconnect the computers)

Reference Material

• Grid Network Design

• Grid Optical Burst Switched Networks (GOBS)

• Network management for smart grids

• Network Monitoring for Grid Users – TERENA

• The Grid and the Network - National e-Science Centre

• GRID Network and Resources

• Grid Anatomy

Lightweight Directory Access Protocol

The Lightweight Directory Access Protocol, or LDAP ,is an application protocol for querying and modifying directory services running over TCP/IP.

A directory is a set of objects with attributes organized in a logical and hierarchical manner. A simple example is the telephone directory, which consists of a list of names (of either persons or organizations) organized alphabetically, with each name having an address and phone number associated with it.

An LDAP directory tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain Name System (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else that represents a given tree entry (or multiple entries).

Its current version is LDAPv3, which is specified in a series of Internet Engineering Task Force (IETF) Standard Track Requests for comments (RFCs) as detailed in RFC 4510

A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order.

The client may request the following operations:

    * Start TLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
    * Bind — authenticate and specify LDAP protocol version
    * Search — search for and/or retrieve directory entries
    * Compare — test if a named entry contains a given attribute value
    * Add a new entry
    * Delete an entry
    * Modify an entry
    * Modify Distinguished Name (DN) — move or rename an entry
    * Abandon — abort a previous request
    * Extended Operation — generic operation used to define other operations
    * Unbind — close the connection (not the inverse of Bind)

Reference links

• The LDAP Protocol
• Kerberos and LDAP
• LDAP and Apache
• Understanding LDAP
• Introduction to LDAP
• LDAP Theory and Management
• LDAP Documentation
• Configuring LDAP for the Cisco Secure Access Control Server
• OpenLDAP, Main Page

Kerberos

Kerberos (pronounced /ˈkɛərbərəs/[1]) is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

Kerberos builds on symmetric key cryptography and requires a trusted third party. Extensions to Kerberos can provide for the use of public-key cryptography during certain phases of authentication.

MIT developed Kerberos to protect network services provided by Project Athena. The protocol was named after the Greek mythological character Kerberos (or Cerberus), known in Greek mythology as being the monstrous three-headed guard dog of Hades. Several versions of the protocol exist; versions 1–3 occurred only internally at MIT.

Steve Miller and Clifford Neuman, the primary designers of Kerberos version 4, published that version in the late 1980s, although they had targeted it primarily for Project Athena.

Version 5, designed by John Kohl and Clifford Neuman, appeared as RFC 1510 in 1993 (made obsolete by RFC 4120 in 2005), with the intention of overcoming the limitations and security problems of version 4.

MIT makes an implementation of Kerberos freely available, under copyright permissions similar to those used for BSD. In 2007, MIT formed the Kerberos Consortium to foster continued development. Founding sponsors include vendors such as Sun Microsystems, Apple, Google, Microsoft and Centrify Corporation, and academic institutions such as Stanford University and MIT.

Reference links

• Kerberos

• Using Kerberos

• Kerberos and LDAP

• Kerberos and Windows Domain Logon

• Kerberos Authentication

• Kerberos in an ISP environment

• Kerberos Authentication

• Kerberos: The Network Authentication Protocol

• The Kerberos Network Authentication Service

 

Nessus

In computer security, Nessus is a proprietary comprehensive vulnerability scanning software. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:
Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
Misconfiguration (e.g. open mail relay, missing patches, etc).
Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
Denials of service against the TCP/IP stack by using mangled packets

On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user. For Windows, Nessus 3 installs as an executable and has a self-contained scanning, reporting and management system.

Nessus is the world's most popular vulnerability scanner, estimated to be used by over 75,000 organizations worldwide. It took first place in the 2000, 2003, and 2006 security tools survey from SecTools.Org

links

• Nessus
• Vulnerability Assessments with Nessus
• Nessus
• Using Nessus and Nmap to Audit Large Networks
• Nessus (software) - Wikipedia, the free encyclopedia
• www.nessus.org/
• www.securityfocus.com/infocus/1741