Passwords Don’t Get No Respect – Or, How to Make the Most of Weak Shared Secrets Burt Kaliski, RSA Laboratories DIMACS Workshop on Theft in E-Commerce.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

Enabling Secure Internet Access with ISA Server

Akshat Sharma Samarth Shah

University of Southampton Electronics and Computer Science M-grid: Using Ubiquitous Web Technologies to create a Computational Grid Robert John Walters.

EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

Next Steps toward More Trustworthy Interfaces Burt Kaliski, RSA Laboratories 1 st Workshop on Trustworthy Interfaces for Passwords and Personal Information.

Some New Applications of One-Time Passwords Burt Kaliski, RSA Laboratories October 2006.

Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.

Delayed Password Disclosure Mutual Authentication to Fight Phishing Steve Myers Indiana University, Bloomington Joint work with: Markus Jakobsson Indiana.

Georgy Melamed Eran Stiller

PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew.

NETWORK SECURITY.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Website Hardening HUIT IT Security | Sep

Norman SecureSurf Protect your users when surfing the Internet.

Strong Password Protocols

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Course 201 – Administration, Content Inspection and SSL VPN

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija and J.D. Tygar U.C. Berkeley.

18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Apache Security Travis Jeffries. Introduction Authentication and Authorization Strict Access Methods Defending against Attacks Bad CGI Programs Apache.

All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

BeamAuth : Two-Factor Web Authentication with a Bookmark 14 th ACM Conference on Computer and Communications Security Ben Adida Presenter : SJ Park.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.

Unit 9: Distributing Computing & Networking Kaplan University 1.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.

SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Web Applications Security Cryptography 1

Secure Software Confidentiality Integrity Data Security Authentication

Server Concepts Dr. Charles W. Kann.

Networks Problem Set 1 Due Oct 3 Bonus Date Oct 2

ADVANCED PERSISTENT THREATS (APTs) - Simulation

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

Firewalls Jiang Long Spring 2002.

Week 7 - Wednesday CS363.

Presentation transcript:

Passwords Don’t Get No Respect – Or, How to Make the Most of Weak Shared Secrets Burt Kaliski, RSA Laboratories DIMACS Workshop on Theft in E-Commerce April 14, 2005

Introduction Passwords have remained an authentication factor of choice for the majority of users since the 1970s —And other forms of “weak” secrets are becoming more common, e.g., “life” questions Yet password protocols haven’t advanced much in practice, despite considerable research over three decades —Passwords still typically sent directly to the site that requests them! As a result, passwords are at risk of theft, e.g., phishing attacks Why haven’t passwords gotten more “respect”, and what can the industry do about it?

User wants to connect to a Web site User provides a password to a client computer Client runs a password protocol with the site User doesn’t have a trusted device; client doesn’t have persistent storage for secrets PasswordProtocol Basic Model: User Authenticates with a Password

Informal Security Goals Authenticate the user to the Web site Don’t reveal the password to an outsider Authenticate the Web site to the user? Don’t reveal the password to the Web site!

P Simple Password Protocols Password only: —Client sends password directly to site Challenge-response —Site sends challenge, client sends hash of challenge, site identifier, and password —Extension: site returns another hash for mutual authentication In both cases, the site can get the password (eventually) H (P, R, ID site ) R

Password-Authenticated Key Agreement EKE SPEKE SRP SNAPI AuthA PAK … and a host of others have been produced by the research community over the past 15 years With these protocols, the site can’t get the password if it doesn’t already know it, and authentication is typically mutual H (P) g y, g xy H (P) g x

Yet, the State of the Art Hasn’t Changed Much Despite all this work protocols, passwords are still typically sent directly to a Web site using the simplest protocol May be tunneled within server-authenticated SSL/TLS to protect against outsiders But if the site is the wrong one, password is compromised And no direct feedback to the user about whether the site is good or bad Why?

Protocol typically implemented by application code within the client, e.g. an applet or script running in a browser “Bad” applications can just include the wrong protocol in order to get the password Even if the right protocol is “built in” to the browser, how can you be sure the application is actually using it? A Closer Look User Interface Password Protocol Applet/ Script Browser

Convenience vs. Security Web application design has aimed for convenience, not security As a result, the user name / password form has become the standard authentication interface A password hashing protocol is built into browser – but interface is less convenient, and it isn’t used much Server authentication is presumed to address the “trust” issue, but the user interface is inconvenient

Larger Factors to Consider Meanwhile, smart cards, one-time password tokens, etc. have gotten much of the respect for users interested in security Passwords have just gotten stronger password policies – which has perhaps made them harder to use But overall, the 1970s model where the system is trusted but the user is suspect has prevailed Users are in the habit of trusting any form that asks for a password They don’t have the tools to distinguish good ones from bad ones!

Strengthening the Interface Browsers need to have a stronger protocol built in that has a convenient interface … and users need a way to ensure that the protocol is actually used, even by a bad application Challenging with today’s systems, since bad application can simulate appearance of good one Keystroke loggers and other malware present another set of threats – focus here on application code within the browser

Example: Stanford PwdHash Plug-In (Ross et al., USENIX Security 2005) PwdHash browser plug-in detects when user is entering a password, and hashes it before the application receives it —Plug-in can filter content for password fields, or user can signal plug-in with a reserved control sequence (F2 key in this case) The hashed password is thus sent to the Web site, rather than the password itself User Interface Password Protocol Applet/ Script Browser Plug-in

What Do You Hash With? Something about a good site that a bad Web site can’t easily simulate, without some effort Examples: —IP address —URL —public key Bad site gets Hash (P, ID Bad ), needs Hash (P, ID Good ) Brute-force password searching is an economic deterrent to attacker, given availability of unhashed passwords elsewhere —slow hashing and salt can further strengthen protection; pepper can also help with slower clients [Hellman, PTO ‘99] (see also EAP-POTP spec., Nyström ’05)

Extension: Mutual Authentication Hashing doesn’t provide any feedback about whether site is good or bad —Bad Web site could just say “Password confirmed” and lure user into disclosing other personal information A mutual authentication protocol is needed for higher assurance Plug-in (or operating system!) should detect when user is entering a password, and run protocol before returning control to application As a lightweight starting point, plug-in could wait for application to return its own password hash, and tell user if it’s correct

Towards Trustworthy Interfaces: A Password-Protection Module The plug-in or comparable operating system component is effectively a password protection module that assures the user that the right protocol is actually being used —Hashing, or any of the more sophisticated versions Reserved control sequence is a convenient and secure way to activate such a module —CTRL-ALT-DEL is the analogy for client and network login The module doesn’t need to change the user interface dramatically; it just needs to take control Presenting feedback about mutual authentication in a way that can’t be simulated remains a little challenging

Conclusions If passwords continue to be an authenticator of choice, then users don’t just need more password protocols Instead, they need more trustworthy interfaces that ensure the protocols are actually used A more trustworthy interface also protects stronger forms of authentication; the infrastructure improvements benefit everyone PasswordProtocol

TIPPI Workshop Dan Boneh and I are organizing a workshop on this topic: Submission deadline May 15 For more information: TIPPI 2005: 1 st Workshop on Trustworthy Interfaces for Passwords and Personal Information June 13, 2005 Stanford University