Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Slides:

Advertisements

Similar presentations

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Advertisements

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Authentication System

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Strong Password Protocols

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

CIS 450 – Network Security Chapter 8 – Password Security.

Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

Lecture 11: Strong Passwords

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.

Network Security – Special Topic on Skype Security.

1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

Lecture 2: Introduction to Cryptography

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Chapter 1 – Introduction Part 4 1. Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a secret key. Given a message.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.

CSCE 201 Identification and Authentication Fall 2015.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim

Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.

Lecture 7 Page 1 CS 236, Spring 2008 Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Data Encoding Characters.

Setting up an online account

Exercise: Hashing, Password security, And File Integrity

Presentation transcript:

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University

User Authentication Computer systems often have to identify and authenticate users before authorizing them Identification: Who are you? Authentication: Prove it! How can a computer accomplish these things remotely?

Authentication Factors Something the user knows: e.g, Password Something the user has: e.g., ATM card, browser cookie Something the user is: e.g., fingerprint, eye scan

Passwords Classical idea

Passwords Classical idea. User enters ID and password. May allow more than one try. Forgotten passwords may or may not be recoverable. “The password must be impossible to remember and never written down.”

Attacks on Passwords Brute Force Try every possible password Short passwords are unsafe.

Rubber Hose Attack Different from Brute Force. Related to the Bribe Attack.

Dictionary Attack Try common words first Most people use real words as Passwords. Much faster Than brute force.

Dictionary Attack Some top passwords: passwordiloveyou qwertyabc123 monkey letmein trustno1dragon ninjasunshine baseball111111

Strong Passwords The measure of strength of a password is its “entropy”. Notion developed by Shannon of Bell Labs in the 1940’s. Entropy= number of “bits” of “uncertainty” Every bit helps! Each bit doubles the amount of work to guess a password.

Strong Passwords 0 1 (one bit) (two bits) (three bits = 8 possibilities) (four bits = 16 possibilities)

Strong Passwords A random string of length n of unknown 1’s and 0’s has n bits of entropy (uncertainty.) Letters, numbers, and symbols are stored on a computer as binary strings of length 7. An ordinary letter has about 4.7 bits of entropy (or less!)

ASCII American Standard Code for Information Interchange Standard symbols coded as numbers from 0 to 127. Example: a=97 (decimal) 97= = (binary) =141 (octal) = 61 (hexidecimal)

ASCII a-z encoded as to (97 to 122) A-Z encoded as to (65 to 90) Using capitals mixed with small letters randomly adds exactly one bit of uncertainty!

Ascii A random ascii character has 7 bits of uncertainty. But since the first 32 characters are non-printing (like “backspace”), there are only about 6.5 bits of uncertainty in a random ascii string used in a password.

Entropy of Passwords According to NIST, an 8-letter humanly generated password has about 18 bits of entropy. However, other experts disagree with their methodology. They argue that Shannon entropy is not the right measure. (See Matt Weir)

Password Policies This is currently a difficult and controversial area of computer security.

What can you do? Use letters, numbers and special characters Choose long passwords (at least eight characters) Avoid guessable roots If supported, use pass phrase

What can you do? Write down passwords but keep them in a safe place (no sticky notes!) Don’t share them with others Be careful in public places (There are “password sniffers” that can steal your passwords as you use them)

Sending passwords Simple model: Alice sends (ID, pwd) to Bob. Bob compares with his list. Bob says OK and gives access or NO and denies access. Big problem: Someone can hack into Bob’s server and steal the password list!

Sending passwords More secure method: Bob keeps list (ID, H(pwd)) of hashes of passwords. Alice sends (ID, (pwd)) Bob computes H(pwd) and compares with his list. Bob says OK or NO

Sending passwords If Bob’s server is compromised, the hacker only gets H(pwd). Still vulnerable to off-line dictionary attack. Harriet takes dictionary file of passwords and computes their hashes. She compares these to the stolen list.

“Salt” on the table Bob keeps a list of the form (ID, r, H(r,pwd)); r is a random number which is hashed with the password (salt). This foils dictionary attack on stolen password list.

Challenge-response methods Alice sends hello message to Bob. Bob sends random challenge to Alice. Alice computes response using her secret password. Bob verifies response as correct. Harriet overhears all but learns nothing.

Fiat-Shamir Protocol Alice has public key N=pq,A and private key a,p,q. A=a 2 mod N Alice chooses random r, computes x=r 2 mod N, sends to Bob. Bob sends random b=0 or 1. Alice sends y=ra b mod N. Bob checks that y 2 =xA b mod N.

How does this work? This is done through a “Zero- Knowledge Proof”. (Colin will explain this.)

Extra security measure

Website password systems Using public key cryptography, Alice and Bob set up a secure communication channel. Alice sends her password to the server. Bob verifies. Hypertext Transfer Protocol Secure (HTTPS)

Your browser handles the security job for you!