1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1

2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : –Mahasiswa dapat menerapkan keamanan akses sistem

3 Outline Materi Proteksi Password Strategi Password

4 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer authenticating to another computer –Person authenticating to a computer Two issues: –How authentication information is stored (at both ends) –Authentication protocol itself

5 Password-based protocols Any password-based protocol is vulnerable to an off-line dictionary attack if server is compromised Goal: password-based protocol should be secure against off-line attacks when server is not compromised –Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.)

6 Password selection User selection of passwords is typically very weak –Lower entropy password makes dictionary attacks easier Typical passwords: –Derived from account names or usernames –Dictionary words, reversed dictionary words, or small modifications of dictionary word

7 Password Selection Non-alphanumeric characters Longer phrases Can try to enforce good password selection But these types of passwords are difficult for people to memorize and type!

8 Centralized Password Storage Authentication storage node –Central server stores password; servers request the password to authenticate user Auth. facilitator node –Central server stores password; servers send information from user to be authenticated by the central server Note that central server must be authenticated!

9 Authentication Protocols Server stores H(pw); user sends pw –Secure against server compromise, but not eavesdropping (or replay attacks) Server stores pw, sends R; user sends H(pw,R) –Secure against eavesdropping, but not server compromise (or dictionary attack) Can we achieve security against both?

10 Authentication of People What you know (passwords) What you have (keys) What you are (biometric devices) Where you are (physical)

11 Access Control State of a system –Includes, e.g., current memory contents, all secondary storage, contents of all registers, etc. Secure states –States in which the system is allowed to reside –Security policy defines the set of secure states –Security mechanism ensures that system never leaves secure state

12 Access Control List (ACL) Instead of storing central matrix, store each column with the object it represents –Stored as pairs (s, r) Subjects not in list have no rights –Can use wildcards to give default rights

13 Potential problems What if one process gives capabilities to another? (Possibly indirectly) –Can lead to security violation One solution: assign security classifications to capabilities –E.g., when capability created, its classification is the same as the requesting process –Capability contains rights depending on the object to which it refers

14 Example Cryptographic key used to encrypt a file –A file cannot be “read” unless the subject has the encryption key –Can also enforce that requests from n users are required in order to read data (and-access), or that any of n users are able to read data (or-access)

15 Cryptographic secret sharing (t, n)-threshold scheme to share a “key” Using this to achieve (t, n)-threshold encryption Shamir secret sharing

16 Another example Type checking Label memory locations as either data or instructions –Do not allow execution of type data –Can potentially be used to limit buffer overflows