csci5233 Computer Security1 Bishop: Chapter 12 Authentication

csci5233 Computer Security2 Outline Introduction Passwords-based authentication Challenge-response Other methods: –Biometrics-based authentication –Location-based authentication –Hybrid approach

csci5233 Computer Security3 Authentication Authentication: Binding of identity to the subject –Entity knows something Passwords, id numbers –Entity has something Badge, smart card –Entity is something Biometrics –Entity is someplace Source IP, restricted area terminal

csci5233 Computer Security4 Authentication Five components in an authentication system (AS) –A: set of authentication information used by the entity to prove its identify e.g., id/password –C: set of complementary information used by the AS to validate A e.g., passwords –F: set of complementation functions f : A → C Given a  A, generate appropriate c  C e.g., Given id & password, the AS retrieves the stored password.

csci5233 Computer Security5 Authentication (Cont.) –L: set of authentication functions l: A  C → { true, false } verify the entity ’ s identity e.g., Given the id/password provided by the entity, and the retrieved password, the AS compares the two passwords to determine if the entity should be authenticated. l in this case is the equivalent( ) function. –S: set of selection functions Enables the entity to generate/alter A and/or C e.g., mechanisms allowing a user to change its password (such as passwd in UNIX)

csci5233 Computer Security6 Passwords-based Authentication A password is information associated with an entity that confirms its identity. How can passwords be protected? A solution: one-way hashing A user’s password is encrypted and then stored. The stored password is never decrypted. It should be difficult for an attacker to revert the stored password to the plaintext password. A user A may try to guess the password of another user, B, and thus impersonate B. (next slide)

csci5233 Computer Security7 Passwords-based Authentication Impersonating by guessing passwords The goal: To find an a  A such that, for f  F, f(a) = c  C, and c is associated with an entity. General approaches 1.Hide enough information so that one of a, c, or f cannot be found. 2.Prevent access to the authentication functions L. 3.Other approaches? The 3-tries “principle”

csci5233 Computer Security8 Passwords-based Authentication A dictionary attack is the guessing of a password by repeated trial and error. The dictionary may be a set of strings in random order, or a set of strings in decreasing order of probability of selection. Type one dictionary attack: Given c  C and f  F, the attack takes each guess g and computes f(g) for each f  F. If f(g) corresponds to the c for the entity, then g authenticates the entity under f. Type 2 dictionary attack: Given l  L, the attack takes a guess g. If l returns true, given g, then g is the correct password.

csci5233 Computer Security9 Passwords-based Authentication Countering dictionary attack –The goal: To maximize the time needed to guess the password –Anderson’s Formula: P: The probability that an attacker guesses a password in a specified period of time G: The number of guesses that can be tested in one time unit T: The number of time units during which guessing occurs N: The number of possible passwords A generalized form of the formula: Examples: next slide

csci5233 Computer Security10 Passwords-based Authentication An example: –Let S be the length of the password. –Let A be the number of characters in the alphabet from which the characters of the password are drawn. Then N = A S. –Let E be the number of characters exchanged when logging in. –Let R be the number of bytes per minute that can be sent over a communication link. –Let G be the number of guesses per minute. Then G = R / E. –If the attack extends over M months, T = 30 x 24 x 60 x M. –Let P be the probability that the attack would succeed. Then

csci5233 Computer Security11 Passwords-based Authentication Analysis of the Anderson Formula: –The goal is to maximize the time needed for the attacker to guess the password (T). –That is, to decrease the chance that the attack may succeed (P). Approaches: –To increase N, the set of possible passwords –To decrease the time allowed to guess the passwords, that is, to reduce T –To decrease G Question: How can each of the approaches be implemented? See the 2 nd example on page 313.

csci5233 Computer Security12 Passwords-based Authentication Password Selection –Random –Pronounceable nonsense –Use selection Controls on allowable –Password checking, aging

csci5233 Computer Security13 Outline

csci5233 Computer Security14 Challenge-Response The fundamental problem with passwords is that they are reusable. That is, a valid password may be replayed by an attacker. Solution? To associate a password with only one session A challenge-response AS is one in which the system S sends a random message m (the challenge) to a user U, and U replies with r = f(m). f( ) is a secret function agreed upon by both S and U. 1.U  request to connect  S 2.S  challenge (c)  U 3.U  response (r)  S // S validates r by determining whether r = f(c).

csci5233 Computer Security15 Challenge-Response A function f is called a pass algorithm, if f is the secret in a challenge-response AS. A sample pass algorithm: –Suppose f(c) = c c mod. –On November 12, 2004, when the AS sends c = 5 to U, U should return 1121 in order to be authenticated. Otherwise the authentication fails.

csci5233 Computer Security16 Challenge-Response One-Time Passwords A one-time password is a password that is invalidated as soon as it is used. A form of challenge-response authentication. The user and the AS agree on the mechanism of generating a sequence of passwords. Every time a password in the sequence is used, it is invalidated. The next time the user logs in, the next password in the sequence is used.

csci5233 Computer Security17 Challenge-Response Hardware-supported C/R authentication One or more hardware devices are used in the C/R validation procedure. Two forms 1.Tokens: A token is a device that provides mechanisms for hashing or enciphering information. a) AS  c  U b) U  c  token c) token  r  U d) U  r  AS 2.Time-based: A device, which is attached to a computer, displays a different number every 60 seconds. To log in, the user enters the number displayed on the device, followed by his/her password. e.g., RSA SecurID Card

csci5233 Computer Security18 Challenge-Response Advantages of hardware-supported authentication? –Two-factor authentication Links: –RSA SecurID Card (SD200): –RSA SecurID® Card Studio: –Authentication using RSA SecurID Card: More Information: –The Power Behind RSA SecurID® Two-factor User Authentication: RSA ACE/Server® (an RSA white paper) nator/search/xml.txt?query=RSA+SecurID+Card+&pr=default&order=r&cq=&id=3fb204b72 nator/search/xml.txt?query=RSA+SecurID+Card+&pr=default&order=r&cq=&id=3fb204b72

csci5233 Computer Security19 Challenge-Response Attacks on Challenge-Response Authentication –If the attacker have sufficient number of challenges (c) and the respective responses (r), he can try to deduce the encryption algorithm. –Example: the compromised Kerberos AS –A solution: encrypted key challenge [Bellovin/Merritt, 1992] Use shared key to share session key Session key encrypts challenge Challenge thus indistinguishable from random data

csci5233 Computer Security20 Outline

csci5233 Computer Security21 Biometrics-Based Authentication Automatic measurement of biological or behavioral features that identify a person Used for human subject identification Based on physical characteristics that are tough to copy –fingerprint –voice patterns –iris patterns / retina scans –face recognition –keystroke dynamics (interval, timing, pressure, duration, location, etc.) –Combined approach

csci5233 Computer Security22 Location-Based Authentication Location signature = unique location + unique time –Describes the physical location of an entity –Relies on GPS Location signature sensor (LSS) –A hardware device used by the user’s host to obtain a LS for the user –The LS is transmitted from the user site to the AS site for authentication. Attacks at location-based authentication Stolen LSS: impersonation attacks ? Intercepted LS: replay attacks ?

csci5233 Computer Security23 Location-Based Authentication Strengths of LBA: 1.Hardware-based authentication 2.A stolen LSS is useless. (True?) 3.The authentication can be done continuously. Any weakness ?

csci5233 Computer Security24 Hybrid Authentication The principle of multiple factors Examples: LSS + id/password Challenge/response + smart card What you are + what you have (examples?)

csci5233 Computer Security25 Summary Passwords-based authentication Challenge/Response Other methods: –Biometrics-based authentication –Location-based authentication –Hybrid approach

csci5233 Computer Security26 Next Chapter 14: Identity