David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.

Slides:



Advertisements
Similar presentations
Lecture 5: Cryptographic Hashes
Advertisements

Digital Signatures and Hash Functions. Digital Signatures.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Chapter 5 Cryptography Protecting principals communication in systems.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
David Evans CS150: Computer Science University of Virginia Computer Science Class 36: Public Key Crypto.
Strong Password Protocols
Authentication Approaches over Internet Jia Li
Chapter 31 Network Security
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 12: Public-Key Protocols.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
David Evans CS588: Cryptography University of Virginia Computer Science Lecture 19: Authentication John Daugman,
CIS 450 – Network Security Chapter 8 – Password Security.
David Evans CS200: Computer Science University of Virginia Computer Science Class 35: Cookie Monsters and Semi-Secure.
David Evans CS200: Computer Science University of Virginia Computer Science Class 35: Cookie Monsters and Semi-Secure.
Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.
Lecture 11: Strong Passwords
David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.
David Evans CS150: Computer Science University of Virginia Computer Science Lecture 35: Cookie Monsters and Semi-Secure.
Feedback #2 (under assignments) Lecture Code:
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Authentication What you know? What you have? What you are?
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
CSCE 201 Identification and Authentication Fall 2015.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 10: Certificates and Hashes.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Cryptographic Hash Function
Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé
ICS 454 Principles of Cryptography
Web Systems Development (CSC-215)
Lecture 11: Authenticating Authentic Authenticaters Background
ICS 454 Principles of Cryptography
Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé
Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure Websites

2 CS150 Fall 2005: Lecture 31: Cookie Monsters Why Care about Security?

3 CS150 Fall 2005: Lecture 31: Cookie Monsters Security Confidentiality – keeping secrets –Protect user’s data Integrity – making data reliable –Preventing tampering –Only authorized people can insert/modify data Availability –Provide service (even when attacked) –Can’t do much about this without resources

4 CS150 Fall 2005: Lecture 31: Cookie Monsters How do you authenticate? Something you know –Password Something you have –Physical key ( account?, transparency?) Something you are –Biometrics (voiceprint, fingerprint, etc.) Serious authentication requires at least 2 kinds

5 CS150 Fall 2005: Lecture 31: Cookie Monsters Early Password Schemes UserIDPassword alyssafido benschemer daveLx.Ly.x Login: alyssa Password: spot Failed login. Guess again. Login does direct password lookup and comparison.

6 CS150 Fall 2005: Lecture 31: Cookie Monsters Login: alyssa Password: fido Terminal Trusted Subsystem Eve Login Process login sends

7 CS150 Fall 2005: Lecture 31: Cookie Monsters Password Problems Need to store the passwords –Dangerous to rely on database being secure Need to transmit password from user to host –Dangerous to rely on Internet being confidential Solve this today Solve this Wednesday

8 CS150 Fall 2005: Lecture 31: Cookie Monsters First Try: Encrypt Passwords UserIDPassword alyssaencrypt K (“fido”) benencrypt K (“schemer”) daveencrypt K (“Lx.Ly.x”) Problem if K isn’t so secret: decrypt K (encrypt K (P)) = P Instead of storing password, store password encrypted with secret K. When user logs in, encrypt entered password and compare to stored encrypted password.

9 CS150 Fall 2005: Lecture 31: Cookie Monsters Hashing “neanderthal” “dog” H (char s[]) = (s[0] – ‘a’) mod 10 “horse” Many-to-one: maps a large number of values to a small number of hash values Even distribution: for typical data sets, probability of (H(x) = n) = 1/N where N is the number of hash values and n = 0..N – 1. Efficient: H(x) is easy to compute.

10 CS150 Fall 2005: Lecture 31: Cookie Monsters Cryptographic Hash Functions One-way Given h, it is hard to find x such that H(x) = h. Collision resistance Given x, it is hard to find y  x such that H(y) = H(x).

11 CS150 Fall 2005: Lecture 31: Cookie Monsters Example One-Way Function Input: two 100 digit numbers, x and y Output: the middle 100 digits of x * y Given x and y, it is easy to calculate f (x, y) = select middle 100 digits (x * y) Given f (x, y) hard to find x and y.

12 CS150 Fall 2005: Lecture 31: Cookie Monsters A Better Hash Function? H(x) = encrypt x (0) Weak collision resistance? –Given x, it should be hard to find y  x such that H(y) = H(x). –Yes – encryption is one-to-one. (There is no such y.) A good hash function? –No, its output is as big as the message!

13 CS150 Fall 2005: Lecture 31: Cookie Monsters Actual Hashing Algorithms Based on cipher block chaining –Start by encrypting 0 with the first block –Use the next block to encrypt the previous block SHA [NIST95] – 512 bit blocks, 160-bit hash MD5 [Rivest92] – 512 bit blocks, produces 128-bit hash –This is what we will use: built in to PHP

14 CS150 Fall 2005: Lecture 31: Cookie Monsters Hashed Passwords UserIDPassword alyssamd5 (“fido”) benmd5 (“schemer”) davemd5 (“Lx.Ly.x”)

15 CS150 Fall 2005: Lecture 31: Cookie Monsters Dictionary Attacks Try a list of common passwords –All 1-4 letter words –List of common (dog) names –Words from dictionary –Phone numbers, license plates –All of the above in reverse Simple dictionary attacks retrieve most user-selected passwords Precompute H(x) for all dictionary entries

16 CS150 Fall 2005: Lecture 31: Cookie Monsters (at least) 86% of users are dumb and dumber Single ASCII character0.5% Two characters2% Three characters14% Four alphabetic letters14% Five same-case letters21% Six lowercase letters18% Words in dictionaries or names15% Other (possibly good passwords)14% (Morris/Thompson 79)

17 CS150 Fall 2005: Lecture 31: Cookie Monsters Salt of the Earth UserIDSaltPassword alyassa1125DES+ 25 (0, “Lx.Ly.x”, 1125 ) ben2437DES+ 25 (0, “schemer”, 2437) dave932DES+ 25 (0, “Lx.Ly.x”, 932) How much harder is the off-line dictionary attack? DES+ (m, key, salt) is an encryption algorithm that encrypts in a way that depends on the salt. Salt: 12 random bits (This is the standard UNIX password scheme.)

18 CS150 Fall 2005: Lecture 31: Cookie Monsters Python Code // We use the username as a "salt" (since they must be unique) encryptedpass = crypt.crypt (password, user) userpassword alyssa 9928ef0d7a0e4759ffefbadb8bc84228 evans bafd72c60f450ed665a6eadc92b3647f

19 CS150 Fall 2005: Lecture 31: Cookie Monsters Authenticating Users User proves they are a worthwhile person by having a legitimate address –Not everyone who has an address is worthwhile –Its not too hard to snoop (or intercept) someone’s But, provides much better authenticating than just the honor system

20 CS150 Fall 2005: Lecture 31: Cookie Monsters Registering for Account User enters address Sent an with a temporary password rnd = str(random.randint (0, )) + str(random.randint (0, )) encrnd = crypt.crypt (rnd, str(random.randint (0, 99999))) users.userTable.createUser (user, , firstnames, lastname, encrnd) sendMail.send ( , "Reset Password", \ "Your " + constants.SiteName + \ " account has been created. To login use:\n user: " + \ user + "\n password: " + encrnd + "\n")... From register-process.cgi

21 CS150 Fall 2005: Lecture 31: Cookie Monsters Users and Passwords def createUser(self, user, , firstnames, lastname, password) : c = self.db.cursor () encpwd = crypt.crypt (password, user) query = "INSERT INTO users (user, , firstnames, lastname, password) " \ + "VALUES ('" + user + "', '" + + "', '" \ + firstnames + "', '" + lastname + "', '" + encpwd"')" c.execute (query) self.db.commit () From users.py (cookie processing and exception code removed) def checkPassword(self, user, password): c = self.db.cursor () query = "SELECT password FROM users WHERE user='" + user + "'" c.execute (query) pwd = c.fetchone ()[0] if not pwd: return False else: encpwd = crypt.crypt (password, user) return encpwd == pwd

22 CS150 Fall 2005: Lecture 31: Cookie Monsters Cookies HTTP is stateless: every request is independent Don’t want user to keep having to enter password every time A cookie is data that is stored on the browser’s machine, and sent to the web server when a matching page is visited

23 CS150 Fall 2005: Lecture 31: Cookie Monsters Using Cookies Look at the PS7 provided code (cookies.py) Cookie must be sent before any HTML is sent (util.printHeader does this) Be careful how you use cookies – anyone can generate any data they want in a cookie –Make sure they can’t be tampered with: use md5 hash with secret to authenticate –Don’t reuse cookies - easy to intercept them (or steal them from disks): use a counter than changes every time a cookie is used

24 CS150 Fall 2005: Lecture 31: Cookie Monsters Problems Left The database password is visible in plaintext in the Pythin code –No way around this (with UVa mysql server) –Anyone who can read UVa filesystem can access your database The password is transmitted unencrypted over the Internet (next class) Proving you can read an account is not good enough to authenticate for important applications

25 CS150 Fall 2005: Lecture 31: Cookie Monsters Charge Authentication –At best, all this does is check someone can read mail sent to a.virginia.edu address Find PS8 partners now!