CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz

HW3  Some students have reported problems when using different grace machines –Logging in to scary.umd.edu should work

Network Security

Authentication: an Overview

Authentication  Verifying the identity of another entity –Computer authenticating to another computer –Person authenticating to a local/remote computer  Important to be clear about what is being authenticated –The user? –The machine? A specific application on the machine? –The data?  What assumptions are being made? –E.g., login from untrusted terminal

Authentication  Mutual authentication vs. unidirectional authentication  Authentication -- two main issues: –How authentication information is stored (at both ends) –Authentication protocol itself

Authentication  Authentication may be based on –What you know –What you have –What you are –Examples? Tradeoffs? –Others?  Can also consider two-factor authentication

Address-based authentication  Is sometimes used  Generally not very secure –Relatively easy to forge source addresses of network packets  But can be useful if the adversary does not know what IP address to forge –E.g., IP address of a user’s home computer

Location-based authentication  More interest lately, as computation becomes more ubiquitous  Re-authentication if laptop moves

Attack taxonomy  Passive attacks  Active attacks –Impersonation Client impersonation Server impersonation –Man-in-the-middle  Server compromise  Different attacks may be easier/more difficult in different settings

Password-based protocols  Password-based authentication –Any system based on low-entropy shared secret  Distinguish on-line attacks vs. off-line attacks

Password selection  User selection of passwords is typically very poor –Lower entropy password makes dictionary attacks easier  Typical passwords: –Derived from account names or usernames –Dictionary words, reversed dictionary words, or small modifications of dictionary words  Users typically use the same password for multiple accounts –Weakest account determines the security! –Can use program like pwdHash to correct this

Better password selection  Non-alphanumeric characters  Longer phrases  Can try to enforce good password selection…  …but these types of passwords are difficult for people to memorize and type!

From passwords to keys?  Can potentially use passwords to derive symmetric or public keys  What is the entropy of the resulting key?  Often allows off-line dictionary attacks on the password

Password-based protocols  Any password-based protocol is potentially vulnerable to an “on-line” dictionary attack –On-line attacks can be detected and limited  How? –“Three strikes” –Ratio of successful to failed logins –Gradually slow login response time  Potential DoS –Cache IP address of last successful login

Password-based protocols  Off-line attacks can never be ‘prevented’, but protocols can be made secure against such attacks  Any password-based protocol is vulnerable to off- line attack if the server is compromised –Once the server is compromised, why do we care?

Password-based protocols  Best: Use a password-based protocol which is secure against off-line attacks when server is not compromised –Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.) –This is a difficult problem!

Password storage  In the clear…  Hash of password (done correctly) –Doesn’t always achieve anything! –Makes adversary’s job harder –Potentially protects users who choose good passwords  “Salt”-ed hash of password –Makes bulk dictionary attacks harder, but no harder to attack a particular password –Prevents using ‘rainbow tables’  Encrypted passwords? (What attack is this defending against?)  Centralized server stores password…