Week 2 - Wednesday
What did we talk about last time? Authentication Challenge-response Passwords
Biometrics means identifying humans by their physical and biological characteristics This technology is often seen in spy and science fiction movies It does exist, but it is far from perfect Like passwords, the actual biometric scans are usually not stored Instead specific features are stored for later comparison Biometrics pose unique privacy concerns because the information collected can reveal health conditions
Historically, fingerprints are one of the most heavily used forms of biometric identification Especially useful for solving crimes Even identical twins have different fingerprints Fun fact: Koalas have fingerprints so similar to human beings that even experts are fooled Optical scanners are available Cheap, capacitive scanners are now even available on many laptops The image of the fingerprint is usually not stored Instead, specific, differentiable features are recorded
Voice recognition systems must be trained on your voice They can be defeated with recording devices If you have a cold, it throws off the characteristics of your voice As a consequence, they are particularly susceptible to both false positives and false negatives
As the technology matures and hardware becomes cheaper, eye recognition is becoming more common Iris recognition looks at the patterns of light and dark areas in your iris (the colored part of your eye) For simplicity, the image is converted to grayscale for comparison Newer iris scanners can make successful identifications at 10 feet away or more, even correcting for glasses! Retina scans exist but are unpopular The retina is the tissue lining the inside of your eye and requires pupil dilation to get an accurate picture, blinding you for several minutes There are even systems for recognizing the patterns of discolorations on the whites of your eyes!
The shape of your face, the distance between your eyes and nose, and other facial features are relatively distinctive Although they can be nearly the same for identical twins Computer vision techniques must be used to locate the face, deal with changes in haircut, glasses, etc. Participants must have a neutral facial expression or results can be thrown off The US Department of State uses facial recognition and fingerprinting to document foreigners entering the country Their database has over 75 million photographs
Hand geometry readers measure the shape of your hand Keystroke dynamics are the patterns that you use when typing Users are quite distinctive, but distractions and injuries can vary patterns a lot Combinations of different biometrics are sometimes used DNA sequencing is not (yet) fast enough to be used for authentication Researchers are always coming up with new biometrics to use
People assume that they are more secure than they are Attacks: Fingerprints can be lifted off a champagne glass Voices can be recorded Iris recognition can be faked with special contact lenses Both false positives and false negatives are possible It is possible to tamper with transmission from the biometric reader Biometric characteristics can change Identical twins sometimes pose a problem
Sensitivity is positive results among correct matches a / (a + c) Specificity is negative results among people who are not sought d / (b + d) Accuracy is how often the test is correct (a + d) / (a + c + b + d) Prevalence is how common a condition is (a + c) / (a + c + b + d) Is the Person Claimed Is Not the Person Claimed Test is Positive ab Test is Negative cd
Tokens are physical objects you possess Keys Badges Cell phones RFIDs Passive tokens take no action and do not change Example: photo ID Active tokens change or interact with surroundings Examples: RFID or magnetic card
The value of a static token does not change Examples: Keys, passports, RFIDS Static tokens are better for onsite authentication and may be easy to forge for remote authentication Dynamic tokens have values that change Examples: RSA SecurdID, Battle.net Authenticator Every 60 seconds, it displays a different code
RSA SecurIDs change the password every 30 or 60 seconds The user must be synchronized with the system within a few seconds to keep this practical Using a secure hash function, we start with a seed value k, then h(k) = k 1, h(k 1 ) = k 2, …, h(k n-1 ) = k n Then passwords are in reverse order p 1 = k n, p 2 = k n-1, … p n-1 = k 2, p n = k 1
More than one form of authentication may provide increased security You may need to sign on with your password and with a code generated by an RSA SecurID They sometimes need two forms of ID when you're getting a driver's license Two-factor authentication is available for Gmail, Facebook, Battle.net, Steam and many other platforms Often they only ask for the second form of authentication if the computer has not logged on before Multifactor authentication is probably more secure, but it adds complexity and possibly annoyance
It's annoying to sign on to lots of different services with lots of different authentication mechanisms Federated identity management schemes connect a variety of different services with one authentication method Example: free access to the OED because you're logged on to E-town computers Single sign-on is similar, allowing you to log in once, with services sharing authentication information Examples: logging onto Meetup.com with Facebook or Google credentials
Subjects are human users or programs that are executing on their behalf Objects are things that actions can be performed on Files Database fields Directories Hardware devices Access modes are the different ways that access can be done: read, write, modify, delete, etc. Access control is the process of managing the access modes that subjects can have on objects
Check every access The user may no longer have rights to a resource The user may have gained rights Enforce least privilege Least privilege means you get the bare minimum to get your job done Verify acceptable usage Access to an object is not enough: Some actions might be legal and others illegal
Many issues come up with access control Do the correct people have the correct rights? Have statuses changed? Granularity is the how specifically you can control rights Maybe you can only give complete rights to an object, not read-only rights An audit log tracks who performed what kinds of accesses Limited privilege tries to keep accesses from doing big damage Example: sudo in Linux
It is possible to temporarily use another user’s permissions in Unix using the command sudo Users can be given special access to files or commands they normally could not access An administrator can run at a normal privilege level and only occasionally run commands using higher privileges This strategy prevents the whole system from being corrupted if the administrator gets a virus
Create a directory that lists all the objects a given user can access and their associated rights: Examples: read, write, execute, own The own write gives the user the ability to grant others rights to that object Problems: Directories can become large How is access revoked? What if two files in different locations in the system have the same name?
Listing all the objects a user can access can take up too much space An alternative is to list all the users that have rights for a specific object Most objects only have a few legal users Wild cards can make the situation easier Read access can be granted to everyone
Both directories and access control lists are equivalent Different implementations are used for different kinds of efficiency We can also imagine a matrix that holds all subjects and all objects Although it is far too inefficient for most systems to be implemented this way, security researchers sometimes use this model for theoretical purposes Can you determine if some sequence of operations could leak read access to your file? Nope, it’s impossible!
Objects Subjectsfile 1file 2process 1process 2 process 1 read, write, own read read, write, execute, own write process 2appendread, ownread read, write, execute, own
A few possible rights: Read Write Execute Own Anything else that is useful? Some rights allow users to change the rights of others
What would the access control matrix look like for the Canvas gradebook system?
Unix has users, groups, and processes A user has a unique UID A group has a unique GID A process has a unique PID Each user can belong to many groups Access is controlled on: Files Directories
Reading Writing Executing Ownership is also important
Reading Execution allows moving through the directory Writing and executing are needed to create and delete files in a directory There is also a “sticky bit” for directories If the sticky bit is set, only the directory owner can rename, move, or delete files owned by other people
drwxr-xr-x First character:directory or not Next three characters: owner permissions Next three characters: group permissions Next three characters: other permissions
We can change permissions using the Linux command chmod Examples: chmod a+r wombat.txt chmod g+rw combat.txt chmod 664 ramjet.txt Whoa! 664? What’s that? Would it help if I pointed out that 664 can be written ?
Role-based access control makes an effort to abstract away from specific subjects The idea is that you should have access based on your role Examples: Secretaries have access to mailboxes Department heads have access to performance reports Provosts have access to salaries
A role is a collection of job functions Each role is authorized to perform one or more transactions The active role of a subject is the role that s is currently performing The authorized roles of a subject make up the set of roles that the subject is authorized to assume
Finish access control Cryptography basics Minh Doan presents
Read Section 2.3 Work on Project 1 Class is canceled on Friday, March 11 The company EC Key is sponsoring a contest to come up with novel uses for their BlueTooth door access technology Interested? Come to the meeting this Friday, 1/22 at 3:30pm in Hoover 110 Teams will be formed from CS, engineering, and business students Ask me for more information! Also, there's a field trip to Cargas Systems in Lancaster next Friday