Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 482/582: Computer Security

Published byJoseph Hodges Modified over 7 years ago

Similar presentations

Presentation on theme: "CSC 482/582: Computer Security"— Presentation transcript:

1 CSC 482/582: Computer Security
Authentication and Passwords CSC 482/582: Computer Security

2 Authentication Identity Groups and Roles Network Identities
Biometrics UNIX Authentication Password Threat Models and Attacks Storing Passwords: Hashing and Salting Password Selection Graphical Password Systems One-time Passwords CSC 482/582: Computer Security

3 What is Identity? Computer’s representation of an entity
Entities can be subjects or objects. Authentication binds a principal to an identity. Example: username expresses your identity. password binds the person typing to that particular identity (username). CSC 482/582: Computer Security

4 Purpose of Identity Access Control Accountability
Most systems base access rights on identity of principal executing the process. Accountability Logging and auditing functions. Need to track identity across account/role changes (e.g., su, sudo). CSC 482/582: Computer Security

5 Groups and Roles An “entity” may be a set of entities referred to by a single identifier. Principals often need to share access to files, and thus are taken as groups. static: alias for a group of principles. dynamic: principal changes from one group to another as different privileges are needed. role: a group that ties membership to function CSC 482/582: Computer Security

6 Network Identity Ethernet (MAC) Address IP Address IPv6 Address
48-bit data link level identifier example: 00:0B:DB:78:39:8A IP Address 32-bit network level identifier ex: IPv6 Address 128-bit network level identifier ex: fe80::2a0:c9ff:fe97:153d/64 Hostname (DNS name) string application level identifier ex: CSC 482/582: Computer Security

7 What is Authentication?
Binding of an identity to a subject Based on: What the entity knows (e.g., passwords) What the entity has (e.g., access card) What the entity is (e.g., fingerprints) Where the entity is (e.g., local terminal) Two-factor authentication CSC 482/582: Computer Security

8 Authentication System
A: set of authentication information information used by entities to prove identity C: set of complementary information information stored by system to validate A F: set of complementation functions f : A → C generate C from A L: set of authentication functions l: A  C→{T,F} verify identity S: set of selection functions enable entity to create or alter A or C CSC 482/582: Computer Security

9 Password System Example
User authenticates with 8-character alphanumeric password. System compares against stored cleartext password. A = [A-Za-z0-9]{8} C = A F = { I } L = { = } Not a system that anyone should actually use. CSC 482/582: Computer Security

10 Biometric System Example
User authenticates with fingerprint. System compares w/ digital fingerprint template. A = { user fingerprints } C = { digital fingerprint templates } F = { fingerprint reader + analog->digital } L = { tunable similarity function } CSC 482/582: Computer Security

11 What You Know Passwords Pass Phrases PINs
CSC 482/582: Computer Security

12 What You Have Smart Cards USB Token RFID RFID used for toll collection
CSC 482/582: Computer Security

13 RFID Radio Frequency Identification Types of Tags Applications
Passive: use power from reader signal Active: internal power source Applications Product tracking (EPC barcode replacement) Transportation payment Automotive (embedded in car keys) Passports Human implants EPC RFID Tag CSC 482/582: Computer Security

14 What You Are: Biometrics
Identification by human characteristics: Physiological Behavioral A biometric characteristic should be: universal: everyone should have it unique: no two people should share it permanent: it should not change with time quantifiable: it must be practically measurable CSC 482/582: Computer Security

15 How Biometrics Work User submits sample.
Software turns sample into digital template. Software compares template against stored reference template. Authentication based on how closely templates match. CSC 482/582: Computer Security

16 Biometric Measurement
Possible Outcomes: Correct person accepted Imposter rejected Correct person rejected (False Rejection) Imposter accepted (False Acceptance) CSC 482/582: Computer Security

17 False Positives and Negatives
Tradeoff between False Accept Rate False Reject Rate CSC 482/582: Computer Security

18 Fingerprints Capacitive measurement, using differences in electrical charges of whorls on finger to detect those parts touching chip and those raised. Attacks: Forcing authorized user to grant access. Recover latent fingerprint impression. Artificial gummy fingers made from molding plastic/gelatin % successful when tested against 11 types of fingerprint auth systems. CSC 482/582: Computer Security

19 Brandon Mayfield Fingerprints found in 2004 Madrid bombing.
Brandon arrested May 6, 2004. FBI claimed “100 percent positive” match. Held under a false name. Then transferred to unidentified location. Spanish police identify fingerprint as belonging to an Algerian man May 21, 2004. Brandon released May 25, 2004. CSC 482/582: Computer Security

20 Eye Biometrics Iris Scan Retinal Scan
Lowest false accept/reject rates of any biometric. Person must hold head still and look into camera. Retinal Scan Cataracts and pregnancy change retina pattern. Lower false accept/reject rates than fingerprints. Intrusive and slow. CSC 482/582: Computer Security

21 Other Types of Biometrics
Physiological DNA Face recognition Hand geometric Heartbeat Voice recognition Behavioral Gait recognition Keyboard dynamics Mouse dynamics Signatures CSC 482/582: Computer Security

22 Biometrics are not infallible
What are False Accept and Reject Rates? Do the characteristics change over time? Retina changes during pregnancy. Fingerprint damage due to work/pipe smoking. Young and old people have fainter fingerprints. Is it accurate in the installed environment? Is someone observing fingerprint or voiceprint checks? i.e., did you collect biometric from the person? CSC 482/582: Computer Security

23 Biometrics can be compromised.
Unique identifiers, not secrets. You can change a password. You can’t change your iris scan. Examples: You leave your fingerprints every place. It’s easy to take a picture of your face. Other compromises. Use faux ATM-style devices to collect biometrics. Obtain all biometric templates from server. CSC 482/582: Computer Security

24 Use and Misuse of Biometrics
Employee identification. Employee enters login name. System uses fingerprint to verify employee is who he claims to be. Problem: Does biometric match the employee? Criminal search (Superbowl 2001) System uses face recognition to search for criminals in public places. Problem: Does any biometric in database match anyone in a crowd of people? Assume system is 99.99% accurate and 1 in 10million people is a terrorist. Result: 1000 false positives for each terrorist. "But the case for face recognition is straightforward. They were looking for two of the terrorists and had photographs of them. Face recognition systems in airports would have caught them." I'm not sure we really know that the authorities had photographs that were good enough for face recognition, even for those small number of suspects that they claim to have placed on a terrorist watch list. But even if we grant the premise, not much follows from it. First, the fact that the authorities suspected only two of the nineteen hijackers reminds us that automatic face recognition cannot recognize a face until it is in the database. Most hijackers are not on lists of suspected terrorists, and even if those particular hijackers had been prevented from boarding their planes, seventeen others would have boarded. CSC 482/582: Computer Security

25 Location Classic: only allow access from a particular terminal or a particular set of remote hosts. Modern: GPS-based Location Signature Sensor (LSS) for host and user. Access rules permit user only to access host with specific LSS values. Cell-phones track location, and some states use them to track drivers’ speed and locations. CSC 482/582: Computer Security

26 UNIX Authentication UNIX identifies user with a UID
Username is for humans, UID for computers. 32-bit unsigned integer. UID=0 is the superuser, root. Identity and authentication data stored in /etc/passwd /etc/shadow /etc/group CSC 482/582: Computer Security

27 /etc/{passwd,shadow} Central file(s) describing UNIX user accounts.
Username UID Default GID GCOS Home directory Login shell /etc/shadow Username Encrypted password Date of last pw change. Days ‘til change allowed. Days `til change required. Expiration warning time. Expiration date. student:x:1000:1000:Example User,, ,:/home/student:/bin/bash student:$1$w/UuKtLF$otSSvXtSN/xJzUOGFElNz0:13226:0:99999:7::: CSC 482/582: Computer Security

28 Password Storage and Use
CSC 482/582: Computer Security

29 Password Threat Models
Online Attacks Threat has access to login user interface. Attack is attempts to guess passwords using the normal UI (slow). Offline Attacks Threat has access to hashed passwords. Attack is to guess words, hash words, then compare with hashed passwords (fast). Side Channel Attacks Threat has access to account management UI. Attack by using password reset functionality. CSC 482/582: Computer Security

30 Password Leaks are Common
CSC 482/582: Computer Security

31 Password Cracking Get Hashed Password pwhash
word = Next word from list wordhash = Hash(word) wordhash == pwhash False True word is password List of potential passwords. CSC 482/582: Computer Security

32 Cracking Methods List of common passwords
As a result of leaks, lists of millions are available. List of English/foreign dictionary words Permutation rules Substitute numbers/symbols for letters Change case, pluralize, reverse words, digit/symbol prefix/postfix, replace letters with symbols (a Join words from sources #1 and #2 above, with symbols or 4-digit or shorter numbers added infix or prefix or postfix. Brute force All possible passwords CSC 482/582: Computer Security

33 Parallel Cracking GPUs contain hundreds of small processor cores
Can be used to crack some types of password hashes. Elcomsoft benchmarks Cluster of 25 Radeon GPUs. 350 billion Windows NTLM pws/sec Cluster can try every password that is <= 8 characters long in 5.5 hours. CSC 482/582: Computer Security

34 Countering Password Guessing
Choose A, C, and F to select suitably low probability P(T) of guessing in time T. P(T) >= TG / N G is number of guess per time unit T T is number of time units in attack N is number of possible passwords CSC 482/582: Computer Security

35 Calculating Minimum Password Length
Password System There are 96 allowable characters in password. System allows 106 guesses/second. Requirement: probablility of success guess should be 0.5 over 365-day period. What should the minimum password length be? N >= TG/P N >= (365 x 24 x 60 x 60) x 106 / 0.5 = 6.31 x 1013 N = S96i, where i ranges from 1 to length of password S96i >= N = 6.31 x 1013 is true when largest i >= 8 The minimum required password length is 8. CSC 482/582: Computer Security

36 Password Aging Requirement that password be changed after a period of time or after an event has occurred If expected time to guess is 180 days, should change password more frequently than 180 days If change time too short, users have difficulty recalling passwords. Cannot allow users to change password to current one. Also prevent users from changing passwords too soon. Give notice of impending password change requirement. CSC 482/582: Computer Security

37 Classic UNIX Passwords
Format: Up to 8 ASCII characters A contains 6.9 x 1016 possible passwords C contains crypt hashes, strings of length 13 chosen from alphabet of 64 characters, 3.0 x 1023 strings Storage /etc/passwd (0644) was traditionally used /etc/shadow (0600) in modern systems CSC 482/582: Computer Security

38 Classic UNIX Password Hashing
crypt() function used for hashing DES encrypts 64-bit block of 0s (25 rounds) using your password for the key. Modified DES incompatible with DES hardware cracking tools. Limited to 8 characters or less. If limited to 95 printable characters, only 253 possible passwords. CSC 482/582: Computer Security

39 Rainbow Tables Faster cracking by trading space for time:
Dictionary of passwords and their hashes Contains all passwords < length n Find password by looking up hash in table GPU cracking fast enough to reduce importance.

40 Salts Add random, public data to password to create key.
Any word may be encrypted in 2n possible ways: Your password always uses same n-bit salt. Someone else with same password (a) probably has different salt, and thus different c = f(a). Traditional UNIX crypt had a 12-bit salt Number of possible keys increased to 266 Too small for today. Modern UNIX uses slower hash + larger salt. CSC 482/582: Computer Security

41 Common Hashing Schemes
SHA512crypt (Linux, Mac OS X) unlimited length passwords 5000 iterations 16 character salt Bcrypt (55 character long passwords, 128-bit salt) Based on modified (slower) Blowfish encryption algorithm. Configurable iteration count for hashing. Increases cost of guessing on a per-account basis. PBKDF2 (Password-Based Key Derivation Function 2) Framework with configurable hash, iterations, salt. (.NET) Scrypt Sequential, memory-hard hashing algorithm. Defense against specialized hardware (GPUs, ASICs, FPGAs) CSC 482/582: Computer Security

42 Argon2 Winner of Password Hashing Competition (2013-2015) Argon2
Competition hosted by cryptographers, not NIST. Goal: hash function for password storage that is slow on CPUs, GPUs (unlike scrypt), and FPGAs (unlike bcrypt) and that is resistant to lookup table attacks. Argon2 Scalable time and memory requirements. Built-in 128-bit nonce protects against lookup table attacks. Configurable output size (128 bit is default.) CSC 482/582: Computer Security

43 Windows 2000/XP Passwords Format Storage
%systemroot%\system32\config\sam locked while NT running %systemroot%\repair\sam_ backup file may be accessible via remote registry calls Format LAN Manager (LM) Hash NT (MD4) Hash CSC 482/582: Computer Security

44 Windows LM Hash Algorithm
Password fitted to 14 character length by truncating or padding with 0s. Password converted to upper case. Password divided into two 7-byte halves. Each half used as DES key to encrypt same 8-byte constant. Resultant strings merged to form a 16-byte hash value. CSC 482/582: Computer Security

45 Windows LM Hash Problems
Last 8 bytes of c known if password < 7 chars. Dividing password into halves reducing problem of breaking 14-character password to breaking two 7-character passwords. Conversion to upper case reduces character set. Dictionary of password hashes can be prebuilt Number of possible passwords much smaller than DES space. No salt is used. CSC 482/582: Computer Security

46 Windows NT Hash Converts to Unicode, MD4 hashes result
Caveat: Often used in conjunction with LM hash, which is required for backwards compatibility. No salt: identical passwords generate identical hashes. CSC 482/582: Computer Security

47 Password Selection Random Selection Pronounceable Passwords
User Selection CSC 482/582: Computer Security

48 Random Selection Yields equal distribution of passwords for maximum difficulty in cracking What about short passwords? Random passwords aren’t easy to remember Short term memory holds 7 +/- 2 items People have multiple passwords Principle of Psychological Acceptability Requires a good PRNG CSC 482/582: Computer Security

49 Random Selection (Bad)Example
PDP-11 password generator 16-bit machine 8 upper-case letters and digits |P| = 368 = 2.8 x 1012 At sec/encryption, 140 years to brute force PRNG had period of 216 – 1 Only 65,535 possible passwords Requires 102 seconds to try all passwords CSC 482/582: Computer Security

50 User Selection Allow users to choose passwords.
Reject insecure passwords based on ruleset: Based on account, user, or host names Dictionary words Permuted dictionary words Patterns from keyboard Shorter than 6 characters Digits, lowercase, or uppercase only passwords License plates or acronyms Based on previously used passwords CSC 482/582: Computer Security

51 Human Randomness? CSC 482/582: Computer Security

52 Bad Passwords CSC 482/582: Computer Security

53 How to Select Good Passwords
Long passwords, consisting of multiple words.. Use nth letter of each word if phrase too long. Themes: Word combinations: 3 blind katz or URL: Phone number: (888) 888-eight eight Bracketing: Starfleet -> *!-Starfleet-!* Add a word: shopping -> Goin’ shopping Repetition: Pirate--PirateShip Letter swapping: Sour Grape -> Gour Srape CSC 482/582: Computer Security

54 Miseducating Users? https://xkcd.com/936/
CSC 482/582: Computer Security

55 Online Attacks If complements not accessible, attacker must use authentication functions to do an online attack. Cannot be prevented. To increase difficulty of auth function attack: Backoff: increasing wait before allowing another guess. Disconnection: disconnect after n failures. Disabling: disable account after n failures. Jailing: permit access to limited system, so admins can observe attacker. CSC 482/582: Computer Security

56 Side Channel Attacks are Easier
Web sites will you password if you answer a simple “secret” question: What is your favorite color? What is your pet’s name? What is your mother’s maiden name? Violation of fail-safe defaults Failover to less secure protocol. How many favorite colors are there? CSC 482/582: Computer Security

57 Graphical Passwords Face Scheme: Password is sequence of faces, each chosen from a grid of 9 faces. Story Scheme: Password is sequence of images, each chosen from a grid of 9, to form a story. Figure 9-4, Security and Usability CSC 482/582: Computer Security

58 Challenge-Response Problem: passwords are reusable, and thus subject to replay attacks. Solution: authenticate in such a way that the transmitted password changes each time. CSC 482/582: Computer Security

59 One-Time Passwords A password that’s invalidated once used.
Challenge: number of authentication attempt Response: one-time password Problems Generation of one-time passwords Use hash or cryptographic function Synchronization of the user and the system Number or timestamp passwords CSC 482/582: Computer Security

60 Key Points Access control is based on identity.
Authentication consists of an entity, the user, attempting to convince another entity, the verifier, of the user’s identity something you know (passwords) something you have (security tokens) something you are (biometrics) Dictionary attacks can break password security Rainbow tables trade space for time to speedup cracking. Special hardware (GPUs) and parallelization can speedup. Stored passwords are secured by Hashing (possibly with multiple iterations) Salting One-time passwords offer greater security. CSC 482/582: Computer Security

61 References Phil Agre. “Your Face is not a Bar Code,” Ross Anderson, Security Engineering, 2nd edition, Wiley, 2008. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. Mark Burnett and Dave Kleiman, Perfect Passwords, Syngress, 2006. Lorie Faith Cranor and Simson Garfinkel, Security and Usability, O’Reilly, 2005. Dan Goodin, Why passwords have never been weaker—and crackers have never been stronger, Ars Technica, Goodrich and Tammasia, Introduction to Computer Security, Pearson, 2011. Cynthia Kuo et. al., “Human Selection of Mnemonic Phrase-based Passwords,” SOUPS 2006, Bruce Schneier, “Biometrics: Truths and Fictions,” Cryptogram, Bruce Schneier, “The Curse of the Secret Question,” Solar Designer, Password hashing at scale, YaC 2012, Joe Wetzels, Open Sesame: The Password Hashing Competition and Argon2, CSC 482/582: Computer Security

Download ppt "CSC 482/582: Computer Security"

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Section 2.3.5 – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.

Section – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.

1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security-Authentication

Security-Authentication
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Passwords CSC 482/582: Computer Security. Topics 1. Password Systems 2. Password Attacks 3. Mitigating Attacks 4. Graphical passwords 5. One-time passwords.

Passwords CSC 482/582: Computer Security. Topics 1. Password Systems 2. Password Attacks 3. Mitigating Attacks 4. Graphical passwords 5. One-time passwords.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Authentication.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Authentication.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Passwords.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Passwords.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.

10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.

Similar presentations

Ads by Google