Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Published byAugust Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University."— Presentation transcript:

1 Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University

2 User Authentication Computer systems often have to identify and authenticate users before authorizing them Identification: Who are you? Authentication: Prove it! How can a computer accomplish these things remotely?

3 Authentication Factors Something the user knows: e.g, Password Something the user has: e.g., ATM card, browser cookie Something the user is: e.g., fingerprint, eye scan

4 Passwords Classical idea

5 Passwords Classical idea. User enters ID and password. May allow more than one try. Forgotten passwords may or may not be recoverable. “The password must be impossible to remember and never written down.”

6 Attacks on Passwords Brute Force Try every possible password Short passwords are unsafe.

7 Rubber Hose Attack Different from Brute Force. Related to the Bribe Attack.

8 Dictionary Attack Try common words first Most people use real words as Passwords. Much faster Than brute force.

9 Dictionary Attack Some top passwords: passwordiloveyou 12345612345678 qwertyabc123 monkey letmein trustno1dragon ninjasunshine baseball111111

10 Strong Passwords The measure of strength of a password is its “entropy”. Notion developed by Shannon of Bell Labs in the 1940’s. Entropy= number of “bits” of “uncertainty” Every bit helps! Each bit doubles the amount of work to guess a password.

11 Strong Passwords 0 1 (one bit) 00 01 10 11 (two bits) 000 001 010 011 100 101 110 111 (three bits = 8 possibilities) 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 (four bits = 16 possibilities)

12 Strong Passwords A random string of length n of unknown 1’s and 0’s has n bits of entropy (uncertainty.) Letters, numbers, and symbols are stored on a computer as binary strings of length 7. An ordinary letter has about 4.7 bits of entropy (or less!)

13 ASCII American Standard Code for Information Interchange Standard symbols coded as numbers from 0 to 127. Example: a=97 (decimal) 97=64+32+1 =1100001 (binary) =141 (octal) = 61 (hexidecimal)

14 ASCII a-z encoded as 1100001 to 1111010 (97 to 122) A-Z encoded as 1000001 to 1011010 (65 to 90) Using capitals mixed with small letters randomly adds exactly one bit of uncertainty!

15 Ascii A random ascii character has 7 bits of uncertainty. But since the first 32 characters are non-printing (like “backspace”), there are only about 6.5 bits of uncertainty in a random ascii string used in a password.

16 Entropy of Passwords According to NIST, an 8-letter humanly generated password has about 18 bits of entropy. However, other experts disagree with their methodology. They argue that Shannon entropy is not the right measure. (See Matt Weir)

17 Password Policies This is currently a difficult and controversial area of computer security.

18 What can you do? Use letters, numbers and special characters Choose long passwords (at least eight characters) Avoid guessable roots If supported, use pass phrase

19 What can you do? Write down passwords but keep them in a safe place (no sticky notes!) Don’t share them with others Be careful in public places (There are “password sniffers” that can steal your passwords as you use them)

20 Sending passwords Simple model: Alice sends (ID, pwd) to Bob. Bob compares with his list. Bob says OK and gives access or NO and denies access. Big problem: Someone can hack into Bob’s server and steal the password list!

21 Sending passwords More secure method: Bob keeps list (ID, H(pwd)) of hashes of passwords. Alice sends (ID, (pwd)) Bob computes H(pwd) and compares with his list. Bob says OK or NO

22 Sending passwords If Bob’s server is compromised, the hacker only gets H(pwd). Still vulnerable to off-line dictionary attack. Harriet takes dictionary file of passwords and computes their hashes. She compares these to the stolen list.

23 “Salt” on the table Bob keeps a list of the form (ID, r, H(r,pwd)); r is a random number which is hashed with the password (salt). This foils dictionary attack on stolen password list.

24 Challenge-response methods Alice sends hello message to Bob. Bob sends random challenge to Alice. Alice computes response using her secret password. Bob verifies response as correct. Harriet overhears all but learns nothing.

25 Fiat-Shamir Protocol Alice has public key N=pq,A and private key a,p,q. A=a 2 mod N Alice chooses random r, computes x=r 2 mod N, sends to Bob. Bob sends random b=0 or 1. Alice sends y=ra b mod N. Bob checks that y 2 =xA b mod N.

26 How does this work? This is done through a “Zero- Knowledge Proof”. (Colin will explain this.)

27 Extra security measure

28 Website password systems Using public key cryptography, Alice and Bob set up a secure communication channel. Alice sends her password to the server. Bob verifies. Hypertext Transfer Protocol Secure (HTTPS)

29 Your browser handles the security job for you!

30

Download ppt "Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University."

Similar presentations

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.

7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Similar presentations

Ads by Google