Download presentation
Presentation is loading. Please wait.
1
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz
2
Password-based protocols Any password-based protocol is potentially vulnerable to an “on-line” dictionary attack –On-line attacks can be detected and limited –How? Off-line attacks can never be prevented, but protocols can be made secure against such attacks Any password-based protocol is vulnerable to off- line attack if the server is compromised –Once the server is compromised, why do we care?
3
Password-based protocols Best: Use a password-based protocol which is secure against off-line attacks when server is not compromised –Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.) –This is a difficult problem!
4
Password storage In the clear… Hash of password (done correctly) –Doesn’t always achieve anything! –Makes adversary’s job harder –Potentially protects users who choose good passwords “Salt”-ed hash of password –Makes bulk dictionary attacks harder, but no harder to attack a particular password Encrypted passwords? (What attack is this defending against?) Centralized server stores password Threshold password storage
5
Centralized password storage Authentication storage node –Central server stores password; servers request the password to authenticate user Auth. facilitator node –Central server stores password; servers send information from user to be authenticated by the central server Note that communication with the central server must be authenticated!
6
Authentication tokens RSA SecureID PIN-protected memory card Cryptographic smartcards Aladdin eTokens Still need a secure protocol!
7
Biometrics How much entropy is there? How private are these? How reliable are they? Revocation?
8
Biometrics Difficult to use securely –Errors –Non-uniform –Still need a secure protocol…
9
How can you securely authenticate yourself to a remote server using your fingerprint? Trivial solution: Biometric authentication Server User close? Completely vulnerable to eavesdropping!
10
Better(?) solution Server User A single-bit difference in the scanned fingerprint results in a failed authentication! H(, nonce) nonce h= H(, nonce) h= ?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.