Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Similar presentations


Presentation on theme: "CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz."— Presentation transcript:

1 CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz

2 Password-based protocols  Any password-based protocol is potentially vulnerable to an “on-line” dictionary attack –On-line attacks can be detected and limited –How?  Off-line attacks can never be prevented, but protocols can be made secure against such attacks  Any password-based protocol is vulnerable to off- line attack if the server is compromised –Once the server is compromised, why do we care?

3 Password-based protocols  Best: Use a password-based protocol which is secure against off-line attacks when server is not compromised –Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.) –This is a difficult problem!

4 Password storage  In the clear…  Hash of password (done correctly) –Doesn’t always achieve anything! –Makes adversary’s job harder –Potentially protects users who choose good passwords  “Salt”-ed hash of password –Makes bulk dictionary attacks harder, but no harder to attack a particular password  Encrypted passwords? (What attack is this defending against?)  Centralized server stores password  Threshold password storage

5 Centralized password storage  Authentication storage node –Central server stores password; servers request the password to authenticate user  Auth. facilitator node –Central server stores password; servers send information from user to be authenticated by the central server  Note that communication with the central server must be authenticated!

6 Authentication tokens  RSA SecureID  PIN-protected memory card  Cryptographic smartcards  Aladdin eTokens  Still need a secure protocol!

7 Biometrics  How much entropy is there?  How private are these?  How reliable are they?  Revocation?

8 Biometrics  Difficult to use securely –Errors –Non-uniform –Still need a secure protocol…

9  How can you securely authenticate yourself to a remote server using your fingerprint?  Trivial solution: Biometric authentication Server User close? Completely vulnerable to eavesdropping!

10 Better(?) solution Server User A single-bit difference in the scanned fingerprint results in a failed authentication! H(, nonce) nonce h= H(, nonce) h= ?


Download ppt "CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz."

Similar presentations


Ads by Google