Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ISA 662 Information System Security Authentication.

Published byNicholas Abel Weaver Modified over 9 years ago

Similar presentations

Presentation on theme: "1 ISA 662 Information System Security Authentication."— Presentation transcript:

1 1 ISA 662 Information System Security Authentication

2 2 Chapter 12: Authentication Basic Concept Password Challenge-Response Biometrics and gummy bears

3 3 Basic Concept Authentication: to prove an identity Strong authentication: without transmitting password Based on What the user knows – e.g., password, PIN What the user possesses – e.g., ID card, ticket What the user is – e.g., fingerprint, eye scanning, DNA Attack Active: e.g., password guessing, stealing password file from server, authentication replay Passive: e.g., password sniffer

4 4 Chapter 12: Authentication Basic Concept Password Challenge-Response Biometrics and gummy bears

5 5 Basic Model Alice server Alice acbd18db4cc2f85ce def654fccc4a4d8 Bob0b180078d994cb2b5 ed89d7ce8e7eea2 ……… password=foo, user ID=Alice md5( ‘ foo ’ )=acbd18db4cc2f85cedef654fccc4a4d8

6 6 Dictionary Attacks Eve server Alice acbd18db4cc2f85ce def654fccc4a4d8 ……… password=a, user ID=Alice password=aa, user ID=Alice password=aaa, user ID=Alice … password=foo, user ID=Alice Online dictionary attack a abc apple … foo Eve Alice acbd18db4cc2f85ce def654fccc4a4d8 ……… md5(a)=0cc175b9c0f1b6a831c3 99e269772661 … md5(foo)=acbd18db4cc2f85ced ef654fccc4a4d8 Offline dictionary attack a abc apple … foo

7 7 Countermeasure Overview Eve server Alice acbd18db4cc2f85ce def654fccc4a4d8 ……… password=abc, user ID=Alice password=foo, user ID=Alice md5( ‘ foo ’ )=acbd18db4cc 2f85cedef654fccc4a4d8 Keep the server-side table secret (e.g., shadowed pass file) Use strong password Salting: md5( ‘ foo ’ +r) Restrict repetitive attempts Password aging Eve Alice acbd18db4cc2f85ce def654fccc4a4d8 ……… md5(a)=0cc175b9c0f1b6a83 1c399e269772661 … md5( ‘ foo ’ )=acbd18db4cc2f8 5cedef654fccc4a4d8 a abc apple … foo abc … foo

8 8 Choice of Passwords Dilemma Password should be random Uniform distribution maximizes entropy (hence dictionary) Password should be easy to remember Attacker sorts dictionary in descending order of likelihood An easy-to-remember password requires less time to guess

9 9 Choice of Passwords (Cont ’ d) Users tend to choose weak passwords Based on user ID, user or relative ’ s name, computer name, place name, DOB English words Too short, digits only, letters only License plates, acronyms, SSN, pet name, job, etc.

10 10 Choice of Passwords (Still Cont ’ d) Force user to choose good passwords Through education and policy Through proactive mechanism Cannot be bypassed Knows what is bad password Discriminate on per-user, per-site basis

11 11 Salting Goal: making offline dictionary attacks (on a large number of passwords) harder Alicemd5( ‘ foo ’ )... Bobmd5( ‘ abc ’ ) a abc apple … foo md5( ‘ a ’ ) md5( ‘ abc ’ ) … md5( ‘ foo ’ )... Alicemd5( ‘ foo ’ ||r 1 )r1r1... Bobmd5( ‘ abc ’ ||r 2 )r2r2 a abc apple … foo md5( ‘ a ’ || r 1 ) md5( ‘ abc ’ || r 1 ) md5( ‘ foo ’ || r 1 )... md5( ‘ a ’ || r 2 ) md5( ‘ abc ’ || r 2 ) md5( ‘ foo ’ || r 2 )...

12 12 Example: UNIX Password UNIX system password authentication First 8 characters of input password Concatenated by a 12 bit salt Used as a key To encrypt a constant For 25 times The result and the salt stored in password file

13 13 Prevent Repetitive Attempts Make online attacks harder Backoff: wait 2 n seconds before n th attempt Disconnection: modem user Disabling: only administrators can reactivate OSF1 uses both backoff and disconnection

14 14 Password Aging Force users to change passwords after some time has expired How do you force users not to re-use passwords? Record previous passwords Block changes for a period of time Give users time to think of good passwords Warn them of expiration days in advance

15 15 Chapter 12: Authentication Basic Concept Password Challenge-Response Biometrics and gummy bears

16 16 One-Time Password Password replay sniff password then replay Use password exactly once! How do user and server synchronize? Lamport ’ s scheme Challenge-response mechanism View response as the password

17 17 Lamport ’ s Scheme How do user and server synchronize on which password to use? h: one-way hash function (e.g., MD5 or SHA-1) h n (k): h(h(h(...h(k)...))) Registration User Server kk secure channel n h n (k) 1 st Authentication k h n (k) h n-1 (k) 2 nd Authentication k h n-1 (k) h n-2 (k)

18 18 Challenge-Response DES, RSA, HMAC, etc. k UserServer challenge response k time challenge DES, RSA, HMAC, etc. dictionary attack!

19 19 Pre-Encrypted Key Exchange Alice Bob Alice || {k s }p Alice Bob Alice Bob {Challenge B }k s Alice Bob p, k s p {Challenge A Challenge B }k s {Challenge A }k s Quiz: how is offline dictionary attack possible?

20 20 Encrypted Key Exchange (RSA) Goal: to defeat off-line dictionary attacks Alice Bob Alice || {e Alice }p Alice Bob {{(k s }e Alice }p Alice Bob {Challenge A }k s Alice Bob Alice Bob p, e Alice p p, e Alice, k s {Challenge A Challenge B }k s {Challenge B }k s

21 21 Chapter 12: Authentication Basic Concept Password Challenge-Response Biometrics and gummy bears

22 22 Biometrics Automated measurement of biological, behavioral features that identify a person Fingerprints: graph isomorphism Voices: statistical techniques Eyes: patterns in irises Faces: image, or specific characteristics like distance from nose to chin Keystroke dynamics: keystroke intervals, pressure, duration of stroke, where key is struck

23 23 Can Biometrics Save the World? Gummy bears say: No! Fingerprint scanners are believed to be very secure, until It was shown they can be reliably fooled with $10 worth of household supplies From both real fingers or residue fingerprints Can wear a transparent fake finger on real finger Using Gelatin, what Gummy Bears are made out of Digital camera, inkjet printer, photo-sensitive PCB, etc. Fool all 11 commercial fingerprint scanners, 80% of time For more details, refer to Tsutomu Matsumoto ’ s talk ‘ Importance of Open Discussion on Adversarial Analyses for Mobile Security Technology ’ whose link is on class web page

24 24 Key Points Authentication is based on what users know what they possess what they are Passwords are here to stay How to use passwords is important Remember the Gummy bears

25 25 ISA 662 Information System Security Identity

26 26 Overview Certificate and distinguished name Web identity and anonymity

27 27 Certificates and Identity Certificates issued to a user User must be uniquely identified for this purpose What to be the identity? Name: usually ambiguous “ Your name please; your address please; your telephone no. please; your last 4-digit SSN please ”

28 28 Distinguished Names Include ancillary information in identity Enough to identify principal uniquely Example: X.509v3 Distinguished Names /O=University of California /OU=Davis campus /OU=Department of Computer Science /CN=Matt Bishop/ refers to the Matt Bishop (CN is common name) in the Department of Computer Science (OU is organizational unit) on the Davis Campus of the University of California (O is organization)

29 29 CAs and Policies Matt Bishop wants a certificate from Certs-from-Us How does Certs-from-Us know this is “ Matt Bishop ” ? CA ’ s authentication policy says what type and strength of authentication is needed to identify Matt Bishop to satisfy the CA that this is, in fact, Matt Bishop CA authenticates user and embed its trust in certificate, later the certificate is used by others for authentication and that trust propagates

30 30 Example: Verisign CAs Class 1: CA issued certificates to individuals authenticated by email address Certificate used for sending, receiving email with various security services at that address Class 2: CA issued certificates to individuals Authenticated by verifying user-supplied real name and address through an online database Certificate used for online purchasing

31 31 Example: Verisign CAs (Cont ’ d) Class 3: CA issued certificates to individuals Authenticated by background check from investigative service Higher level of assurance of identity than Class 1 and Class 2 CAs Class 4: CA issued certificates to web servers Same authentication policy as Class 3 CA Consumers using these sites had high degree of assurance the web site was not spoofed

32 32 Internet Certification Hierarchy Tree structured arrangement of CAs Root is Internet Policy Registration Authority, or IPRA Sets policies all subordinate CAs must follow Certifies subordinate CAs (called policy certification authorities, or PCAs), each of which has own authentication, issuance policies Does not issue certificates to individuals or organizations other than subordinate CAs PCAs issue certificates to ordinary CAs Does not issue certificates to individuals or organizations other than subordinate CAs CAs issue certificates to organizations or individuals

33 33 Example: UValmont IPRA PCA-1 UValmont Student CA student PCA-2 UValmont Staff CA staff high assurance PCA low assurance PCA

34 34 Certificate Differences Student, staff certificates signed using different private keys (for different CAs) Student ’ s signed by key corresponding to low assurance certificate signed by first PCA Staff ’ s signed by key corresponding to high assurance certificate signed by second PCA To see how much trust should be placed in the certificate (what policy used to authenticate): Determine CA signing certificate, check its policy Also go to PCA that signed CA ’ s certificate CAs are restricted by PCA ’ s policy, but CA can (only) restrict itself further

35 35 Types of Certificates Organizational certificate Issued based on principal ’ s affiliation with organization Example Distinguished Name /O=University of Valmont/OU=Computer Science Department/CN=Marsha Merteuille/ Residential certificate Issued based on where principal lives No affiliation with organization implied Example Distinguished Name /C=US/SP=Louisiana/L=Valmont/PA=1 Express Way/CN=Marsha Merteuille/

36 36 Types of Certificates (Cont ’ d) Certificate tied to a role UValmont wants comptroller to have a certificate This way, she can sign contracts and documents digitally Distinguished Name /O=University of Valmont/OU=Office of the Big Bucks/RN=Comptroller where “ RN ” is role name; note the individual using the certificate is not named, so no CN

37 37 Naming Conflicts John Smith, John Smith Jr. live at same address John Smith Jr. applies for residential certificate from Certs-from-Us, getting the DN of: /C=US/SP=Maine/L=Portland/PA=1 First Ave./CN=John Smith/ Now his father applies for residential certificate from Quick-Certs, getting DN of: /C=US/SP=Maine/L=Portland/PA=1 First Ave./CN=John Smith/ because Quick-Certs has no way of knowing that DN has been taken

38 38 Solutions Organizational certificates All CA DNs must be superior to that of the principal Example: for Marsha Merteuille ’ s DN: /O=University of Valmont/OU=Computer Science Department/CN=Marsha Merteuille/ DN of the CA must be either: /O=University of Valmont/ (the issuer being the University) or /O=University of Valmont/OU=Computer Science Department/ (the issuer being the Department)

39 39 Related Problem Single CA issues two types of certificates under two different PCAs Example UValmont issues both low assurance, high assurance certificates under two different PCAs How does validator know under which PCA the certificate was issued? Reflects on assurance of the identity of the principal to whom certificate was issued

40 40 Solution CA Distinguished Names need not be unique CA (Distinguished Name, public key) pair must be unique Example In earlier UValmont example, student validation required using first PCA ’ s public key; validation using second PCA ’ s public key would fail Keys used to sign certificate indicate the PCA, and the policy, under which certificate is issued

41 41 Persona Certificate Anonymous certificate Certificate with meaningless Distinguished Name Example: Government requires all citizens with gene X to register because people with this gene more likely commit crimes No scientific evidence, and government wants no civil rights fuss Government employee wants to alert media Government will deny plan, change approach Government employee will be fired, prosecuted Must notify media anonymously

42 42 Persona Certificate (Cont ’ d) Employee gets persona certificate, sends copy of plan to media Media knows message unchanged during transit (data integrity) But they do not know who sent it (no authentication) Government denies plan, changes it Employee sends copy of new plan signed using same certificate Media can tell it ’ s from original whistleblower (linkability) Media cannot track back whom that whistleblower is

43 43 Overview Certificate and distinguished name Web identity and anonymity

44 44 Host Identity Host identity at different layers Ethernet address: 00:05:02:6B:A8:21 IP address: 192.168.35.89 Host name: cherry.orchard.chekhov.ru These can be spoofed Write your own Ethernet frames Fake source IP address Fake host name Above protocols rely on spoofed identity

45 45 Domain Name Server Maps transport identifiers (host names) to network identifiers (host addresses) Forward records: host names  IP addresses PING Reverse records: IP addresses  host names NSLOOKUP Weak authentication Not cryptographically based E.g., reverse domain name lookup IP -> host name via DNS -> IP via DNS -> matching the two IPs

46 46 DHCP and NAT DHCP server dynamically assigns clients unused IP addresses Gateway assigns clients internal address NAT translates all outgoing and incoming packets Invisible to both inside clients and outsiders Your desktop/laptop -> router (DHCP and NAT) -> Internet

47 47 Attacks on DNS Change records on server Cache poisoning Attacker sends victim request that must be resolved by asking attacker Legitimately piggyback extra record to response, but have fake name/IP association in the record The fake record will be cached

48 48 Anonymity Servers and observers know who is visiting Sometimes not desirable Anonymizer: a site that hides origins of connections What about a simple proxy server Server sees the proxy, not client client1 client2 proxyserver1 server2

49 49 Problem With Simple Proxy The proxy knows who are the client and server And we all know this fact Example: anon.penet.fi Anonymous re-mailer Material claimed to be copyrighted sent through site Finnish court directed owner to reveal mapping so plaintiffs could determine sender Owner appealed, subsequently shut down site What about a chain of proxies?

50 50 Chain of Proxies Proxies operated by multiple organizations No single proxy can know client/server association Traffic encrypted Cannot tell from address in header client1 client2 proxyserver1 server2 proxy

51 51 Weaknesses of Chain of Proxies First and last proxy collude One knows client one knows server Traffic analysis Observes in, out flows of traffic timing message size What if we mix multiple messages

52 52 MIX Each mix server Padding messages to fixed size blocks - size Reorder the blocks - first/last collude Wait before transmitting - timing client1 client2 mix1 server1 server2 mix2mix3

53 53 MIX (Cont ’ d) How can mix server know where to send message? Nested public-key encryption (later in Onion Routing) client1 client2 mix1 server1 server2 mix2 Mix1, { Mix2, {m,r2}e2, r1 } e1 Mix2, {m, r2}e2 m

54 54 Crowds Intuition You can never trace back to the origin of a rumor, because “ I too heard about it from someone else ” Each node (Jondo) Sends request to server with probability p; forward it to another node with probability (1-p) server

55 55 Privacy Anonymity protects privacy by obstructing amalgamation of individual records Important, because amalgamation poses 3 risks: Incorrect conclusions from misinterpreted data Harm from erroneous information Not being let alone Also hinders monitoring to deter or prevent crime Conclusion: anonymity can be used for good or ill Right to remain anonymous entails responsibility to use that right wisely

56 56 Key Points Certificates use Distinguished name as identity Web identity based on addresses is weak Anonymity can be achieved with sophisticated proxies

Download ppt "1 ISA 662 Information System Security Authentication."

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Authentication & Kerberos

Authentication & Kerberos
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #13-1 Chapter 14: Identity What is identity Multiple names for one thing Different.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #13-1 Chapter 14: Identity What is identity Multiple names for one thing Different.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

Similar presentations

Ads by Google