Presentation is loading. Please wait.

Presentation is loading. Please wait.

Passwords CSC 482/582: Computer Security. Topics 1. Password Systems 2. Password Attacks 3. Mitigating Attacks 4. Graphical passwords 5. One-time passwords.

Published byCaren Paul Modified over 9 years ago

Similar presentations

Presentation on theme: "Passwords CSC 482/582: Computer Security. Topics 1. Password Systems 2. Password Attacks 3. Mitigating Attacks 4. Graphical passwords 5. One-time passwords."— Presentation transcript:

1 Passwords CSC 482/582: Computer Security

2 Topics 1. Password Systems 2. Password Attacks 3. Mitigating Attacks 4. Graphical passwords 5. One-time passwords

3 CSC 482/582: Computer Security Authentication System A: set of authentication information information used by entities to prove identity C: set of complementary information information stored by system to validate A F: set of complementation functions f : A → C generate C from A L: set of authentication functions l: A  C → {T,F} verify identity S: set of selection functions enable entity to create or alter A or C

4 CSC 482/582: Computer Security Password System Example User authenticates with 8-character alphanumeric password. System compares against stored cleartext password. A = [A-Za-z0-9]{8} C = A F = { I } L = { = } Not a system that anyone should actually use.

5 CSC 482/582: Computer Security Passwords What you know Sequence of characters Complementation Function Identity: requires access control to protect C One-way Hash easy to compute c = f(a) difficult to compute a = f -1 (c)

6 CSC 482/582: Computer Security Classic UNIX Passwords Format: Up to 8 ASCII characters A contains 6.9 x 10 16 possible passwords C contains crypt hashes, strings of length 13 chosen from alphabet of 64 characters, 3.0 x 10 23 strings Storage /etc/passwd (0644) was traditionally used /etc/shadow (0600) in modern systems

7 Attacks on Password Systems 1. Offline password cracking 2. Online dictionary attacks 3. Observe passwords 4. Attacking password infrastructure CSC 482/582: Computer Security

8 Offline Password Cracking Get Hashed Password pw hash word = Next word from list word hash = Hash(word) word hash == pw hash False True word is pw List of potential passwords.

9 CSC 482/582: Computer Security Cracking Methods 1. List of common passwords 2. List of English/foreign words 3. Permutation rules Substitute numbers/symbols for letters Change case, pluralize, reverse words, character shifts, digit/symbol prefix/postfix,joining words 4. Brute force All possible passwords

10 Online Password Guessing Use application’s login interface Much slower than offline attack, but Always possible to do. Two types of attack Guess passwords for a specific known user account Know that it’s a valid account Use information about user (name, bday) to guess Guess usernames and guess passwords for all accounts Don’t know if account is valid Failures may be due to invalid username or password Someone probably has an easy to guess password CSC 482/582: Computer Security

11 Observe Passwords Sniff passwords off network Must be able to access a network node in path between source and destination of communication Impossible if connection is encrypted Find passwords in a file or database Identify files/databases that likely to contain passwords May or may not be encrypted Shoulder surf Watch for someone to type a password Desk search Passwords may be written down near workspace CSC 482/582: Computer Security

12 Attacking Password Infrastructure Web sites will e-mail you password if you answer a simple “secret” question: 1. What is your favorite color? 2. What is your pet’s name? 3. What is your mother’s maiden name? Violation of fail-safe defaults Failover to less secure protocol. How many favorite colors are there?

13 Mitigating Password Attacks 1. Enable system to use long passwords with a large alphabet of possible characters 2. Hash passwords to protect against file attacks 3. Salt passwords to protect against offline cracking 4. Select hard to guess passwords 5. Mitigating online attacks with backoff and lockout 6. Protect password management functions 7. Password aging 8. One-time passwords CSC 482/582: Computer Security

14 Countering Password Guessing Choose A, C, and F to select suitably low probability P(T) of guessing in time T. P(T)  TG / N G is number of guess per time unit T T is number of time units in attack N is number of possible passwords

15 CSC 482/582: Computer Security Calculating Minimum Password Length Password System There are 96 allowable characters in password. System allows 10 6 guesses/second. Requirement: probablility of success guess should be 0.5 over 365-day period. What should the minimum password length be? N >= TG/P N >= (365 x 24 x 60 x 60) x 10 6 / 0.5 = 6.31 x 10 13 N =  96 i, where i ranges from 1 to length of password  96 i >= N = 6.31 x 10 13 is true when largest i >= 8 The minimum required password length is 8.

16 CSC 482/582: Computer Security UNIX Password Hashing crypt() function used for hashing DES encrypts 64-bit block of 0s (25 rounds) using your password for the key. Modified DES incompatible with DES hardware cracking tools. Limited to 8 characters or less. If limited to 95 printable characters, only 2 53 possible passwords. How to resist dictionary attacks? Salting

17 CSC 482/582: Computer Security Salting Adds a 2-character (12-bit) random, public data to password to create key. Any word may be encrypted in 4096 possible ways (i.e., there are 4096 f  F). Your password always uses same salt. Someone else with same password (a) probably has different salt, and thus different c = f(a). Number of possible keys increased to 2 66 Too small for today; modern UNIX doesn’t use crypt.

18 CSC 482/582: Computer Security Salting (cont.) Prevents pre-calculated dictionary attack 2 66 passwords requires millions of terabytes crypt() 2 18 passwords/second Brute force would require 8000 machines for 48 days.

19 CSC 482/582: Computer Security Modern UNIX Passwords Format: long ASCII string Hashing techniques: MD5 (unlimited length, 12-48 bit salt) SHA1 (unlimited length, 12-48 bit salt) Bcrypt (55 chars, 128-bit salt, adjustable cost)

20 CSC 482/582: Computer Security Windows 2000/XP Passwords Storage %systemroot%\system32\config\sam locked while NT running %systemroot%\repair\sam_ backup file may be accessible via remote registry calls Format LAN Manager (LM) Hash NT (MD4) Hash

21 CSC 482/582: Computer Security Windows LM Hash Algorithm 1. Password fitted to 14 character length by truncating or padding with 0s. 2. Password converted to upper case. 3. Password divided into two 7-byte halves. 4. Each half used as DES key to encrypt same 8-byte constant. 5. Resultant strings merged to form a 16-byte hash value.

22 CSC 482/582: Computer Security Windows LM Hash Problems Last 8 bytes of c known if password < 7 chars. Dividing password into halves reducing problem of breaking 14-character password to breaking two 7- character passwords. Conversion to upper case reduces character set. Dictionary of password hashes can be prebuilt Number of possible passwords much smaller than DES space. No salt is used.

23 CSC 482/582: Computer Security Windows NT Hash Converts to Unicode, MD4 hashes result Caveat: Often used in conjunction with LM hash, which is required for backwards compatibility. No salt: identical passwords generate identical hashes.

24 CSC 482/582: Computer Security Password Selection 1. Random Selection 2. Pronounceable Passwords 3. User Selection

25 CSC 482/582: Computer Security Random Selection Yields equal distribution of passwords for maximum difficulty in cracking What about short passwords? Random passwords aren’t easy to remember Short term memory holds 7 +/- 2 items People have multiple passwords Principle of Psychological Acceptability Requires a good PRNG

26 CSC 482/582: Computer Security Random Selection (Bad)Example PDP-11 password generator 16-bit machine 8 upper-case letters and digits |P| = 36 8 = 2.8 x 10 12 At 0.00156 sec/encryption, 140 years to brute force PRNG had period of 2 16 – 1 Only 65,535 possible passwords Requires 102 seconds to try all passwords

27 CSC 482/582: Computer Security Pronounceable Passwords Generate passwords from random phonemes instead of random characters. People can remember password as sequence of audible phonemes instead of characters, allowing easy recall of longer passwords. Fewer pronounceable passwords exist than random passwords.

28 CSC 482/582: Computer Security User Selection Allow users to choose passwords. Reject insecure passwords based on ruleset: 1. Based on account, user, or host names 2. Dictionary words 3. Permuted dictionary words 4. Patterns from keyboard 5. Shorter than 6 characters 6. Digits, lowercase, or uppercase only passwords 7. License plates or acronyms 8. Based on previously used passwords

29 CSC 482/582: Computer Security Human Randomness?

30 Most Common Passwords CSC 482/582: Computer Security

31 How to Select Good Passwords 1. Long passwords, consisting of multiple words.. Use n th letter of each word if phrase too long. 2. Themes: 1. Word combinations: 3 blind katz 2. E-mail or URL: yoda@strong-this-password-is.netyoda@strong-this-password-is.net 3. Phone number: (888) 888-eight eight 4. Bracketing: Starfleet -> *!-Starfleet-!* 5. Add a word: shopping -> Goin’ shopping 6. Repetition: Pirate--PirateShip 7. Letter swapping: Sour Grape -> Gour Srape

32 CSC 482/582: Computer Security Mitigating Online Attacks If complements not accessible, attacker cannot use offline attacks and must use authentication functions. Cannot be prevented. Increase difficulty of auth function attack: Backoff: increasing wait before reprompting. Disconnection: disconnect after n failures. Disabling: disable account after n failures. Jailing: permit access to limited system, so admins can observe attacker.

33 Protecting Password Management Always send password to a predetermined location Do not let user change email/phone when requesting a password reset or change. Always notify the user of a password change User can be alerted in case an attacker has changed the password. Let user create questions and answers Don’t provide a list of pre-determined questions. CSC 482/582: Computer Security

34 Password Aging Requirement that password be changed after a period of time or after an event has occurred If expected time to guess is 180 days, should change password more frequently than 180 days 1. If change time too short, users have difficulty recalling passwords. 2. Cannot allow users to change password to current one. 3. Also prevent users from changing passwords too soon. 4. Give notice of impending password change requirement.

35 CSC 482/582: Computer Security Graphical Passwords Face Scheme: Password is sequence of faces, each chosen from a grid of 9 faces. Story Scheme: Password is sequence of images, each chosen from a grid of 9, to form a story.

36 Password Reuse CSC 482/582: Computer Security http://xkcd.com/792/

37 CSC 482/582: Computer Security Challenge-Response Problem: passwords are reusable, and thus subject to replay attacks. Solution: authenticate in such a way that the transmitted password changes each time.

38 CSC 482/582: Computer Security One-Time Passwords A password that’s invalidated once used. Challenge: number of auth attempt Response: one-time password Problems Generation of one-time passwords Use hash or crytographic function Synchronization of the user and the system Number or timestamp passwords

39 CSC 482/582: Computer Security S/Key One-time password system based on a hash function h (MD4 or MD5). User initializes with random seed k. Key generator calculates: h(k) = k 1, h(k 1 ) = k 2, …, h(k n-1 ) = k n Passwords, in order used, are p 1 = k n, p 2 = k n-1, …, p n-1 = k 2, p n = k 1

40 CSC 482/582: Computer Security S/Key Attacker cannot derive p i+1 from p i since p i = k n-i+1, p i+1 = k n-i, and h(k n-i ) = k n-i+1 which would require inverting h. Once user has used all passwords, S/Key must be re- initialized with a new seed.

41 CSC 482/582: Computer Security S/Key Login 1. User supplies account name to server 2. Server replies with number i stored in skeykeys file 3. User supplies corresponding password p i 4. Server computes h(p i ) = h(k n-i+1 ) = k n-i+2 = p i-1 and compares result with stored password. If match, user is authenticated and S/Key updates number in skeykeys file to i-1 and stores p i

42 CSC 482/582: Computer Security S/Key Login FreeBSD/i386 (example.com) (ttypa) login: s/key 97 fw13894 Password: Use S/Key calculator on local system to calculate response: % key 97 fw13894 Enter secret password: WELD LIP ACTS ENDS ME HAAG

43 CSC 482/582: Computer Security Other One Time Password Systems Software: OPIE Backwards compatible with S/Key (if same hash used). Hardware: RSA SecurID card Displayed password changes every 60sec. Password = constant password + SecurID

44 CSC 482/582: Computer Security Key Points Passwords can be attacked by Offline cracking Online guessing Observation Attacking password management functions Stored passwords are secured via Hashing (crypt, MD5, SHA1, bcrypt) Salting Good passwords need to be Complex Unique Secret Changed on a regular basis One-time passwords offer greater security.

45 CSC 482/582: Computer Security References 1. Ross Anderson, Security Engineering, Wiley, 2001. 2. Matt Bishop, Introduction to Computer Security, Addison- Wesley, 2005. 3. Mark Burnett and Dave Kleiman, Perfect Passwords, Syngress, 2006. 4. Lorie Faith Cranor and Simson Garfinkel, Security and Usability, O’Reilly, 2005. 5. Daswani, Foundations of Security, APress, 2007. 6. Cynthia Kuo et. al., “Human Selection of Mnemonic Phrase- based Passwords,” SOUPS 2006, http://cups.cs.cmu.edu/soups/2006/proceedings/p67_kuo.pdf, 2006. http://cups.cs.cmu.edu/soups/2006/proceedings/p67_kuo.pdf 7. Neils Provos and David Mazieres, “A Future-Adaptable Password Scheme,” http://www.openbsd.org/papers/bcrypt-paper.pdf, 2006.http://www.openbsd.org/papers/bcrypt-paper.pdf 8. Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006. 9. Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and Internet Security, 3/e O’Reilly, 2003.

Download ppt "Passwords CSC 482/582: Computer Security. Topics 1. Password Systems 2. Password Attacks 3. Mitigating Attacks 4. Graphical passwords 5. One-time passwords."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Chapter 12: Authentication

Chapter 12: Authentication
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.

1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Similar presentations

Ads by Google