1. File Protection Mechanisms  All-None Protection Lack of trustLack of trust All or nothingAll or nothing Timesharing issuesTimesharing issues ComplexityComplexity File listingsFile listings

2. File Protection Mechanisms  Group Protection User cannot belong to two groupsUser cannot belong to two groups Forces one person to be multiple usersForces one person to be multiple users Forces user to be put into all groupsForces user to be put into all groups Files can only be shared within groupsFiles can only be shared within groups

3. File Protection Mechanisms  Single Permissions Password/Token for each filePassword/Token for each file  Can be lost  Inconvenient  Must be protected (if changed, must notify all users) Temporary Acquired PermissionTemporary Acquired Permission  UNIX’s set userid (suid)

4. User Authentication  Something the user knows (password, PIN, passphrase, mother’s maiden name)  Something the user has (ID, key, driver’s license, uniform)  Something the user is (biometrics)

5. Use of Passwords  Mutually agreed-upon code words, assumed known only to user and system  First line of defense  Loose-Lipped Systems WELCOME TO XYZ COMPUTINGWELCOME TO XYZ COMPUTING ENTER USER ID: summersENTER USER ID: summers INVALID USER NAMEINVALID USER NAME ENTER USER ID:ENTER USER ID:

6. Attack on Passwords  Ask the user  Search for the system list of passwords Find a valid user IDFind a valid user ID Create a list of possible passwords (encrypt if needed)Create a list of possible passwords (encrypt if needed) Rank the passwords from high to low probabilityRank the passwords from high to low probability Try each passwordTry each password If attempt fails, try again (don't exceed password lockout)If attempt fails, try again (don't exceed password lockout)

7. Attack on Passwords  Exhaustive Attack (brute-force) 18,278 passwords of 3 letters or less18,278 passwords of 3 letters or less 1 password / millisecond would take 18 seconds (8 minutes for 4 letters, 3.5 hours for 5 letters)1 password / millisecond would take 18 seconds (8 minutes for 4 letters, 3.5 hours for 5 letters)  Probable passwords (dictionary attack) 80,000 word dictionary would take 80 seconds80,000 word dictionary would take 80 seconds Expanded “dictionary”Expanded “dictionary”

8. Attack on Passwords  UK Study (http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.pass words/?related) 50% passwords were family names50% passwords were family names Celebrities/soccer stars – 9% eachCelebrities/soccer stars – 9% each Pets – 8%Pets – 8% 10% reflect a fantasy10% reflect a fantasy Only 10% use cryptic combinationsOnly 10% use cryptic combinations

9. Attack on Passwords  Look on desk…  Try no password  Try user ID  Try user’s name  Common words (password, private, secret)  Short dictionary  Complete English word list  Common non-English dictionaries  Dictionary with capitalization and substitutions (0 for o and 1 for i)  Brute force (lowercase alphabet)  Brute force (full character set)

10. Attack on Passwords  Plaintext System Password List (MS Windows)  Encrypted Password List – 1-way (/etc/passwd)  Shadow Password List (/etc/shadow)  Salt – 12-bit number formed from system time and process id; concatenated to password

11. Password Selection Criteria  Use characters other than A-Z  Choose long passwords  Avoid names and words  Choose unlikely password  Change password regularly (don’t reuse)  Don’t write it down  Don’t tell anyone  http://www.mit.edu/afs/sipb/project/doc/passwor ds/passwords.html http://www.mit.edu/afs/sipb/project/doc/passwor ds/passwords.html http://www.mit.edu/afs/sipb/project/doc/passwor ds/passwords.html  One-time passwords

12. Authentication  Should be slow (5-10 seconds)  Should only allow a limited # of failures (e.g. 3)  Challenge-Response Systems  Impersonation of Login  Authentication Other than Passwords