Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Evans CS200: Computer Science University of Virginia Computer Science Class 35: Cookie Monsters and Semi-Secure.

Similar presentations


Presentation on theme: "David Evans CS200: Computer Science University of Virginia Computer Science Class 35: Cookie Monsters and Semi-Secure."— Presentation transcript:

1 David Evans http://www.cs.virginia.edu/evans CS200: Computer Science University of Virginia Computer Science Class 35: Cookie Monsters and Semi-Secure Websites

2 21 April 2003CS 200 Spring 20032 Why Care about Security? http://www.cs.virginia.edu/cs200/problem-sets/ps8/example/query.php3

3 21 April 2003CS 200 Spring 20033 Security Confidentiality – keeping secrets –Most web sites don’t want this Integrity – making data reliable –Preventing tampering –Only authorized people can insert/modify data Availability –Provide service (even when attacked) –Can’t do much about this without resources

4 21 April 2003CS 200 Spring 20034 How do you authenticate? Something you know –Password Something you have –Physical key (email account?, transparency?) Something you are –Biometrics (voiceprint, fingerprint, etc.) Serious authentication requires at least 2 kinds

5 21 April 2003CS 200 Spring 20035 Early Password Schemes UserIDPassword alyssafido benschemer daveLx.Ly.x Login: alyssa Password: spot Failed login. Guess again. Login does direct password lookup and comparison.

6 21 April 2003CS 200 Spring 20036 Login: alyssa Password: fido Terminal Trusted Subsystem Eve Login Process login sends

7 21 April 2003CS 200 Spring 20037 Password Problems Need to store the passwords –Dangerous to rely on database being secure Need to transmit password from user to host –Dangerous to rely on Internet being unsniffed Solve this today Solve this Wednesday

8 21 April 2003CS 200 Spring 20038 First Try: Encrypt Passwords UserIDPassword alyssaencrypt K (“fido”) benencrypt K (“schemer”) daveencrypt K (“Lx.Ly.x”) Problem if K isn’t so secret: decrypt K (encrypt K (P)) = P Instead of storing password, store password encrypted with secret K. When user logs in, encrypt entered password and compare to stored encrypted password.

9 21 April 2003CS 200 Spring 20039 Hashing 0 1 2 3 4 5 6 7 8 9 “neanderthal” “dog” H (char s[]) = (s[0] – ‘a’) mod 10 “horse” Many-to-one: maps a large number of values to a small number of hash values Even distribution: for typical data sets, probability of (H(x) = n) = 1/N where N is the number of hash values and n = 0..N – 1. Efficient: H(x) is easy to compute.

10 21 April 2003CS 200 Spring 200310 Cryptographic Hash Functions One-way Given h, it is hard to find x such that H(x) = h. Collision resistance Given x, it is hard to find y  x such that H(y) = H(x).

11 21 April 2003CS 200 Spring 200311 Example One-Way Function Input: two 100 digit numbers, x and y Output: the middle 100 digits of x * y Given x and y, it is easy to calculate f (x, y) = select middle 100 digits (x * y) Given f (x, y) hard to find x and y.

12 21 April 2003CS 200 Spring 200312 A Better Hash Function? H(x) = encrypt x (0) Weak collision resistance? –Given x, it should be hard to find y  x such that H(y) = H(x). –Yes – encryption is one-to-one. (There is no such y.) A good hash function? –No, its output is as big as the message!

13 21 April 2003CS 200 Spring 200313 Actual Hashing Algorithms Based on cipher block chaining –Start by encrypting 0 with the first block –Use the next block to encrypt the previous block SHA [NIST95] – 512 bit blocks, 160-bit hash MD5 [Rivest92] – 512 bit blocks, produces 128-bit hash –This is what we will use: built in to PHP

14 21 April 2003CS 200 Spring 200314 Hashed Passwords UserIDPassword alyssamd5 (“fido”) benmd5 (“schemer”) davemd5 (“Lx.Ly.x”)

15 21 April 2003CS 200 Spring 200315 Dictionary Attacks Try a list of common passwords –All 1-4 letter words –List of common (dog) names –Words from dictionary –Phone numbers, license plates –All of the above in reverse Simple dictionary attacks retrieve most user-selected passwords Precompute H(x) for all dictionary entries

16 21 April 2003CS 200 Spring 200316 86% of users are dumb and dumber Single ASCII character0.5% Two characters2% Three characters14% Four alphabetic letters14% Five same-case letters21% Six lowercase letters18% Words in dictionaries or names15% Other (possibly good passwords)14% (Morris/Thompson 79)

17 21 April 2003CS 200 Spring 200317 Salt of the Earth UserIDSaltPassword alyassa1125DES+ 25 (0, “Lx.Ly.x”, 1125 ) ben2437DES+ 25 (0, “schemer”, 2437) dave932DES+ 25 (0, “Lx.Ly.x”, 932) How much harder is the off-line dictionary attack? DES+ (m, key, salt) is an encryption algorithm that encrypts in a way that depends on the salt. Salt: 12 random bits (This is the standard UNIX password scheme.)

18 21 April 2003CS 200 Spring 200318 PHP Code // We use the username as a "salt" (since they must be unique) $encryptedpass = md5 ($password. $username); Not quite as secure as using a random value. What is someone picks xdave as their username and Lx.Ly. as their password? userpassword alyssa 9928ef0d7a0e4759ffefbadb8bc84228 evans bafd72c60f450ed665a6eadc92b3647f

19 21 April 2003CS 200 Spring 200319 Authenticating Users User proves they are a worthwhile person by having a legitimate email address –Not everyone who has an email address is worthwhile –Its not too hard to snoop (or intercept) someone’s email But, provides much better authenticating than just the honor system

20 21 April 2003CS 200 Spring 200320 Registering for Account User enters email address Account is marked as “Inactive” Send an email with an unguessable URL URL that activates the account $encryptedpass = md5 ($password. $username); $query = "INSERT INTO users (username, password, email, activated) VALUES ('$username', '$encryptedpass', '$email', 0)";

21 21 April 2003CS 200 Spring 200321 PHP Code ( register-process.php ) $actcode = md5 ($username. $secret); $url = "http://". $_SERVER['HTTP_HOST']. dirname ($_SERVER['PHP_SELF']). "/activate.php?user=$username&code=$actcode"; mail ($email, // User’s email address "WahooChat Account Activation", // Subject Line "To activate your account visit $url ", // Message body "From: wahoochat-bot@virginia.edu"); // From address A string only the server should know. (Hard to really keep this secret…) Why not just use md5($username) ?

22 21 April 2003CS 200 Spring 200322 activate.php $result = mysql_query ("SELECT activated FROM users WHERE username='$user'"); $rows = mysql_num_rows ($result); if ($rows == 0) { error ("No account for username: $user");} else { $activated = mysql_result ($result, 0, 0); if ($activated != 0) { error ("Account $username is already activated.");} else { $actcode = md5 ($user. $secret); if ($code == $actcode) { $result = mysql_query ("UPDATE users SET activated=1 WHERE username='$user'"); if ($result != 1) { error ("Database update failed: $result"); } else { print "Your account is now activated! "; } } else { print "Invalid account code! "; }

23 21 April 2003CS 200 Spring 200323 Cookies HTTP is stateless: every request is independent Don’t want user to keep having to enter password every time A cookie is data that is stored on the browser’s machine, and sent to the web server when a matching page is visited

24 21 April 2003CS 200 Spring 200324 Using Cookies Look at the example PHP code Cookie must be sent before any HTML is sent Be careful how you use cookies – anyone can generate any data they want in a cookie –Make sure they can’t be tampered with: use md5 hash with secret to authenticate –Don’t reuse cookies - easy to intercept them (or steal them from disks): use a counter than changes every time a cookie is used

25 21 April 2003CS 200 Spring 200325 Problems Left The database password is visible in plaintext in the PHP code –No way around this (with UVa mysql server) –Anyone who can read UVa filesystem can access your database The password is transmitted unencrypted over the Internet (next class) Proving you can read an email account is not good enough to authenticate for important applications

26 Nathanael Paul David Evans University of Virginia [nrpaul, evans]@cs.virginia.edu Avi Rubin Johns Hopkins University rubin@jhu.edu Dan Wallach Rice University dwallach@cs.rice.edu Authentication for Remote Voting

27 21 April 2003CS 200 Spring 200327 Types of Authentication Something you know –passwords –Example: login to schedule of classes Something you are –Biometrics –Examples: iris scanner, fingerprint reader Something you have –This: a transparency

28 21 April 2003CS 200 Spring 200328 Authentication for remote voting Remote voting offers convenience –69% votes cast by mail in 2001 in state of Washington Electronic voting is cheaper and faster –More secure? –New problems: virus, worm, spoofing, denial of service Mutual authentication –Voter authenticated to server –Server authenticated to voter

29 21 April 2003CS 200 Spring 200329 Doing Encryption without Computers Can’t trust voters to have trustworthy computers –Viruses can tamper with their software Need to do authentication in a way that doesn’t depend on correctness of user’s software Lorenz cipher: use XOR to encrypt –Is there a way to do lots of XOR’s without a computer?

30 21 April 2003CS 200 Spring 200330 Visual cryptography (Naor & Shamir, 1994) Perfectly secure (one-time pad) Server can encode anything knowing voter’s layer TransparencyScreenTransparencyScreen Option 1Option 2 Encodes a clear (grey) square Encodes a dark square

31 21 April 2003CS 200 Spring 200331 Remote Voting System E k (k 1 ) E k (k n ) E k (k 2 ) … … STEP 1keys kiki S k i = “AQEGSDFASDF” S STEP 2 STEP 3 – if k i valid… STEP 4 Key: AQEGSDFASDF k i = client machine Each voter is sent a key, k i

32 21 April 2003CS 200 Spring 200332 Summary Mutual authentication –Authentication of user to server –Authentication of server to user Involves the human (as opposed to machine) Anonymity by proper use of layered images You will get a transparency on Wednesday


Download ppt "David Evans CS200: Computer Science University of Virginia Computer Science Class 35: Cookie Monsters and Semi-Secure."

Similar presentations


Ads by Google