2. Access Control

3. Authentication: Who goes there? Determine whether access is allowed Authenticate human to machine Authenticate machine to machine Authorization: Are you allowed to do that? Once you have access, what can you do? Enforces limits on actions Note: Access control often used as synonym for authorization Chapter 7 Authentication 2

4. Passwords Biometrics Smartcard

5. Who Goes There? How to authenticate a human to a machine? Can be based on… Something you know: a password Something you have: a smartcard Something you are: your fingerprint Chapter 7 Authentication 4 Are Know Have

6. Password Chapter 7 Authentication 5

7. Something You Know Passwords Lots of things act as passwords! PIN (Personal Identification Number) Social security number Mother’s maiden name Date of birth Name of your pet, etc. Chapter 7 Authentication 6 Are Have Know

8. Trouble with Passwords - 1/2 Passwords are one of the biggest practical problems facing security engineers today. One solution use cryptographic keys as passwords Cryptographic keys are also large, expensive to maintain, difficult to manage, and they pollute the environment. Chapter 7 Authentication 7

9. Trouble with Passwords - 2/2 Humans are incapable of securely storing high- quality cryptographic keys, and have unacceptable speed and accuracy when performing cryptographic operations. Chapter 7 Authentication 8

10. Why Passwords? Why is “something you know” more popular than “something you have” and “something you are”? Two reasons Cost: passwords are free Convenience: easier for System Administrator to reset password than to issue new smartcard Chapter 7 Authentication 9

11. Password issues Keys and Passwords Choosing Passwords Attacking Systems via Passwords Password Verification Math of Password Cracking Other Password Issues Chapter 7 Authentication 10

12. Keys vs Passwords – 1/2 Crypto keys Spse key is 64 bits Then 2 64 keys Choose key at random Then attacker must try about 2 63 keys Passwords Spse pwds are 8 characters, and 256 different choices for 1 character Then 256 8 = 2 64 pwds Users do not select passwords at random Attacker has far less than 2 63 pwds to try (dictionary attack) Chapter 7 Authentication 11

13. Keys vs Passwords - 2/2 Dictionary Attack “dictionary” of 2 20 ≈ 1,000,000 passwords: reasonable probability to crack any given password But for randomly generated 64-bits key Given of 2 20 ≈ 1,000,000 passwords, Then the chance to success is only 2 20 / 2 64 = 1/ 2 44 ≈ 1/17,000,000,000,000 Nonrandomness of pwds is the root of problems Chapter 7 Authentication 12

14. Choosing Password - 1/4 Bad passwords frank Fido password 4444 Pikachu 102560 AustinStamp Good Passwords? jfIej,43j-EmmL+y 09864376537263 P0kem0N FSa7Yago 0nceuP0nAt1m8 PokeGCTall150 Chapter 7 Authentication 13

15. Choosing Password - 2/4 Passphase is another solution for pwd a sequence of words or other text used to control access to a computer system A passphrase is similar to a password in usage, but is generally longer for added security. Experiment: three groups of users Group A: At least 6 chars, 1 non-letter Group B: Password based on passphrase Group C: 8 random characters Chapter 7 Authentication 14

16. Choosing Password - 3/4 Results Group A: About 30% of pwds easy to crack Group B: About 10% cracked Passwords easy to remember Group C: About 10% cracked Passwords hard to remember Chapter 7 Authentication winner 15

17. Choosing Password - 4/4 Assigned passwords sometimes best User compliance hard to achieve In each case, 1/3rd did not comply and about 1/3rd of those easy to crack! If passwords not assigned, best advice is Choose passwords based on passphrase Use pwd cracking tool to test for weak pwds Require periodic password changes? Chapter 7 Authentication 16

18. Attacks on Passwords - 1/2 Attacker could… Target one particular account Target any account on system Target any account on any system Attempt denial of service (DoS) attack Common attack path Outsider  normal user  administrator May only require one weak password! Chapter 7 Authentication 17

19. Attacks on Passwords - 2/2 Suppose system locks after 3 bad passwords. How long should it lock until SA restores service ? 5 seconds – (insufficient to deter automatic attack) 5 minutes – (open door to a DOS) What are +’s and -’s of each? The correction answer of it is not readily apparent Chapter 7 Authentication 18

20. Password Verification - 1/5 To determine the validity of an entered password, the computer must have something to compare against But need a way to verify passwords Store pwds in a file Store pwds in a file after hashing Store pwds in a file after salt hashing Bad idea to store passwords in a file Chapter 7 Authentication 19

21. Password Verification - 2/5 Cryptographic solution: hash the passwords Store y = hash(password) Can verify entered password by hashing If attacker obtains password file, he does not obtain passwords Of course, If attacker with pwd file can guess x and check whether y = hash(x), t hen attacker has found pwd! But, At least, the attacker can not use the file directly! Chapter 7 Authentication 20

22. Password Verification - 3/5 Spse attacker pre-computes hash(x) for all x in a dictionary of common pwds and attacker gets access to pwd file containing hashed pwds Attacker only needs to compare hashes to his pre-computed dictionary Same attack will work each time Can we prevent this attack? Or at least make attacker’s job more difficult? Chapter 7 Authentication 21

23. Password Verification - 4/5 Salt value can make attacker more difficult Slat serves as IV of CBC mode: IV is not secret Given password, choose random s, compute y = hash(pwd, s) and store the pair (s,y) in the password file Note: The salt value is not secret Chapter 7 Authentication 22

24. Password Verification - 5/5 Easy to verify password To verify pwd z, retrieve (s,y) from pwd file Compute hash(z,s) and compare it y Attacker must recompute dictionary hashes for each user  lots more work! Spse Alice’s pwd is hashed with s a, Bob’s s b Then to crack Alice’s pwd using the dictionary, Trudy must compute hashes of the word in dic with s a, but crack Bob’s Trudy must recompute the hashes using s b Chapter 7 Authentication 23

25. Math of Pwd Cracking – 1/7 Assumptions Pwds are 8 chars, 128 choices per character Then 128 8 = 2 56 possible passwords There is a password file with 2 10 hashed pwds Attacker has dictionary of 2 20 common pwds (hashed pwds) For experience, Probability of 1/4 that a pwd is in dictionary Work is measured by number of hashes Comparisons are free Chapter 7 Authentication 24

26. Math of Pwd Cracking – 2/7 Case I Attacker want to find Alice’s pwd w/o using the dictionary Case II Attacker want to find Alice’s pwd using the dictionary Case III Attacker want to find any one pwd in the hashed pwd file w/o using the dictionary Case IV Attacker want to find any one pwd in the hashed pwd file, using the dictionary Chapter 7 Authentication 25

27. Math of Pwd Cracking – 3/7 Case I: password without dictionary Must try 2 56 /2 = 2 55 on average Just like exhaustive key search Case II: password with dictionary Expected work is about 1/4 (2 19 ) + 3/4 (2 55 ) ≈ 2 54.6 But in practice, try all in dictionary and quit if not found  work is at most 2 20 and probability of success is 1/4 Chapter 7 Authentication 26

28. Math of Pwd Cracking – 4/7 Case III: Attack any of 1024(2 10 ) pwds in file without dictionary Assume all 2 10 passwords are distinct Need 2 55 comparisons before expect to find password If no salt, each hash computation gives 2 10 comparisons  the expected work (number of hashes) is 2 55 /2 10 = 2 45 If salt is used, expected work is 2 55 since each comparison requires a new hash computation Chapter 7 Authentication 27

29. Math of Pwd Cracking – 5/7 Case IV: Attack any of 1024 passwords in file with dictionary Probability at least one password is in dictionary is 1 - (3/4) 1024 ≈ 1 We ignore case where no pwd is in dictionary If no salt, work is about 2 19 /2 10 = 2 9 If salt, expected work is less than 2 22 (ref next slide) Note: If no salt, we can precompute all dictionary hashes and amortize the work Chapter 7 Authentication 28

30. Math of Pwd Cracking – 6/7 If salt, expected work is less than 2 22 y 0,y 1,…,y 1023 : pwd hashes s 0,s 1,…,s 1023 : the corresponding salt values d 0,d 1,…,d (2^20)-1 : dictionary words Trudy first compute h(d 0,s 0 ) and compares it to y 0, then she compute h(d 1,s 0 ) and compares it to y 0 and so on. That is, Trudy compares first compare y 0 to all of hashed dic. words. Then she compares y 1 to to all of hashed dic. words. Chapter 7 Authentication 29

31. Math of Pwd Cracking – 7/7 If y 0 is in dic (prob ¼), Trudy can expect to find it about 2 19 hashes. If not (prob ¾), Trudy compute 2 20 hashes If Trudy find y 0 is in dic, then she’s done. If not, Trudy will have 2 20 hashes before moves on to y 1 Continuing, in this manner, the expected work ¼(2 19 ) + ¾¼(2 20 +2 19 ) + (¾) 2 ¼(22 20 +2 19 ) + … + (¾) 1023 ¼(10232 20 +2 19 ) < 2 22 Chapter 7 Authentication 30

32. Other Password Issues -1/3 Too many passwords to remember Results in password reuse Why is this a problem? – Trudy would be wise to try it other place where you use a password. Failure to change default passwords Social engineering If someone calls you, claiming to be a SA who needs your pwd in order to correct prob., would you give out your pwd? - 34% will give it and 70% will give their pwd away for a candy bar Chapter 7 Authentication 31

33. Other Password Issues -2/3 Who suffers from bad password? ATM PIN: only you Login password: every one of the system Error logs may contain “almost” passwords Bugs, keystroke logging, spyware, etc. Chapter 7 Authentication 32

34. Other Password Issues -3/3 Popular password cracking tools Password Crackers Password Portal L0phtCrack and LC4 (Windows) L0phtCrack and LC4 John the Ripper (Unix) John the Ripper Admins should use these tools to test for weak passwords since attackers will! Good article on password cracking Passwords - Conerstone of Computer Security Chapter 7 Authentication 33

35. Passwords The bottom line Password cracking is too easy! One weak password may break security Users choose bad passwords Social engineering attacks, etc. The bad guy has all of the advantages All of the math favors bad guys Passwords are a big security problem Chapter 7 Authentication 34

36. Biometrics Chapter 7 Authentication 35

37. Something You Are Biometric “You are your key”  Schneier Chapter 7 Authentication Examples Fingerprint Handwritten signature Facial recognition Speech recognition Gait (walking) recognition “Digital doggie” (odor recognition) Many more! 36 Know Have Are

38. Why Biometrics? Biometrics seen as desirable replacement for passwords Cheap and reliable biometrics needed Today, a very active area of research Biometrics are used in security today Thumbprint mouse Palm print for secure entry Fingerprint to unlock car door, etc. But biometrics not too popular Has not lived up to its promise (yet?) – Why? Chapter 7 Authentication 37

39. The DARK SIDE … Social acceptance: Perceived as invasive; People liked facial scans less as fingerprints as a substitute for a PIN in ATM. Easy to forge: Biometric measurements are easy to forge. It's easy to steal a biometric after the measurement is taken. Impossible to revoke: What happens if a biometric is stolen? It can not be revoked…Once someone steals your biometric, it remains stolen for life. Privacy: issues…Biometrics are personal Chapter 7 Authentication 38

40. Ideal Biometric Universal 보편성  applies to (almost) everyone In reality, no biometric applies to everyone Distinguishing 구별성  distinguish with certainty In reality, cannot hope for 100% certainty Permanent 영구성  physical characteristic being measured never changes In reality, want it to remain valid for a long time Collectable 수집성  easy to collect required data Depends on whether subjects are cooperative Safe, easy to use, etc., etc. Chapter 7 Authentication 39

41. Biometric Modes Identification 식별  Who goes there? Compare one to many Example: The FBI fingerprint database Authentication 인증  Is that really you? Compare one to one Example: Thumbprint mouse Identification problem more difficult More “random” matches since more comparisons We are interested in authentication Chapter 7 Authentication 40

42. Two phases of Bio system Enrollment phase Subject’s biometric info put into database Must carefully measure the required info It could be needed slow and repeated measurement A weak point of many biometric schemes Must be very precise for good recognition Recognition phase Biometric detection when used in practice Must be quick and simple But must be reasonably accurate Chapter 7 Authentication 41

43. Cooperative Subjects We are assuming cooperative subjects In authentication, subjects are cooperative In identification, problem often have uncooperative subjects For example, facial recognition Proposed for use in Las Vegas casinos to detect known cheaters Also as way to detect terrorists in airports, etc. Probably do not have ideal enrollment conditions Subject will try to confuse recognition phase Cooperative subjects make bio prob much more tractable!!! Chapter 7 Authentication 42

44. Biometric issues Type of Error Biometric Examples Fingerprints Hand Geometry Iris Scan Biometric Error Rates Biometric Conclusions Chapter 7 Authentication 43

45. Biometric Examples Type of Error Chapter 7 Authentication 44

46. Biometric Errors Fraud rate 기만율 versus insult rate 모욕률 Fraud  user A mis-authenticated as user B Insult  user A not authenticate as user A For any biometric, can decrease fraud or insult, but other will increase For example 99% voiceprint match  low fraud, high insult 30% voiceprint match  high fraud, low insult Equal error rate: rate where fraud == insult The useful measure for comparing different biometric system Chapter 7 Authentication 45

47. Biometric Examples Fingerprint Chapter 7 Authentication 46

48. Fingerprint History - 1/2 Ancient China: as a form of signature Scientific Form 1798  J.C. Major suggest that Fingerprint might be unique 1823  Professor J. E. Purkinje discussed 9 fingerprint patterns 1856  Sir W. Hershel used fingerprint (in India) on contracts 1880  Dr. H. Faulds article in Nature about fingerprints for ID 1883  M.Twain’s Life on the Mississippi, a murderer ID’ed by fingerprint Chapter 7 Authentication 47

49. Fingerprint History - 2/2 Widespread use of fingerprint 1892  Sir Francis Galton (cousin of Darwin) developed classification system His system of “minutia” is still in use today Also verified that fingerprints do not change Some countries require a number of points (i.e., minutia 지문특징 ) to match in criminal cases In Britain, 15 points In US, no fixed number of points required Chapter 7 Authentication 48

50. Fingerprint Comparison Examples of loops 제상문, whorls 외상문 and arches 궁상문 Minutia extracted from these features Chapter 7 Authentication Loop (double) Whorl 소용돌이꼴 Arch 49

51. Fingerprint Biometric - 1/2 1.Capture image of fingerprint 2.Enhance image 3.Identify minutia Chapter 7 Authentication 50

52. Fingerprint Biometric - 2/2 Extracted minutia are compared with user’s minutia stored in a database Analogous to the manual analysis Is it a statistical match? Chapter 7 Authentication 51

53. Biometric Examples Hand Geometry Chapter 7 Authentication 52

54. Hand Geometry Chapter 7 Authentication Popular form of biometric Measures shape of hand Width of hand, fingers Length of fingers, etc. (16) Human hands not unique Hand geometry sufficient for many situations Suitable for authentication Not useful for ID problem 53

55. Hand Geometry Advantages Quick 1 minute for enrollment 5 seconds for recognition Hands symmetric (use other hand backwards) Disadvantages Cannot use on very young or very old Relatively high equal error rate Chapter 7 Authentication 54

56. Biometric Examples Iris Scan Chapter 7 Authentication 55

57. Iris Patterns Iris: the colored part of the eye In theory, the best for authentication Iris pattern development is “chaotic” So, minor variations lead to large differences Little or no genetic influence Different even for identical twins Pattern is stable through lifetime Chapter 7 Authentication 56

58. Iris Recognition: History The first idea of using the human iris for ID -1936 suggested by Frank Burch Resurface - 1980s James Bond films The first patent appeared - 1986 The best current approach to iris scanning – 1994 patented by John Daugman Patent owned by Iridian Technologies Chapter 7 Authentication 57

59. Automated Iris Scan 1.Scanner locates iris 2.Take black/white photo Use polar coordinates… 3.The image is processed using 2-D wavelet transform 4.Get 256(2048bits) byte iris code Chapter 7 Authentication 58

60. Measuring Iris Similarity Based on Hamming distance Define d(x,y) to be (# of non match bits) / (# of bits compared) Example d(0010,0101) = 3/4 and d(101111,101001) = 1/3 Compute d(x,y) on 2048 -bit iris code Perfect match is d(x,y) = 0 For same iris, expected distance is 0.08 At random, expect distance of 0.50 Accept as match if distance less than 0.32 Chapter 7 Authentication 59

61. Iris Scan Error Rate Chapter 7 Authentication distance 0.29 1 in 1.3  10 10 0.30 1 in 1.5  10 9 0.31 1 in 1.8  10 8 0.32 1 in 2.6  10 7 0.33 1 in 4.0  10 6 0.34 1 in 6.9  10 5 0.35 1 in 1.3  10 5 distance Fraud rate : equal error rate 60

62. Attack on Iris Scan Good photo of eye can be scanned And attacker can use photo of eye Chapter 7 Authentication Afghan woman was authenticated by iris scan of old photo Story is herehere To prevent photo attack, scanner could use light to be sure it is a “live” iris 61

63. Biometric Error Rates Chapter 7 Authentication 62

64. Equal Error Rate Comparison Equal error rate (EER): fraud rate == insult rate Fingerprint bio has EER of about 5% Hand geometry has EER of about 10 -3 Iris scan has EER of about 10 -6 But in practice, hard to achieve Enrollment phase must be extremely accurate Chapter 7 Authentication 63

65. Equal Error Rate Comparison In practice, most biometrics much worse than fingerprint! Biometrics useful for authentication… But ID biometrics are almost useless today Chapter 7 Authentication 64

66. Biometric Conclusions Chapter 7 Authentication 65

67. Biometrics: The Bottom Line Biometrics are hard to forge But attacker could Steal Alice’s thumb Photocopy Bob’s fingerprint, eye, etc. Subvert software, database, “trusted path”, … Also, how to revoke a “broken” biometric? Biometrics are not foolproof! Biometric use is limited today That should change in the future… Chapter 7 Authentication 66

68. Smart Card Chapter 7 Authentication 67

69. Something You Have Something in your possession Examples include Car key Laptop computer Or specific MAC address Password generator We’ll look at this next ATM card, smartcard, etc. Chapter 7 Authentication 68 Are Know Have

70. Password Generator Alice gets “challenge” R from Bob Alice enters R into password generator Alice sends “response” back to Bob Alice has pwd generator and knows PIN Chapter 7 Authentication Alice Bob 1. “I’m Alice” 2. R 5. F(R) 3. PIN, R 4. F(R) Password generator 69

71. Other issues Chapter 7 Authentication 70

72. 2-factor Authentication Requires 2 out of 3 of Something you know Something you have Something you are Examples ATM: Card and PIN Credit card: Card and signature Password generator: Device and PIN Smartcard with password/PIN Chapter 7 Authentication 71

73. Single Sign-on A hassle to enter password(s) repeatedly Users want to authenticate only once “Credentials” stay with user wherever he goes Subsequent authentication is transparent to user Single sign-on for the Internet? Microsoft: Passport Everybody else: Liberty Alliance 자유동맹군 Based on Security Assertion Markup Language (SAML) Chapter 7 Authentication 72

74. Web Cookies Cookie is provided by a Website and stored on user’s machine Cookie indexes a database at Website Cookies maintain state across sessions Web uses a stateless protocol: HTTP Cookies also maintain state within a session Like a single sign-on for a website Though a very weak form of authentication Cookies and privacy concerns Chapter 7 Authentication 73