Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Authentication.

Published byQuentin Wiggins Modified over 9 years ago

Similar presentations

Presentation on theme: "CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Authentication."— Presentation transcript:

1 CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Authentication

2 CSC 382: Computer SecuritySlide #2 Authentication 1.What is Authentication? 2.Passwords 1.Dictionary Attacks 2.UNIX and Windows Passwords 3.Password Selection 3.Challenge-Response 4.Biometrics 5.Location

3 CSC 382: Computer SecuritySlide #3 What is Authentication? Binding of an identity to a subject Based on: 1.What the entity knows (e.g., passwords) 2.What the entity has (e.g., access card) 3.What the entity is (e.g., fingerprints) 4.Where the entity is (e.g., local terminal)

4 CSC 382: Computer SecuritySlide #4 Authentication System A: set of authentication information –information used by entities to prove identity C: set of complementary information –information stored by system to validate A F: set of complementation functions f : A → C –generate C from A L: set of authentication functions l: A  C→{T,F} –verify identity S: set of selection functions –enable entity to create or alter A or C

5 CSC 382: Computer SecuritySlide #5 Password System Example User authenticates with 8-character alphanumeric password. System compares against stored cleartext password. A = [A-Za-z0-9]{8} C = A F = { I } L = { = } Not a system that anyone should actually use.

6 CSC 382: Computer SecuritySlide #6 Passwords What you know Sequence of characters Complementation Function –Identity: requires access control to protect C –One-way Hash easy to compute c = f(a) difficult to compute a = f -1 (c)

7 CSC 382: Computer SecuritySlide #7 UNIX Passwords Format: Up to 8 ASCII characters –A contains 6.9 x 10 16 possible passwords –C contains strings of length 13 chosen from alphabet of 64 characters, 3.0 x 10 23 strings Storage –/etc/passwd (0644) was traditionally used –/etc/shadow (0600) in modern systems

8 CSC 382: Computer SecuritySlide #8 Password Cracking Find a  A, such that, for f  F, f(a) = c  C and c is associated with a particular entity. Methods of determining whether a is associated with an entity: 1.Compute f(a) –Defend by hiding info so a, c, or f unknown. 2.Authenticate via l(a) –Defend by preventing access to auth functions L.

9 CSC 382: Computer SecuritySlide #9 Dictionary Attack Guess password by repeated trial and error. Types of Dictionary Attacks: 1.Compute f(g), requires password hashes. 1.Compute f(g) for each guess g and each f  F. 2.Success if f(g) matches complementary info for any entity E. 2.Compute l(g) 1.Attempt l(g) for each guess g. 2.Success if l(g) true.

10 CSC 382: Computer SecuritySlide #10 Types of Dictionary Attacks 1.Common passwords 2.English/foreign words 3.Permutation rules –Substitute numbers/symbols for letters –Change case, pluralize, reverse words, character shifts, digit/symbol prefix/postfix,joining words 4.Brute force –All possible strings

11 CSC 382: Computer SecuritySlide #11 Making Password Guessing Easier Web sites will e-mail you password if you answer a simple “secret” question: 1.What is your favorite color? 2.What is your pet’s name? 3.What is your mother’s maiden name? Violation of fail-safe defaults Failover to less secure protocol. How many favorite colors are there?

12 CSC 382: Computer SecuritySlide #12 Countering Password Guessing Choose a, c, and f to select suitably low probability of successful guessing P(T)  TG / N –G is number of guess per time unit T –T is number of time units in attack –N is number of possible passwords

13 CSC 382: Computer SecuritySlide #13 Anderson’s Formula A S >= 4.32 x 10 4 M R / P E –N = A S A is number of characters in password alphabet S is length of password –G = R/E R number of bytes/minute that can be transmitted E number of characters exchanged when logging in –T = 4.32 x 10 4 M is time (min) for M months

14 CSC 382: Computer SecuritySlide #14 Example Password System –A = 96 characters –System allows 10 4 guesses/second –Requirement: probablility of success guess should be 0.5 over 365-day period What should the minimum password length be? –N >= TG/P –N >= (365 x 24 x 60 x 60) x 10 4 / 0.5 = 6.31 x 10 11 –  96 i >= N = 6.31 x 10 11 is true when S >= 6 –The minimum required password length is 6.

15 CSC 382: Computer SecuritySlide #15 Assumptions 1.Time to test password is constant Reasonable for f  F Choose minimum time if variable. 2.All passwords are equally likely to be selected. Dependent on password selection mechanism

16 CSC 382: Computer SecuritySlide #16 UNIX Password Hashing crypt() function used for hashing –DES encrypts 64-bit block of 0s (25 rounds) using your password for the key. Modified DES incompatible with DES hardware cracking tools. –Limited to 8 characters or less. –If limited to 95 printable characters, only 2 53 possible passwords. –How to resist dictionary attacks? Salting

17 CSC 382: Computer SecuritySlide #17 Salting Adds a 2-character (12-bit) random, public data to password to create key. Any word may be encrypted in 4096 possible ways (i.e., there are 4096 f  F). –Your password always uses same salt. –Someone else with same password (a) probably has different salt, and thus different c = f(a). Number of possible keys increased to 2 66 –Too small for today; modern UNIX uses MD5/SHA-1.

18 CSC 382: Computer SecuritySlide #18 Salting (cont.) Prevents pre-calculated dictionary attack –2 66 passwords requires millions of terabytes crypt() 2 18 passwords/second –Brute force would require 8000 machines for 48 days.

19 CSC 382: Computer SecuritySlide #19 Windows 2000/XP Passwords Storage –%systemroot%\system32\config\sam –locked while NT running –%systemroot%\repair\sam_ backup file –may be accessible via remote registry calls Format –LAN Manager (LM) Hash –NT (MD4) Hash

20 CSC 382: Computer SecuritySlide #20 Windows LM Hash Algorithm 1.Password fitted to 14 character length by truncating or padding with 0s. 2.Password converted to upper case. 3.Password divided into two 7-byte halves. 4.Each half used as DES key to encrypt same 8-byte constant. 5.Resultant strings merged to form a 16-byte hash value.

21 CSC 382: Computer SecuritySlide #21 Windows LM Hash Problems Last 8 bytes of c known if password < 7 chars. Dividing password into halves reducing problem of breaking 14-character password to breaking two 7- character passwords. Conversion to upper case reduces character set. Dictionary of password hashes can be prebuilt –Number of possible passwords much smaller than DES space. –No salt is used.

22 CSC 382: Computer SecuritySlide #22 Windows NT Hash Converts to Unicode, MD4 hashes result Caveat: Often used in conjunction with LM hash, which is required for backwards compatibility. No salt: identical passwords generate identical hashes.

23 CSC 382: Computer SecuritySlide #23 Password Selection 1.Random Selection 2.Pronounceable Passwords 3.User Selection

24 CSC 382: Computer SecuritySlide #24 Random Selection Yields equal distribution of passwords for maximum difficulty in cracking –What about short passwords? Random passwords aren’t easy to remember –Short term memory holds 7 +/- 2 items –People have multiple passwords –Principle of Psychological Acceptability Requires a good PRNG

25 CSC 382: Computer SecuritySlide #25 Random Selection (Bad)Example PDP-11 password generator –16-bit machine –8 upper-case letters and digits –|P| = 36 8 = 2.8 x 10 12 –At 0.00156 sec/encryption, 140 years to brute force PRNG had period of 2 16 – 1 –Only 65,535 possible passwords –Requires 102 seconds to try all passwords

26 CSC 382: Computer SecuritySlide #26 Pronounceable Passwords Generate passwords from random phonemes instead of random characters. –People can remember password as sequence of audible phonemes instead of characters, allowing easy recall of longer passwords. –Fewer pronounceable passwords exist than random passwords.

27 CSC 382: Computer SecuritySlide #27 User Selection Allow users to choose passwords. Reject insecure passwords based on ruleset: 1.Based on account, user, or host names 2.Dictionary words 3.Permuted dictionary words 4.Patterns from keyboard 5.Shorter than 6 characters 6.Digits, lowercase, or uppercase only passwords 7.License plates or acronyms 8.Based on previously used passwords

28 CSC 382: Computer SecuritySlide #28 How to Select Good Passwords 1.Use a long password (at least 8 chars). 2.Avoid dictionary words and permutations. 3.Avoid using passwords based on old ones. 4.Incorporate numbers and/or punctuation. 5.Use a pass phrase –Use n th letter of each word if phrase too long. 6.Manual random generation –Roll dice to select word from list.

29 CSC 382: Computer SecuritySlide #29 Guessing via Authentication Fns If complements not accessible, attacker must use authentication functions. Cannot be prevented. Increase difficulty of auth function attack: Backoff: increasing wait before reprompting. Disconnection: disconnect after n failures. Disabling: disable account after n failures. Jailing: permit access to limited system, so admins can observe attacker.

30 CSC 382: Computer SecuritySlide #30 Password Aging Requirement that password be changed after a period of time or after an event has occurred If expected time to guess is 180 days, should change password more frequently than 180 days 1.If change time too short, users have difficulty recalling passwords. 2.Cannot allow users to change password to current one. 3.Also prevent users from changing passwords too soon. 4.Give notice of impending password change requirement.

31 CSC 382: Computer SecuritySlide #31 Challenge-Response Problem: passwords are reusable, and thus subject to replay attacks. Solution: authenticate in such a way that the transmitted password changes each time.

32 CSC 382: Computer SecuritySlide #32 One-Time Passwords A password that’s invalidated once used. Challenge: number of auth attempt Response: one-time password Problems –Generation of one-time passwords Use hash or crytographic function –Synchronization of the user and the system Number or timestamp passwords

33 CSC 382: Computer SecuritySlide #33 S/Key One-time password system based on a hash function h (MD4 or MD5). User initializes with random seed k. Key generator calculates: h(k) = k 1, h(k 1 ) = k 2, …, h(k n-1 ) = k n Passwords, in order used, are p 1 = k n, p 2 = k n-1, …, p n-1 = k 2, p n = k 1

34 CSC 382: Computer SecuritySlide #34 S/Key Attacker cannot derive p i+1 from p i since p i = k n-i+1, p i+1 = k n-i, and h(k n-i ) = k n-i+1 which would require inverting h. Once user has used all passwords, S/Key must be re-initialized with a new seed.

35 CSC 382: Computer SecuritySlide #35 S/Key Login 1.User supplies account name to server 2.Server replies with number i stored in skeykeys file 3.User supplies corresponding password p i 4.Server computes h(p i ) = h(k n-i+1 ) = k n-i+2 = p i-1 and compares result with stored password. If match, user is authenticated and S/Key updates number in skeykeys file to i-1 and stores p i

36 CSC 382: Computer SecuritySlide #36 S/Key Login FreeBSD/i386 (example.com) (ttypa) login: s/key 97 fw13894 Password: Use S/Key calculator on local system to calculate response: % key 97 fw13894 Enter secret password: WELD LIP ACTS ENDS ME HAAG

37 CSC 382: Computer SecuritySlide #37 Other One Time Password Systems Software: OPIE –Backwards compatible with S/Key (if same hash used). Hardware: RSA SecurID card –Displayed password changes every 60sec. –Password = constant password + SecurID

38 CSC 382: Computer SecuritySlide #38 Biometrics Identification by human anatomic or behavioral characteristics. A biometric characteristic should be: 1.universal: everyone should have it 2.unique: not two people should share it 3.permanent: it should not change with time 4.quantifiable: it must be practically measurable

39 CSC 382: Computer SecuritySlide #39 Biometric Measurement Possible Outcomes: 1.Correct person accepted 2.Imposter rejected 3.Correct person rejected (False Rejection) 4.Imposter accepted (False Acceptance) Tradeoff exists between False Accept Rate and False Reject Rate

40 CSC 382: Computer SecuritySlide #40 Fingerprints Capacitive measurement, using differences in electrical charges of whorls on finger to detect those parts touching chip and those raised. Attacks: –Forcing authorized user to grant access. –Recover latent fingerprint impression. –Artificial gummy fingers made from molding plastic/gelatin 68-100% successful when tested against 11 types of fingerprint auth systems.

41 CSC 382: Computer SecuritySlide #41 Types of Biometrics Voice Characteristic Recognition –statistical analysis of voice characteristics Eyes –iris patterns –retina patterns pattern of blood vessels observed by laser Face Recognition –Can it distinguish a face from a picture of that face?

42 CSC 382: Computer SecuritySlide #42 Types of Biometrics (cont.) Keystroke Dynamics –Signature based on keystroke intervals, pressure, duration, and where key is struck. –Belived to be unique as written signatures. –Dynamic detection constantly observes user. Combinations –Combine multiple biometric techniques. –Not necessarily an improvement: typically can reduce either False Accept Rate or False Reject Rate, not both.

43 CSC 382: Computer SecuritySlide #43 Biometrics are not infallible What are False Accept and Reject Rates? Do the characteristics change over time? –Retina changes during pregnancy. –Fingerprint damage due to work/pipe smoking. –Young and old people have fainter fingerprints. Is it accurate in the installed environment? –Is someone observing fingerprint or voiceprint checks? –i.e., did you collect biometric from the person?

44 CSC 382: Computer SecuritySlide #44 Biometrics can be compromised. Unique identifiers, not secrets. –You can change a password. –You can’t change your iris scan. Examples: –You leave your fingerprints every place. –It’s easy to take a picture of your face. Other compromises. –Use faux ATM-style devices to collect biometrics. –Obtain all biometric templates from server.

45 CSC 382: Computer SecuritySlide #45 Use and Misuse of Biometrics Employee identification. –Employee enters login name. –System uses fingerprint to verify employee is who he claims to be. –Problem: Does biometric match the employee? Criminal search (Superbowl 2001) –System uses face recognition to search for criminals in public places. –Problem: Does any biometric in database match anyone in a crowd of people? –Assume system is 99.99% accurate and 1 in 10million people is a terrorist. Result: 1000 false positives for each terrorist.

46 CSC 382: Computer SecuritySlide #46 Location Classic: only allow access from a particular terminal or a particular set of remote hosts. Modern: GPS-based –Location Signature Sensor (LSS) for host and user. –Access rules permit user only to access host with specific LSS values. –Cell-phones track location, and some states use them to track drivers’ speed and locations.

47 CSC 382: Computer SecuritySlide #47 Key Points 1.Authentication consists of an entity, the user, attempting to convince another entity, the verifier, of the user’s identity –something you know, something you have, something you are, somewhere you are located 2.Passwords are the most common and basic type of authentication –Dictionary Attacks –Challenge Response: One-Time Passwords 3.Biometrics verify identity based on measured physical characteristics of the user

48 CSC 382: Computer SecuritySlide #48 References 1.Phil Agre. “Your Face is not a Bar Code,” http://polaris.gseis.ucla.edu/pagre/bar-code.html, 2003. http://polaris.gseis.ucla.edu/pagre/bar-code.html 2.Ross Anderson, Security Engineering, Wiley, 2001. 3.Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. 4.Ben Mook, “Md. pilot program tracks drivers’ speed, location via cell phones,” The Daily Record, October 21, 2005, http://www.mddailyrecord.com/pub/5_398_friday/businessnews/17288 3-1.html 5.Bruce Schneier, “Biometrics: Truths and Fictions,” Cryptogram, http://www.schneier.com/crypto-gram-9808.html#biometrics, 1998. http://www.schneier.com/crypto-gram-9808.html#biometrics 6.Bruce Schneier, “The Curse of the Secret Question,” http://www.schneier.com/essay-081.html, 2005. http://www.schneier.com/essay-081.html 7.John Viega and Gary McGraw, Building Secure Software, Addison- Wesley, 2002. 8.David Wheeler, Secure Programming for UNIX and Linux HOWTO, http://www.dwheeler.com/secure-programs/Secure-Programs- HOWTO/index.html, 2003. http://www.dwheeler.com/secure-programs/Secure-Programs- HOWTO/index.html

Download ppt "CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Authentication."

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
CSC 474 Information Systems Security

CSC 474 Information Systems Security
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Section 2.3.5 – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.

Section – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Sanjay Goel University at Albany, School of Business NYS Center for Information Forensics and Assurance 1 Password Protection.

Sanjay Goel University at Albany, School of Business NYS Center for Information Forensics and Assurance 1 Password Protection.
Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/NYS Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.

1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Security-Authentication

Security-Authentication
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

Similar presentations

Ads by Google