Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication (ch 9~12) IT443 – Network Security Administration 1.

Published byLeslie Black Modified over 8 years ago

Similar presentations

Presentation on theme: "Authentication (ch 9~12) IT443 – Network Security Administration 1."— Presentation transcript:

1 Authentication (ch 9~12) IT443 – Network Security Administration 1

2 Outline Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 2

3 Authentication Authentication is the process of reliably verifying certain information. Examples –User authentication Allow a user to prove his/her identity to another entity (e.g., a system, a device). –Message authentication Verify that a message has not been altered without proper authorization. 3

4 Authentication Mechanisms Password-based authentication –Use a secret quantity (the password) that the prover states to prove he/she knows it. –Threat Eavesdropping Password guessing/dictionary attack 4 Alice Computer System I’m Alice, the password is fiddlesticks

5 Authentication Mechanisms Address-based authentication –Assume the identity of the source can be inferred based on the network address from which packets arrive. –Adopted early in UNIX and VMS Berkeley rtools (rsh, rlogin, etc) –/etc/hosts.equiv file : List of computers –Per user.rhosts file : List of –Ubuntu: /etc/host.allow, /etc/host.deny, man hosts_access Threat –Breaking into an account on one machine leads to breaking into other machines accounts –Spoof of network address 5

6 Authentication Mechanisms Cryptographic authentication protocols –Basic idea: A prover proves some information by performing a cryptographic operation on a quantity that the verifier supplies. –Usually reduced to the knowledge of a secret value A symmetric key The private key of a public/private key pair 6

7 Passwords as Crypto Keys Symmetric key systems: –Hash the password to derive a 64/128 bits key Public key systems: –Difficult to generate an RSA private key from a password –Usual solution: Encrypt the private key with the users password and store the encrypted result (e.g., using a directory service) 7

8 Eavesdropping & Server Database Reading If public key crypto is not available, protection against both eavesdropping and server database reading is difficult: –Hash => subject to eavesdropping –Challenge requires Bob to store Alice’s secret in a database 8 AliceBob I’m Alice A challenge R H(K Alice-Bob, R) AliceBob I’m Alice, H(K Alice-Bob )

9 Outline Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 9

10 Key Distribution Center New nodes are configured with a key to the KDC –e.g., K A for node A If node A wants to communicate with node B –A sends a request to the KDC –The KDC securely sends to A: E KA (R AB ) and E KB (R AB, A) Advantage: –Single location for updates, single key to be remembered Drawbacks: –If the KDC is compromised! –Single point of failure/performance bottleneck => multiple KDC? 10

11 Certification Authorities How do you know the public key of a node? Typical solution: –Use a trusted node as a certification authority (CA) E.g., VeriSign, GoDaddy –Everybody needs to know the CA public key –The CA generates certificates: Signed(A, public-key, validity information) –Certificates can be stored in a directory service or exchanged during the authentication process Advantages (over KDC): –The CA doesn’t have to be online => more physical protection –Not a performance bottleneck, not a single point of failure –Certificates are not security sensitive: only threat is DoS –A compromised CA cannot decrypt conversation but can lead to impersonation 11

12 Certificate Revocation What if: –Employer left/fired –Private key is compromised Solution: similar to credit cards –Validity time interval (‘not before’, ‘not after’) –Use a Certificate Revocation List (CRL): X.509 E.g., lists all revoked and unexpired certificates 12

13 Outline Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 13

14 Session Key Establishment Authentication is not everything –What could happen after authentication? E.g., connection hijacking, message modification, replay, etc. –Solution use crypto => need a share key between communicating entities because public encryption/decryption is expensive –Practically authentication leads to the establishment of a shared key for the session A new key for each session: –The more data an attacker has on a key the easier to break –Replay between sessions –Give a relatively “untrusted” software the session key but not the long- term key –Good authentication protocol can establish session keys that provide forward secrecy 14

15 Password-Based User Authentication User demonstrates knowledge of a secret value to authenticate –most common method of user authentication Threats to password-based authentication? 15 challenge response

16 Some Issues for Password Systems A password should be easy to remember but hard to guess –that’s difficult to achieve! Some questions –what makes a good password? –where is the password stored, and in what form? –how is knowledge of the password verified? 16

17 Password Guessing Online –Try passwords until accepted Limit number of trials and lock account: e.g., ATM machine –DoS problem: lock all accounts Increase minimum time between trials Prevent automated trials: Turing tests Long passwords: pass phrases, initials of sentences, reject easy passwords What is the protection used by Yahoo? Hotmail? Gmail? Facebook? Your banks? 17

18 Password Guessing Offline –Attacker captures X = f(password) Dictionary attack: try to guess the password value offline The secret space should be large Strong password 18

19 Password Length Online attacks: –Can 4/6 digits be sufficient if a user is given only three trials? Offline attacks: –Need at least: 64 random bits = 20 digits Too long to remember by a human! –Or 11 characters from a-z, A-Z, 0-9, and punctuation marks Too long to remember by a human –Or 16 characters pronounceable password (a vowel every two characters) –Conclusion: A secret a person is willing to remember and type will not be as good as a 64-bit random number 19

20 Attacks on Passwords Suppose passwords could be up to 9 characters long This would produce 10 18 possible passwords; 320,000 years to try them all at 10 million a second! Unfortunately, not all passwords are equally likely to be used 20

21 Example In a sample of over 3000 passwords: –500 were easily guessed versions of dictionary words or first name / last name –86% of passwords were easily guessed 21 Length in characters 123456 Number of passwords 1572464477706605 (lower case only)

22 Example Another report –http://www.imperva.com/news/press/2010/01_21_Imperva_Releases_Det ailed_Analysis_of_32_Million_Passwords.html 22

23 Example http://splashdata.com/press/PR121023.htm # Password Change from 2011 1 password Unchanged 2 123456 Unchanged 3 12345678 Unchanged 4 abc123 Up 1 5 qwerty Down 1 6 monkey Unchanged 7 letmein Up 1 8 dragon Up 2 9 111111 Up 3 10 baseball Up 1 11 iloveyou Up 2 12 trustno1 Down 3 13 1234567 Down 6 14 sunshine Up 1 15 master Down 1 16 123123 Up 4 17 welcome New 18 shadow Up 1 19 ashley Down 3 20 football Up 5 21 jesus New 22 michael Up 2 23 ninja New 24 mustang New 25 password1 New 23

24 Dictionary Attacks Attack 1 (online): –Create a dictionary of common words and names and their simple transformations –Use these to guess the password 24 Eagle Wine Rose … Dictionary Eagle Yes!

25 Dictionary Attacks Attack 2 (offline): –Usually F is public and so is the password file In Unix, F is crypt, and the password file is /etc/passwd. –Compute F(word) for each word in the dictionary –A match gives the password 25 Eagle Wine Rose … Dictionary TdWx% XkPT KYEN … Password file F(Eagle)=XkPT

26 Dictionary Attacks Attack 3 (offline): –To speed up search, pre-compute F(dictionary) –A simple look up gives the password 26 Eagle Wine Rose … Dictionary TdWx% XkPT KYEN … Password file XkPT %$DVC #AED! … Pre-computed Dictionary FLook up

27 Electronic Code Book (ECB) 27 EEEE Key 128 M 1 M 2 M 3 M 4 128 46 + padding 128 Plaintext  C 1 C 2 C 3 C 4 128 Ciphertext 

28 Cipher Block Chaining (CBC) 28 Initialization Vector E E EE Key C1C2C3C4C1C2C3C4 128 M1M2M3M4M1M2M3M4 46 + padding 128

29 Password Salt To make the dictionary attack a bit more difficult Salt is a n-bit number between 0 and 2 n Derived from, for example, the system clock and the process identifier 29 H Password + Salt H(Password + Salt) Username, Salt, H(Password + Salt) Password file

30 Password Guidelines 1.Initial passwords are system-generated, have to be changed by user on first login 2.User must change passwords periodically 3.Passwords vulnerable to a dictionary attack are rejected 4.User should not use same password on multiple sites 5.etc. etc. 30

31 Outline Login authentication protocol Mutual authentication protocol 31

32 Authentication with Shared Secret Weaknesses –Authentication is not mutual; Trudy can convince Alice that she is Bob –Trudy can hijack the conversation after the initial exchange –If the shared key is derived from a password, Trudy can mount an off-line password guessing attack –Trudy may compromise Bob’s database and later impersonate Alice 32 AliceBob I’m Alice A challenge R f(K Alice-Bob, R)

33 Authentication with Shared Secret A variation –Requires reversible cryptography –R must be limited lifetime Weaknesses –All the previous weaknesses remain –Trudy doesn’t have to see R to mount off-line password guessing if R has certain patterns (e.g., the timestamp) Trudy sends a message to Bob, pretending to be Alice 33 AliceBob I’m Alice R K Alice-Bob {R}

34 Authentication with Public Key Bob’s database is less risky Weaknesses –Trudy can trick Alice into signing something Use different private key for authentication 34 AliceBob I’m Alice R Sig Alice {R}

35 Outline Login authentication protocol Mutual authentication protocol 35

36 Mutual Authentication 36 Alice Bob I’m Alice R1R1 R1R1 f(K Alice-Bob, R 1 ) R2R2 R2R2 f(K Alice-Bob, R 2 ) Alice Bob I’m Alice, R 2 R 1, f(K Alice-Bob, R 2 ) f(K Alice-Bob, R 1 ) Optimize

37 Mutual Authentication Reflection Attack 37 Trudy Bob I’m Alice, R 2 R 1, f(K Alice-Bob, R 2 ) f(K Alice-Bob, R 1 ) Trudy Bob I’m Alice, R 1 R 3, f(K Alice-Bob, R 1 )

38 Reflection Attack Lesson: Don’t have Alice and Bob do exactly the same thing –Different keys Totally different keys K Alice-Bob = K Bob-Alice + 1 –Different Challenges –The initiator should be the first to prove its identity Assumption: initiator is more likely to be the bad guy 38

39 Mutual Authentication Reflection Attack 39 Alice Bob I’m Alice, R 2 R 1, f(K Alice-Bob, R 2 ) f(K Alice-Bob, R 1 ) Alice Bob I’m Alice R1R1 R1R1 f(K Alice-Bob, R 1 ), R 2 f(K Alice-Bob, R 2 ) Countermeasure

40 Mutual Authentication Public keys –Authentication of public keys is a critical issue 40 Alice Bob I’m Alice, {R 2 } Bob R 2, {R 1 } Alice R1R1 R1R1

41 Mutual Authentication Mutual authentication with timestamps –Require synchronized clocks –Alice and Bob have to encrypt different timestamps 41 Alice Bob I’m Alice, f(K Alice-Bob, timestamp) f(K Alice-Bob, timestamp+1)

42 Lab 3 Certificate Authorities 42 CA CA+ / CA- B B A A CA+ A+ / A- A+ {A+} CA- {CA+} CA-

Download ppt "Authentication (ch 9~12) IT443 – Network Security Administration 1."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google