Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strong Password Protocols, Firewalls

Published byErika Lane Modified over 6 years ago

Similar presentations

Presentation on theme: "Strong Password Protocols, Firewalls"— Presentation transcript:

1 Strong Password Protocols, Firewalls
Network Security Design Fundamentals ET-IDA-082 Lecture-21 Network Defense Strong Password Protocols, Firewalls , v13 Prof. W. Adi

2 Outlines Firewalls Types and applications Standard Password use
Strong Password Protocols Lamport´s Hash Strong Access Protocols Firewalls Types and applications

3 Password Schemes Standard Password Use
There are many different electronic devices for e-payment system. Different banks may be concerted in e-payment and the financial network is neccessary. E-payment flatform is built connecting the financial network and other open network, where the electronic devices can communicate with the flatform. PC is the most common device. Other devices include mobile devices, e.g. laptop, PDA, mobile telephone, ATM(Automatic Teller Machine), POS(Position of Sale), telephone and terminal. The electronic devices can connect the e-payment flatform using different open network.

4 Password Setup User PW = kiwifruit Password file Hash function
exrygbzyf kgnosfix ggjoklbsz PW Hash function H(PW) Setup User chooses password = PW Hash of password H(PW) stored in password file Authentication User logs into system, and enters his password PW System computes hash H(PW), compares to file entry Attacks Online dictionary attack: Guess passwords and try to log in Offline dictionary attack : Steal password file, try to find PW with H(PW) in file

5 Dictionary Attack Complexity
Typical password dictionary attack: 1,000,000 entries of common passwords people's names, common pet names, and ordinary words. Suppose you generate and analyze 10 guesses per second This may be reasonable for a web site; offline is much faster Dictionary attack in at most 100,000 sec. = 28 hours, or 14 hours on average If passwords were random and equally probable Assume 6-character password Upper- and lowercase letters (2x26), digits (10), 32 punctuation characters = = 94 possible character choices. => No of possible passwords = 946 = 689,869,781,056 password combinations. Exhaustive search requires 1,093 years on average

6 Password Setup with “Salt Bits”
Dictionary attack complexity by 6 character Password and 94 character choices requires at most 946 search cycles Password Registration and Storage Adding 12 salt bits increases attack complexity by 212 additional choices for each password Password Verification

7 Web Authentication Problems password cookie
Server password Browser cookie Problems Network sniffing (Schnüffeln) Malicious or weak-security website Phishing Common password problem Pharming – DNS compromise Malware on client machine Spyware Session hijacking, fabricated transactions next few examples

8 Password Phishing Problem
Bank A pwdA pwdA Fake Site Here’s a problem that you may be familiar with. A user arrives at an official-looking web site, perhaps due to a fraudulent or mistyped address. The user thinks that they’re at a bank site, but actually they’re giving their password to the fake site. The password can then be used by the attacker to log in to the real bank as the user. These types of identity theft attacks are called “phishing attacks” and have become very common in recent years. User cannot reliably identify fake sites Captured password can be used at target site

9 Common Password Problem
Users often use the same password for several sites! Bank A high security site pwdA pwdB = pwdA low security site Site B Here’s another related, but different attack. Our user has online accounts at many different sites, and because it is difficult to remember a unique password for every site, she uses the same password at her bank and at her newspaper’s login page. Maybe the newspaper login page isn’t protected by SSL for performance reasons, or maybe the passwords are stored in the clear on the newspaper server. Perhaps the newspaper is owned by a nefarious villian who wants to sell these passwords to the highest bidder. In any case, the security of the bank site is compromised by the low-security site, because the user has a common password at both sites. So we have a situation where the security of the user’s password is only as strong as the least secure site where the password is used. Merely beefing up security at the bank’s server won’t help us very much. What we need is a client-side security solution to protect the bank password from being given to the newspaper. Phishing attack or break-in at site B reveals pwd at A Server-side solutions will not keep pwd safe Solution: Strengthen with client-side support

10 Defense: Password Hashing
pwdA pwdB = hash(pwdA, BankA) Bank A hash(pwdB, SiteB) Site B Generate a unique password per site HMACfido:123(bank A.com)  Q7a+0ekEXb => dedicated for A HMACfido:123(site B.com)  OzX2+Iciqc => dedicated for B Hashed password is not usable at any other site Protects against password phishing Protects against common password problem Here’s how password hashing works. Suppose our user gives the same password to both bank A and site B, either because site B is a phishing site or just a site with lower security than the bank. Rather than send these passwords directly to the remote server, we instead send a hash of the password and the network name of the site. Technically we need to use a Pseudo Random Function like a HMAC, and I’ve given an example here of what the password fido:123 might look like when hashed with two different domain names. The security properties of the hash function are such that the site can’t easily recover the original password using only the hashed version. We prevent the password phishing attack from getting a password that can be used at the targeted site, as long as the phishing site has a different domain name from the bank. And we solve the common password problem by ensuring that the user has a different unique password everywhere they go.

11 Password Schemes Strong Password Protocols
There are many different electronic devices for e-payment system. Different banks may be concerted in e-payment and the financial network is neccessary. E-payment flatform is built connecting the financial network and other open network, where the electronic devices can communicate with the flatform. PC is the most common device. Other devices include mobile devices, e.g. laptop, PDA, mobile telephone, ATM(Automatic Teller Machine), POS(Position of Sale), telephone and terminal. The electronic devices can connect the e-payment flatform using different open network.

12 Goals for password protocols
Makes Authentication relies on password User can remember password, use anywhere No additional client-side certificates, etc. Protects against attacks Network does not carry cleartext passwords Malicious user cannot do offline dictionary attack Malicious server (as in phishing) does not learn password from communication with honest user

13 Simple Approach Send hashed passwords Does this “work”? Good points?
Bad points? Server Browser hash(pwd|0) hash(pwd|1)

14 “Interlock” password protocol
[Rivest, Shamir, Bellovin, Merrit, … Pederson, Ellison] ( ad-hoc Public-Key Exchange Phase) Bob Alice gx Generate random x Generate random y k = (gx)y mod p k = (gy)x mod p gy Common DH-Key: k = gxy mod p (Authentication Phase) (in Set-up Phase) A Password PW is known to both parties For random r MACk(PW, r) MACk(PW, s), Enck(s) For random s Enck(r) r and s are fresh authenticated Randoms for both A and B [M Scott]

15 ESP-KE key exchange protocol Efficient Short-Password Key Exchange (2001 by Michael Scott)
Initial Setup: Prime p, GF(p), and generators , β known Alice Bob Generate random a A= a / βPW mod p A Generate random b B= b mod p If A=0 Abort B k = Ba mod p k = (A βPW)b mod p Common DH-Key: k = ab mod p Mb=H(0,k,PW) If H(0,k,PW) ≠ Mb Abort Mb Ma = H(1,k,PW) Ma If H(1,k,PW) ≠ Ma Abort [M Scott]

16 SRP Secure Remote Password protocol (SRP: Project at Stanford University Versions SRP-6)
(Set-up Phase) Carol (Client) chooses password PW Steve (Server) chooses s, computes x = H(s, PW) and v = gx (Key Exchange Phase) Client Carol Carol Server Steve s looks up s, v x = H(s, PW), A = ga A B,u B = v + gb, random u S = (B - gx) (a+ux) S = (Avu)b M1 = H(A,B,S) M verify M1 verify M M M2 = H(A,M1,S) Key = H(S) Key = H(S) [Wu]

17 Challenge-Response Authentication
User and system share a secret function F (in practice, F is a known function with unknown parameters, such as a cryptographic key Ks) A random source generates r as a challenge Secret key (Password ks r F F(r) request to authenticate system user user random message r (the challenge) system F(r) (the response) user system

18 Secret Pass Algorithms
Challenge-response with the function F itself as a shared secret Examples: Challenge is a random string of characters such as “abcdefg”, “ageksido” Response is some function of that string such as “ bdf” , “gkio” (each second letter is selected) 2, 4, 6 … - Can change algorithm based on agreed on alternative selections Dial-up might require 1,3,5, that is “aceg”, “aesd” Usually deployed in conjunction with fixed, reusable password

19 One-Time Passwords “One-Time Password”: Password that can be used exactly once After use, it is immediately invalidated Use strategies: 1- Use any “One-Time Password” out of a shared list (as Banking TAN) Challenge: give a valid authenticated passwords from a securely shared list (PINs) p1 p2 p3 ….. pn Response is any password (PIN/TAN) for the list used only once 2- a particular “One-Time Password” selected from a shred list (Selected Banking TAN) Challenge: is a serial number i for a password from the shared (PIN/TAN) authenticated list p1 p2 p3 … pi .. pn Response is a particular random password (PIN/TAN) selection pi Problems Synchronization between user and system Generation of good random passwords Secret password distribution problem

20 S/Key (TM Bellcore 1980) h(p2) = p1 h(pi) = pi-1
One-time password scheme based on the idea of Lamport (1981) h is a one-way hash function (MD5 or SHA-1, for example) User chooses initial seed k0 System calculates: h Initialize with k0 at t=0 ki ki+1 h(k0) = k1 h(k1) = k2 h(k2) = k3 h(kn–2) = kn–1 h(kn–1) = kn pn pn-1 pn-2 p2 p1 h(p2) = p1 h(pi) = pi-1 Passwords pi ‘s are recalled in the reversed order

21 S/Key Protocol System stores A maximum number of authentications n
Number of next authentication i, Last correctly supplied password pi–1. { name } { i } { pi } system user system user user System checks h(pi) = pi-1 System computes h(pi) = pi-1. (as h(pi) delivers the previous password) If match with what is stored pi–1, system replaces pi–1 with pi and increments i.

22 Hardware Support Token-based Device Time-based Random Generator Device
Used to compute response to challenge Device may encipher or hash challenge May require PIN from user Time-based Random Generator Device Every minute (or so) different number shown Computer knows what number to expect at certain time User enters number displayed by Generator and a fixed password

23 C-R and Dictionary Attacks
Same as for fixed passwords Attacker knows a pair of challenge r and response f(r); if f is an encryption function, attacker can try different keys Exhaustively search different key combinations in decryption mode until f(r) decrypts to r If a Password of n characters is the key using only letters and numbers having 62 choices then 62n choices are possible. If the password was just 8 characters then only 628 ≈248 trials are required to crack the system. A dictionary including expected mappings f(r) to r may reduce search time. Example: Kerberos Version 4 used DES, but keys had 20 bits of randomness; attackers guessed keys quickly because deciphered tickets had a fixed set of bits in some locations

24 Encrypted Key Exchange
Defeats off-line dictionary attacks Idea: Encrypt random challenges, so attacker cannot verify off-line correct decipherment of challenge Assume Alice, Bob share secret password s In what follows, Alice and Bob need to generate a random public key and a corresponding private key to generate a Diffie-Hellmann shared secret key k as a session key k is a randomly generated session key. Then new randoms RA and RB are exchanged

25 EKE: Encrypted Key Exchange Protocol
( Starting with W as a weak secret password between Alice and Bob ) and E is a cipher Alice || Ew( ga mod p) Alice Bob Bob || Ew( gb mod p) Alice Bob Now Alice, Bob share a randomly generated secret Diffie-Hellman session key k = gab mod p (Off-line dictionary attack is not efficient as fresh random are exchanged) Ek(RA) Alice Bob Ek(RARB) Alice Bob Ek(RB) Alice Bob

26 Biometrics Automated measurement of biological, behavioral features that identify a person Fingerprints: optical or electrical techniques Maps fingerprint into a graph, then compares with database Measurements not exact, so approximate matching algorithms used Voices: speaker verification or recognition Verification: uses statistical techniques to test hypothesis that speaker is who is claimed (speaker dependent) Recognition: checks content of answers (speaker independent)

27 Other Characteristics
Can use several other characteristics Eyes: patterns in irises unique Measure patterns, determine if differences are random; or correlate images using statistical tests Faces: image, or specific characteristics like distance from nose to chin Lighting, view of face, other noise can hinder this Keystroke dynamics: believed to be unique Keystroke intervals, pressure, duration of stroke, where key is struck Statistical tests used Cautions: Known patters can be optically attacked by copying!

28 Location If you know where user is, validate identity by seeing if person is where the user is Requires special-purpose hardware to locate user GPS (global positioning system) device gives location signature of entity Host uses LSS (location signature sensor) Location as additional identity attribute. A combination of different biometrics and identification attributes can be deployed to enhance identification security

29 Internet Defenses Firewalls etc. (Optional)

30 Standard defense mechanisms
Firewall Packet filter Application layer proxies Traffic shaping Intrusion detection Misuse detection

31 Basic Firewall Concept
Separate local area net from internet Firewall Local area network Internet Router All packets between LAN and internet routed through firewall

32 Firewall goals Prevent malicious attacks on hosts
Port sweeps, ICMP echo to broadcast addr…. Worm propagation Provide defense in depth Programs contain bugs and are vulnerable to attack Network protocols may contain; Design weaknesses (SSH CRC) Implementation flaws (SSL, NTP, FTP, SMTP...) Control traffic between “zones of trusts”

33 Types of Firewalls Three common types of Firewalls:
Packet-filtering routers Application-level gateways Circuit-level gateways

34 Types of Firewalls Packet-filtering Router

35 Types of Firewalls Application-level Gateway

36 Types of Firewalls Circuit-level Gateway

37 Firewall Configurations
In addition to the use of simple configuration of a single system (single packet filtering router or single gateway), more complex configurations are possible Three common configurations

38 Firewall Configurations
Screened host firewall system (single-homed bastion host)

39 Firewall Configurations
Screened-subnet firewall system

40 Trusted System Technology Trusted Computing
Trusted Platform Module (TPM) A dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices Others …

Download ppt "Strong Password Protocols, Firewalls"

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University

Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Password Authentication J. Mitchell CS 259. Password fileUser exrygbzyf kgnosfix ggjoklbsz … kiwifruit hash function.

Password Authentication J. Mitchell CS 259. Password fileUser exrygbzyf kgnosfix ggjoklbsz … kiwifruit hash function.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Strong Password Protocols

Strong Password Protocols
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Secure Socket Layer (SSL)

Secure Socket Layer (SSL)
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Lecture 11: Strong Passwords

Lecture 11: Strong Passwords
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
CSCE 522 Identification and Authentication. CSCE 522 - Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Similar presentations

Ads by Google