Presentation is loading. Please wait.

Presentation is loading. Please wait.

6/1/20151 Chapter 4 Authentication Methods and Protocols Stallings chapters 3,22.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "6/1/20151 Chapter 4 Authentication Methods and Protocols Stallings chapters 3,22."— Presentation transcript:

1 6/1/20151 Chapter 4 Authentication Methods and Protocols Stallings chapters 3,22

2 User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed by or for a system entity  has two steps: identification - specify identifier verification - bind entity (person) and identifier  distinct from message authentication

3 6/1/20153 Other Authentication Other entities may require authentication, e.g. 1. Devices – computers, terminals, phones 2. Programs – proof of source, proof of integrity 3. Messages – MAC 4. Web servers – certificates from CA

4 Means of User Authentication  four means of authenticating user's identity  based one something the individual knows - e.g. password, PIN possesses - e.g. key, token, smartcard is (static biometrics) - e.g. fingerprint, retina does (dynamic biometrics) - e.g. voice, sign  can use alone or combined  all can provide user authentication  all have issues

5 Password Authentication  widely used user authentication method user provides name/login and password system compares password with that saved for specified login  authenticates ID of user logging and that the user is authorized to access system determines the user’s privileges is used in discretionary access control

6 6/1/20156 Authentication Using Passwords (a) A successful login (b) Login rejected after name entered (c) Login rejected after name and password typed

7 6/1/20157 Authentication Using Passwords  How a cracker broke into LBL a U.S. Dept. of Energy research lab

8 6/1/20158 Authentication – Guidelines for Selecting Passwords  Use characters other then A-Z  Choose long passwords (>6)  Avoid actual names or words (about 150,000 words of  6 in English)  Choose unlikely passwords (control char, digits, etc.)  Change passwords regularly  Don’t write down; Don’t tell anyone…

9 Password Vulnerabilities  offline dictionary attack  specific account attack  popular password attack (See table 3.2 in [SB] )  password guessing against single user  workstation hijacking  exploiting user mistakes  exploiting multiple password use  electronic monitoring

10 Countermeasures  stop unauthorized access to password file  intrusion detection measures  account lockout mechanisms  policies against using common passwords but rather hard to guess passwords  training & enforcement of policies  automatic workstation logout  encrypted network links

11 6/1/201511 Authentication Using Passwords The use of salt to defeat pre-computation of encrypted passwords Salt Password

12 Use of Hashed Passwords (slow hash!)

13 Password with Salt Cracking  With password of length K, space is N =L**K where L is the alphabet size  Assume n users. Without Salt Prob. Of guessing with brute force is n / N (one computation, with n comparisons for each password try total: N/2n computations and N/2 comparisons)  Prob. of guessing specific user is 1/N  With Salt, Prob. Of guessing is the same but needs N/2 computations and comparisons!

14 6/1/201514 Gussing passwords with Brute force With SaltWithout salt N/2 computations N/2 comparisons N/2 computations N/2 comparisons One specific user N/2 computations N/2 comparisons N/2n computations N/2 comparisons Any user out if n users

15 UNIX Implementation  original scheme 8 character password form 56-bit key 12-bit salt used to modify DES encryption into a one-way hash function 0 value repeatedly encrypted 25 times output translated to 11 character sequence  now regarded as woefully insecure e.g. supercomputer, 50 million tests, 80 min  sometimes still used for compatibility

16 Improved Implementations  have other, stronger, hash/salt variants  many systems now use MD5 with 48-bit salt password length is unlimited is hashed with 1000 times inner loop produces 128-bit hash  OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt uses 128-bit salt to create 192-bit hash value

17 Password Cracking  dictionary attacks try each word then obvious variants in large dictionary against hash in password file  rainbow table attacks precompute tables of hash values for all salts a mammoth table of hash values e.g. 1.4GB table cracks 99.9% of alphanumeric Windows passwords in 13.8 secs not feasible if larger salt values used

18 Password Choices  users may pick short passwords e.g. 3% were 3 chars or less, easily guessed system can reject choices that are too short  users may pick guessable passwords so crackers use lists of likely passwords e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them would take about 1 hour on fastest systems to compute all variants, and only need 1 break!

19 Password File Access Control  can block offline guessing attacks by denying access to encrypted passwords make available only to privileged users often using a separate shadow password file  still have vulnerabilities exploit O/S bug accident with permissions making it readable users with same password on other systems access from unprotected backup media sniff passwords in unprotected network traffic

20 Proactive Password Checking  rule enforcement plus user advice, e.g. 8+ chars, upper/lower/numeric/punctuation may not suffice  password cracker time and space issues  Markov Model (see [SB]) generates guessable passwords hence reject any password it might generate  Bloom Filter (see [SB] ) use to build table based on dictionary using hashes check desired password against this table

21 6/1/2015 Prof. Ehud Gudes Security Ch 1 21 Authentication – Using one-time Passwords  Use hardware card like BGU’s secur-id  Use one-way hashing functions: i = 0 P0 = f(f(…(f(P) n i = 1 P1 = f(f(…(f(P) n-1 i = n-1 Pn-1 = f(P) Only user knows P not computer!  First try – user sends P1, computer computes P0  Second try – user sends P2, computer computes P1. Enemy who listens cannot break it!

22 Token Authentication  object user possesses to authenticate, e.g. embossed card magnetic stripe card memory card smartcard

23 Memory Card  store but do not process data  magnetic stripe card, e.g. bank card  electronic memory card  used alone for physical access  with password/PIN for computer use  drawbacks of memory cards include: need special reader loss of token issues user dissatisfaction

24 Smartcard  credit-card like  has own processor, memory, I/O ports wired or wireless access by reader may have crypto co-processor ROM, EEPROM, RAM memory  executes protocol to authenticate with reader/computer  also have USB dongles

25 6/1/2015 Prof. Ehud Gudes Security Ch 1 25 Authentication Using a Physical Object  Magnetic cards magnetic stripe cards chip cards: stored value cards, smart cards

26 6/1/2015 Prof. Ehud Gudes Security Ch 1 26 Counter-measures  Limiting times when someone can log in  Automatic callback at number prespecified  Limited number of login tries  A database of all logins  Simple login name/password as a trap (Honey-pot) security personnel notified when attacker bites

27 Remote User Authentication  authentication over network more complex problems of eavesdropping, replay  generally use challenge-response user sends identity host responds with random number user computes f(r,h(P)) and sends back host compares value from user with own computed value, if match user authenticated  protects against a number of attacks

28 Authentication Security Issues  client attacks  host attacks  eavesdropping  replay  trojan horse  denial-of-service

29  will consider authentication functions  developed to support application-level authentication & digital signatures  will consider Kerberos private-key authentication service X.509 public-key directory authentication public-key infrastructure (PKI) federated identity management Internet Authentication Applications

30 6/1/201530 Kerberos  Kerberos -- the most important of the network authentication approaches. It is used in Windows 2000 and other systems. It was developed at MIT and its name comes from Greek mythology. It has had several versions, the current one is version 5. It uses the DES in its authentication protocol.

31 6/1/201531 Kerberos protocol  The Kerberos server must have the user ID (UID) and hashed password of all its registered users.  The Kerberos server must share a secret key with each registered application server.  The Needham/Schroeder protocol is used to distribute keys and authenticate users

32 Kerberos  trusted key server system from MIT  provides centralised private-key third-party authentication in a distributed network allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server  two versions in use: 4 & 5

33 6/1/2015 Prof. Ehud Gudes Security Ch 1 33 Kerberos – old version

34 Kerberos Overview  a basic third-party authentication scheme  have an Authentication Server (AS) users initially negotiate with AS to identify self AS provides a non-corruptible authentication credential (ticket granting ticket TGT)  have a Ticket Granting server (TGS) users subsequently request access to other services from TGS on basis of users TGT

35 Kerberos Overview

36 6/1/201536 Kerberos – versions 4,5 Once per user logon session Request ticket granting ticket Ticket + session key Request service Provide service authenticator Once per type of service Request ticket granting ticket Ticket + session key Once per service session

37 6/1/201537 Kerberose Version 4 (a)Authentication Service Exchange: to obtain ticket-granting ticket (1)C AS:ID C  ID tgs  TS 1 (2)AS C:E k c [ID C  K c.tgs  ID tgs  TS 2  Lifetime 2  Ticket tgs ] Ticket tgs = E K tgs [K c.tgs  ID C  AD C  ID tgs  TS 2  Lifetime 2 ] (b)Ticket-Granting Service Service Exchange: to obtain service-granting ticket (3)C TGS:ID V  Ticket tgs  Authenticator C (4)TGS C:E k c.tgs [K c.V  ID V  TS 4  Ticket V ] Ticket tgs = E K tgs [K c.tgs  ID C  AD C  ID tgs  TS 2  Lifetime 2 ] Ticket V = E K V [K c.V  ID C  AD C  ID V  TS 4  Lifetime 4 ] Authenticator C = E k c.tgs [ID C  AD C  TS 3 ]

38 6/1/201538 (c)Client/Server Authentication Exchange: to obtain service (5)C -> V:Ticket V  Authenticator C (6)V -> C:E k C.V [TS 5 +1](for mutual authentication) Ticket V = E K V [K C.V  ID C  AD C  ID V ||TS 4  Lifetime 4 ] Authenticator C = E k C.V [ID C  AD C  TS 5 ] Kerberose Version 4, cont.

39 Kerberos Realms  a Kerberos environment consists of: a Kerberos server a number of clients, all registered with server application servers, sharing keys with server  this is termed a realm typically a single administrative domain  if have multiple realms, their Kerberos servers must share keys and trust

40 Kerberos Realms

41 Kerberos Version 5  Kerberos v4 is most widely used version  also have v5, developed in mid 1990’s specified as Internet standard RFC 1510  provides improvements over v4 addresses environmental shortcomings  encryption alg, network protocol, byte order, ticket lifetime, authentication forwarding, inter-realm auth and technical deficiencies  double encryption, non-std mode of use, session keys, password attacks

42 Certificate Authorities  certificate consists of: a public key plus a User ID of the key owner signed by a third party trusted by community often govt./bank certificate authority (CA)  users obtain certificates from CA create keys & unsigned cert, gives to CA, CA signs cert & attaches sig, returns to user  other users can verify cert checking sig on cert using CA’s public key

43 X.509 Authentication Service  universally accepted standard for formatting public-key certificates widely used in network security applications, including IPSec, SSL, SET, and S/MIME  part of CCITT X.500 directory service standards  uses public-key crypto & digital signatures algorithms not standardised, but RSA recommended

44 X.509 Certificates

45 Public Key Infrastructure

46 PKIX Management  functions: registration initialization certification key pair recovery key pair update revocation request cross certification  protocols: CMP, CMC

47 Federated Identity Management  use of common identity management scheme across multiple enterprises & numerous applications supporting many thousands, even millions of users  principal elements are: authentication, authorization, accounting, provisioning, workflow automation, delegated administration, password synchronization, self-service password reset, federation  Kerberos contains many of these elements

48 Standards Used  Extensible Markup Language (XML) characterizes text elements in a document on appearance, function, meaning, or context  Simple Object Access Protocol (SOAP) for invoking code using XML over HTTP  WS-Security set of SOAP extensions for implementing message integrity and confidentiality in Web services  Security Assertion Markup Language (SAML) XML-based language for the exchange of security information between online business partners

49 6/1/201549 Authentication Using Biometrics A device for measuring finger length.

50 Biometric Authentication  authenticate user based on one of their physical characteristics

51 Operation of a Biometric System

52 Biometric Accuracy  never get identical templates  problems of false match / false non- match

53 Summary  introduced user authentication using passwords using tokens using biometrics  remote user authentication issues  example application and case study  Internet based authentication  Kerberos and other standards

Download ppt "6/1/20151 Chapter 4 Authentication Methods and Protocols Stallings chapters 3,22."

Similar presentations

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 3: User Authentication.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 3: User Authentication.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Essentials Chapter 4

Network Security Essentials Chapter 4
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)

AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Authentication & Kerberos

Authentication & Kerberos

Similar presentations

Ads by Google