Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tuomas Aura T-110.4206 Information security technology User authentication Aalto University, autumn 2011.

Published byAmelia Riley Modified over 10 years ago

Similar presentations

Presentation on theme: "Tuomas Aura T-110.4206 Information security technology User authentication Aalto University, autumn 2011."— Presentation transcript:

1 Tuomas Aura T-110.4206 Information security technology User authentication Aalto University, autumn 2011

2 Outline 1.Passwords 2.Physical security tokens and two-method authentication 3.Biometrics  Common mantra: User authentication can be based on – something you know – something you have – something you are 2

3 PASSWORDS 3

4 Username and password  Passwords are used for entity authentication – Needed for access control and auditing: access control = authentication + authorization – Entity authentication vs. message authentication  Password is a shared secret between the user and computer system – Limitations arise from the reliance on of human memory and input  What attacks are there against passwords? 4

5 Sniffing and key loggers  Password sniffing on the local network used to be a major problem; mostly solved by cryptographic authentication: – SSH, SSL, HTTP Digest Authentication, MS-CHAPv2  Key logger: software or hardware that stores all key strokes (including passwords) typed on a computer – Particular danger in public-access computers e.g. at libraries and cafes – Why do some bank web sites ask you to use the mouse to enter the PIN code? 5

6 Password recovery  Humans are prone to forget things  need a process for recovering from password loss  What are the advantages and disadvantages of the following recovery mechanisms? – Security question or memorable secret, e.g. birth place, mother’s maiden name, pet’s name – Emailing password to another user account – Physical visit to helpdesk – Yellow sticker on the back of the keyboard – USB key or CD with a password recovery file 6

7 Password reuse  How many different user accounts and passwords do you have? Ever used the same password on two accounts?  Using the same or related passwords on multiple accounts means that one corrupt sysadmin or compromised account can lead to compromise of the other accounts  Administrative countermeasures: – Passwords chosen by the service, not set by users – Exotic password format requirements  Personal countermeasures: – Generating service-specific passwords from one master password – Password wallet (e.g. on phone) encrypted with a master password 7

8 Shoulder surfing  Keyboards and screens are highly visible  others may see what you are typing  Password and PIN prompts usually do not show the characters – Does this make sense for all secrets? 8 *******

9 Password guessing  Intelligent guessing vs. brute-force guessing – dictionary attack  Countermeasures – Limit the number or rate of login attempts – Minimum password length and complexity, password quality check – Preventing reuse of old passwords – System-generated random passwords – Password aging i.e. mandatory periodic password changes (typically every three months) 9

10 Password entropy  Entropy = the amount of information the attacker is missing about the password Entropy = - ∑ x ∈ passwords P(x) ⋅ log 2 P(x) ≤ log 2 (number of possible passwords)  Examples: – Random 8-character 7-bit passwords have 56 bits of entropy – Random 8-character alphanumeric passwords have at most 8 × log 2 (26+26+10) ≈ 48 bits – 4-digit PIN codes have about 13 bits of entropy  Human-chosen passwords have less entropy than random ones because some passwords are more common than others  Do password quality checks increase entropy?  Passwords rely on human memory  entropy cannot grow over time  any system that relies on high password entropy to beat brute-force attacks will eventually fail 10

11 Online and offline guessing attacks  Offline attack: the attacker obtains a hash (or other function) of the password and tries to guess the password offline – Attacker who has the hash values from the password database – Older challenge-response network authentication, e.g. MS-CHAPv2 or HTTP digest authentication (without SSL)  Online guessing: attacker tries to login with different passwords – Login prompt at the console; PIN code on a phone – Network login to an authenticated server over SSH or SSL – Firewall blocks client IP address after some failed login attempts  In offline attack, the attacker can perform an exhaustive brute-force search; in online attack, target system can limit the number of guesses  Big difference in the required password entropy: – Online guessing success probability ≈ number of allowed guesses / number of possible passwords – Offline attack requires cryptographic strength, e.g. 128-bit entropy 11

12 Password database storage  Safer to assume that the database is public – Unix /etc/password is traditionally world readable – Attacks on web servers often manage to dump any file or database on the server; e.g. SQL injection  How to store passwords in a public file? – Store a hash (i.e. one-way function) of the password – When user enters a password, hash and compare – Use a slow hash (many iterations of a hash function) to make brute-force cracking more difficult – Include random account-specific “salt”: slow_hash( password | salt) to prevent simultaneous brute-force cracking of many passwords, precomputation attacks and equality comparison between passwords 12

13 Password hashing  Password-based key derivation function PBKDF2 [PKCS#5,RFC2898]** – Good practical guide; uses any standard hash function, at least 64-bit salt, any number of iterations  Unix crypt(3) [Morris and Thompson 1978]** – Historical function for storing passwords in /etc/passwd aura:lW90gEpaf4wuk:19057:100:Tuomas Aura:/home/aura:/bin/zsh – Eight 7-bit characters = 56-bit DES key – Encrypt a zero block 25 times with modified DES – 12-bit salt used to modify DES key schedule – Stored value includes the salt and encryption result – Replaced by more modern hash functions and shadow passwords (stored in /etc/shadow, which is only readable to root) 13

14 DF2PBK  PBKDF2 (P, S, c, dkLen) P = password S = salt c = iteration count dkLen = length of the result PRF = keyed pseudorandom function F (P, S, c, i) = U 1 xor U 2 xor... xor U c U 1 = PRF (P, S || i) U 2 = PRF (P, U 1 )... U c = PRF (P, U c-1 ) Repeat for i=1,2,3... until dkLen output bytes produced 14 Function for slow hashing of passwords Iterations to make the computation slower Used in WPA2- Personal for deriving keys from password Could also be used for storing password hashes Function for slow hashing of passwords Iterations to make the computation slower Used in WPA2- Personal for deriving keys from password Could also be used for storing password hashes

15 Botnets and online guessing  10 banks, each with 10 6 customer accounts – 4-digit PIN or one-time code required to log in – Client IP address blocked after 3 failed login attempts  Attacker has a botnet of 10 5 computers – Each bot makes one login attempt to one account in each bank every day  10 6 login attempts in a day  ~100 successful break-ins in a day  Countermeasures: – Make user IDs hard to guess; long, different from account numbers, and not assigned sequentially – Ask a “salt” question, e.g. memorable word, in addition to user ID and PIN  increased entropy reduces attacker success rate 15

16 One-time passwords  Use each password only once to thwart password sniffers and key loggers  Lamport hash chain: H 1 = hash (secret seed); H i+1 = hash (H i ) – Server stores initially H 100 and requires user to enter H 99. Next stores H 99 and requires H 98, and so on.  Unix S/KEY or OTP [RFC1760/1938] 1: HOLM BONG VARY TIP JUT ROSY 2: LAIR MEMO BERG DARN ROWE RIG 3: FLEA BOP HAUL CLAD DARK ITS 4: MITT HUM FADE CREW SLOG HAST  Hash-based one-time passwords HOTP [RFC4226] HOTP(K,C) = HMAC-SHA-1(K,C) mod 10 D – Produces a one-time PIN code of D decimal digits  Time-based one-time passwords – E.g. RSA SecurID: one of many commercial products  Which attacks are prevented by one-time passwords and which are not? 16

17 Spoofing attacks  Attacker could spoof the login dialog; how do you know when it is safe to type in the password? 17

18

19 Trusted path  Attacker could spoof the login dialog; how do you know when it is safe to type in the password?  Trusted path is a mechanism that ensures direct and secure communication between the user and a specific part of the system – Crtl+Alt+Del in Windows takes to a security screen that cannot be spoofed – Web browser shows the URL in the address bar in a way that cannot be spoofed by the web server  With malware and virtualization, it is increasingly hard to know what is real 19

20 Other threats  No system is perfectly secure: system designers have a specific threat model in mind, but the attacker can break these rules – “The attacker does not agree with the threat model.” (Bruce Christianson)  Other attacks against PINs and passwords: – Phishing and social engineering – Heat camera can detect recently pressed keys – Acoustic emanations from the keyboard 20

21 PHYSICAL SECURITY TOKENS AND TWO-METHOD AUTHENTICATION 21

22 Physical security tokens  Smart card is a typical physical security token – Holds cryptographic keys to prove its identity – Tamperproof: secret keys will stay inside  Used for door keys, computer login, ATM  PIN entry is often also required  two-method authentication – Attacker needs to both steal the card and learn the PIN  clear qualitative increase in security  Other security token implementations: smart button, USB stick, mobile phone 22

23 Issues with security tokens  Physical tokes require distribution  Computers (or doors etc.) must have readers  It is not easy to integrate cryptographic tokens to all systems – E.g. applications that require a password cached on the client or on a proxy server  Process needed for recovering from the loss of tokens  Are smart card + PIN really two factors?  One alternative is two-channel authentication: – Confirmation via telephone: callback – Sending a second secret to a known address: text message, email, post 23

24 BIOMETRICS 24

25 Biometric authentication  Biometric authentication means verifying some physical feature of the user – Physiological characteristic: photo, signature, face geometry, fingerprint, iris scan, DNA – Behavioral characteristic: voice, typing, gait  Biometrics are not 100% reliable: – False acceptance rate FAR – False rejection rate FRR – Equal error rate EER 25 FARFRR 50% EER

26 Issues with biometrics  Biometrics require enrollment and readers  Unsupervised vs. supervised readers have a big difference in security – E.g. fingerprints, face recognition  Suitability for security architectures: – Are biometric characteristics secrets? – Can they be copied? – How to revoke biometrics?  What if enrollment fails? – Some people have no fingerprints, or no fingers 26

27 Reading material  Dieter Gollmann: Computer Security, 2nd ed., chapter 3  Matt Bishop: Introduction to computer security, chapter 11  Ross Anderson: Security Engineering, 2nd ed., chapters 2, 15  Edward Amoroso: Fundamentals of Computer Security Technology, chapters 18-19 27

28 Exercises  Why do you need both the username and password? Would not just one secret identifier (password) be sufficient for logging in?  What effect do strict guidelines for password format (e.g. 8 characters, at least 2 capitals, 2 digits, 1 special symbol) have on the password entropy?  What is the probability of guessing the code for a phone that allows 3 attempts to guess a 4-digit PIN code, then 10 attempts to guess an 8-digit PUK code?  In what respects is PBKDF2 better for password hashing than crypt(3)?  Why may mandatory password changes increase security? What is the optimal interval?  How to limit the number of login attempts without creating a DoS vulnerability?  Learn about graphical passwords and compare their entropy to different length passwords and PIN codes.  Learn about HTTP Digest Authentication [RFC2617] and MS-Chap-V2 [RFC2759]. Explain how to perform an offline password guessing attack after sniffing a login.  In a social network, could authentication be based on who you know (or who knows you), or where you are?  What advantages and disadvantages might a fingerprint reader have in a car lock? 28

Download ppt "Tuomas Aura T-110.4206 Information security technology User authentication Aalto University, autumn 2011."

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Similar presentations

Ads by Google