Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Chapter 11 Modified (heavily) by Dan Fleck Coming up: Basics 1111.

Published byFrederick Cain Modified over 8 years ago

Similar presentations

Presentation on theme: "Authentication Chapter 11 Modified (heavily) by Dan Fleck Coming up: Basics 1111."— Presentation transcript:

1 Authentication Chapter 11 Modified (heavily) by Dan Fleck Coming up: Basics 1111

2 Basics Authentication: binding of identity to subject Identity is that of external entity (my identity, Matt, etc.) Subject is computer entity (process, etc.) After login your identity is bound to everything you do! Coming up: Establishing Identity 2222

3 Establishing Identity One or more of the following What entity knows (eg. password) What entity has (eg. badge, smart card) What entity is (eg. fingerprints, retinal characteristics) Where entity is (eg. In front of a particular terminal) Coming up: Passwords 3333

4 Passwords Passwords are ubiquitous because they are simple and clear. Standard tradeoff between usability and security: Password must be 27 characters and use no words (huh??) A typical ruleset (from Chase bank): Must contain 7-32 characters Must include at least one number and one letter Cannot include special characters (&, %, *, etc.) Cannot be the same as your User ID Cannot be the same as any of the last five Passwords you’ve used Goal: Make it hard for computers to guess by making it random. Reality: its very hard to have a short password that a computer cannot guess Coming up: Possible Passwords 4444

5 Possible Passwords Possible options: Length of password (L) Possible characters (N) (letter = 26, upper/lower = 52, digits=+10, symbols=+33 (ASCII printable)) = 95 8 char password: 95^8 = 6,634,204,312,890,625 = 6.6342e15 Entropy is 6.6342e15 assuming all symbols equally likely! Coming up: Entropy in bits 5555

6 Entropy in bits H(x) is entropy in bits (how many bits it would take to represent that number of options) Example: 2 X =6.6342e15 X = 52.5588 bits Another way to think about it: Each symbol adds log 2 (95) bits We have 8 symbols, thus our entropy is: H = L (Log 2 N) = 8 ( Log 2 95 ) = 52.5 bits Research 1 has shown, lower bound on expected guesses E(G) is: Example: E(G) ≥ (1/4)*6.6342e15 + 1 = 1.6586e15 Coming up: Password Guessing 1: http://www.isiweb.ee.ethz.ch/archive/massey_pub/pdf/BI633.pdf 6666

7 Password Guessing Recent password guessers can guess 2,800,000,000 passwords a second. Strength of our example: 1.6586e15 / 2,800,000,000 = 592,340 seconds = 6.85 days How true is that? Entropy of a letter in English is –log 2 (1/26) letter is 4.7bits Are all letters equally probable? No! Computed entropy of the English language ranges from 2.77 bits to 1.3 bits because letters aren’t random. Is your password random? Coming up: Cracking 7777

8 Cracking Password tools use many methods to guess smarter Dictionaries Rulesets Is it more likely that the 1 st or 2 nd letter is capitalized? Where are numbers generally? Substituting numbers for letters is c0mm0n! Brute force – all possible guesses as a last resort How do passwords work? Lets see! Coming up: Simple Passwords 8888

9 Simple Passwords Most passwords today use secure one-way hashing Hash function F(P)  Q F – hash function P – plain text password Q – hashed password One way Q is stored on the computer P is provided by the user, hashed and compared to Q Secure Hash Functions goal is to NOT be reversible (MD5, SHA1, SHA3, etc…) Are they still subject to a guessing attack? Coming up: Recent Events 9999

10 Recent Events Yahoo's password leak: What you need to know (FAQ) (Mar 2012) – Plaintext leaked! (ouch!) Millions of LinkedIn passwords reportedly leaked online (June 6, 2012) – hashed passwords (still hurts) Nasdaq forum site hacked, passwords compromised (July 2013) – Unclear if hashed or not Ubuntu forums hacked, 1.8 million passwords and emails compromised – Unclear if hashed or not Coming up: How hard is it to crack? 10

11 How hard is it to crack? Dec 2009 RockYou’s 18million passwords stolen in plaintext This started a revolution of password hacking because people could use real world passwords Password Cracking program + RockYou DB + some rulesets… lets try it: Take a password, hash it Crack it Src: http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/ Coming up: Demo of password cracking 11

12 Demo of password cracking Coming up: What can we do? 12

13 What can we do? Increase the time to check Not good at the algorithmic level -- when doing stream decryption want it to be fast Key stretching can be used User’s password is run through a stretching algorithm that makes it longer. The algorithm MUST take a long time ~1 second If we have an uncompromised server key stretching is simple and effective against guessing attacks! Only a problem when attacker has the hashed password Systems using this: PGP, GPG WPA, WPA2 in personal mode OpenSSL ‘passwd’, Apache.htpasswd One example algorithm: https://en.wikipedia.org/wiki/PBKDF2 Coming up: What can we do? Ref: http://en.wikipedia.org/wiki/Key_stretching#Some_systems_that_use_key_stretching 13

14 What can we do? Add some Salt Append a random value to the password before hashing Store that random value (in plain text) with the password This does NOT make cracking a single password harder, but when cracking a group of passwords, it does. For example, the attacker typically computes the hash and checks for it anywhere in the list of hashed passwords. This fails with salt. Another form of salt is picking a different hashing algorithm per password and storing that choice with the hashed password Coming up: Other Authentication Types Ref: https://en.wikipedia.org/wiki/Salt_(cryptography) 14

15 Other Authentication Types Coming up: Challenge-Response 15

16 Challenge-Response Coming up: Pass Algorithms User, system share a secret function f (in practice, f is a known function with unknown parameters, such as a cryptographic key) user system request to authenticate user system random message r (the challenge) user system f(r) (the response) 16

17 Pass Algorithms Challenge-response with the function f itself a secret Example: Challenge is a random string of characters such as “ abcdefg ”, “ ageksido ” Response is some function of that string such as “ bdf ”, “ gkip ” Can alter algorithm based on ancillary information Network connection is as above, dial-up might require “ aceg ”, “ aesd ” Usually used in conjunction with fixed, reusable password Coming up: One-Time Passwords 17

18 One-Time Passwords Password that can be used exactly once After use, it is immediately invalidated Challenge-response mechanism Challenge is number of authentications; response is password for that particular number Problems Synchronization of user, system Generation of good random passwords Password distribution problem Coming up: S/Key 18

19 S/Key One-time password scheme based on idea of Lamport h one-way hash function (MD5 or SHA-1, for example) User chooses initial seed k – k must remain secret! System calculates: h(k) = k 1, h(k 1 ) = k 2, …, h(k n–1 ) = k n Passwords are reverse order: p 1 = k n, p 2 = k n–1, …, p n–1 = k 2, p n = k 1 Coming up: S/Key Protocol 19

20 S/Key Protocol Coming up: S/Key Protocol user system { name } user system { i } user system { p i } System stores maximum number of authentications n, number of next authentication i, last correctly supplied password p i–1. System computes h(p i ) = h(k n–i ) = k n–i+1 = p i–1. If match with what is stored, system replaces p i–1 with p i and increments i. 20

21 S/Key Protocol Coming up: Hardware Support System computes h(p i ) = h(k n–i ) = k n–i+1 = p i–1. If match with what is stored, system replaces p i–1 with p i and increments i. 1234 H(x)h(k)h(k 1 )h(k 2 )h(k 3 ) Kk1k1 k2k2 k3k3 k4k4 Pp4p4 p3p3 p2p2 p1p1 Concretely for table and i=2 (all values in col X are equal): h(p 2 )=h(k 3 )=k 4 =p 1 21

22 Hardware Support Token-based Used to compute response to challenge May encipher or hash challenge May require PIN from user Temporally-based Every minute (or so) different number shown Computer knows what number to expect when User enters number and fixed password Coming up: C-R and Dictionary Attacks 22

23 C-R and Dictionary Attacks Same as for fixed passwords Attacker knows challenge r and response f(r); if f encryption function, can try different keys May only need to know form of response; attacker can tell if guess correct by looking to see if deciphered object is of right form Example: Kerberos Version 4 used DES, but keys had 20 bits of randomness; Purdue attackers guessed keys quickly because deciphered tickets had a fixed set of bits in some locations Coming up: Encrypted Key Exchange 23

24 Encrypted Key Exchange Defeats off-line dictionary attacks Idea: random challenges enciphered, so attacker cannot verify correct decipherment of challenge Assume Alice, Bob share secret password s In what follows, Alice needs to generate a random public key p and a corresponding private key q Also, k is a randomly generated session key, and R A and R B are random challenges Coming up: EKE Protocol 24

25 EKE Protocol Coming up: Biometrics Alice Bob Alice,E s (p) Alice Bob E s (E p (k)) Now Alice, Bob share a randomly generated secret session key k Alice Bob Ek(RA)Ek(RA) Alice Bob Ek(RARB)Ek(RARB) Alice Bob Ek(RB)Ek(RB) Steps used to stop replay attacks Steps used to generate session key 25

26 Biometrics Automated measurement of biological, behavioral features that identify a person Fingerprints: optical or electrical techniques Maps fingerprint into a graph, then compares with database Measurements imprecise, so approximate matching algorithms used Voices: speaker verification or recognition Verification: uses statistical techniques to test hypothesis that speaker is who is claimed (speaker dependent) Recognition: checks content of answers (speaker independent) Coming up: Other Characteristics 26

27 Other Characteristics Can use several other characteristics Eyes: patterns in irises unique Measure patterns, determine if differences are random; or correlate images using statistical tests Faces: image, or specific characteristics like distance from nose to chin Lighting, view of face, other noise can hinder this Keystroke dynamics: believed to be unique Keystroke intervals, pressure, duration of stroke, where key is struck Statistical tests used Coming up: Cautions 27

28 Cautions These can be fooled! Assumes biometric device accurate in the environment it is being used in! Transmission of data to validator is tamperproof, correct Coming up: Multifactor Authentication 28

29 Multifactor Authentication Many systems now use multi-factor authentication User must present multiple things typically from different categories: What you know What you have What you are Examples? Coming up: Pluggable Authentication Modules (PAM) 29

30 Pluggable Authentication Modules (PAM) Idea: when program needs to authenticate, it checks central repository for methods to use Library call: pam_authenticate Accesses file with name of program in /etc/pam.d/ Modules do authentication checking binding (new): succeed immediately upon success, otherwise continue down the chain, but ultimately fail sufficient: succeed immediately if module succeeds required: fail if module fails, but all required modules executed before reporting failure requisite: like required, but don’t check all modules upon failure optional: invoke only, but result is ignored Coming up: Example PAM File 30

31 Example PAM File authsufficient/usr/lib/pam_ftp.so authrequired/usr/lib/pam_unix_auth.so use_first_pass authrequired/usr/lib/pam_listfile.so onerr=succeed \ item=user sense=deny file=/etc/ftpusers For ftp: 1.If user “ anonymous ”, return okay; if not, set PAM_AUTHTOK to password, PAM_RUSER to name, and fail 2.Now check that password in PAM_AUTHTOK belongs to that of user in PAM_RUSER; if not, fail 3.Now see if user in PAM_RUSER named in /etc/ftpusers; if so, fail; if error or not found, succeed Coming up: PAM Facilities 31

32 PAM Facilities PAM provides four facilities each with a chain for different things. Each is typically present in the /etc/pam.d/xyz file: auth – does the actual authentication of an applicant account – checks if authentication is allowed ( account not expired, time of day, server’s workload, etc…) session - after authentication runs chain for session setup / tear down password – chain used to change passwords Ref: http://www.freebsd.org/doc/en/articles/pam/pam- essentials.html Coming up: PAM Test - Explain these 32

33 PAM Test - Explain these authrequiredserviceA authsufficientserviceB authrequiredserviceC versus authsufficientserviceB authrequiredserviceA authrequiredserviceC Coming up: Key Points 33

34 Key Points Authentication is not cryptography You have to consider system components Passwords are here to stay They provide a basis for most forms of authentication Authentication methods can be combined Example: PAM End of presentation 32 34

Download ppt "Authentication Chapter 11 Modified (heavily) by Dan Fleck Coming up: Basics 1111."

Similar presentations

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Chapter 12: Authentication

Chapter 12: Authentication
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #11-1 Chapter 11: Authentication Basics Passwords Challenge-Response Biometrics.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #11-1 Chapter 11: Authentication Basics Passwords Challenge-Response Biometrics.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #12-1 Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #12-1 Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics.
Security-Authentication

Security-Authentication
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Similar presentations

Ads by Google