Operating Systems Security: User Authentication

Transcription

1 Introduction Operating Systems Security: User Authentication Ozalp Babaoglu! When you first make contact with a computer service (login, , web access, etc.) you need to identify yourself and then authenticate this identity to prove who you claim to be! Authentication is the basis for performing Authorization! Authentication of human principles rather different from authentication of messages or machines! Humans are not good at remembering or at computing ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Babaoglu Sicurezza 2 User Authentication Password-based authentication! Authenticating humans can be based on 1. Something you know (password, PIN) 2. Something you have (token) 3. Something you do 4. Something you are (biometrics) 5. Where you are! Options 2, 3 and 4 usually require special hardware support! Option 1 is by far the most common Babaoglu Sicurezza 3! Leaves no trace of security breaches! Impossible to prove your innocence if someone misuses your account! Possibilità che la password venga indovinata " Scarsa cultura della sicurezza " Password banali " Post-it con la password attaccata allo schermo! Possibilità che la password venga carpita " un intruso può sbirciare chi sta digitando la password " login spoofing " sniffing di rete! Possibility of on-line or off-line attacks Babaoglu Sicurezza 4

2 Password-based authentication Password-based authentication! On-line attack: the system itself is used to verify the correctness of guesses! Defenses: " Slow down rate of guesses (insert delay) " Limit number of incorrect attempts (3 wrong PINs, the phone blocks, Bancomat eats your card) " Report date/time/location of last successful login at the next login! Off-line attacks: verify the correctness of password guesses on a system different from the one being targeted! Need access to passwords in some stored form! Based on pre-constructed lists of potential passwords Babaoglu Sicurezza 5 Babaoglu Sicurezza 6 Password-based authentication Dictionary Attack! How to save passwords " as clear text in a file protected by the operating system s access control mechanisms " subject to abuse by privileged users, administrators! Password encryption " based on a one-way hash function f() " the password file contains fingerprints of the passwords and not the clear text " at login, compute the fingerprint of the password supplied by the user and compare it to the value stored in the file " Password file in Unix/Linux: /etc/passwd! Obtain a copy of the file containing encrypted passwords! Obtain file containing lists of common words (dictionary)! For each word w in the dictionary, compute its hash value using f(w) and compare it to the encrypted passwords in the password file! All matching entries correspond to users who have set their password to w! Can be much more sophisticated by transforming w in common ways (backwards, 2-letter permutations, etc.)! Can be mechanized through easily-available programs such as crack Babaoglu Sicurezza 7 Babaoglu Sicurezza 8

3 Dictionary Attack Dictionary Attack List of common words Password file Achille Adriano Africa Afrodite Agnese Agrigento Alberto Aldo Alessandro Alessio Ambrogio America Amilcare Anastasia Ancona Andrea Anna Annibale Anselmo Antonino Antonio Aosta... root:ikgjioe9043jb:0:0:... rossi:wsfl4i4gjio:500:500:... bianchi:sdiweo38d:501:501:... franchi:bwjk2lks4df:502:502:... neri:osdtrkl9dfb:503:503:... orsi:gi5ikwsdvo:504:504:... tamburini:lkqweoibve4s:505:505:... gallo:osdtrkl9dfb:506:506:... f(anna) = osdtrkl9dfb Defenses:! Artificially slow down the performance of the one-way hash function (Unix applies DES 25 times to a all-zero block with the password as the key)! Salting of passwords to prevent global attacks! Limit access to the password file through OS! Shadow passwords: separate encrypted passwords from all the other information contained in the password file (real name of user, office location, telephone number, etc.) Babaoglu Sicurezza 9 Babaoglu Sicurezza 10! Shadow password file Shadow Passwords " Il file /etc/passwd è leggilibile a tutti perchè contiene informazioni che vanno al di là della password " Ma questo rende(va) la vita facile agli attaccanti " Il meccanismo delle shadow password memorizza le password in un file separato /etc/shadow, leggibile solo a root! Esempio di /etc/passwd con shadow password mezzina:x:501:501:leonardo Mezzina:/home/mezzina:/bin/bash trotter:x:502:503:guido Trotter:/home/trotter:/bin/bash hughes:x:503:504:dino Hughes:/home/hughes:/bin/bash acerbett:x:504:505:stefano Acerbetti:/home/acerbett:/bin/bash Password-based authentication Consigli per gli amministratori di sistemi! Always set passwords explicitly and never leave default values! Educare gli utenti sull'importanza di utilizzare password non deboli! Eseguire periodicamente programmi di cracking per verificare la sicurezza delle password attuali! Require remote users to use one-shot passwords or other secure techniques (disable telnet, ftp) Babaoglu Sicurezza 11 Babaoglu Sicurezza 12

4 Password-based authentication Consigli per gli amministratori di sistemi Login spoofing! Implementare meccanismi per evitare che password banali siano utilizzate " Impose a minimum length (at least 8 characters) " Require mixed format (at least some non-alpha characters) " Reject passwords that can be obtained from simple transformations of common words (dictionary)! Use password aging (must be used within reason)! L'attaccante scrive un programma (testuale o grafico) che presenta una finta schermata di login! Attende che la vittima inserisca login/password! Memorizza o spedisce la coppia login/password! Visualizza un messaggio di Login incorrect! Fa partire il vero programma di login per esempio terminando la shell attuale! La vittima crede di aver digitato male la password, questa volta entrando senza problemi nel sistema Babaoglu Sicurezza 13 Babaoglu Sicurezza 14 Login spoofing Login spoofing! Example #!/bin/csh -f # Only for demonstration (C) Bob Toxen cat /etc/issue echo -n "hostname login: " set x="$<" stty -echo echo -n "Password: " set y="$<" echo $x "," $y >> captured.dat stty -echo echo "" echo Login incorrect echo "" exit Welcome to XYZ Linux K.L (i586) Kernel A.B.CD (tty1) hostname login: franchi Password: Login incorrect Welcome to XYZ Linux K.L (i586) Kernel A.B.CD (tty1) hostname login: Babaoglu Sicurezza 15 Babaoglu Sicurezza 16

5 Login spoofing Login spoofing! Windows " Permette il login tramite la sequenza Ctrl-Alt-Del " La schermata iniziale di Windows XP con la lista degli utenti non dovrebbe essere utilizzata " Notion of trusted path from the keyboard to the operating system kernel " The sequence Ctrl-Alt-Del establishes this path " How can I be sure that indeed Windows running on my macine? " Reboot " How can I be sure that the image of the operating system on disk is indeed Windows? " Reinstall from CD General defenses against login spoofing based on mutual authentication:! The user authenticates himself to the host! The host authenticates itself to the user! Based on cryptographic techniques such as digital signatures and certificates Babaoglu Sicurezza 17 Babaoglu Sicurezza 18 Phishing Phishing! Modern incarnation of login spoofing! Phishers attempt to fraudulently acquire sensitive information such as passwords and credit card details by masquerading as a trustworthy person or business! Typically carried out using or instant messaging, but phone contact has been used as well Babaoglu Sicurezza 19 Babaoglu Sicurezza 20

6 Phishing Pharming! PCWorld.com, February 20, 2007 " Cisco Says 77 Routers Open to Drive-By Pharming! Attack aiming to redirect a website's traffic to another, bogus website! Malware targets a desktop computer's Hosts file, which circumvents name lookup with its own local name to IP address mapping! Attacker modifies the trusted DNS entry of a router to point to a server under his control instead of a legitimate one (suggested by an upstream ISP) Babaoglu Sicurezza 21 Babaoglu Sicurezza 22 Keyloggers Keyloggers! Keyloggers are usually designed as spyware and come in the form of a Trojan horse, can record your passwords, can detect when you type digits checking to see if it s a credit card, bank accounts or information you consider private and personal. Spyware keyloggers are also used to track your surfing habits Babaoglu Sicurezza 23 Babaoglu Sicurezza 24

7 Keylogger Defenses Packet sniffing! Spyware detection/removal programs! Firewall for blocking outgoing network traffic! Mobile virtual keyboards! Packet sniffing " un packet sniffer è un software che analizza il traffico di rete su cui il host è collegato " cerca di individuare pacchetti contenenti coppie login/password spediti in chiaro da meccanismi di comunicazione come telnet, rlogin e ftp " memorizza le coppie login/password per uso futuro Babaoglu Sicurezza 25 Babaoglu Sicurezza 26 Packet sniffing User Authentication based on something you do! General defenses are generally based on cryptographic techniques for obfuscating passwords:! Require that the password is never sent in the clear over the network " Challenge-response schemes based on symmetric/asymmetric cryptography " Challenge can be implicit (such as real time)! Require that a given password can be used only once " One-time password schemes such as SKEY! Certain human actions can serve to uniquely identify them " Inter key-stroke delays when typing on a keyboard " Velocity, acceleration, pressure of pen when writing Babaoglu Sicurezza 27 Babaoglu Sicurezza 28

8 User Authentication based on something you are Biometrics! Biometrics " Finger print " Voice print " Retinal patterns " Facial features (distance between eyes, shape of lips, nose, leftright symmetry, etc.)! Typically require hardware support to acquire! Chosen biometric should minimize both false negatives and false positives Desirable properties for a chosen biometric:! Universality: Every person must posses them! Uniqueness: Two different persons must not have the same characteristics! Permanence: Characteristic should not be alterable or change over time! Acquirability: Characteristic easy to acquire and quantify Babaoglu Sicurezza 29 Babaoglu Sicurezza 30 User Authentication based on where you are Non-textual Passwords! Limit root access to system console (no remote)! Your access to a certain trusted host or certain trusted network may be sufficient to grant access to another host without further evidence! Older versions of Unix implemented this idea through.rhosts and /etc/hosts.equiv files and the collection of r commands: rlogin, rsh, rcp, rwho! Today considered to be highly insecure due to attacks based on IP spoofing! Can use GPS or GSM cell data! Rather than a sequence of characters, a password can be sequence of coordinates in a cartesian plane (x 1,y 1 )(x 2,y 2 )...(x 10,y 10 )! Difficult to remember and enter in numerical format! Can benefit from graphical assistance Babaoglu Sicurezza 31 Babaoglu Sicurezza 32

9 Non-textual Passwords Babaoglu Sicurezza 33