CIT 480: Securing Computer Systems. Authentication

Transcription

1 CIT 480: Securing Computer Systems Authentication

2 Topics 1. Digital Identity and Groups 2. Authentication 3. Formal Definition 4. Authentication Types 5. Tokens 6. Biometrics 7. UNIX Authentication

3 Digital Identity A digital identity is data that uniquely describes a subject, which may be a person, process, or machine. Personal Identities Username User ID address Machine Identities Inventory number IP address SSL certificate

4 Groups and Roles Definitions A group is a set of users. A role is a set of users with a common task. In practice, little difference on most systems. Purpose Groups simplify access control by reducing the number of subjects.

5 Authentication Authentication is the act of verifying than an entity is who or what they claim they are. Authentication can be based on 1. What the entity knows (e.g., passwords) 2. What the entity has (e.g., access card) 3. What the entity is (e.g., fingerprints) Or a combination of two or more of 1..3, which is known as Multi Factor Authentication (MFA).

6 Importance of Authentication Access Control Most systems base access rights on identity of principal executing the process. Accountability Logging and auditing functions. Need to track identity across account/role changes (e.g., su, sudo).

7 Authentication System A: set of authentication information information used by entities to prove identity C: set of complementary information information stored by system to validate A F: set of complementation functions f : A C generate C from A L: set of authentication functions l: A C {T,F} verify identity S: set of selection functions enable entity to create or alter A or C

8 What You Know (Passwords) Example: Authenticate with 8-character alphanumeric password. System compares against stored MD5 hash. A = [A-Za-z0-9]{8} C = 22-char Base64 strings F = { MD5 } L = { MD5(A)==C }

9 What You Have (Tokens) Disconnected tokens Connected tokens Wireless Smart cards RFID used for toll collection Online banking Digipass

10 Token Information Types Static Password Token: contain a physically hidden password that is transmitted for each authentication. Example: car keys. Synchronous Dynamic Token: Password changes every N seconds. Time synchronized with server. Asynchronous Dynamic Token: One-time password generated algorithmically. Challenge-Response Token: Server sends random challenge to token; device computes response with a cryptographic algorithm.

11 RFID Radio Frequency Identification Types of Tags Passive: use power from reader signal Active: internal power source Applications Product tracking (EPC barcode replacement) Transportation payment Automotive (embedded in car keys) Passports Human implants EPC RFID Tag

12 What You Are (Biometrics) Identification by human characteristics: 1. Physiological 2. Behavioral A biometric characteristic should be: 1. universal: everyone should have it 2. unique: no two people should share it 3. permanent: it should not change with time 4. quantifiable: it must be practically measurable

13 Biometric System Example: User authenticates with fingerprint. System compares to stored fingerprint template. A = { user fingerprints } C = { digital fingerprint templates } F = { scanner + analog->digital } L = { tunable similarity function }

14 How Biometrics Work

15 Types of Biometrics

16 Fingerprints Capacitive measurement, using differences in electrical charges of whorls on finger to detect those parts touching chip and those raised.

17 Eye Biometrics Iris Scan Lowest false accept/reject rates of any biometric. Person must hold head still and look into camera. Retinal Scan Cataracts and pregnancy change retina pattern. Lower false accept/reject rates than fingerprints. Intrusive and slow.

18 Measurement Outcomes Actual Identity Valid User Adversary Biometric Measurement Valid User Adversary True Positive False Positive False Negative True Negative

19 False Positive/Negative Tradeoff Errors False Negative Rate False Positive Rate Sensitivity

20 Biometrics can be compromised. Unique identifiers, not secrets. You can change a password. You can t change your iris scan. Examples: You leave your fingerprints every place. It s easy to take a picture of your face. Other compromises. Use faux ATM-style devices to collect biometrics. Obtain all biometric templates from server.

21 UNIX Authentication UNIX identifies user with a UID Username is for humans, UID for computers. 15-bit to 32-bit unsigned integer. UID=0 is the superuser, root. Identity and authentication data stored in /etc/passwd /etc/shadow /etc/group

22 /etc/{passwd,shadow} Central file(s) describing UNIX user accounts. /etc/passwd Username UID Default GID GCOS Home directory Login shell /etc/shadow Username Encrypted password Date of last pw change. Days til change allowed. Days `til change required. Expiration warning time. Expiration date. student:x:1000:1000:example User,1212:/home/student:/bin/bash student:$1$w/uuktlf$otssvxtsn/xjzuogfelnz0:13226:0:99999:7:::

23 Groups and GIDs GIDs are 32-bit non-negative integers. Each user has a default GID. File group ownership set to default GID. Temporarily change default GID: newgrp. Groups are described in /etc/group Users may belong to multiple groups. Format: group name, pw, GID, user list. wheel:x:10:root,waldenj,bergs

24 Superuser Powers Superuser can Read any file. Modify any file. Add / remove users. Become any user. Kill any process. Reprioritize processes. Configure network. Set date/time. Shutdown / reboot. Superuser can t Change read-only filesystem. Decrypt hashed passwords. Modify NFS-mounted filesystems. Read or modify SELinux protected files.

25 Switching Users with su > id uid=102(wj) gid=102(wj) groups=102(wj) > su Password: # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm) # su john john$ id uid=1995(john) gid=1995(john) groups=1995(john) john$ exit # exit > id uid=102(wj) gid=102(wj) groups=102(wj)

26 Real and Effective UIDs Real UID The UID matching the username you logged in as. Effective UID The UID that is checked for access control. The su command changes your EUID. SETUID programs A SETUID program executes with an EUID of the owner of the program instead of yours. /usr/bin/passwd is SUID root. Why?

27 Key Points 1. Access control and audit are based on identity. 2. Authentication consists of an entity, the user, attempting to convince another entity, the verifier, of the user s identity 1. something you know (passwords) 2. something you have (tokens) 3. something you are (biometrics) 4. somewhere you are (location) 3. UNIX authentication Usernames, UIDs, groups, GIDs Storage: /etc/{passwd,shadow} and /etc/group Real and effective UIDs SETUID mechanism

28 References 1. Ross Anderson, Security Engineering, 2 nd edition, Wiley, Matt Bishop, Introduction to Computer Security, Addison-Wesley, DigitalPersona, Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and Internet Security, 3 rd Edition, O Reilly, Ben Mook, Md. pilot program tracks drivers speed, location via cell phones, The Daily Record, October 21, 2005, 6. Bruce Schneier, Biometrics: Truths and Fictions, Cryptogram, Bruce Schneier, The Curse of the Secret Question, Orville Wilson, Privacy & Identity - Security and Usability: The viability of Passwords & Biometrics,

29 Released under CC BY-SA 3.0 This presentation is released under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free: to Share to copy and redistribute the material in any medium to Adapt to remix, build, and transform upon the material to use part or all of this presentation in your own classes Under the following conditions: Attribution You must attribute the work to James Walden, but cannot do so in a way that suggests that he endorses you or your use of these materials. Share Alike If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license. Details and full text of the license can be found at