User Authentication. E.g., How can I tell you re you?

Transcription

1 User Authentication E.g., How can I tell you re you? 1

2 The Basics Unlike real world authentication (e.g., you recognize someone s voice over the phone) computer can t recognize someone (well, not in the same way). Three quantities used to confirm user s identity Something the user knows Passwords, PIN numbers, secret handshake, mother s maiden name Something the user has Identity badge, physical key, driver s license, uniform Something the user is Biometrics: based on physical characteristics of user (e.g., fingerprint, pattern of person s voice, picture of face). These three can be combined 2

3 Passwords Most common means of user authentication to OS Although secure in theory, human practice often degrades quality of this means of authentication Must handle: Loss: depending on implementation, it is possible that no one will be able to restore a lost password. Use: Supplying password for each file access can be inconvenient and time consuming. Disclosure: If password disclosed to unauthorized individual, file becomes immediately accessible. If password is then changed, all other legitimate users must be notified. Revocation: To revoke one user s access rights to a file, someone must change the password, causing same problems as disclosure. 3

4 Aside: Multifactor Authentication This is fancy name for use of additional authentication information E.g., log in allowed only if password check is valid and Log in request received from specific IP address and/or port AND Log in request received during specific time period (say between 8 a.m. and 5 p.m. Two forms if authentication (two-factor authentication) better than one if both are strong But as number of forms increase, so does inconvenience AND each authentication factor requires system to manage more security info (which, in addition to increased protection resources) may also increase complexity of implementation 4

5 Attacks on Passwords Passwords limited as protection devices because of the relatively small number of bits of info they contain Ways to obtain user s password (in decreasing order of difficulty) Try them all Try frequently used passwords Try passwords likely for the particular user Search for system list of passwords Ask the user Systems don t help here, as they often provide attacker with partial information. 5

6 Loose-Lipped Systems Note password authentication is based on premise that user knows nothing of the system. But systems often help an attacker Consider system messages look like above (uppercase is system message, lowercase is user) System is identified, and attacker knows adams is not a valid user name. Intruder can use this with common surnames to build a list of authorized users. 6

7 Loose-Lipped Systems Better: User is not told whether it is the username or the password that is bad But message still provides name of the system. 7

8 Loose-Lipped Systems Best: adversary receives no information until after successful authentication. After all, legitimate user should know the name of the system, so why provide it beforehand? 8

9 Exhaustive Attack A.k.a. brute-force attack, is when attacker tries all passwords (usually in an automated fashion) until correct one is found Difficulty depends on implementation (how long are passwords, etc) Example: Assume passwords consist of 26 characters from A-Z, and can have length from 1 to 8 characters. Num. Passwords = = x At one password/millisecond, takes 150 years At on password/microsecond, takes two months! Reasonable time if reward is large enough (e.g. password protecting file of credit card numbers) And expected search times, if all passwords random, is half 9

10 Probable Passwords Reduce search space significantly! When humans choose words at random, they tend to choose words that are short, common, and easy to spell and pronounce. Attackers use this info: Search passwords from shortest to longest All passwords 5 chars or less can be searched in under 4 hours. Time given assumes people choose all passwords with equal probability (e.g. hdlzm, ehlzx are chosen as often as pizza and beer) Spell-checkers often have dictionaries of commonly used words One of these contains 80,000 words. Trying all of them takes only 80 seconds. 10

11 Passwords Likely for a User Usually meaningful to the person Name of spouse, child, brother, sister, pet, street name, or something memorable or familiar List of these things is often only a few hundred entries long at most. Can be checked in under a second! 11

12 Distribution of Actual Passwords 1979 study by Morris and Thompson Considered 3,289 passwords Results: 15 were single ASCII characters 72 were two ASCII characters 464 were three ASCII characters 477 were four alphabetic letters 706 were five alphabetic letters, all same case 605 were six lowercase alphabetic letters 492 were words in dictionaries or lists of names Total: 2831 (86%) contained in this list! 12

13 Figures are Not Dated 1990: Klein collected appx 15,000 passwords 2.7% guessed within 15 minutes, 21% within one week 1992: Spafford collected appx 15,000 passwords Average length 6.8 characters 28.9% consisted of only lowercase alphabetic characters 2002: British online bank Egg finds 50% of passwords for online banking service were family members names: 23% children s names 19% spouse or partner 9% their own name 8% pet names 9% each for celebrity and soccer star s names 13

14 Still Worse 1998: Knight and Hartley report appx 35% of passwords derived from syllables and initials of account owner s name. Several articles claim that God, sex, love, and money are four most common passwords Lists of common passwords posted online Also sites that post dictionaries of phrases, science fiction characters, places, mythological names, Chinese words, Yiddish words, and several other specialized lists Sysadmin utilities such as SATAN, COPS, and Crack allow administrators to check for weak passwords. They also allow attackers to do the same. Changing letters to numbers (e.g., 0 for letter O, 1 for lowercase L, $ for S, etc.): been done, and the attackers know it. 14

15 Knight and Hartley 12 Password Guessing Steps No password The same as the user ID Is, or is derived from, the user name Common word list (e.g., password, secret) plus common names and patterns (e.g., asdfg, aaaaaa) Short college dictionary Complete English word list Common non-english language dictionaries Short college dictionary with capitalizations (PaSsWorD) and substitutions (0 for O, etc) Complete English with capitalizations and substitutions Common non-english dictionaries with capitalizations and substitutions Brute force, lowercase alphabetic characters Brute force, full character set 15

16 Plaintext System Password List Not a good idea Even if protected via access control (e.g., only OS level functions can access it) it s not good Many OS functions never need to read the file, and opening it to all OS functions means that if even one of these functions is compromised, password list is compromised as well System backups often lack protection mechanisms (physical security and access control to the backup tapes themselves are only security for these). Password file is stored on a disk, so anyone who can overcome file restrictions or have access to disk can obtain password file. 16

17 Encrypted Password File Password table entries are encrypted using a one way function (e.g. hash) and then stored. On log in, hash of user password is checked with entry in the password file. A problem: two users who pick same password will notice that they have the same password hash Salt: A small number formed from other info, and appended to password Password + salt is what is hashed Salt stored in plaintext. On authentication attempt, OS appends salt to the password and hashes the extended password to check against password file. E.g., Unix salt is a 12-bit number formed from system time and process ID. Still a good idea to limit access to password file (even if encrypted) 17

18 Indiscreet Users Tape password to side of terminal or write it down on card just inside top desk drawer Users sharing files share passwords my password is x, just get the file yourself Verisign (2005) in unscientific poll found that 2/3 of people approached on street volunteered to disclose their password in exchange for coupon good for a cup of coffee. 79% admitted they use same password for multiple systems or sites. 18

19 One-Time Passwords A password that changes every time it is used (so if password is intercepted, it s not useful) Rather than a static phrase, system assigns a static mathematical function to user. System provides the argument to function, user computes and returns function value. A.k.a. challenge-response system because system presents challenge to user Very simple examples: f(x) = some polynomial, the xth prime number, etc. f(x) = r(x) for some fixed pseudorandom number generator. Server provides the seed. f(e(x)) = E(D(E(x)) + 1) 19

20 Noncoercible Passwords? article.cfm?id=computer-game-forsecurity 20