T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication EECE 412. Copyright Konstantin Beznosov

Similar documents
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication

Authentication. Murat Kantarcioglu

On Passwords (and People)

CSE509: (Intro to) Systems Security

User Authentication and Passwords

Information Security & Privacy

L7: Authentication. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Security and Usability Computer Security: Lecture 9. 9 February 2009 Guest Lecture by Mike Just

Computer Security: Principles and Practice

Lecture 3 - Passwords and Authentication

User Authentication Protocols

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

HCI Lecture 10: Guest Lecture Usability & Security 28 October 2008

Authentication Objectives People Authentication I

Lecture 3 - Passwords and Authentication

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

User Authentication Protocols Week 7

User Authentication. Modified By: Dr. Ramzi Saifan

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

Sumy State University Department of Computer Science

Chapter 3: User Authentication

CSE 565 Computer Security Fall 2018

Authentication & Access Control. Linnaeus-Palme Project

Jaap van Ginkel Security of Systems and Networks

Authentication: Beyond Passwords

Lecture 14 Passwords and Authentication

MODULE NO.28: Password Cracking

CS530 Authentication

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

User Authentication. Modified By: Dr. Ramzi Saifan

5. Authentication Contents

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

CSC 474 Network Security. Authentication. Identification

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Intruders, Human Identification and Authentication, Web Authentication

HOST Authentication Overview ECE 525

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Key Escrow. Desirable Properties

Who are you? Enter userid and password. Means of Authentication. Authentication 2/19/2010 COMP Authentication is the process of verifying that

CNT4406/5412 Network Security

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

Authentication KAMI VANIEA 1

Authentication. Tadayoshi Kohno

User Authentication. Daniel Halperin Tadayoshi Kohno

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1

Access Control. Part 2 Access Control 1

Passwords. EJ Jung. slide 1

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

CSCI 667: Concepts of Computer Security

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Computer Security 3/20/18

Outline Key Management CS 239 Computer Security February 9, 2004

Lecture Notes for Chapter 3 System Security

Authentication. Steven M. Bellovin January 31,

AA 2015/2016 System hardening (Authentication, Firewalls) Dr. Luca Allodi

MANAGING LOCAL AUTHENTICATION IN WINDOWS

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Information Security CS 526

More Attacks on Cryptography 3/12/2010

Undergraduate programme in Computer sciences

CS 161 Computer Security

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

PASSWORD POLICIES: RECENT DEVELOPMENTS AND POSSIBLE APPRAISE

Authentication. Steven M. Bellovin September 26,

CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

Information Security CS 526

Password. authentication through passwords

Chapter 4. Protection in General-Purpose Operating Systems. ch. 4 1

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

User Authentication. E.g., How can I tell you re you?

The LinkedIn Hack: Understanding Why It Was So Easy to Crack the Passwords

Rethinking Authentication. Steven M. Bellovin

Authentication. Chapter 2

===============================================================================

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

CS November 2018

Proceedings of the 10 th USENIX Security Symposium

ECEN 5022 Cryptography

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

6. Security Handshake Pitfalls Contents

Computer Security 4/12/19

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Lecture 9 User Authentication

ID protocols. Overview. Dan Boneh

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

Authentication, Passwords. Robert H. Sloan

PYTHIA SERVICE BY VIRGIL SECURITY WHITE PAPER

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

In this unit we are continuing our discussion of IT security measures.

Web Security, Summer Term 2012

Web Security, Summer Term 2012

Transcription:

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Authentication EECE 412 Copyright 2004-2007 Konstantin Beznosov

What is Authentication? Real-world and computer world examples? What is a result of authentication? What are the means for in the digital world? 2

Outline Basics and terminology Passwords Storage Selection Breaking them Other methods Multiple methods 3

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Basics and Terminology Copyright 2004-2007 Konstantin Beznosov

What is Authentication binding of identity to subject Identity is that of external entity Subject is computer entity Subject a.k.a. principal 5

What Authentication Factors are used? What you know What you have What you are 6

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Password-based Authentication Copyright 2004-2007 Konstantin Beznosov

What s Password? Sequence of characters Lots of things act as passwords! PIN Social security number Mother s maiden name Date of birth Name of your pet, etc. Sequence of words Examples: pass-phrases Algorithms Examples: challenge-response, one-time passwords 8

Why Passwords? Why is something you know more popular than something you have and something you are? Cost: passwords are free Convenience: easier for SA to reset password than to issue new smartcard 9

Keys vs Passwords Crypto keys Spse key is 64 bits Then 2 64 keys Choose key at random Then attacker must try about 2 63 keys Passwords Spse passwords are 8 characters, and 256 different characters Then 256 8 = 2 64 pwds Users do not select passwords at random Attacker has far less than 2 63 pwds to try (dictionary attack) 10

Why not Crypto Keys? "Humans are incapable of securely storing highquality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.)" Charlie Kaufman, Radia Perlman, Mike Speciner in "Network Security: Private Communication in a Public World" 11

Good and Bad Passwords Bad passwords frank Fido password 4444 Pikachu 102560 AustinStamp Good Passwords? jfiej,43j-emml+y 09864376537263 P0kem0N FSa7Yago 0nceuP0nAt1m8 PokeGCTall150 12

Password Experiment Three groups of users each group advised to select passwords as follows Group A: At least 6 chars, 1 non-letter winner Group B: Password based on passphrase Group C: 8 random characters Results Group A: About 30% of pwds easy to crack Group B: About 10% cracked Passwords easy to remember Group C: About 10% cracked Passwords hard to remember 13

Password Experiment User compliance hard to achieve In each case, 1/3rd did not comply (and about 1/3rd of those easy to crack!) Assigned passwords sometimes best If passwords not assigned, best advice is Choose passwords based on passphrase Use pwd cracking tool to test for weak pwds Require periodic password changes? 14

Attacks on Passwords Attacker could Target one particular account Target any account on system Target any account on any system Attempt denial of service (DoS) attack Common attack path Outsider normal user administrator May only require one weak password! 15

Password Retry Suppose system locks after 3 bad passwords. How long should it lock? 5 seconds 5 minutes Until SA restores service What are + s and - s of each? 16

How to Store Passwords in the System? 1. Store as cleartext If password file compromised, all passwords revealed 2. Encipher file Need to have decipherment, encipherment keys in memory 3. Store one-way hash of password 17

Password File Bad idea to store passwords in a file But need a way to verify passwords Cryptographic solution: hash the passwords Store y = hash(password) Can verify entered password by hashing If attacker obtains password file, he does not obtain passwords But attacker with password file can guess x and check whether y = hash(x) If so, attacker has found password! 18

Dictionary Attack online or offline Attacker pre-computes hash(x) for all x in a dictionary of common passwords Suppose attacker gets access to password file containing hashed passwords Attacker only needs to compare hashes to his precomputed dictionary Same attack will work each time Can we prevent this attack? Or at least make attacker s job more difficult? 19

Password File Store hashed passwords Better to hash with salt Given password, choose random s, compute y = hash(password, s) and store the pair (s,y) in the password file Note: The salt s is not secret Easy to verify password Attacker must recompute dictionary hashes for each user lots more work! 20

Password Cracking: Do the Math Assumptions Pwds are 8 chars, 128 choices per character Then 128 8 = 2 56 possible passwords There is a password file with 2 10 pwds Attacker has dictionary of 2 20 common pwds Probability of 1/4 that a pwd is in dictionary Work is measured by number of hashes 21

Password Cracking Attack 1 password without dictionary Must try 2 56 /2 = 2 55 on average Just like exhaustive key search Attack 1 password with dictionary Expected work is about 1/4 (2 19 ) + 3/4 (2 55 ) = 2 54.6 But in practice, try all in dictionary and quit if not found work is at most 2 20 and probability of success is 1/4 22

Password Cracking Attack any of 1024 passwords in file Without dictionary Assume all 2 10 passwords are distinct Need 2 55 comparisons before expect to find password If no salt, each hash computation gives 2 10 comparisons the expected work (number of hashes) is 2 55 /2 10 = 2 45 If salt is used, expected work is 2 55 since each comparison requires a new hash computation 23

Password Cracking Attack any of 1024 passwords in file With dictionary Probability at least one password is in dictionary is 1 - (3/4) 1024 = 1 We ignore case where no pwd is in dictionary If no salt, work is about 2 19 /2 10 = 2 9 If salt, expected work is less than 2 22 Note: If no salt, we can precompute all dictionary hashes and amortize the work 24

Other Password Issues Too many passwords to remember Results in password reuse Why is this a problem? Who suffers from bad password? Login password vs ATM PIN Failure to change default passwords Social engineering Error logs may contain almost passwords Bugs, keystroke logging, spyware, etc. 25

Passwords The bottom line Password cracking is too easy! One weak password may break security Users choose bad passwords Social engineering attacks, etc. The bad guy has all of the advantages All of the math favors bad guys Passwords are a big security problem 26

How to Improve Password-based Systems? 1. Against off-line password guessing Random selection Pronounceable passwords przbqxdfl, zxrptglfn helgoret, juttelon User selection of passwords Proactive password checking for goodness Password aging 2. Against guessing many accounts Salting 3. Against on-line password guessing Backoff Disconnection Disabling Jailing 27

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Biometrics Copyright 2004-2007 Konstantin Beznosov

What s Biometrics? Automated measurement of biological, behavioral features that identify a person Fingerprints: optical or electrical techniques Maps fingerprint into a graph, then compares with database Measurements imprecise, so approximate matching algorithms used Voices: speaker verification or recognition Verification uses statistical techniques to test hypothesis that speaker is who is claimed (speaker dependent) Recognition checks content of answers (speaker independent) 29

30 Other Characteristics Eyes: patterns in irises unique Measure patterns, determine if differences are random; or correlate images using statistical tests Faces: image, or specific characteristics like distance from nose to chin Lighting, view of face, other noise can hinder this Keystroke dynamics: believed to be unique Keystroke intervals, pressure, duration of stroke, where key is struck Statistical tests used

Ideal Biometric Universal applies to (almost) everyone In reality, no biometric applies to everyone Distinguishing distinguish with certainty In reality, cannot hope for 100% certainty Permanent physical characteristic being measured never changes In reality, want it to remain valid for a long time Collectable easy to collect required data Depends on whether subjects are cooperative Safe, easy to use, etc., etc. 31

Biometric Errors Fraud rate versus insult rate Fraud user A mis-authenticated as user B Insult user A not authenticate as user A For any biometric, can decrease fraud or insult, but other will increase For example 99% voiceprint match low fraud, high insult 30% voiceprint match high fraud, low insult Equal error rate: rate where fraud == insult The best measure for comparing biometrics 32

Cautions can be fooled! Assumes biometric device accurate in the environment it is being used in! Transmission of data to validator is tamperproof, correct 33

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Authentication Systems based on Challenge-Response Copyright 2004-2007 Konstantin Beznosov

Challenge-Response User, system share a secret function f (or known function with unknown parameters) user user user request to authenticate random message r (the challenge) f(r) (the response) system system system 35

Example: Authentication in GSM Phone & system share 16-byte secret k GSM phone GSM phone GSM phone request to authenticate random 16-byte challenge c Hash(c k) GSM system GSM system GSM system 36

One-Time Passwords Password that can be used exactly once After use, it is immediately invalidated Challenge-response mechanism Challenge: number of authentications Response: password for that particular number Problems Synchronization of user, system Generation of good random passwords Password distribution problem How to solve the problems? 37

S/Key Protocol h(k), h 1 (k),, h n-1 (k), h n (k) Passwords: p 1 = h n-1 (k), p 2 = h n-2 (k),, p n 1 = h(k), p n = k user user user { name } { i } {p i =h n-i (k)} system system system 38 What does the system store? maximum number of authentications n number of next authentication i last correctly supplied password p i 1

Key Points Authentication is not just about cryptography You have to consider system components Passwords are here to stay They provide a basis for most forms of authentication Multi-factor Authentication 39

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback