CSE 565 Computer Security Fall 2018

Similar documents
HOST Authentication Overview ECE 525

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

CSC 474 Network Security. Authentication. Identification

Chapter 3: User Authentication

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Identification Schemes

COMPUTER NETWORK SECURITY

Lecture 9 User Authentication

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

Computer Security: Principles and Practice

CNT4406/5412 Network Security

CS530 Authentication

Password. authentication through passwords

Authentication Objectives People Authentication I

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

Lecture 3 - Passwords and Authentication

Authentication Methods

Sumy State University Department of Computer Science

Lecture 14 Passwords and Authentication

===============================================================================

Authentication. Chapter 2

User Authentication. Modified By: Dr. Ramzi Saifan

Lecture 3 - Passwords and Authentication

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

User Authentication Protocols

Information Security & Privacy

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

User Authentication. Modified By: Dr. Ramzi Saifan

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

HY-457 Information Systems Security

Evaluating Alternatives to Passwords

Biometrics problem or solution?

Integrated Access Management Solutions. Access Televentures

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Undergraduate programme in Computer sciences

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

2.1 Basic Cryptography Concepts

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

MODULE NO.28: Password Cracking

User Authentication Protocols Week 7

Outline Key Management CS 239 Computer Security February 9, 2004

Public-key Cryptography: Theory and Practice

Authentication. Murat Kantarcioglu

Lord of the Rings J.R.R. TOLKIEN

An Overview of Biometric Image Processing

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018

Intruders, Human Identification and Authentication, Web Authentication

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication EECE 412. Copyright Konstantin Beznosov

1 Identification protocols

ECEN 5022 Cryptography

CPSC 467b: Cryptography and Computer Security

Computer Security 3/20/18

Who are you? Enter userid and password. Means of Authentication. Authentication 2/19/2010 COMP Authentication is the process of verifying that

Passwords. EJ Jung. slide 1

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM

Chapter 2: Access Control and Site Security. Access Control. Access Control. ACIS 5584 E-Commerce Security Dr. France Belanger.

Cryptographic Checksums

A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS

Authentication. Steven M. Bellovin January 31,

CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

CS 161 Computer Security

Applied Cryptography and Computer Security CSE 664 Spring 2017

5. Authentication Contents

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

A Smart Card Based Authentication Protocol for Strong Passwords

Chapter 9: Key Management

Information Security CS 526

Pass, No Record: An Android Password Manager

Biometric Security Roles & Resources

CSC 405 Introduction to Computer Security

Keystroke Dynamics: Low Impact Biometric Verification

Security Handshake Pitfalls

Integrated Key Exchange Protocol Capable of Revealing Spoofing and Resisting Dictionary Attacks

CSCI 667: Concepts of Computer Security

Biometrics. Overview of Authentication

5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006

Nigori: Storing Secrets in the Cloud. Ben Laurie

Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

HumanAUT Secure Human Identification Protocols

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

ID protocols. Overview. Dan Boneh

Web Security, Summer Term 2012

Web Security, Summer Term 2012

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Lecture 9. Authentication & Key Distribution

User Authentication and Human Factors

Authentication. Steven M. Bellovin September 26,

Non Person Identities After all, who cares about me? Gilles Lisimaque & Dave Auman Identification technology Partners, Inc.

CPSC 467b: Cryptography and Computer Security

Lecture 1: Course Introduction

Smart Card and Biometrics Used for Secured Personal Identification System Development

Transcription:

CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1

Lecture Outline Definition of entity authentication Solutions password-based authentication token-based authentication biometric-based authentication Stronger forms of secure authentication 2

Entity Authentication Authentication is a broad term and is normally referred to mechanisms of ensuring that entities are who they claim to be data has not been manipulated by unauthorized parties Entity authentication or identification refers to the means of verifying user identity if such verification is successful, the user is granted appropriate privileges The need for user authentication in early computer systems arose once it became possible to support multi-user environments 3

Entity Authentication During an authentication protocol: one party, the verifier, gathers evidence that the identity of another party, the claimant, is as claimed Goals of authentication protocols: honest parties should be able to successfully finish the protocol with their identity accepted as authentic it should be difficult for dishonest parties to impersonate an identity of another user impersonation must remain difficult even after observing a large number of successful authentications by other parties User registration is required prior to an authentication protocol 4

Entity Authentication Identification mechanisms are often divided into 3 types based on how the identity evidence is gathered user knows a secret examples include passwords, personal identification numbers (PINs), secret keys, mother s maiden name, etc. user possesses a token these are normally hardware tokens such as magnetic-striped cards or custom-designed devices for time-variant passwords user has a physical attribute characteristics inherent to the user such as biometrics, handwritten signatures, keystroke dynamics, facial and hand geometries, voice, etc. 5

Entity Authentication Often, different types can be combined together e.g., PIN-based authentication is often used with a physical device (user ID, credit card) biometric-based authentication is often used in combination with a password or a physical token Many identification mechanisms used in practice are not secure calling cards credit card purchases passwords Ideally we want solutions against which replay attacks don t work 6

Password-Based Authentication A password is a string of (normally 8 or more) characters associated with a certain user it serves the purpose of a shared secret between the user and the system During the identification protocol: a user sends (userid, password) pair userid identifies the user password provides the necessary evidence that the user possesses the secret the system compares that information with its has stored if the check succeeds, access is granted 7

Password-Based Authentication Storage of passwords the most straightforward way of storing passwords is in clear text there is a problem with such approach to mitigate it, most systems apply a one-way hash function to a password and store the hash the password itself cannot be recovered, but there are other concerns Attacks on passwords replay of passwords: an attacker reuses a captured password an attacker can capture a password by seeing a user type it, using a keylogger program or obtaining it in transit 8

Password-Based Authentication Attacks on passwords (cont.) exhaustive search: an attacker attempts to guess a user password by trying all possible strings this can be done on the verifier itself or by obtaining a copy of the password file and performing the attack off-line often the attack is infeasible if the password space is large enough but it is still possible to exhaust all short passwords dictionary attack: an attacker tries to guess a password using words from a dictionary and variations thereof can have a high probability of success dictionary attacks become increasingly sophisticated 9

Password-Based Authentication Is there a way to decrease the vulnerability of the system to such attacks? Additional measures are normally employed, some of which are: salting passwords this technique makes guessing attacks less effective a password is augmented with a random string, called salt, prior to hashing the salt is stored in cleartext in the password file how does it improve security? 10

Password-Based Authentication Measures for improving security of passwords (cont.) slowing down password verification the hash function for password verification is made more computationally extensive this can be done, e.g., by iterating the computationntimes what is its drawback? limiting the number of unsuccessful password guesses a user account is locked after the number of successive unsuccessful authentication attempts exceeds the threshold employing password rules additional rules on password choices are imposed this often strengthens password choices but limits the search space 11

Password-Based Authentication Measures for improving security of passwords (cont.) preventing direct access to password file the file/database with hashed passwords is kept inaccessible by ordinary users Another technique that aims at improving security of passwords is called password aging It is always a challenge to find a balance between memorability of passwords and their resistance to dictionary attacks do users make acceptable password choices? can we help them with choosing strong passwords? 12

Password-Based Authentication There were studies of password strength in 1990s a significant portion of used passwords were guessable passwords of short length can be cracked using brute force search account-related or dictionary-derived passwords are common password crackers today are increasingly complex How can we help users to select stronger passwords? systems are much better at helping users than before a variety of tools exist 13

Password-Based Authentication Tools for choosing stronger passwords computer-generated passwords selecting less predictable passwords which users can remember can be done by using computer-generated pronounceable passwords for example: heloberi, hoparmah, ulensoev, atonitim password checking a proactive password checker rates password strength at the time of password selection other types of passwords recently techniques for using images and graphical interfaces for authentication have been developed 14

Password-Based Authentication Tools for choosing stronger passwords (cont.) image-based passwords and graphical interfaces displaying a sequence of images drawing patterns on a grid choosing points using an image their security has not been thoroughly evaluated yet Unpredictability and usability of passwords is hard to achieve simultaneously passwords can provide only a weak form of security 15

Best Password Practices NIST s Special Publication 800-63 provides authentication guidelines for organizations including password-based authentication the latest version is dated by June 2017 In general, you want to use strong passwords not reuse passwords across different services not share your passwords with anyone else 16

Remote Authentication Now assume we want to use passwords for remote authentication will it work? Passwords observed on the network are trivially susceptible to replay initially remote login and file transfer programs, such astelnet, communicated passwords in the clear now encryption is used (ssh,scp, etc.) Authentication based on time-invariant passwords is therefore a weak form of authentication this form of authentication is nevertheless the most common A natural way to improve security is to use one-time passwords 17

One-Time Passwords In authentication based on one-time passwords each password is used only once Such authentication can be realized in the following ways: the user and the system initially agree on a sequence of passwords simple solution but requires maintenance of the shared list the user updates her password with each instance of the authentication protocol e.g., the user might send the new password encrypted under a key derived from the current password this method crucially relies on the correct communication of the new password to the system 18

One-Time Passwords One-time password authentication mechanisms (cont.) the new password is derived with each instance of the authentication protocol using a one-way hash function the system based on hash chains is called S/Key and is due to Lamport a user begins with secret k and produces a sequence of values k,h(k),h(h(k)),...,h t (k) password forith identification session isk i = h t i (k) when user authenticates(i+1)st time withk i+1, the server checks whether h(k i+1 ) = k i ifhis infeasible to invert, this convinces the server that the user is legitimate 19

One-Time Passwords Example of S/Key supposet = 5 at setup stage user chooses k and computes h(k),h(h(k)),h 3 (k),h 4 (k),h 5 (k) uses gives h 5 (k) to the verifier during authentication at session 1: at session 2: at session 5: 20

Entity Authentication An even stronger form of authentication is one where the user doesn t have to send the secret to the verifier ideally you want to convince the verifier without leaking information about your secret such solutions exist and often involve the verifier sending a random challenge to the claimant the claimant uses the challenge and the secret to compute the response anyone who monitors the channel, cannot deduce information about the secret 21

Challenge-Response Techniques The goal of challenge-response techniques is to use a single secret for authentication provide evidence of the secret without leaking information about it proving possession of a secret without leaking information about it is called a zero-knowledge proof of knowledge Challenge-response protocols can be built from simple cryptographic primitives (e.g, MACs and signature schemes) from scratch (Schnorr, Okamoto, and Guillou-Quisquater schemes) 22

Challenge-Response Techniques The basic form of such protocols is normally as follows: suppose Alice is authenticating to Bob Alice has a secret s and Bob has a verification valuev Bob sends to Alice a challengec(chosen or computed anew) Alice computes a response r = f(s,c) and sends it to Bob Bob verifies r using c andv Building a secure challenge-response protocol is non-trivial must be secure against active adversaries parallel session attack man-in-the-middle attack 23

Authentication based on Secrets If passwords are such a poor way of authenticating, why are they so popular? 24

Token-Based Authentication Authentication based on what you possess can be done using different types of tokens memory cards data is passively stored on a medium a card reader can retrieve information stored on the card e.g., magnetic stripe credit cards, ATM cards, hotel keys memory cards provide a limited level of security (i.e., card contents can be read by any reader and copied to another card) memory cards are often combined with a password or PIN using memory cards with computers requires special readers 25

Token-Based Authentication Types of authentication tokens (cont.) smart cards such cards have a built-in microprocessor, programmable read-only memory and random-access memory (RAM) they can engage in different types of authentication protocols including challenge-response such tokens can also be used to generate dynamic passwords each minute the device generates a new password the device and the verifier must be synchronized tamper-resistance of such tokens must be addressed it s been shown in the past that key material can be recovered with relatively inexpensive equipment 26

Token-Based Authentication Types of authentication tokens (cont.) USB dongle USB tokens can also be used for authentication they can store static data as well as code recent dongles also include non-volatile memory no additional hardware such a special-purpose reader is necessary USB dongles are commonly used for copy protection of copyrighted material dongle products often don t provide enough security to be used in rigid security requirement environments 27

Biometric Authentication Biometric authentication systems authenticate an individual based her physical characteristic Types of biometric used in authentication face palm geometry fingerprint iris signature voice Most common uses of biometric authentication is for specific applications rather than computer authentication 28

Biometric Authentication Like other authentication mechanisms, biometric authentication includes an enrollment phase during which a biometric is captured the initial reading is often called a template at authentication time, a new biometric reading is performed and is compared to the stored template Unlike other authentication mechanisms, biometric matching is approximate each reading can be influenced by a variety of factors e.g., light conditions, facial expressions, hair style, glasses, etc. for face recognition some types of biometrics can match more accurately than others e.g., iris vs. face or palm 29

Biometric Authentication Biometric matching can be used to perform verification user s biometric scan is used to match her own template only identification user s biometric scan is used to match a database of templates Identification might not always be possible Biometric systems attempt to minimize false reject rate: authentic biometric is rejected false accept rate: imposter biometric is accepted Depending on the environment, minimizing one of them might be more important than minimizing both 30

Biometric Authentication New types of biometrics are being explored brain waves, heart beats, etc. Many forms of traditional biometrics can be stolen Static biometrics can be replayed 31

Biometric Authentication Current research direction: biometric key generation the idea: a biometric can be used to generate a cryptographic key the key can be reproduced using another biometric close enough to the original no need to remember any information such as a password the key can be used for authentication or encryption key generation algorithm produces a helper data that can later aid in recovering the same key from a noisy version of the biometric security requirements are strict the helper data must leak minimal information about the biometric compromise of the key must not lead to recovery of the biometric 32

Summary Entity authentication is an important topic with the main application in access control Various techniques exist ranging from time-invariant passwords to provably secure identification schemes Despite the weak security password-base authentication provides, it is the most widely used authentication mechanism ease of use, user familiarity, no infrastructure requirements Next time key establishment mechanisms secure channels via authenticated key establishment 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback