CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

Similar documents
CIS 4360 Secure Computer Systems Biometrics (Something You Are)

CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

Computer Security 3/20/18

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 3 - Passwords and Authentication

CIS 4360 Secure Computer Systems Applied Cryptography

Lecture 3 - Passwords and Authentication

Computer Security: Principles and Practice

Computer Security 4/12/19

ID protocols. Overview. Dan Boneh

Proving who you are. Passwords and TLS

Authentication. Steven M. Bellovin January 31,

Lecture 14 Passwords and Authentication

The LinkedIn Hack: Understanding Why It Was So Easy to Crack the Passwords

CSE 565 Computer Security Fall 2018

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CNT4406/5412 Network Security

Seamless Upgrades for Credential Security in Apache Tomcat

CS November 2018

Authentication. Steven M. Bellovin September 26,

CS 161 Computer Security

Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)

PRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT B

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Overview. Terminology. Password Storage

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

CSE484 Final Study Guide

CS530 Authentication

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Password. authentication through passwords

Dashlane Security Whitepaper

CSCE 813 Internet Security Final Exam Preview

CSCI 667: Concepts of Computer Security

BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents

Lecture 9 User Authentication

CSC 774 Network Security

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication EECE 412. Copyright Konstantin Beznosov

CSCE 813 Internet Security Kerberos

Chapter 3: User Authentication

L13. Reviews. Rocky K. C. Chang, April 10, 2015

HOST Authentication Overview ECE 525

PASSWORDS & ENCRYPTION

Authentication. Steven M. Bellovin October 1,

CSC 474 Network Security. Authentication. Identification

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Cryptographic Concepts

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

Authentication CHAPTER 17

Information Security CS526

Dashlane Security White Paper July 2018

More Attacks on Cryptography 3/12/2010

Multi-factor Authentication Using Mobile Phones

FIPS SECURITY POLICY FOR

Authentication. Steven M. Bellovin September 16,

COMPUTER NETWORK SECURITY

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION

Dashlane Security White Paper

CSC/ECE 774 Advanced Network Security

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

1 Identification protocols

Pass, No Record: An Android Password Manager

User Authentication. Modified By: Dr. Ramzi Saifan

The Lord of the Keys How two-part seed records solve all safety concerns regarding two-factor authentication

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

User Authentication. Modified By: Dr. Ramzi Saifan

(2½ hours) Total Marks: 75

PYTHIA SERVICE BY VIRGIL SECURITY WHITE PAPER

Controlling Website Account Information. A recent survey done by Privacy Rights Clearinghouse shows that in the past five years

Authentication Technology for a Smart eid Infrastructure.

CS 161 Computer Security

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

Security Specification

CS-630: Cyber and Network Security

Cryptographic Hash Functions

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CNIT 124: Advanced Ethical Hacking. Ch 9: Password Attacks

CS 111. Operating Systems Peter Reiher

PROTECTING CONVERSATIONS

Encryption I. An Introduction

CSE 127: Computer Security Cryptography. Kirill Levchenko

Encryption. INST 346, Section 0201 April 3, 2018

User Authentication Protocols Week 7

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Sumy State University Department of Computer Science

1. Out of the 3 types of attacks an adversary can mount on a cryptographic algorithm, which ones does differential cryptanalysis utilize?

Cryptographic Protocols 1

Cryptographic Hash Functions. Secure Software Systems

Cryptography (Overview)

Authentication Handshakes

Transcription:

CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018

Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know Sending the password over a secure channel Challenge-response Hash(c P A ) over an insecure channel Data Integrity Verify whether the data has been tampered with MAC or Digital Signature Confidentiality Diffie-Hellman Key Agreement Forward Secrecy 2

DH Key Agreement 3

Previous class Why is Diffie-Hellman Key Agreement subject to the man-in-themiddle Attack? 4

Outline What is Entity Authentication? The purpose of Entity Authentication? How to perform Entity Authentication? How to store user passwords? 5

What is Entity Authentication? Entity Authentication is the process of verifying credentials that are used to prove the identity of an entity Determining whether someone or something is, in fact, who or what it is declared to be Usually performed at the beginning of a session Different from Message Authentication, which only authenticates the origin of one message 6

Purposes of Entity Authentication Entity Authentication usually precedes Authorization Authentication establishes identity, while Authorization dictates what an identity is allowed to do 7

How to perform Entity Authentication? Credentials are evidence used to prove identities Three categories Something you know Something you have Something you are 8

Something You Know In real-world SSN Credit Card Number Mother s maiden name In cyber-world: Passwords Generally weak One password used in multiple places Subject to password-guessing attack 9

How to store user passwords 1. Bad solution #1: store passwords as plaintext It will be a disaster if you store user passwords as plaintext and the server is compromised 2. Bad solution #2: Store hash values only Store: hash(password1), hash(password2), Drawback: vulnerable to rainbow table attack 10

Rainbow Table Attack A rainbow table is a precomputed table for reversing hash functions ü Suppose we have a hash function Hash and a finite set of passwords P. ü The goal is to precompute a table storing Hash(p) for all p in P. ü Then for any value h can either locate an element p in P or determine that there is no such p in P p h = Hash(p) 123 abecdedeadefgvfef 124 sfrte3234fgrfre34vv 11

Countermeasure to Rainbow Table Attack Adding salts when hashing If hash(password) is simply stored, the attacker who obtains the hash value can simply search in a precomputed rainbow table, which contains the hash values of a large number of passwords Store salt1, hash(salt1, password1); salt2, hash(salt2, password2); Now the attacker has to crack the password one by one; the pre-computed table is useless 12

Brute Force Attack The attacker may try every possibility of a password The number of attempts is limited by the maximum length and the number of characters for per position Example: Given a combination lock which requires three numbers to be taken, you try every possible combination; e.g., First 1-2-3, then 1-2-4. There are 10*10*10 possibilities Pro: a good coverage of all possible passwords Con: time to complete is greater Q: Can the attacker do better? 13

Dictionary Attack In contrast to Brute Force attack, Dictionary Attack tries the collection of passwords that are frequently used, Example: Access to a secret club requires knowing the owner's name, you guess "Rob" or "Jake" rather than "computer Pro: time to complete is less Con: less coverage and good password may not be on the list and will therefore be missed 14

Why does dictionary attack work? Dictionary attacks succeed because people tend to choose passwords that are short and easy to remember For example, if the password is a four-digit PIN code: Ø The brute force attack will try all possible PIN codes Ø It will try 10^4 = 10000 times until it finds the right PIN code Ø Dictionary attack will try a list of common used PIN codes 15

Countermeasure to Dictionary Attack Even passwords are stored with salts, the attacker can apply Dictionary Attack (or even Brute Force attack) If a fast hash algorithm is used, it helps the attacker speed up such attacks Solution: Using a slow hash algorithm 16

Question Should cryptographic hash algorithms, e.g., MD5, SHA-1, SHA-2, be used for storing password hashes? No. These hash algorithms are designed to be quick. Fast hash algorithms favor attackers to crack passwords once the hash values are leaked 17

How to obtain a slow hash algorithm? salt, Hash n (salt, password) E.g., n = 1024; n should increase if faster CPUs are produced Hash can be, e.g., MD5, SHA1, SHA2 It significantly increases the time required to perform Dictionary Attack or Brute Force Attack E.g., you need just 3 days for sha1(salt password). But for1000-iteration hashing, you will need 8 years 18

Password Hashing Algorithm: Bcrypt It takes around 100ms to compute the hash value of a salted password, which is about 10,000x slower than SHA1 100ms is fast enough that the user won't notice when they log in, but slow enough that it becomes less feasible to execute against a long list of likely passwords. For instance, if a hacker wants to compute bcrypt() against a list of one billion likely passwords, it will take about 30,000 cpu-hours (about $1200) --- to crack a single password 19

Bcrypt Bcrypt executes an internal hash function many times in a loop Bcrypt is configurable A log_rounds parameter tells it how many times to execute the internal hash function. Bcrypt is slow; it makes rainbow table attack attractive again a per-user-salt is built into Bcrypt 20

Code Example 1. Install bcrypt: 2. Use bcrypt to store salted hash value of a password: 21

Code Example 1. Install bcrypt: 2. Use bcrypt to store salted hash value of a password: or: 3. Verify password: 22

68 Million Hacked Dropbox Accounts Hacked and on sale now (since Sep, 2016) The stolen passwords were hashed and salted 32 million of the passwords are protected with bcrypt --- they should be fine Others are protected using salted SHA-1 --- need dictionary attack (or brute force attack) No confirmation is reported that any password has been successfully decoded and sold What lessons do you get? Server side: Using a slow hash algorithm & salting Client side: Choosing a good password 23

How to protect a user if his password is stolen? Password: something you know We add something you have into the authentication process 24

Multi-factor Authentication Multi-factor Authentication is an authentication method that requires the user to provide multiple pieces of credentials for authentication, from typically at least two of the three categories: Something you know (knowledge factors) Something you have (possession factors) Something you are (inherence factors) Two-factor Authentication is a type of Multi-factor Authentication 25

Security Tokens Examples One-time-password token, e.g., RSA s SecurID tokens Mobile token app Smartcard, e.g., Credit Card RFID token, e.g., E-Zpass USB, Bluetooth, NFC etc. One type of widely used security tokens generates and displays one-time passwords (OTPs), where the generated password cannot be used twice E.g., RSA s SecurID token Another type relies on an mobile token app to generate and display one-time passwords E.g., Google s two-factor authentication 26

Case Study: RSA s SecurID Tokens OTP = Hash(time, seed) // time-based OTP Seed (or key) is different for each token Generate once per 30 or 60 seconds Seed is a 64-bit/128-bit secret Hash 27

Case Study: RSA s SecureID Tokens 28

Question What if the clock in the token and that in the server get out-of-sync over time? The solution to the clock drift problems is to store a "drift" parameter per token on the server. The parameter can then be adjusted to tackle clock drift 29

Question RSA s SecurID uses a proprietary hash. What other algorithms that we have learned can be used instead? Any keyed hash (e.g., HMAC) or block cipher (e.g., AES) algorithm also works. HMAC(seed, time) Encrypt(seed, time) 30

Case Study: Google s mobile app token Generated once per 30 seconds TC = Floor[ (current_time - epoch) / 30 ] OTP = HMAC(key, TC) 31

Question If there is no Wi-Fi or cellular signal available for my cell phone, can I still use Google s two-step verification to login in at a computer? Yes, Google Authenticator generates passcodes based on time. 32

Question: When you go to an ATM machine to withdraw money, is it two-factor authentication? Yes. Something you know: PIN Something you have: Debit Card 33

Question: If you are the security architect of your company, how would you store user passwords? Why? Using a slow hash algorithm & salting (one unique salt per user) 34

Summary Credentials Something you know (Knowledge factors) Something you have (Possession factors) Something you are (Inherence factors) Next class Multi-factor authentication Time-based One Time Password (OTP) Case studies RSA s SecurID Google Authenticator 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback