Keys and Passwords. Steven M. Bellovin October 17,

Similar documents
The Internet of Things. Steven M. Bellovin November 24,

Case Study: Access Control. Steven M. Bellovin October 4,

Architecture. Steven M. Bellovin October 31,

Architecture. Steven M. Bellovin October 27,

Web Servers and Security

Case Studies in Access Control

Web Servers and Security

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

Program Structure. Steven M. Bellovin April 3,

Program Structure I. Steven M. Bellovin November 14,

Authentication. Steven M. Bellovin January 31,

Authentication. Steven M. Bellovin September 26,

Program Structure I. Steven M. Bellovin November 8,

Designing a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,

I m paranoid, but am I paranoid enough? Steven M. Bellovin February 20,

I m paranoid, but am I paranoid enough? Steven M. Bellovin October 2,

Secure Programming II. Steven M. Bellovin September 29,

COS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy

Storage and File System

Authentication. Steven M. Bellovin October 1,

Computer Security 3/20/18

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Access Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.

Instructions 1 Elevation of Privilege Instructions

Protection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger

Access Control. Steven M. Bellovin September 13,

Security Architecture

CSE 565 Computer Security Fall 2018

System Structure. Steven M. Bellovin December 14,

Policy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems

User Authentication. Modified By: Dr. Ramzi Saifan

CS530 Authentication

Storage and File Hierarchy

COS 318: Operating Systems

CSE 380 Computer Operating Systems

Instructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.

Authentication. Steven M. Bellovin September 16,

Protection and Security

Goals. Understand UNIX pw system. Understand Lamport s hash and its vulnerabilities. How it works How to attack

User Authentication. Modified By: Dr. Ramzi Saifan

Secure Programming I. Steven M. Bellovin September 28,

Introduction to Security and User Authentication

22-Sep CSCI 2132 Software Development Lecture 8: Shells, Processes, and Job Control. Faculty of Computer Science, Dalhousie University

Proving who you are. Passwords and TLS

CSC 474 Network Security. Authentication. Identification

Race Condition Vulnerability Lab

User Authentication and Passwords

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

Nigori: Storing Secrets in the Cloud. Ben Laurie

Introduction to Computer Security

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018

===============================================================================

Passwords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014

HikCentral V1.3 for Windows Hardening Guide

Outline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components

O/S & Access Control. Aggelos Kiayias - Justin Neumann

Chapter 8: Security under Linux

Processes and authentication

Data Security and Privacy. Unix Discretionary Access Control

CS 161 Computer Security

Chapter 5: User Management. Chapter 5 User Management

Overview. Terminology. Password Storage

Unix, History

Rethinking Authentication. Steven M. Bellovin

Processes are subjects.

Operating systems and security - Overview

Operating systems and security - Overview

OS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015

Access Control. Steven M. Bellovin September 2,

Programming Project # 2. cs155 Due 5/5/05, 11:59 pm Elizabeth Stinson (Some material from Priyank Patel)

Operating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07

File Encryption. Steven M. Bellovin

ECS 153 Discussion Section. April 6, 2015

Protection and Security. Sarah Diesburg Operating Systems CS 3430

User Accounts. The Passwd, Group, and Shadow Files

Endpoint Security - what-if analysis 1

Authentication Objectives People Authentication I

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

SE420 Software Quality Assurance

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Remote Administration

Security Philosophy. Humans have difficulty understanding risk

10 userdel: deleting a user account 9. 1 Context Tune the user environment and system environment variables [3]

Operating Systems Security Access Control

CSE484 Final Study Guide

Authenticating People and Machines over Insecure Networks

Introduction. Read on and learn some facts about backup and recovery that could protect your small business.

6. Security Handshake Pitfalls Contents

Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

Network Working Group. Category: Standards Track September The SRP Authentication and Key Exchange System

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 13

TPM Entities. Permanent Entities. Chapter 8. Persistent Hierarchies

Advanced Systems Security: Multics

The kernel is the low-level software that manages hardware, multitasks programs, etc.

CS/CIS 249 SP18 - Intro to Information Security

Passwords. CS 166: Introduction to Computer Systems Security. 3/1/18 Passwords J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.

Transcription:

Keys and Passwords Steven M. Bellovin October 17, 2010 1

Handling Long-Term Keys Where do cryptographic keys come from? How should they be handled? What are the risks? As always, there are tradeoffs Steven M. Bellovin October 17, 2010 2

Public/Private Keys Who generates the private key for a certificate? The server may have better random number generators Only the client needs the key (Does the corporation need a copy of the key?) If the server generates the key, how does it get to the client securely? (How does the public key get to the CA securely?) Steven M. Bellovin October 17, 2010 3

Secret Keys Who generates secret keys? The problem is harder both parties need to know them Again, how are they communicated securely? Steven M. Bellovin October 17, 2010 4

Communication Options Channel authenticated by other means Public-key protected channel Hard-wired contact Out-of-band communications Note: process matters! Steven M. Bellovin October 17, 2010 5

Out-of-Band Communications Telephone SMS text message Postal mail Steven M. Bellovin October 17, 2010 6

What are the Enemy s Powers? Steal letters from a mailbox? Fake CallerID with an Asterisk PBX? Planting malware on the phone? Burglary, bribery, blackmail? Steven M. Bellovin October 17, 2010 7

Tamper Resistance Keys are safer in tamper-resistant containers they can t be stolen See the three Bs above Note well: tamper-resistant, not tamper-proof The availability of tamper-resistant hardware changes the tradeoffs Steven M. Bellovin October 17, 2010 8

Online vs. Offline Does the key generator need to be online? A CA can be offline, and accept public keys via, say, CD That may be riskier than having it generate the private key what if there s a buffer overflow in the read routine? (But the CA has to read other things, like username) For secret keys, the server can t be offline; rather, some copy of the key has to be online, to use it Steven M. Bellovin October 17, 2010 9

No Perfect Answers! There are always tradeoffs The right answer in one situation may be the wrong answer in another Must evaluate the risks and the benefits of each alternative Caution: assume that the enemy s powers will grow Steven M. Bellovin October 17, 2010 10

Putting it All Together Let s look at some relatively simple privileged programs How do they combine the different mechanisms we ve seen? What are the threats? The defenses? Steven M. Bellovin October 17, 2010 11

The Passwd Command Permits users to change their own passwords In other words, controls system access Very security-sensitive! How does it work? Steven M. Bellovin October 17, 2010 12

Necessary Files /etc/passwd must be world-readable, for historical reasons Maps numeric UID to/from username Historical format: root:8.kxuj8mghcwq:0:0:root:/root:/bin/sh Fields: username, hashed password, numeric uid, numeric gid, name, home directory, shell Numeric uid/gid is what is stored for files Password is two bytes of salt, 11 bytes of encryption output Encoded in base 64 format: A-Za-z0-9./ Steven M. Bellovin October 17, 2010 13

Password Refresher Stored in irreversibly hashed form Classic scheme used encryption algorithm in odd way Use salt to prevent the same password from hashing to the same value on different machines, or for different users Salt makes dictionary of precomputed hashed passwords much more expensive Steven M. Bellovin October 17, 2010 14

Storing the Hashed Password Better not make it world-readable Store in a shadow password file That file can be read-protected Steven M. Bellovin October 17, 2010 15

File Permissions $ ls -l /etc/passwd /etc/shadow -rw-r--r-- 1 root root 671 Oct 3 10:42 /etc/passwd -r-------- 1 root root 312 Oct 3 10:42 /etc/shadow Steven M. Bellovin October 17, 2010 16

Must Be Owned by Root! Ownership of that file is equivalent to root permissions Anyone who can rewrite it can give themselves root permissions Cannot use lesser permissions Note: adding a line to that file (often with a text editor) is the first step in adding a user login to the system Steven M. Bellovin October 17, 2010 17

Implications of the Numeric UID/GUID Assigning a UID to a username grants access to that UID s files In other words, anyone with write permission on /etc/passwd has access to all files on the systm Consequence: even if we changed the kernel so that root didn t have direct access to all files, this mechanism provides indirect access to all files Conclusion: Cannot give root control over UID assignment on secure systems Steven M. Bellovin October 17, 2010 18

What Else Shouldn t Root Be Able to Change? The user s password! Attack: change the user s password to something you know Windows XP does not give Administrator either of these powers Steven M. Bellovin October 17, 2010 19

The Passwd Command Clearly, must be setuid to root Must be carefully written... Steven M. Bellovin October 17, 2010 20

Authenticating the User Passwd program has real UID Demand old password why? Guard against someone doing permanent damage with minimal access Root can change other user s passwords Steven M. Bellovin October 17, 2010 21

Where Does the Salt Come From? Passwd command generates random number Need this be true-random? No probably different will suffice. Seed ordinary pseudo-random number generator with time and PID Steven M. Bellovin October 17, 2010 22

Restricting Access Suppose only a few people were allowed to change their own passwords Take away other-execute permission; put those people in the same group as passwd Steven M. Bellovin October 17, 2010 23

Front Ends What about the help desk, for forgotten passwords? Have a setuid root front end that invokes passwd Validate: make sure they can only change certain users passwords Log it! (Much more later in the semester on logging) Steven M. Bellovin October 17, 2010 24

Making a Temporary Copy Must copy password file to temporary location and back to change a password Watch out for race condition attacks! Actual solution: put temporary file in /etc instead of /tmp; avoid whole problem Secondary benefit: use temporary file as lock file, and as recovery location in case of crash Steven M. Bellovin October 17, 2010 25

Update in Place Password changes could overwrite the file in place Doesn t work for use add/delete or name change Still need locking Steven M. Bellovin October 17, 2010 26

Passwords on the Command Line? Bad idea ps shows it Bad idea may be in shell history file $ history 12 12 date 13 man setuid 14 ls -l tty Your terminal isn t readable by others: $ ls -l tty crw--w---- 1 smb tty 136, 5 Oct 26 14:24 /dev/pts/5 Steven M. Bellovin October 17, 2010 27

Changing Your Name Chsh is like passwd, but it lets you change other fields Ordinary users can change shell and human-readable name; root can change other fields Much more dangerous than passwd Steven M. Bellovin October 17, 2010 28

Input Filtering What if user supplies new shell or name with embedded colons? Embedded newlines? Both? Could create fake entries! Must filter for such things Steven M. Bellovin October 17, 2010 29

Features Used Access control Locking/race prevention Authentication Privilege (setuid) Filtering Steven M. Bellovin October 17, 2010 30

Security Analysis: Internet Thermostats I recently decided to investigate Internet thermostats Control and monitor my house temperature remotely Are there security risks? Steven M. Bellovin October 17, 2010 31

One Popular Brand Thermostats have built-in web servers Simplest mode: direct connection to thermostat Alternate mode: thermostat and user connect to company s web site; company can generate alert emails Steven M. Bellovin October 17, 2010 32

What s at Risk? Turning off someone s heat in the middle of winter? Turning on the heat in the summer? Run heat and air conditioning simultaneously? Steven M. Bellovin October 17, 2010 33

Local Management Steven M. Bellovin October 17, 2010 34

Local Problems No https people can eavesdrop Uses Basic Authentication : The most serious flaw in Basic authentication is that it results in the essentially cleartext transmission of the user s password over the physical network.... Because Basic authentication involves the cleartext transmission of passwords it SHOULD NOT be used (without enhancements) to protect sensitive or valuable information. No read-only mode Steven M. Bellovin October 17, 2010 35

Remote Management Steven M. Bellovin October 17, 2010 36

Remote Problems Https but only to the server Unencrytped traffic from the server to the thermostats (The words security and encyption are not mentioned in the API manual... ) Passwords are sent in the clear across the Internet Passwords are stored in bulk on the server Steven M. Bellovin October 17, 2010 37

Privacy Issues Energy consumption patterns Al Gore s thermostat setting? Japanese office thermostat settings? Vacation schedules (burglary risk?) Steven M. Bellovin October 17, 2010 38

Defenses Can t touch thermostat software Add layering access controls on top of built-in controls Use crypto tunnels Filter setting change requests Steven M. Bellovin October 17, 2010 39

Last-Ditch Defenses Add a low-limit heat switch in parallel Add a high-limit heat switch in series These are hardware devices, not software Protect against bugs What if they fail? Independent failure modes; protect against each other Steven M. Bellovin October 17, 2010 40

How to Analyze This? Hard to know all the threats Approach: see what is made available, and ask who might want it Reason by analogy and effect Check the gold standard (Au): Authentication, Authorization, Audit Steven M. Bellovin October 17, 2010 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback