CS530 Authentication

Similar documents
User Authentication Protocols Week 7

User Authentication. Modified By: Dr. Ramzi Saifan

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

User Authentication Protocols

User Authentication. Modified By: Dr. Ramzi Saifan

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

CSC 474 Network Security. Authentication. Identification

Cryptography and Network Security Chapter 14

CSE 565 Computer Security Fall 2018

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Information Security CS 526

Lecture 3 - Passwords and Authentication

CNT4406/5412 Network Security

Outline Key Management CS 239 Computer Security February 9, 2004

Lecture 3 - Passwords and Authentication

Chapter 9: Key Management

Information Security CS 526

Key Management and Distribution

HY-457 Information Systems Security

HOST Authentication Overview ECE 525

Authentication & Authorization

CT30A8800 Secured communications

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Authentication Objectives People Authentication I

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Security Handshake Pitfalls

UNIT - IV Cryptographic Hash Function 31.1

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

Key Management and Distribution

The Match On Card Technology

Computer Security: Principles and Practice

Authentication. Steven M. Bellovin January 31,

Lecture 9 User Authentication

Authentication. Steven M. Bellovin September 26,

Authentication. Chapter 2

Operating systems and security - Overview

Operating systems and security - Overview

CSE Computer Security

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

T Cryptography and Data Security

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

Authentication CS 136 Computer Security Peter Reiher January 22, 2008

Lecture 9. Authentication & Key Distribution

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Evaluating Alternatives to Passwords

5. Authentication Contents

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

Outline More Security Protocols CS 239 Computer Security February 4, 2004

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

CS System Security Mid-Semester Review

Cryptography and Network Security

CS November 2018

Unit-VI. User Authentication Mechanisms.

Chapter 3: User Authentication

KEY DISTRIBUTION AND USER AUTHENTICATION

What did we talk about last time? Public key cryptography A little number theory

Security Handshake Pitfalls

Information Security & Privacy

Security Handshake Pitfalls

SSH. Partly a tool, partly an application Features:

Passwords. EJ Jung. slide 1

T Cryptography and Data Security

Session objectives. Identification and Authentication. A familiar scenario. Identification and Authentication

Verteilte Systeme (Distributed Systems)

Lord of the Rings J.R.R. TOLKIEN

2 Electronic Passports and Identity Cards

Public-Key Infrastructure NETS E2008

===============================================================================

Cryptographic Protocols 1

MODULE NO.28: Password Cracking

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

Outline More Security Protocols CS 239 Computer Security February 6, 2006

Web Security, Summer Term 2012

Web Security, Summer Term 2012

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Course Administration

Digital Signatures. Secure Digest Functions

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Security: Focus of Control

Authentication. password-based authentication. address-based authentication. cryptographic protocols. passwords as keys.

AIT 682: Network and Systems Security

Cryptography and Network Security

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

CS 161 Computer Security

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Authentication System

Transcription:

CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1

Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request Authentication verifying a claimed identity Ex: user ID is identification, password is authentication 2

Ideally who you are Basis for Authentication Practically something you know e.g., password something you have e.g., smartcard, magnetic stripe card, passport, driver s license something about you e.g., face, hand, voice, fingerprint (i.e., biometrics) sometimes mistakenly called things you are Note: policy determines how and what to do 3

Password Something You Know Algorithm e.g., encryption key derived from password Issues someone else may learn it find it, sniff it, trick you into providing it Ex: e-mail from ebay or Paypal asking you to validate your password other party must know how to check keep in table once this table is obtained, the attacker may use it to login to other systems you must remember it (tend to use same password) how stored and checked by verifier 4

Examples of Password Systems Verifier knows password can one crack password one letter at a time (as often seen in movies)? timing attacks (look at power consumptions, time between successive guesses) Encrypted Password one way encryption Ex: UNIX login namd, UID, GID, encrypted password all stores in /etc/passwd old systems make /etc/passwd globally readable new systems move encrypted passwords to /etc/shadow salt the password (12-bit salt) to protect against pre-computed dictionary attack 5

Examples of Password Systems (Cont...) Ex: hird Party Validation Liberty Alliance Microsoft Passport Kerberos Public key systems with Directory Services 6

Brute force Dictionary Attacks on Password Pre-computed Dictionary Guessing what s your pet s name? (favorite city, birth place,...) Finding elsewhere sitting in Windows Registry sitting on USB harddrive 7

Something You Have Cards mag stripe (= password?) smart card, USB key something your device knows! verifier knows that the device is present! time varying password secure ID card challenge/response card smartcard requires special reader, this does not the user is the device! limited data length to reduce human mistakes Issues how to validate how to read (i.e. infrastructure) 8

Something About You Biometrics measures some physical attribute iris scan (can t really scan the retina) fingerprint picture hand scan (geometry of hand) voice keystroke patterns? Issues how to prevent spoofing suited when biometric device is trusted/secure, not suited otherwise fingerprint reading device at home, is that a good idea? must be connected to a tamper-proof device 9

Other Forms of Authentication IP address, MAC address e.g., NFS, DHCP Caller ID (or call back) also works with e-mail Past transaction information e.g., what s the amount of your last bill? 10

"Enrollment" (for Something You Know) How to initially exchange the secret in-person enrollment information known in advance e.g., what s the amount of your last bill? third party verification e.g., a notary public mail or email verification e.g., activation code in e-mail, click here to activate 11

Multi-factor Authentication Require at least two of the three classes above e.g. Smart card plus PIN e.g. credit card plus zip code of billing address e.g. biometric and password Issues better than one factor be careful about how the second factor is validated E.g., on card, or on remote system PIN goes to remote system (or goes through smartcard and then remote system) 12

General Problems with Password Space from which passwords are chosen oo many passwords and what it leads to solution is "single sign on"? 13

Single Sign On "Users should log in once and have access to everything" Many systems store password lists which are easily stolen Better is encryption based credentials usable with multiple verifiers interoperability is complicating factor Liberty Alliance communicating information about authentication using a markup language (Security Association Markup Language) Microsoft Passport original version based on cookies and hotmail passwords next version based on Kerberos (cross realm authentication) 14

Encryption Based Authentication Proving knowledge of encryption key nonce = non repeating value K cs c {Nonce/timestamp}K cs K cs s 15

Authentication with Conventional Cryptography Kerberos s KDC K c c {K c,s }K c {K c,s }K s {data}k c,s, {t}k c,s, {K c,s }K s K s s 16

Authentication with Conventional Cryptography Kerberos or Needham-Schroeder includes challenge/response optional pre-authenticator in original message KDC K GS s, {t}k c {K c,s }K c {K c,s }K s K c c s K s 17

Kerberos hird-party authentication service distributes session keys for authentication, confidentiality, and integrity KDC & GS is usually combined KDC can generate cross realm G (pre-arranged) KDC {K c,gs }K c {K c,gs }K GS s, {t}k c,gs {K c,gs }K GS GS K GS GS K c c {K c,s }K c,gs {K c,s }K s {data}k c,s, {K c,s }K s K s s 18

Authentication with Public Key Cryptography Based on public key certificates DS = Directory Server client can include public key certificate in the first message contact DS mainly to check to see if the public key certificate has ben revoked and to obtain other certificates DS K priv c c DS[{Nonce/timestamp}K ses,{k ses }K pub s ] K priv s s 19

Public Key Cryptography Summary Key distribution confidentiality not needed for public key solves n 2 problem Performance slower than conventional cryptography implementations use for key distribution, then use conventional crypto for data encryption rusted third party still needed to issue public key certificates to obtain other public key certificates to manage revocation in some cases, third party may be off-line 20

Certificate-Based Authentication Summary Certification authorities issue signed certificates banks, companies, & organizations like Verisign act as CA s certificates bind a public key to the name of a user public key of CA certified by higher-level CA s root CA public keys configured in browsers & other software certificates provide key distribution Authentication steps verifier provides nonce, or a timestamp is used instead principal selects session key and sends it to verifier with nonce, encrypted with principal s private key and verifier s public key, and possibly with principal s certificate verifier checks signature on nonce, and validates certificate 21

Authentication with Hash Chains generate secret s, send h(s) to server Based on the one-wayness of cryptographic hash functions to prove identity, present s to server but now s is exposed 22

Authentication with Hash Chains (Cont...) Use Lamport s hash (or hash chain) h 100 (s) h 99 (s) h 98 (s)... h 2 (s) h(s) s client generate s (seed) and N and compute h N (s) sends N and h N (s) to server seed can be derived from a passphrase server keeps a state, start with [N=100, h N (s)] client sends name to server and server responds with N client computes and sends x = h N-1 (s) server computes h(x) and compare with current state if succeed, new state is [N-1, x] an attacker who has the server s state cannot login this is one of the one-time password schemes 23

Authentication with Hash Chains (Cont...) Man-in-the-middle small N attack man-in-the-middle attack intercepts N from server and forward N-10 to client client sends h N-11 (s) which the attacker will intercept use this to compute h N-1 (s) attacker can login 10 times without knowing s Mitigating the small N attack the client needs to remember the last N received from this server 24

Authentication with Hash Chains (Cont...) Other weakness in Lamport s hash short lifetime of key when N reaches 1, must generate new seed can use a salt so that the seed can stay the same client generate s (seed) and t (salt) and N and compute h N (s+t) sends N and t and h N (s+t) to server client can discard the salt on client login, server responds with N and t problem with multiple servers need different seeds 3rd party authentication may not be desirable salt also helps with loging to multiple servers with the same seed or passphrase use a different salt per server 25

rust Models for Certification X.509 hierarchical OSI model: X.400 - e-mail X.500 - naming (DNS equivalent) X.509 - authentication standard single root (original plan) - UN is the root CA multi-root (better accepted) SE (Secured Electronic ransaction) has banks as CA s and common SE root private key of SE the SE root CA is split and MC AmEx VISA Discover spread among child CA s BankX Bank1 Bank2 26

PGP Model "Friends and Family approach" - S. Kent put more trust on more paranoid people as a result, look like a hierarchy! Other representations for certifications X.509 (popular) No certificates at all out of band key distribution SSH ~/.ssh/authorized_keys rust Models for Certification (Cont...) 27

From DEC Global Authentication Service Root Pair-wise trust in hierarchy name is derived from path followed shortcuts allowed, but changes name exposure of path is important for security USC chengw prove identity ACM x Compared to Kerberos transited field in Kerberos - doesn t change name Compared with X.509 X.509 has single path from root X.509 is for public key systems Compared with PGP PGP evaluates path at end, but may have name conflicts 28

Generic Security Services API (GSS-API) Standard interface for choosing among authentication methods once an application uses GSS-API, it can be changed to use a different authentication method easily difficulty lies in the fact that different methods of authentication use different models of interaction e.g., one way vs. challenge/response (requires, at a minimum, 2 messages), with zero knowledge proof, can have hundreds of messages API calls acquire and release credentials manage security context init, accept (on server side), and process tokens wrap (confidentiality and/or integrity) and unwrap 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback