1

Chapter 3 User Authentication

2
Contents
1. Means of Authentication
2. Password-Based Authentication
3. Token-Based Authentication
4. Biometric Authentication
5. Remote User Authentication
6. Security Issues for User Authentication
7. Practical Application: An Iris Biometric System
3
User Authentication
fundamental security building block
basis of access control & user accountability
is the process of verifying an identity claimed
by or for a system entity
has two steps:
identification - specify identifier
verification - bind entity (person) and identifier
distinct from message authentication
4
Means of User Authentication
four means of authenticating user's identity
based one something the individual
knows - e.g. password, PIN
possesses - e.g. key, token, smartcard
is (static biometrics) - e.g. fingerprint, retina
does (dynamic biometrics) - e.g. voice, sign
can use alone or combined
all can provide user authentication
all have issues
5
Password Authentication
widely used user authentication method
user provides name/login and password
system compares password with that saved for
specified login
authenticates ID of user logging and
that the user is authorized to access system
determines the users privileges
is used in discretionary access control
6
Password Vulnerabilities
offline dictionary attack
The attacker obtains the system password file
Countermeasure: controls to prevent unauthorized access to
the password file, intrusion detection measures to identify a
compromise

specific account attack
The attacker targets a specific account and submits password
guesses until the correct password is discovered.
Countermeasure: The standard countermeasure is an account
lockout mechanism, which locks out access to the account
after a number of failed login attempts
7
Password Vulnerabilities
popular password attack
A variation of the preceding attack is to use a popular
password and try it against a wide range of user IDs
Countermeasure: policies to inhibit the selection by users of
common passwords
password guessing against single user
The attacker attempts to gain knowledge about the account
holder and system password policies and uses that knowledge
to guess the password
Countermeasure: training in and enforcement of password
policies that make passwords difficult to guess

8
Password Vulnerabilities
workstation hijacking
The attacker waits until a logged-in workstation is
unattended.
Countermeasure: automatically logging out the
workstation out after a period of inactivity
exploiting user mistakes
the user is more likely to write password down
because it is difficult to remember
Countermeasure: User training

9
Password Vulnerabilities
exploiting multiple password use
Users share the same or a similar password for
different systems
Countermeasures: policy, user training
electronic monitoring
If a password is communicated across a network, it
can be eavesdropped.
Countermeasures: encryption
10
Countermeasures
stop unauthorized access to password file
intrusion detection measures
account lockout mechanisms
policies against using common passwords but
rather hard to guess passwords
training & enforcement of policies
automatic workstation logout
encrypted network links
11
Use of Hashed
Passwords
12
Use of Hashed Passwords

13
Use of Hashed Passwords
The salt value is related to the time at which
the password is assigned to the user.
Newer implementations use a pseudorandom or
random number.
The hash algorithm is designed to be slow to
execute to thwart attack
14
Salt Value: three Purposes
Prevents duplicate passwords from being visible
in the password file
It greatly increases the difficulty of offline
dictionary attacks
Nearly impossible to tell if a person with
passwords on multiple systems has used the
same password
16
Improved Unix Implementations
have other, stronger, hash/salt variants
many systems now use MD5
with 48-bit salt
password length is unlimited
is hashed with 1000 times inner loop
produces 128-bit hash
OpenBSD uses Blowfish block cipher based hash
algorithm called Bcrypt
uses 128-bit salt to create 192-bit hash value
17
Password Cracking
dictionary attacks
a large dictionary of possible passwords and all
possible salt values
try each word then obvious variants in large
dictionary against hash in password file
rainbow table attacks (trade off space for time)
precompute tables of hash values for all salts
a mammoth table of hash values
e.g. 1.4GB table cracks 99.9% of alphanumeric
Windows passwords in 13.8 secs
not feasible if larger salt values used
18
Password Choices
users may pick short passwords (page 78)
e.g. 3% were 3 chars or less, easily guessed
system can reject choices that are too short
users may pick guessable passwords
so crackers use lists of likely passwords
e.g. one study of 14000 encrypted passwords
guessed nearly 1/4 of them
would take about 1 hour on fastest systems to
compute all variants, and only need 1 break!
19
Password Choices

20
Password File Access Control
can block offline guessing attacks by denying
access to encrypted passwords
make available only to privileged users
often using a separate shadow password file
still have vulnerabilities
exploit O/S bug
accident with permissions making it readable
users with same password on other systems
access from unprotected backup media
sniff passwords in unprotected network traffic
21
Using Better Passwords
clearly have problems with passwords
goal to eliminate guessable passwords
whilst still easy for user to remember
techniques:
user education
computer-generated passwords
reactive password checking
proactive password checking
22
Proactive Password Checking
rule enforcement plus user advice, e.g.
8+ chars, upper/lower/numeric/punctuation
may not suffice
password cracker
time and space issues
Markov Model
generates guessable passwords
hence reject any password it might generate
Bloom Filter
use to build table based on dictionary using hashes
check desired password against this table

23
Bloom Filter

A Bloom filter of order k consists of a set of k
independent hash functions H
1
(x), H
2
(x), ,
H
k
(x), where each function maps a password
into a hash value inthe range 0 to N 1. That is


where
Xj=jth word in password dictionary
D=number of words in password dictionary
24
Bloom Filter
The following procedure is then applied to the
dictionary:
A hash table of N bits is defined, with all bits
initially set to 0.
For each password, its khash values are calculated,
and the corresponding bits in the hash table are set
to 1.
When a new password is presented to the
checker, its k hash values are calculated.
If all the corresponding bits of the hash table are
equal to 1, then the password is rejected
25
Token Authentication
object user possesses to authenticate, e.g.
embossed card
magnetic stripe card
memory card
smartcard
26
Memory Card (e.g. ATM Cards)
store but do not process data
magnetic stripe card, e.g. bank card
electronic memory card
used alone for physical access
with password/PIN for computer use
drawbacks of memory cards include:
need special reader
loss of token issues
user dissatisfaction (unlike bank ATM cards)
27
Smartcard
credit-card like
has own processor, memory, I/O ports
ROM, EEPROM, RAM memory
executes protocol to authenticate with
reader/computer
static: similar to memory cards
dynamic: passwords created every minute; entered
manually by user or electronically
challenge-response: computer creates a random
number; smart card provides its hash (similar to PK)
also have USB dongles

28
Biometric Authentication
authenticate user based on one of their
physical characteristics
29
Operation of a
Biometric
System
30
Biometric Accuracy
never get identical templates
problems of false match/false non-match
31
Biometric Accuracy
can plot characteristic curve: 2 million cross comparisons
iris: no false match
face biometric: worst performer
pick threshold balancing error rates
32
Remote User Authentication (Google Gmail)
authentication over network more complex
problems of eavesdropping, replay
generally use challenge-response
user sends identity
host responds with random number r
user computes f(r,h(P)) and sends back
host compares value from user with own computed
value, if match user authenticated
protects against a number of attacks
33
Authentication Security Issues
client attacks
host attacks
eavesdropping
replay
trojan horse
denial-of-service
See page 100
34
Practical Application
See page 102
35
Case Study: ATM Security
Dedicated line from the ATM to
the issuer; issuer saves
money, easier management of
ATMs
36
Summary
introduced user authentication
using passwords
using tokens
using biometrics
remote user authentication issues
example application and case study