2 Contents 1. Means of Authentication 2. Password-Based Authentication 3. Token-Based Authentication 4. Biometric Authentication 5. Remote User Authentication 6. Security Issues for User Authentication 7. Practical Application: An Iris Biometric System 3 User Authentication fundamental security building block basis of access control & user accountability is the process of verifying an identity claimed by or for a system entity has two steps: identification - specify identifier verification - bind entity (person) and identifier distinct from message authentication 4 Means of User Authentication four means of authenticating user's identity based one something the individual knows - e.g. password, PIN possesses - e.g. key, token, smartcard is (static biometrics) - e.g. fingerprint, retina does (dynamic biometrics) - e.g. voice, sign can use alone or combined all can provide user authentication all have issues 5 Password Authentication widely used user authentication method user provides name/login and password system compares password with that saved for specified login authenticates ID of user logging and that the user is authorized to access system determines the users privileges is used in discretionary access control 6 Password Vulnerabilities offline dictionary attack The attacker obtains the system password file Countermeasure: controls to prevent unauthorized access to the password file, intrusion detection measures to identify a compromise
specific account attack The attacker targets a specific account and submits password guesses until the correct password is discovered. Countermeasure: The standard countermeasure is an account lockout mechanism, which locks out access to the account after a number of failed login attempts 7 Password Vulnerabilities popular password attack A variation of the preceding attack is to use a popular password and try it against a wide range of user IDs Countermeasure: policies to inhibit the selection by users of common passwords password guessing against single user The attacker attempts to gain knowledge about the account holder and system password policies and uses that knowledge to guess the password Countermeasure: training in and enforcement of password policies that make passwords difficult to guess
8 Password Vulnerabilities workstation hijacking The attacker waits until a logged-in workstation is unattended. Countermeasure: automatically logging out the workstation out after a period of inactivity exploiting user mistakes the user is more likely to write password down because it is difficult to remember Countermeasure: User training
9 Password Vulnerabilities exploiting multiple password use Users share the same or a similar password for different systems Countermeasures: policy, user training electronic monitoring If a password is communicated across a network, it can be eavesdropped. Countermeasures: encryption 10 Countermeasures stop unauthorized access to password file intrusion detection measures account lockout mechanisms policies against using common passwords but rather hard to guess passwords training & enforcement of policies automatic workstation logout encrypted network links 11 Use of Hashed Passwords 12 Use of Hashed Passwords
13 Use of Hashed Passwords The salt value is related to the time at which the password is assigned to the user. Newer implementations use a pseudorandom or random number. The hash algorithm is designed to be slow to execute to thwart attack 14 Salt Value: three Purposes Prevents duplicate passwords from being visible in the password file It greatly increases the difficulty of offline dictionary attacks Nearly impossible to tell if a person with passwords on multiple systems has used the same password 16 Improved Unix Implementations have other, stronger, hash/salt variants many systems now use MD5 with 48-bit salt password length is unlimited is hashed with 1000 times inner loop produces 128-bit hash OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt uses 128-bit salt to create 192-bit hash value 17 Password Cracking dictionary attacks a large dictionary of possible passwords and all possible salt values try each word then obvious variants in large dictionary against hash in password file rainbow table attacks (trade off space for time) precompute tables of hash values for all salts a mammoth table of hash values e.g. 1.4GB table cracks 99.9% of alphanumeric Windows passwords in 13.8 secs not feasible if larger salt values used 18 Password Choices users may pick short passwords (page 78) e.g. 3% were 3 chars or less, easily guessed system can reject choices that are too short users may pick guessable passwords so crackers use lists of likely passwords e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them would take about 1 hour on fastest systems to compute all variants, and only need 1 break! 19 Password Choices
20 Password File Access Control can block offline guessing attacks by denying access to encrypted passwords make available only to privileged users often using a separate shadow password file still have vulnerabilities exploit O/S bug accident with permissions making it readable users with same password on other systems access from unprotected backup media sniff passwords in unprotected network traffic 21 Using Better Passwords clearly have problems with passwords goal to eliminate guessable passwords whilst still easy for user to remember techniques: user education computer-generated passwords reactive password checking proactive password checking 22 Proactive Password Checking rule enforcement plus user advice, e.g. 8+ chars, upper/lower/numeric/punctuation may not suffice password cracker time and space issues Markov Model generates guessable passwords hence reject any password it might generate Bloom Filter use to build table based on dictionary using hashes check desired password against this table
23 Bloom Filter
A Bloom filter of order k consists of a set of k independent hash functions H 1 (x), H 2 (x), , H k (x), where each function maps a password into a hash value inthe range 0 to N 1. That is
where Xj=jth word in password dictionary D=number of words in password dictionary 24 Bloom Filter The following procedure is then applied to the dictionary: A hash table of N bits is defined, with all bits initially set to 0. For each password, its khash values are calculated, and the corresponding bits in the hash table are set to 1. When a new password is presented to the checker, its k hash values are calculated. If all the corresponding bits of the hash table are equal to 1, then the password is rejected 25 Token Authentication object user possesses to authenticate, e.g. embossed card magnetic stripe card memory card smartcard 26 Memory Card (e.g. ATM Cards) store but do not process data magnetic stripe card, e.g. bank card electronic memory card used alone for physical access with password/PIN for computer use drawbacks of memory cards include: need special reader loss of token issues user dissatisfaction (unlike bank ATM cards) 27 Smartcard credit-card like has own processor, memory, I/O ports ROM, EEPROM, RAM memory executes protocol to authenticate with reader/computer static: similar to memory cards dynamic: passwords created every minute; entered manually by user or electronically challenge-response: computer creates a random number; smart card provides its hash (similar to PK) also have USB dongles
28 Biometric Authentication authenticate user based on one of their physical characteristics 29 Operation of a Biometric System 30 Biometric Accuracy never get identical templates problems of false match/false non-match 31 Biometric Accuracy can plot characteristic curve: 2 million cross comparisons iris: no false match face biometric: worst performer pick threshold balancing error rates 32 Remote User Authentication (Google Gmail) authentication over network more complex problems of eavesdropping, replay generally use challenge-response user sends identity host responds with random number r user computes f(r,h(P)) and sends back host compares value from user with own computed value, if match user authenticated protects against a number of attacks 33 Authentication Security Issues client attacks host attacks eavesdropping replay trojan horse denial-of-service See page 100 34 Practical Application See page 102 35 Case Study: ATM Security Dedicated line from the ATM to the issuer; issuer saves money, easier management of ATMs 36 Summary introduced user authentication using passwords using tokens using biometrics remote user authentication issues example application and case study