Authentication

25/11/2018 1
 Outline
1. Means of authentication
2. Password-based authentication
3. Token-based authentication
4. Biometric authentication
5. Remote user authentication
6. Security issues for authentication

25/11/2018 2
 Access control
 Two processes:
1. Confirming identity of entity accessing a logical
or physical area (authentication)
2. Determining which actions that entity can
perform in that physical or logical area
(authorization)
 A successful access control approach—
whether intended to control physical access or
logical access—always consists of both
Authentication and Authorization (A&A)

25/11/2018 3
 Means of Authentication
1. Something you know, 1. Can be used alone or
e.g., password PIN combined
2. All can provide user
2. Something you have, authentication
e.g. key, token,
smartcard 3. All have issues

3. Something you are, e.g. 4. Strong

, static biometrics authentication uses
(fingerprint, iris) at least two different
authentication
4. Something you
produce, e.g. dynamic mechanism types
biometrics (voice,
signature)

25/11/2018 4
 The Strongest Authentication

25/11/2018 5
 Something You Know
Username
Password
PIN
Passphrase
 Password Authentication
1. Widely used user authentication method
 user provides name/login and password
 system compares password with that saved for
specified login
2. Authenticates ID of user logging and
 that the user is authorized to access system
 determines the user’s privileges
 is used in discretionary access control

25/11/2018 7
 Password Vulnerabilities
1. Offline dictionary attack: A determined hacker may bypass
access controls and gain access to the system password file.
The attacker then compares the password hashes against
hashes of commonly used passwords.
2. Specific account attack: The attacker targets a specific
account and submits password guesses until the correct
password is discovered.
3. Popular password attack: The attacker chooses a popular
password and try it against a wide range of user IDs.
4. Password guessing against single user: The attacker
attempts to gain knowledge about the account holder and
system password policies and uses that knowledge to guess
the password. .

25/11/2018 8
 Password Vulnerabilities
5. Workstation hijacking; The attacker waits until
a logged-in workstation is unattended.
6. Exploiting user mistakes: If the system assigns a
password, then the user is more likely to write it
down because it is difficult to remember.
7. Exploiting multiple password use. When
different network devices share the same or a
similar password for a given user.
8. Electronic monitoring: If a password is
communicated across a network to log on to a
remote system, it is vulnerable to eavesdropping.

25/11/2018 9
 Countermeasures
1. Stop unauthorized access to password
file
2. Intrusion detection measures
3. Account lockout mechanisms
4. Policies against using common
passwords but rather hard to guess
passwords
5. Training & enforcement of policies
6. Automatic workstation logout
7. Encrypted network links

25/11/2018 10
Use of Hashed
Passwords

25/11/2018 11
 Some Purposes of Using hashed passwords
1. Prevents duplicate passwords from being visible
in the password file
2. If two users choose the same password, those
password will be assigned different salt values.
3. Greatly increases the difficulty of offline
dictionary attacks.
4. For a salt of b bits, the number of possible
passwords is increased by a factor of 2b .
5. Becomes nearly impossible to find out whether a
person with passwords on two or more systems
has used the same password on all of them.

25/11/2018 12
 Threats to hashed passwords
. First, a user can gain access on a machine using a
guest account or by some other means and then run
a password guessing program, called a password
cracker, on that machine.
 In addition, if an opponent is able to obtain a copy
of the password file, then a cracker program can be
run on another machine at leisure. This enables the
opponent to run through millions of possible
passwords in a reasonable period.

25/11/2018 13
 Using Better Passwords: four techniques
1. User education –
 importance of using hard-to-guess passwords
 guidelines for selecting strong passwords.
 problematic when large user population or a lot of turnover,
 users will simply ignore the guidelines.
2. Computer-generated passwords –
 poor acceptance by users, if random in nature,
 users will not remember them, if pronounceable,
 the user may still be tempted to write it down.
3. Reactive password checking –
 system periodically runs its password cracker to find guessable passwords.
 system cancels passwords that are guessed and notifies users.
 Can be costly in resources to implement.
4. Proactive password checking –
 user selects own password, the system then checks to see if it is allowable
 if it is not, the system rejects it.
 must strike a balance between user acceptability and strength.
 Likely the best solution.
25/11/2018 14
 Proactive Password Checking

Rule enforcement plus user advice, e.g.

 8+ chars, upper/lower/numeric/punctuation
 may not suffice
Password cracker
 time and space issues

25/11/2018 15
Username and Reusable Passwords–Something You Know

Problems
 Password data accessible to system users
 Reusable passwords are easily captured and used by
intruders

25/11/2018 16
 Password Guidelines
Use one-time passwords wherever possible
 If you must use reusable passwords
o Avoid trivial and easily crackable passwords
o Protect password data against unauthorized access
o Educate all users regarding the critical importance of
protecting password confidentiality
Ensure that all accounts have passwords for all
systems and network components
Replace all vendor-supplied passwords for all
systems and network components

25/11/2018 17
 Markov model
 Quadruple [m,A,T,k]
 m number of states in the model
 A the state space
 T the matrix of transition
probabilities
 k the order of the model
 For a k-th order model, the prob
(making a transition to a given
letter) depends on the previous k
letters that have been generated
 First order model in fig3.2

25/11/2018 18
 Second order Markov model
1. Build dictionary of guessable passwords
2. Build the transition matrix T
a. Determine matrix f
 f(i,j,k) is the number of occurrences of the trigram
consisting of the ith, ijth, kth characters. Example, the
password parsnips the trigrams: par, ars, rsn, sni, nip,
ips.
b. For each bigram ij calculate f(i,j,∞) - the total number of
occurrences of the trigrams beginning with ij. Example,
f(i,j,∞) is the total number of trigrams of the form aba, abb,
abc, …
c. Compute the entries of T as follows
f i, j , k 
Ti, j , k  
f i, j ,  
25/11/2018 19
 Markov model
Model reflects word structure in dictionary

Application of the model

1. Given a password, compute the transition probabilities
of all its trigrams

2. Standard statistical test can determine if the password is

likely to be generated or not by the model.

3. Passwords that are likely to be generated by the model

are rejected.

25/11/2018 20
 Bloom Filter
Way of using hash transforms to determine set
membership
Is applied wherever fast set membership tests on
large data sets are required.
Examples: spell checking, differential file updating,
distributed network caches, and textual analysis.
It is a probabilistic method with a set error rate.
Errors can only occur on the side of inclusion :
 a true member will never be reported as not belonging to
a set,
 but some non-members may be reported as members.

25/11/2018 21
Bloom fillters use hash transforms to compute a
vector (the filter) that is representative of the data
set.
Membership is tested by comparing the results of
hashing on the potential members to the vector.
In its simplest form the vector is composed of N
elements, each a bit.
An element is set if and only if some hash
transform hashes to that location for some key.

25/11/2018 22
 BLOOM FILTER
Filter with m = 4 hash
transforms and N = 8
bits.

25/11/2018 23
A bloom filter is based on an array of mbits (b1, b2, …,
bm) that are initially set to 0.
To set the bits to 1, k independent hash functions (h1,
h2, …, hk), each returning a value between 1 and m, are
used.
In order to “store” a given element into the bit array,
each hash function must be applied to it and, based on
the return value r of each function (r1, r2, …, rk), the bit
with the offset r is set to 1.
Since there are k hash functions, up to k bits in the bit
array are set to 1 (it might be less because several hash
functions might return the same value).
25/11/2018 24
 How it works

25/11/2018 25
 Bloom filter
Consider a set of n elements, A=(a1, a2,.., an)
Bloom filters describe membership information of A
using a bit vector V of length m.
For this, k hash functions, h1, h2,.., hk
with hi : X → {1,2,3,…m}
The k hash functions , are used as described below:
 Bloom Filter

Therefore, if ai is member of a set A, in the resulting Bloom

filter V all bits obtained corresponding to the hashed values of
ai are set to 1.

25/11/2018 27
 Bloom filter: checking for membership
Testing for membership of an element elm is
equivalent to testing that all corresponding bits of V
are set:
 Procedure MembershipTest (elm, filter, hash_functions)
returns yes/no
foreach hash function hj:
if filter[hj(elm)] != 1 return No
end foreach
return Yes

25/11/2018 28
 Bloom filter applied to password checking
Password is presented to the checker
Its k hash values are calculated
If all the corresponding bits in the hash table are
equal to 1, then the password is rejected
All the password in the dictionary will be
rejected
Possibility of false positives

25/11/2018 29
 Probability of false positive
 assume the two passwords hulkhogan , and
undertaker are in the dictionary, but xG%#jj98 is
not.
Assume also that:

X H1(X) H2(X)
undertaker 25 998
hulkhogan 83 665
xG%#jj98 665 998

 xG%#jj98 WILL BE REJECTED, though it is not

in the dictionary

25/11/2018 30
 Bloom Filter: Probability of false positive
k = number of hash functions
N= number of bits in hash table.
D= number of words in dictionary
R=N/D ratio of hash table size (bits) to dictionary
size(words)
 P probability of false positive


P  1 e   1  e 
kDN k k
R
k

k
or R 
 1

ln1  p 
k

 

25/11/2018 31
 Something You Have
 This authentication
mechanism makes use of
something that user or
system possesses
1. Dumb card
2. Smart Card
3. Dongles

25/11/2018 32
 Memory Card
Store but do not process data
Magnetic stripe card, e.g. bank card
Electronic memory card
Used alone for physical access
With password/PIN for computer use
Drawbacks of memory cards include:
 need special reader
 loss of token issues
 user dissatisfaction

25/11/2018 33
 Smartcard

 credit-card like
 Has own processor, memory, I/O ports
 wired or wireless access by reader
 may have crypto co-processor
 ROM, EEPROM, RAM memory
 Executes protocol to authenticate with reader/computer
 Static protocol: user to token authentication, then token to computer
authentication
 Dynamic password generator: passwords are generated periodically
(every minutes) requires synchronization of the token and the comupter
 Challenge response: challenge can be encrypted with token public key.

25/11/2018 34
 Access Control Tokens

25/11/2018 35
 Something You Are
Face
Signature
Fingerprint
Retina
Iris
Palm geometry
 Biometric Methods–
Something You Are
Physical Behavioral
 Fingerprints  Voice
 Thumbprint  The signature
 Eye retina patterns  Keyboard typing skills
 Facial recognition
 Iris
 Hand geometry
 Vein patterns
 Downside of Biometrics
Inaccuracies in the verification process
Requires more powerful hardware
Possibly threatens user privacy
 Something You Are
 Only three human characteristics are usually
considered truly unique :
1. Fingerprints
2. Retina of the eye (blood vessel pattern)
3. Iris scan (random pattern of features found
in the eye including freckles, pits, coronas,
etc)

25/11/2018 39
 Something You Do
 This type of authentication makes use of
something the user performs or produces
 Examples: technology related to:
1. signature recognition
2. and voice recognition

25/11/2018 40
 Biometric Accuracy
never get identical templates
problems of false match / false non-match

25/11/2018 41
 Biometrics effectiveness

Crossover rate:
1. Adjusting the device to one extreme creates a system
requires perfect matches- almost no false accept but
high rate of false reject
2. Adjusting the device to other extreme creates a
system with- almost no false reject but with high
false accept
3. The crossover error rate (CER), also called the
equal error rate is the point at which the rate of false
rejections equals the rate of false acceptances.

25/11/2018 42
 Biometrics Accuracy
 False reject rate: False accept rate:
 the rate at which authentic  the rate at which
users are denied or prevented fraudulent users or non-
access to authorized areas, as users are allowed access to
a result of a failure in the systems or areas, as a result
biometric device. of a failure in the biometric
device.

Which rate is more important?

25/11/2018 43
 Biometrics effectiveness

Crossover rate:
It is the optimal outcome for biometrics-based
systems.
CERs are used to compare various biometrics
and may vary by manufacturer.
A biometric device that provides a CER of 1%
is considered to be superior to one with a CER
of 5%, for example.

25/11/2018 44
 Biometrics acceptabiliyty

A balance must be struck between:

 the acceptability of a system to its users
 and the effectiveness of the same system.
Many of the reliable, effective biometric
systems are perceived as being somewhat
intrusive by users.
The order of acceptance is nearly exactly
opposite to the order of effectiveness

25/11/2018 45
 Biometrics Acceptability vs. Effectiveness

25/11/2018 46
 Biometric Authentication
authenticate user based on one of their physical
characteristics

25/11/2018 47
Idealized biometric measurement operating characteristic curves

Which system is more accurate?

A is consistently less accurate than B

25/11/2018 48
 Biometric Accuracy
Can plot the operating characteristic curve
pick threshold balancing error rates

25/11/2018 49
Remote user authentication: threats and solutions
Challenge-response protocols

User
authentication

Remote authentication
Local authentication (more complex)
(simple)
(security threats)

25/11/2018 50
Password protocol and
Token protocol
a. Password protocol
 r random number
(nonce)
 h, f specified by host

b. Token protocol
 Either token stores a
static password or
generates a dynamic
one.

25/11/2018 51
 Static and dynamic biometric
protocols
c. Static biometric
 r random number
 E encryption identifier
 B’ user’s biometric
 BT biometric template
 D’ biometric device identifier
d. Dynamic biometric
 Host provides random sequence x
and a random number
 Random sequence x is vocalized,
typed or handwritten by client,
generates a biometric signal
BS’(x’)
 BS’(x’) and r are encrypted and
sent to host

25/11/2018 52
 Operation of a
Biometric System

25/11/2018 53
 User Authentication Methods
Questions to ask
 Quality of reliable identification?
 Needs client-side hardware?
 Needs client-side software?
 Deployment costs?
 Work with legacy systems?
Secret password is still most popular form
 Why?

25/11/2018 54
 Using Password Auditing Tools
Intruders acquire and use tools that enable them to
compromise systems
 sophisticated tools make password auditing easy
 if the prize is big enough, intruders are patient

Know what the intruders know about you

Again, make certain that you have the authority in writing
to perform password “strength testing” (cracking) before
you engage in it.

25/11/2018 55
 Summary: User Authentication
Access control devices based upon user identity
Relies upon unimpeachable identification
But it’s not unimpeachable, so improve it
 Login and reusable passwords
 Login and one-time passwords
 Biometrics

25/11/2018 56
 Remote User Authentication
1. authentication over network more complex
 problems of eavesdropping, replay
2. generally use challenge-response
 user sends identity
 host responds with random number
 user computes f(r,h(P)) and sends back
 host compares value from user with own computed
value, if match user authenticated
3. protects against a number of attacks

25/11/2018 57
 Iris biometric system

25/11/2018 58
 Iris biometric system

25/11/2018 59
 Iris biometric system

25/11/2018 60
 Iris biometric system

25/11/2018 61
Practical Application:
Iris Biometric System
 eavesdropping
adversary attempts to
learn the password by
some sort of attack that
involves the physical host attacks
denial-of-service proximity of user and
adversary directed at the user file
attempts to disable a at the host where
user authentication passwords, token
service by flooding the passcodes, or biometric
service with numerous templates are stored
authentication attempts

Trojan horse replay

an application or
physical device adversary repeats a
masquerades as an previously captured
authentic application or
client attacks user response
device for the purpose of adversary attempts to
capturing a user achieve user
password, passcode, or authentication without
biometric access to the remote
host or the intervening
communications path
 Authentication Security Issues
1. Client attacks
 an adversary attempts to achieve user authentication
without access to the remote host or to the intervening
communications path.
 attempts to masquerade as a legitimate user. e.g. in a
password-based system,
 may attempt to guess the likely user password.
2. Host attacks
 directed at the user file at the host where passwords,token
passcodes, or biometric templates are stored.
3. Eavesdropping
 adversary’s attempt to learn the password by observing
the user, finding a written copy of the password,
keystroke logging, etc.

25/11/2018 64
 Authentication Security Issues
4. Replay attacks
 adversary repeating a previously captured user response.
 The most common countermeasure to such attacks is the
challenge- response protocol.
5. In a Trojan horse attack,
 an application or physical device masquerades as an
authentic application or device for the purpose of
capturing a user password, passcode, or biometric.
 The adversary can then use the captured information to
masquerade as a legitimate user.
6. A denial-of-service attack
 attempts to disable a user authentication service by
flooding the service with numerous authentication
attempts.

25/11/2018 65
 Security problems with ATM systems
Vulnerability affects small to mid-size card issuers.
 Cardholder:
 An individual to whom a debit card is issued. Typically, this
individual is also responsible for payment of all charges made to that
card.
 Issuer:
 An institution that issues debit cards to cardholders. This institution
is responsible for the cardholder’s account and authorizes all
transactions. Banks and credit unions are typical issuers.
 Processor:
 An organization that provides services such as core data processing
(PIN recognition and account updating), electronic funds transfer
(EFT), and so on to issuers. EFT allows an issuer to access regional
and national networks that connect point of sale (POS) devices and
ATMs worldwide

25/11/2018 66
 Security problems with ATM systems
Vulnerability affects small to mid-size card issuers.
Customers expect 24/7 service at ATM
stations.
For many small to mid-sized issuers, it is
more cost-effective for contract processors to
provide the required data processing and
EFT/ATM services.
Each service typically requires a dedicated
data connection between the issuer and the
processor, using a leased line or a virtual
leased line.

25/11/2018 67
 Prior to about 2003, the typical configuration involving
issuer, processor, and ATM machines could be
characterized by Figure 3.12a.
 The ATM units linked directly to the processor rather
than to the issuer that owned the ATM, via leased or
virtual leased line.
 The use of a dedicated link made it difficult to
maliciously intercept transferred data.
 To add to the security, the PIN portion of messages
transmitted from ATM to processor was encrypted
using DES (Data Encryption Standard).
 Processors have connections to EFT (electronic funds
transfer) exchange networks to allow cardholders
access to accounts from any ATM.
25/11/2018 68
 With the configuration of Figure 3.12a, a transaction
proceeds as follows.
 A user swipes her card and enters her PIN.
 The ATM encrypts the PIN and transmits it to the
processor as part of an authorization request.
 The processor updates the customer’s information
and sends a reply.

25/11/2018 69
 In the early 2000s, banks worldwide began the
process of migrating from an older generation of
ATMs using IBM’s OS/2 operating system to new
systems running Windows.
 The mass migration to Windows has been spurred by
a number of factors,
 including IBM’s decision to stop supporting OS/2 by
2006,
 market pressure from creditors such as MasterCard
International and Visa International to introduce
stronger Triple DES,
 and pressure from U.S. regulators to introduce new
features for disabled users.

25/11/2018 70
 Many banks, included
 a number of other enhancements at the same time as
the introduction of Windows
 and triple DES, especially the use of TCP/IP as a
network transport.
 Because issuers typically run their own Internet-
connected local area networks (LANs) and intranets
using TCP/IP, it was attractive to connect ATMs to
these issuer networks and maintain only a single
dedicated line to the processor, leading to the
configuration illustrated in Figure 3.12b.

25/11/2018 71
 This configuration saves the issuer expensive monthly
circuit fees
 and enables easier management of ATMs by the
issuer.
 In this configuration, the information sent from the
ATM to the processor traverses the issuer’s network
before being sent to the processor.
 It is during this time on the issuer’s network that the
customer information is vulnerable.

25/11/2018 72
 The security problem was that with the upgrade to a
new ATM OS and a new communications
configuration, the only security enhancement was
the use of triple DES rather than DES to encrypt
the PIN.
 The rest of the information in the ATM request
message is sent in the clear.
 This includes the card number, expiration date,
account balances, and withdrawal amounts.

25/11/2018 73
 A hacker tapping into the bank’s network, either from an internal
location or from across the Internet potentially would have
complete access to every single ATM transaction.
 The situation just described leads to two principal vulnerabilities:
 Confidentiality:
 The card number, expiration date, and account balance can
be used for online purchases or to create a duplicate card for
signature-based transactions.


25/11/2018 74
 Integrity:
 There is no protection to prevent an attacker from injecting
or altering data in transit.
 If an adversary is able to capture messages en route, the
adversary can masquerade as either the processor or the ATM.
 Acting as the processor, the adversary may be able to direct the
ATM to dispense money without the processor ever knowing
that a transaction has occurred.
 If an adversary captures a user’s account information and
encrypted PIN, the account is compromised until the ATM
encryption key is changed,
 enabling the adversary to modify account balances or effect
transfers.

25/11/2018 75
 Case Study:
ATM Security Problems
 Summary
introduced user authentication
 using passwords
 using tokens
 using biometrics
remote user authentication issues

25/11/2018 77