authentication protocols
play

Authentication Protocols Guevara Noubir College of Computer and - PowerPoint PPT Presentation

Feb 23, 2023 •316 likes •809 views

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

  1. Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu

  2. Outline  Overview of Authentication Systems  [Chapter 9]  Authentication of People  [Chapter 10]  Security Handshake Pitfalls  [Chapter 11]  Strong Password Protocols  [Chapter 12] Network Security Authentication Protocols 2

  3. Who Is Authenticated?  Human:  Limited in terms of computation power and memory  Machine:  More powerful: long secrets, complex computation  Hybrid:  User is only authorized to execute some actions from a restricted set of machines  Users equipped with computation devices Network Security Authentication Protocols 3

  4. Password-Based Authentication  Node A has a secret ( password ): e.g., “lisa”  To authenticate itself A states the password  No cryptographic operation because:  Difficult to achieve by humans when connecting from dumb terminals (less true today with authentication tokens)  Crypto could be overly expensive in implementation time or processing resources  Export or legal issues  Problems:  Eavesdropping, cloning, etc.  Should not be used in networked applications Network Security Authentication Protocols 4

  5. Offline vs. Online Password Guessing Online attack:  How? try passwords until accepted  Protection:  Limit number of trials and lock account: e.g., ATM machine  DoS problem: lock all accounts  Increase minimum time between trials  Prevent automated trials: from a keyboard, Turing tests  Long passwords: pass phrases, initials of sentences, reject easy passwords  What is the protection used by Yahoo? Hotmail? Gmail?  Offline attack:  How?  Attacker captures X = f ( password )  Dictionary attack: try to guess the password value offline  Obtaining X in a unix system: “ypcat passwd”  Unix system: using the salt  Protection:  If offline attacks are possible then the secret space should be large  Network Security Authentication Protocols 5

  6. L0pht Statistics (old) L0phtCrack against LM (LanMan – Microsoft)   On 400 MHz quad-Xeon machine  Alpha-numeric: 5.5 hours  Alpha-numeric some symbols: 45 hours  Alpha-numeric-all symbols: 480 hours LM is weak but was still used by MS for compatibility reasons up to  Windows XP, … NTLM, … Time-memory tradeoff technique (rainbow tables: Oechslin Crypto’03)   Using 1.4GB of data can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds Side Note on choosing good passwords:   Best practice from: SANS, MS, Red-Hat, etc.  Long, with a mix of alphanumeric, lowercase, uppercase, and special characters Network Security Authentication Protocols 6

  7. Password Length  Online attacks:  Can 4/6 digits be sufficient if a user is given only three trials?  Offline attacks:  Need at least: 64 random bits = 20 digits  Too long to remember by a human!  Or 11 characters from a-z, A-Z, 0-9, and punctuation marks  Too long to remember by a human  Or 16 characters pronounceable password (a vowel every two characters)  Conclusion: A secret a person is willing to remember and type will not be as good as a 64-bit random number Network Security Authentication Protocols 7

  8. Storing User Passwords  Alternatives:  Each user’s secret information is stored in every server  The users secrets are stored in an authentication storage node  Need to trust/authenticate/secure session with the ASN  Use an authentication facilitator node. Alice’s information is forwarded to the authentication facilitator who does the actual authentication  Need to trust/authenticate/secure session with the AFN  Authentication information database:  Encryption  Hashed as in UNIX (allows offline attacks) Network Security Authentication Protocols 8

  9. Other Issues Related to Passwords  Using a password in multiple places:  Cascade break-in vs. writing the list of passwords  Requiring frequent changes  How do users go around this?  A login Trojan horse to capture passwords  Prevent programs from being able to mimic the login: X11 (take the whole screen), read keyboard has “?”, “Ctrl-Alt-Del”  What happens after getting the password?  Exit => alarm the user, freeze, login the user Network Security Authentication Protocols 9

  10. Initial Password Distribution  Physical contact:  How: go to the system admin, show proof of identity, and set password  Drawback: inconvenient, security treats when giving the user access to the system admin session to set the password  Choose a random strong initial password (pre- expired password) that can only be used for the first connection Network Security Authentication Protocols 10

  11. Authentication Tokens  Authentication through what you have:  Primitive forms: credit cards, physical key  Smartcards: embedded CPU (tamper proof)  PIN protected memory card:  Locks itself after few wrong trials  Cryptographic challenge/response cards  Crypto key inside the card and not revealed even if given the PIN  PIN authenticates the user (to the card), the reader authenticates the card  Cryptographic calculator  Similar to the previous card but has a display (or speaker) Network Security Authentication Protocols 11

  12. Address-Based Authentication  Trust network address information  Access right is based on users@address  Techniques:  Equivalent machines: smith@machine1 ≡ john@machine2  Mappings: <address, remote username, local username>  Examples:  Unix: /etc/host.equiv , and .rhost files  VMS: centrally managed proxy database for each <computer, account> => file permissions  Threats:  Breaking into an account on one machine leads to breaking into other machines accounts  Network address impersonation can be easy in some cases. How? Network Security Authentication Protocols 12

  13. Cryptographic Authentication Protocols  Advantages:  Much more secure than previously mentioned authentication techniques  Techniques:  Secret key cryptography, public key crypto, encryption, hashing, etc. Network Security Authentication Protocols 13

  14. Other Types of Human Authentication  Physical Access  Biometrics:  Retinal scanner  Fingerprint readers  Face recognition  Iris scanner  Handprint readers  Voiceprints  Keystroke timing  Signature Network Security Authentication Protocols 14

  15. Passwords as Crypto Keys  Symmetric key systems:  Hash the password to derive a 56/64/128 bits key  Public key systems:  Difficult to generate an RSA private key from a password  Jeff Schiller proposal:  Password => seed for cryptographic random number generator  Optimized by requesting the user to remember two numbers  E.g. (857, 533): p prime number was found after 857 trials, and q after 533 trials  Known public key makes it sensitive to offline attacks  Usual solution:  Encrypt the private key with the users password and store the encrypted result (e.g., using a directory service) Network Security Authentication Protocols 15

  16. Eavesdropping & Server Database Reading  Example of basic authentication using public keys:  Bob challenges Alice to decrypt a message encrypted with its public key  If public key crypto is not available protection against both eavesdropping and server database reading is difficult:  Hash => subject to eavesdropping  Challenge requires Bob to store Alice’s secret in a database  One solution:  Lamport’s scheme allows a finite number of authentications Network Security Authentication Protocols 16

  17. Key Distribution Center Solve the scalability problem of a set of n nodes using secret key   n *( n -1)/2 keys New nodes are configured with a key to the KDC   e.g., K A for node A If node A wants to communicate with node B   A sends a request to the KDC  The KDC securely sends to A : E KA ( R AB ) and E KB ( R AB , A ) Advantage:   Single location for updates, single key to be remembered Drawbacks:   If the KDC is compromised!  Single point of failure/performance bottleneck => multiple KDC? Network Security Authentication Protocols 17

  18. Multiple Trusted Intermediaries  Problem:  Difficult to find a single entity that everybody trusts  Solution: Divide the world into domains  Multiple KDC domains interconnected through shared keys  Multiple CA domains: certificates hierarchy Network Security Authentication Protocols 18

  19. Certification Authorities How do you know the public key of a node?  Typical solution:   Use a trusted node as a certification authority (CA)  The CA generates certificates: Signed(A, public-key, validity information)  Everybody needs to know the CA public key  Certificates can be stored in a directory service or exchanged during the authentication process Advantages:   The CA doesn’t have to be online => more physical protection  Not a performance bottleneck, not a single point of failure  Certificates are not security sensitive: only threat is DoS  A compromised CA cannot decrypt conversation but can lead to impersonation  A certification hierarchy can be used: e.g., X.509 Network Security Authentication Protocols 19

Recommend

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Authentication Establish and verify identity allow access to resources Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the

228 views • 10 slides
Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a

Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a

CS 166: Information Security Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a Protocol? Rules for interaction, which can include: Human protocols e.g. raise your hand to ask a question

795 views • 76 slides
Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

989 views • 73 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation Weaknesses in the WEP protocol 1. No protection against message tampering 2. Incorrect usage of an encryption algorithm 3. Replayable authentication

519 views • 24 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Authentication

799 views • 59 slides
A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with

A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with

A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with Sjouke Mauw and Erik de Vink ccremers@win.tue.nl Cas Cremers, July 15, 2005 A Syntactic Criterion for Injectivity of Authentication Protocols - p.

391 views • 36 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur

Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur

Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur Protocols Key Agreement Authentication: Group Authentication Key Agreement and Authentication Key Agreement and authentication with key

411 views • 9 slides
Security II: Web authentication Such text-based protocols can be demonstrated via generic TCP

Security II: Web authentication Such text-based protocols can be demonstrated via generic TCP

Hyper Text Transfer Protocol (HTTP) version 0.9 With HTTP, a client (web browser) contacts a server on TCP port 80, sends a request line and receives a response file. Security II: Web authentication Such text-based protocols can be

383 views • 7 slides
Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop

Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop

Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop March 28, 2011 J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 1 / 14 A parable of obsolescent technology Credit:

256 views • 22 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine

An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine

An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine Meadows Dusko Pavlovic NRL Kestrel Institute Iliano Cervesato Tulane University CSFW 2005 June 20, 2005 Contributions Separate

516 views • 29 slides
Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication Integrity Non-repudiation CA (Certification Authority) Issue digital certificates (via digital signature) Publish/Distribute digital

491 views • 13 slides
SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2 University of Tartu 1 Helsinki University of Technology 3 Ecole Polytechnique F ed erale de Lausanne Brief outline User-aided data

304 views • 16 slides
SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2 University of Tartu 1 Helsinki University of Technology 3 Ecole Polytechnique F ed erale de Lausanne Brief outline User-aided data

137 views • 13 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239 Verifying security protocols Computer Security February 4, 2004 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004

297 views • 11 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE http://sloth-attack.org Karthikeyan Bhargavan Gatan Leurent Crypto protocols and applications evolve Agility: graceful transition from old to new

228 views • 18 slides

More recommend