ISE 331 Fundamentals of Computer Security Authentication and Attacks
Agenda • User Authentication Authentication process Means of authentication • Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks Thwarting dictionary attacks
User Authentication Authentication is the process of verifying an identity Authentication process (2 step) 1. Identification – User provides a claimed identity to the system 2. Verification – System establishes the validity of the claim
Authentication Process Eg . Alice is user of system X and has the username Alice123 Alice’s password is a secret between Alice and the System. Identification – Alice provides Alice123 and password to logon into the system. Verification – Combination of Alice123 and password enables the system to verify that the user is indeed Alice.
Means of Authentication There are four general means of authenticating user’s to the system. These can be used alone or in combination. Something the individual knows Password, PIN, answers to prearranged questions Something the individual possesses (token) Memory card, Physical key Something the individual is (static biometrics) Fingerprints, Facial characteristics, Retinal and Iris patterns Something the individual does (dynamic biometrics) Voice, Signature, Typing Rythm
Passwords Passwords are the most widely used authentication mechanism in computers However they are prone to many vulnerabilities • Offline Dictionary Attacks • Specific Account Attack • Workstation Hijacking • Exploiting User mistakes An Attack is the act of exploiting the vulnerabilities for malicious intent
Vulnerabilities of Passwords Dictionary Attacks - Users have a tendency is to use passwords that are easy to remember - Dictionary is a collection of commonly used passwords Example dictionary password 12345678 qwerty football 1234 baseball welcome
Vulnerabilities of Passwords Specific Account Attack Attacker attempts to gain knowledge of a specific user and tries to guess the user’s password. Countermeasures: - Prohibiting use of well-known user identifiers like name - Using combination of character sets (combination of special characters, numbers, letters) - Regularly changing passwords
Vulnerabilities of Passwords Workstation Hijacking Attacker waits until logged-in workstation is unattended. Countermeasures: Logout after use Automatically log out after certain period
Vulnerabilities of Passwords Exploiting user mistakes Users may write their passwords somewhere Users may sometimes share their password with someone to allow one-time access Countermeasures: 2-step verification Eg. When logging into new device, google sends verification code on your cellphone.
Vulnerabilities of Passwords We discussed the following password vulnerabilities: • Offline Dictionary Attacks • Specific Account Attack • Workstation Hijacking • Exploiting User mistakes Despite these vulnerabilities, passwords remain the most widely used authentication mechanism.
Password Cracking Password cracking experiment Tried to crack a password file from a Unix system with 14000 encrypted passwords Initial Dictionary • Combined words from various dictionaries (60,000 words) • Transformations on the words • Permutations of words from dictionaries • Making some letters uppercase, reversing word, changing o to zero Final dictionary contained 3 million words They were able to crack 25% of the passwords. Even one is enough to gain access into the system!
John-the-Ripper • John the Ripper is a free password cracking software tool developed in 1996. • It can be run against various encrypted password formats • Such tools are used to check the strength of passwords • Also, attackers can use them to crack passwords!
Cracking passwords is only getting easier Increased Processing Capability A PC running a single AMD Radeon HD7920 GPU can try on an average 8.2X10^9 [order of billion] password combinations each second!
Cracking passwords is only getting easier • The graph shows the percentage of passwords that have been recovered as a function of the number of guesses. As can be seen, over 10% of the passwords are recovered after only 10 10 guesses. After 10 13 guesses, almost 40% of the passwords are recovered.
Password Cracking • The key to password cracking: Large Dictionary File High Processing Power • How to form a dictionary file? Combine leaked password files
Vulnerabilities of Passwords Dictionary Attacks - Users tendency is to use passwords that are easy to remember - Dictionary is a collection of commonly used passwords Example dictionary password 12345678 qwerty football 1234 baseball welcome
Hash values are used to store passwords Actual password is never stored Passwords stored in the system are encrypted using some hashing algorithm (MD5, SHA-1) These are prone to dictionary attacks Attacker can easily calculate the hash values for the dictionary
Thwarting Dictionary Attack • To reduce the possibility of dictionary attacks, widely used password security technique is the use of hashed password and salt value. • User selects a password. This is combined with a fixed-length salt value (timestamp, pseudorandom number). • The combination of password and salt serve as an input to the hash function. • The hashed password is then stored in the password file, together with plaintext salt and corresponding user ID.
Thwarting Dictionary Attack Dictionary Hash value Password (not stored ) Salt (Stored) Hash value (Stored) password e10adc qwerty 1 6dbd0 qwerty d8578e football 2 80acd football 37b4e2 1234 3 1c104 1234 81dc9 welcome 40be4 Benefits of using the salt Increases the difficulty of dictionary attacks The hash values do not match directly Now attacker needs to combine each word in the dictionary with each salt value
Thwarting Dictionary Attack Benefits of using the salt Increases the difficulty of dictionary attacks. The hash values do not match directly Now attacker needs to combine each word in the dictionary with each salt value Slow Hash Functions MD5 crypt with 1000 iterations. The hash function is designed to be slow to make it difficult for dictionary attacks.
Recommend
More recommend
