Outline • Introduction Authentication • Basic authentication mechanisms CS 239 • Authentication on a single machine Computer Security • Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236, Winter 2007 CS 236, Winter 2007 Introduction Authentication • Much of security is based on good • Determining the identity of some entity access control –Process • Access control only works if you have –Machine good authentication –Human user • What is authentication? • Requires notion of identity • And some degree of proof of identity Lecture 9 Lecture 9 Page 3 Page 4 CS 236, Winter 2007 CS 236, Winter 2007 Proving Identity in the Physical Other Physical World Methods of World Identification • Identification by recommendation • Most frequently done by physical – You introduce me to someone recognition • Identification by credentials –I recognize your face, your voice, – You show me your driver’s license your body • Identification by knowledge – You tell me something only you know • What about identifying those we don’t • Identification by location already know? – You’re behind the counter at the DMV • These all have cyber analogs Lecture 9 Lecture 9 Page 5 Page 6 CS 236, Winter 2007 CS 236, Winter 2007 1
Differences in Cyber Identifying With a Computer Identification • Not as smart as a human • Usually the identifying entity isn’t – Steps to prove identity must be well human defined • Often the identified entity isn’t human, • Can’t do certain things as well either – E.g., face recognition • Often no physical presence required • But lightning fast on computations and less prone to simple errors • Often no later rechecks of identity – Mathematical methods are acceptable Lecture 9 Lecture 9 Page 7 Page 8 CS 236, Winter 2007 CS 236, Winter 2007 Identifying Computers and Physical Presence Optional Programs • No physical characteristics • Often authentication required over a network or cable –Faces, fingerprints, voices, etc. • Even if the party to be identified is • Generally easy to duplicate programs human • Not smart enough to be flexible • So authentication mechanism must –Must use methods they will work in face of network characteristics understand –E.g., active wiretapping • Again, good at computations Lecture 9 Lecture 9 Page 9 Page 10 CS 236, Winter 2007 CS 236, Winter 2007 Identity Might Not Be Rechecked Authentication Mechanisms • Human beings can make identification • Something you know mistakes – E.g., passwords • But they often recover from them • Something you have – Often quite easily – E.g., smart cards or tokens • Based on observing behavior that suggests • Something you are identification was wrong – Biometrics • Computers and programs rarely have that • Somewhere you are capability – Usually identifying a role – If they identify something, they believe it Lecture 9 Lecture 9 Page 11 Page 12 CS 236, Winter 2007 CS 236, Winter 2007 2
Passwords Problems With Passwords • Authentication by what you know • They have to be unguessable • One of the oldest and most commonly used –Yet easy for people to remember security mechanisms • If networks connect terminals to • Authenticate the user by requiring him to produce a secret computers, susceptible to password – Known only to him and to the sniffers authenticator • Unless fairly long, brute force attacks – Or, if one-way encryption used, known often work on them only to him Lecture 9 Lecture 9 Page 13 Page 14 CS 236, Winter 2007 CS 236, Winter 2007 Proper Use of Passwords Passwords and Single Sign-On • Passwords should be sufficiently long • Many systems ask for password once • Passwords should contain non-alphabetic –Resulting authentication lasts for an characters entire “session” • Passwords should be unguessable • Unless other mechanisms in place, complete mediation definitely not • Passwords should be changed often achieved • Passwords should never be written down • Trading security for convenience • Passwords should never be shared Lecture 9 Lecture 9 Page 15 Page 16 CS 236, Winter 2007 CS 236, Winter 2007 Handling Passwords Standard Password Handling Harpo 2st6’sG0 • The OS must be able to check passwords Login: Groucho The Marx Zeppo G>I5{as3 when users log in Br ot her s’ Password: swordfish Chico w*-;sddw Family • So must the OS store passwords? Karl sY(34,ee, Machine Groucho We6/d02, • Not really Gummo 3(;wbnP] – It can store an encrypted version • Encrypt the offered password – Using a one-way function We6/d02, • And compare it to the stored version Lecture 9 Lecture 9 Page 17 Page 18 CS 236, Winter 2007 CS 236, Winter 2007 3
Is Encrypting the Password File Dictionary Attacks on an Enough? Encrypted Password File • What if an attacker gets a copy of your Harpo 2st6’sG0 D i c t i Zeppo G>I5{as3 o n a password file? r y Chico w*-;sddw sY(34,ee Karl sY(34,ee, • No problem, the passwords are Groucho We6/d02, Gummo 3(;wbnP] encrypted 340jafg; aardvark sY(34,ee K]ds+3a, aardwolf abaca Now you can hack –Right? the Communist Rats!!!! • Yes, but . . . Manifesto! Lecture 9 Lecture 9 Page 19 Page 20 CS 236, Winter 2007 CS 236, Winter 2007 A Serious Issue Illustrating the Problem • All Linux machines use the same one- way function to encrypt passwords • If someone runs the entire dictionary beard ^*eP6la- beard ^*eP6la- through that function, –Will they have a complete list of all aardvark 340jafg; aardwolf K[ds+3a, encrypted dictionary passwords? abaca sY(34,ee . . . beard ^*eP61a- Lecture 9 Lecture 9 Page 21 Page 22 CS 236, Winter 2007 CS 236, Winter 2007 The Real Problem Salted Passwords • Not that Darwin and Marx chose the same • Combine the plaintext password with a password random number • But that anyone who chose that password –Then run it through the one-way got the same encrypted result function • So the attacker need only encrypt every • The random number need not be secret possible password once • It just has to be different for different • And then she has a complete dictionary users usable against anyone Lecture 9 Lecture 9 Page 23 Page 24 CS 236, Winter 2007 CS 236, Winter 2007 4
Did It Fix Our Problem? What Is This Salt, Really? • An integer that is combined with the password before hashing • How will you be able to check passwords by hashing them, then? • By storing the salt integer with the password beard beard )#4,doa8 aardvark 340jafg; D0Cls6& – Generally in plaintext aardwolf K[ds+3a, abaca sY(34,ee • Why is it OK (or OK-ish) to leave this . . . important information in plaintext? beard ^*eP61a- Lecture 9 Lecture 9 Page 25 Page 26 CS 236, Winter 2007 CS 236, Winter 2007 Challenge/Response Protecting the Password File Authentication • So it’s OK to leave the encrypted version of • Authentication by what questions you the password file around? can answer correctly • No, it isn’t –Again, by what you know • Why make it easy for attackers? • The system asks the user to provide • Dictionary attacks against single accounts some information can still work • If it’s provided correctly, the user is • Generally, don’t give access to the authenticated encrypted file, either Lecture 9 Lecture 9 Page 27 Page 28 CS 236, Winter 2007 CS 236, Winter 2007 Problems With Authentication Differences From Passwords Through Challenge/Response • Challenge/response systems ask for • Either the question is too hard to answer different information every time without special hardware • Or at least the questions come from a large • Or the question is too easy for intruders to set spoof the answer • Best security achieved by requiring what • Still, commonly used in real-world amounts to encryption of the challenge situations – But that requires special hardware – E.g., authenticating you by asking your childhood pet’s name – Essentially, a smart card Lecture 9 Lecture 9 Page 29 Page 30 CS 236, Winter 2007 CS 236, Winter 2007 5
Recommend
More recommend