Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10...
-
Upload
logan-williamson -
Category
Documents
-
view
217 -
download
0
Transcript of Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10...
![Page 1: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/1.jpg)
Authentication
CS461/ECE422Spring 2012
![Page 2: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/2.jpg)
Readings
• Chapter 3 from text• Rainbow tables– http://kestas.kuliukas.com/RainbowTables/
• Chapter 10 from Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/about/chap10.pdf
![Page 3: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/3.jpg)
Overview
• Basic elements of Authentication• Password Systems• Token Based Systems• Biometrics
![Page 4: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/4.jpg)
4
Ivanhoe, Sir Walter Scott
• Paraphrased:(Wamba gains entry to the castle dressed as a friar)Wamba: Take my disguise and escape, I will stay and die in
your place.Cedric: I can’t possibly impersonate a friar, I only speak
English.Wamba: If anyone says anything to you, just say “Pax
vobiscum.”Cedric: What does that mean?Wamba: I don’t know, but it works like a charm!
![Page 5: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/5.jpg)
5
Basics
• Authentication: binding of identity to subject– Identity is that of external entity (my identity, the Illini
Union Bookstore, etc.)– Subject is computer entity (process, network connection,
etc.)– Two steps
– Identification step: present identifier to security system. Registration
– Verification step: Present or generate authentication information that corroborates the binding between entity and identifier
![Page 6: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/6.jpg)
6
Establishing Identity
• One or more of the following– What entity knows (e.g. password, private key)– What entity has (e.g. badge, smart card)– What entity is (e.g. fingerprints, retinal characteristics)– What entity does (e.g., voice pattern, handwriting, typing rhythm)– Where entity is (e.g. In front of a particular terminal)
• Example: scene from Ivanhoe• Example: Credit card transaction• Multi-factor authentication
• Use multiple elements to prove identity
![Page 7: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/7.jpg)
Complementation Information
• User provides information to verify identity• System stores a processed version of this
information as the complementation information
• The complementation function maps from the user provided data to the system stored data
![Page 8: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/8.jpg)
Password-based Authentication
• External entity is bound to system ID (user account)
• Authentication Step– External entity presents password– System compares with previously stored password– If password matches, system starts process with
bound ID• Later access control decisions made against ID• Privilege decisions made against ID
![Page 9: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/9.jpg)
Password Vulnerabilities
• Password systems widely used, but very vulnerable– Offline dictionary attack– Specific account attack– Workstation hijacking– Sticky notes– Password reuse– Social engineering– Electronic monitoring
![Page 10: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/10.jpg)
10
Password Storage
• Store as cleartext– If password file compromised, all passwords revealed
• Encipher file– Need to have decipherment, encipherment keys in
memory– Reduces to previous problem
• Store one-way hash of password– If file read, attacker must still guess passwords or invert
the hash
![Page 11: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/11.jpg)
11
Unix Password Hash Example
• Original UNIX system standard hash function– Hashes password into 13 char string
– As authentication system:– Authentication information is strings of 8 characters or
less– System stores hash with user’s identity in password file
– Hash is complementation information
– Verification function is hash on password and comparison with stored hash
![Page 12: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/12.jpg)
12
Salting
• Have a set of n hash functions– Randomly select one function when registering
new authentication info – Store ID of function with registered info
• Attacker must try all n functions to see if his guess matches any password
• When does this help? When does it not?
![Page 13: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/13.jpg)
13
Examples
• Vanilla UNIX method– Use DES to encipher 0 message with password
as key; iterate 25 times– Perturb E table in DES in one of 4096 ways
• 12 bit salt flips entries 0–11 with entries 24–35• E Table is per round expansion table
• Alternate methods– Use salt as first part of input to hash function
![Page 14: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/14.jpg)
14
Dictionary Attacks
• Trial-and-error from a list of potential passwords– Off-line (type 1): know functions and registered
information, and repeatedly try different guesses g A until the list is done or passwords guessed
• Examples: crack, john-the-ripper– On-line (type 2): have access to verification
functions. Try guesses until one succeeds.– Examples: trying to log in by guessing a password
![Page 15: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/15.jpg)
15
Preventing Attacks
• How to prevent this:– Hide information so that either authentication input,
authentication functions, or stored verification information cannot be found. Prevents obvious attack from above
• Example: UNIX/Linux shadow password files– Hides c’s
– Block access to all verification methods• Prevents attacker from knowing if guess succeeded• Example: preventing any logins to an account from a network
– Prevents knowing results of verification function or accessing verification function.
![Page 16: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/16.jpg)
Rainbow Tables• Rather than keeping dictionary list, could pre-compute the hashes
of the dictionary values– For large dictionaries, still a lot of space– Particularly if using a smart lookup table
• Trade off space for time with hash chain– p1->H(p1)->R(H(p1))->H(R(H(p1)))– aaaaaa –h-> 281DAF40 –r-> sgfnyd –h-> 920ECF10– Reduction function, r, picks another plaintext from the hash. It is not
the inverse hash– Only store start and end of hash– Given hash to break, look for it in the end of the chains.– Apply reduction and hash if not found– Continue until found
![Page 17: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/17.jpg)
Rainbow Tables
• Collisions are the problems with rainbow tables– Two passwords may hash to the same value– One of those values will be lost in the hash chain
• Could use many small tables with different reduction functions
• Could use a different reduction function for each column– Thus a “Rainbow” table
![Page 18: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/18.jpg)
Rainbow tables
• Very effective against Lan Manager Hashes– Calculated by XP and up to Windows 2008 by
default for “backwards compatibility”– Can download huge tables from a number of free
sites• Decent sized hashes make the rainbow table
pre-computation space infeasible
![Page 19: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/19.jpg)
19
Using Time
Anderson’s formula:• P probability of guessing a password in
specified period of time• G number of guesses tested in 1 time unit• T number of time units• N number of possible passwords (|A|)• Then
N
TGP
![Page 20: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/20.jpg)
20
Example
• Goal– Passwords drawn from a 96-char alphabet– Can test 104 guesses per second– Probability of a success to be 0.5 over a 365 day period– What is minimum password length?
• Solution– N ≥ TG/P = (365246060)104/0.5 = 6.311011
– Choose s such that– So s ≥ 6, meaning passwords must be at least 6 chars
long– What exactly does that equation mean?
Ns
j
j 096
![Page 21: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/21.jpg)
21
Approaches: Password Selection
• Random selection– Any password from A equally likely to be selected– See previous example– Make sure it’s random!
• Pronounceable passwords• User selection of passwords
![Page 22: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/22.jpg)
22
Pronounceable Passwords
• Generate phonemes randomly– Phoneme is unit of sound, e.g. cv, vc, cvc, vcv– Examples: helgoret, juttelon are; przbqxdfl,
zxrptglfn are not• ~ 440 possible phonemes• 4406 possible keys with 6 phonemes (12-18
characters long), about the same as 968
• Used by GNU Mailman mailing list software (?)
![Page 23: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/23.jpg)
23
User Selection
• Problem: people pick easy-to-guess passwords– Based on account names, user names, computer
names, place names– Dictionary words (also reversed, odd capitalizations,
control characters, “l33t-speak”, conjugations or declensions, Torah/Bible/Koran/… words)
– Too short, digits only, letters only– License plates, acronyms, social security numbers– Personal characteristics or foibles (pet names,
nicknames, etc.)– Using the same password in multiple accounts
![Page 24: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/24.jpg)
User Password Education
• Use the first letter of each word in a phrase– “My dog’s first name is Rex.” becomes “MdfniR”
![Page 25: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/25.jpg)
Reactive Password Checking
• Have a password cracking program running in the background– Shut down account of passwords it can crack– CPU intensive– Shutting down active accounts is likely to annoy
someone important eventually.
![Page 26: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/26.jpg)
Proactive password checking
• Don’t let them pick a “bad” password in the first place
• Need to have a fairly fast test of the “goodness” of a password
![Page 27: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/27.jpg)
Markov Model
• Reduce space requirements of bad password list
• Create model that represents the bad password database
• Created from trigrams (three letter segments) from words in bad password list
![Page 28: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/28.jpg)
Bloom Filter• Another way of encoding the bad password dictionary in a small cheap to
check data structure• Create N bit array• Use k independent hash functions which hash into a space of 0 to N-1• For each bad password,
– Compute every version of the hash, and set the corresponding bit in the hash table for every hash value
• To check a password– Computer every version of the hash, and check the corresponding bits in the
array– If all bits are 1, then the password is bad
• Will allow some false positives– Passwords marked bad that weren’t in the original list
• But it will not generate any false negatives.
![Page 29: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/29.jpg)
29
Challenge-Response
• User and system share a secret function• User proves knowledge of secret function by answering
challenge
user systemrequest to authenticate
user systemrandom message r(the challenge)
user systemf(r)(the response)
![Page 30: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/30.jpg)
30
One-Time Passwords
• Password that can be used exactly once– After use, it is immediately invalidated
• Challenge-response mechanism– Challenge is one of a number of authentications;
response is password for that particular number
• Problems– Synchronization of user, system– Generation of good random passwords– Password distribution problem
![Page 31: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/31.jpg)
31
S/Key
• One-time password scheme based on idea of Lamport
• h one-way hash function (MD5 or SHA-1, for example)
• User chooses initial seed k• System calculates:
h(k) = k1, h(k1) = k2, …, h(kn–1) = kn
• Passwords are reverse order:p1 = kn, p2 = kn–1, …, pn–1 = k2, pn = k1
![Page 32: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/32.jpg)
32
S/Key Protocol
user system{ name }
user system{ i }
user system{ pi }
System stores maximum number of authentications n, numberof next authentication i, last correctly supplied password pi–1.
System computes h(pi) = h(kn–i+1) = kn–i+2 = pi–1. If match withwhat is stored, system replaces pi–1 with pi and increments i.
![Page 33: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/33.jpg)
Token-based Authentication
• Something you have• Memory Cards– No computation on the card– Need special reader to pull data off the card– Need pin to decrypt data off of card– E.g., ATM card or debit card
• By adding PIN (something you know) you get multi-factor authentication
![Page 34: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/34.jpg)
Token Based Authentication
• Smart Card– Computation on the card– Plug in with USB or wireless communication
(credit card)• Authentication options– Static – equivalent to memory card– Dynamic password generator – generates a unique
password every minute.– Challenge response
![Page 35: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/35.jpg)
35
Biometrics
• Automated measurement of biological, behavioural features that identify a person– Fingerprints: optical or electrical techniques
• Maps fingerprint into a graph, then compares with database• Measurements imprecise, so approximate matching
algorithms used– Voices: speaker verification or recognition
• Verification: uses statistical techniques to test hypothesis that speaker is who is claimed (speaker dependent)
• Recognition: checks content of answers (speaker independent)
![Page 36: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/36.jpg)
36
Other Characteristics
• Can use several other characteristics– Eyes: patterns in irises unique
• Measure patterns, determine if differences are random; or correlate images using statistical tests
– Faces: image, or specific characteristics like distance from nose to chin
• Lighting, view of face, other noise can hinder this– Keystroke dynamics: believed to be unique
• Keystroke intervals, pressure, duration of stroke, where key is struck
• Statistical tests used
![Page 37: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/37.jpg)
37
Biometric
• Physical characteristics encoded in a template– The C or complement information
• User registers physical information (S)– Generally with multiple measurements
• The verification function takes a measurement and tries to line up with template
![Page 38: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/38.jpg)
38
Authentication vs Identification
• Used for surveillance– Subject is motivated to avoid detection
• Used for authentication– Subject is motivated to positively identify– Perhaps pick up other's characteristics
• False positives vs false negatives
![Page 39: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/39.jpg)
39
Biometric Cautions
• These can be fooled!– Assumes biometric device accurate in the environment
it is being used in!– Transmission of data to validator is tamperproof,
correct (remember pax vobiscum)• Physical characteristics change over time• Some people may not be able to identify via specific
characteristics– Albinos and iris scans
![Page 40: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/40.jpg)
Biometric Cautions
• Where are the biometric templates stored?• What if your biometric template data is
stolen?
![Page 41: Authentication CS461/ECE422 Spring 2012. Readings Chapter 3 from text Rainbow tables – Chapter 10 from Handbook.](https://reader036.fdocuments.in/reader036/viewer/2022062408/56649e145503460f94afe694/html5/thumbnails/41.jpg)
Key Points
• Passwords are the reality for now• Multi-factor authentication is must stronger• Biometrics can help, but not a silver bullet yet