File Protection MechanismsFile Protection Mechanisms

All-None ProtectionAll-None Protection• Lack of trustLack of trust• All or nothingAll or nothing• Timesharing issuesTimesharing issues• ComplexityComplexity• File listingsFile listings

File Protection MechanismsFile Protection Mechanisms

Group ProtectionGroup Protection• User cannot belong to two groupsUser cannot belong to two groups• Forces one person to be multiple usersForces one person to be multiple users• Forces user to be put into all groupsForces user to be put into all groups• Files can only be shared within groupsFiles can only be shared within groups

File Protection MechanismsFile Protection Mechanisms

Single PermissionsSingle Permissions• Password/Token for each filePassword/Token for each file

Can be lostCan be lost InconvenientInconvenient Must be protected (if changed, must notify Must be protected (if changed, must notify

all users)all users)

• Temporary Acquired PermissionTemporary Acquired Permission UNIX’s UNIX’s set userid (suid)set userid (suid)

User AuthenticationUser Authentication

Something the user Something the user knowsknows (password, (password, PIN, passphrase, mother’s maiden name)PIN, passphrase, mother’s maiden name)

Something the user Something the user hashas (ID, key, (ID, key, driver’s license, uniform)driver’s license, uniform)

Something the user Something the user isis ((biometricsbiometrics))

Use of PasswordsUse of Passwords

Mutually agreed-upon code words, Mutually agreed-upon code words, assumed known only to user and assumed known only to user and systemsystem

First line of defenseFirst line of defense Loose-Lipped SystemsLoose-Lipped Systems

• WELCOME TO XYZ COMPUTINGWELCOME TO XYZ COMPUTING• ENTER USER ID: summersENTER USER ID: summers• INVALID USER NAMEINVALID USER NAME• ENTER USER ID:ENTER USER ID:

Attack on PasswordsAttack on Passwords

Ask the userAsk the user Search for the system list of passwordsSearch for the system list of passwords

• Find a valid user ID Find a valid user ID • Create a list of possible passwords (encrypt if Create a list of possible passwords (encrypt if

needed) needed) • Rank the passwords from high to low Rank the passwords from high to low

probability probability • Try each password Try each password • If attempt fails, try again (don't exceed If attempt fails, try again (don't exceed

password lockout) password lockout)

Attack on PasswordsAttack on Passwords

Exhaustive Attack (Exhaustive Attack (brute-forcebrute-force))• 18,278 passwords of 3 letters or less18,278 passwords of 3 letters or less• 1 password / millisecond would take 18 1 password / millisecond would take 18

seconds (8 minutes for 4 letters, 3.5 hours for seconds (8 minutes for 4 letters, 3.5 hours for 5 letters)5 letters)

Probable passwords (Probable passwords (dictionary attackdictionary attack))• 80,000 word dictionary would take 80 80,000 word dictionary would take 80

secondsseconds• Expanded “dictionary”Expanded “dictionary”

Attack on PasswordsAttack on Passwords

UK Study UK Study (http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwo(http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/?related)rds/?related)

• 50% passwords were family names50% passwords were family names• Celebrities/soccer stars – 9% eachCelebrities/soccer stars – 9% each• Pets – 8%Pets – 8%• 10% reflect a fantasy10% reflect a fantasy• Only 10% use cryptic combinationsOnly 10% use cryptic combinations

Attack on PasswordsAttack on Passwords Look on desk…Look on desk… Try no passwordTry no password Try user IDTry user ID Try user’s nameTry user’s name Common words Common words (password, private, secret)(password, private, secret) Short dictionaryShort dictionary Complete English word listComplete English word list Common non-English dictionariesCommon non-English dictionaries Dictionary with capitalization and substitutions Dictionary with capitalization and substitutions

(0 for o and 1 for i)(0 for o and 1 for i) Brute force (lowercase alphabet)Brute force (lowercase alphabet) Brute force (full character set)Brute force (full character set)

Attack on PasswordsAttack on Passwords

Plaintext System Password List (MS Plaintext System Password List (MS Windows)Windows)

Encrypted Password List – 1-way Encrypted Password List – 1-way (/etc/passwd)(/etc/passwd)

Shadow Password List (/etc/shadow)Shadow Password List (/etc/shadow) SaltSalt – 12-bit number formed from – 12-bit number formed from

system time and process id; system time and process id; concatenated to passwordconcatenated to password

Password Selection CriteriaPassword Selection Criteria

Use characters other than A-ZUse characters other than A-Z Choose long passwordsChoose long passwords Avoid names and wordsAvoid names and words Choose unlikely passwordChoose unlikely password Change password regularly Change password regularly (don’t reuse)(don’t reuse)

Don’t write it downDon’t write it down Don’t tell anyoneDon’t tell anyone http://www.mit.edu/afs/sipb/project/doc/passwordhttp://www.mit.edu/afs/sipb/project/doc/password

s/passwords.htmls/passwords.html One-time passwordsOne-time passwords

AuthenticationAuthentication

Should be slow (5-10 seconds)Should be slow (5-10 seconds) Should only allow a limited # of Should only allow a limited # of

failures (e.g. 3)failures (e.g. 3) Challenge-Response SystemsChallenge-Response Systems Impersonation of LoginImpersonation of Login Authentication Other than PasswordsAuthentication Other than Passwords