IdentificationAuthentication

2

Authentication Allows an entity (a user or a system) to prove its

identity to another entity Typically, the entity whose identity is verified

reveals knowledge of some secret S to the verifier

Strong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier

3

Authentication Information

Must be securely maintained by the

system.

4

Elements of Authentication Person/group/code/system: to be authenticated Distinguishing characteristic: differentiates the

entities to be authenticated Proprietor/system owner/administrator: responsible

for the system Authentication mechanism: verify the distinguishing

characteristic Access control mechanism: grant privileges upon

successful authentication

5

Authentication Requirements Network must ensure

Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages

Network must ensure data source is the one claimed Authentication generally follows identification

Establish validity of claimed identity Provide protection against fraudulent transactions

6

User Authentication What the user knows

Password, personal information What the user possesses

Physical key, ticket, passport, token, smart card What the user is (biometrics)

Fingerprints, voiceprint, signature dynamics

7

Passwords Commonly used method For each user, system stores (user name, F(password)),

where F is some transformation (e.g., one-way hash) in a password file F(password) is easy to compute From F(password), password is difficult to compute Password is not stored in the system

When user enters the password, system computes F(password); match provides proof of identity

8

Vulnerabilities of Passwords Inherent vulnerabilities

Easy to guess or snoop No control on sharing

Practical vulnerabilities Visible if unencrypted in distributed and network

environment Susceptible for replay attacks if encrypted naively

Password advantage Easy to modify compromised password.

9

Weak Passwords Bell Labs study (Morris and Thompson, 1979), 3289

passwords were examined 15 single ASCII characters, 72 two ASCII characters, 464

three ASCII characters, 477 four ASCII characters, 706 five letters (all lower case or all upper case), 605 six letters, all lower case, 492 week passwords (name, dictionary words, etc.)

Summary: 2831 passwords (86% of the sample) were weak, i.e., either too easy to predict or too short

10

Attacks on Password Guessing attack/dictionary attack Social Engineering Sniffing Trojan login Van Eck sniffing

11

Guessing Attack Exploits human nature to use easy to

remember passwords Trial-and-error attack Easy to detect (failed logins) and block Need audit mechanism

12

Social Engineering Attacker asks for password by masquerading

as somebody else (not necessarily an authenticated user)

May be difficult to detect Protection against social engineering: strict

security policy and users’ education

13

Dictionary Attacks on Passwords

Attack 1: Create dictionary of common words and names and their simple

transformations Use these to guess password

Attack 2: Usually F is public and so is the password file (encrypted) Compute F(word) for each word in dictionary Find match

Attack 3: Pre-compute dictionary Look up matches

14

Password Salt Used to make dictionary attack more difficult Salt is a 12 bit number between 0 and 4095 It is derived from the system clock and the process identifier Compute F(password+salt); both salt and F(password+salt) are

stored in the password table User: gives password, system finds salt and computes

F(password+salt) and check for match Note: with salt, the same password is computed in 4096 ways

15

Password Management Policy Educate users to make better choices Define rules for good password selection and

ask users to follow them Ask or force users to change their password

periodically Actively attempt to break user’s passwords

and force users to change broken ones Screen password choices

16

One-time Password

Use the password exactly once!

17

Lamport’s scheme Doesn’t require any special hardware System computes F(x),F2(x),…, F100(x) (this allows 100

logins before password change) System stores user’s name and F100(x) User supplies F99(x) the first time If the login is correct, system replaces F100(x) with F99(x) Next login: user supplies F98(x) … and so on User calculates Fn(x) using a hand-held calculator, a

workstation, or other devices

18

Time Synchronized There is a hand-held authenticator

It contains an internal clock, a secret key, and a display Display outputs a function of the current time and the key It changes about once per minute

User supplies the user id and the display value Host uses the secret key, the function and its clock to

calculate the expected output Login is valid if the values match

19

Time Synchronized

Secret key

Time

One Time PasswordDES

20

Challenge Response

Work station Host

Network

• Non-repeating challenges from the host is used• The device requires a keypad

User ID

Challenge

Response

21

Challenge Response

Secret key

Challenge

One Time PasswordDES

22

Devices with Personal Identification Number (PIN) Devices are subject to theft, some devices

require PIN (something the user knows) PIN is used by the device to authenticate the user Problems with challenge/response schemes

Key database is extremely sensitiveThis can be avoided if public key algorithms are used

23

Smart Cards Portable devices with a CPU, I/O ports, and

some nonvolatile memory Can carry out computation required by public

key algorithms and transmit directly to the host

Some use biometrics data about the user instead of the PIN

24

Biometrics Fingerprint Retina scan Voice pattern Signature Typing style

25

Problems with Biometrics Expensive

Retina scan (min. cost) about $ 2,200 Voice (min. cost) about $ 1,500 Signature (min. cost) about $ 1,000

False readings Retina scan 1/10,000,000+ Signature 1/50 Fingerprint 1/500

Can’t be modified when compromised