ACIT3630 L7 User Authentication

Password File Access Control

Can block offline guessing attacks by denying access to encrypted passwords Make available only to privileged users Shadow password file Vulnerabilities 脆弱性 Weakness in the OS that allows access to the file Accident with permissions making it readable Users with same password on other systems Access from backup media Sniff 嗅 passwords in network traffic

RFC 4949

defines user authentication as: "The process of verifying an identity claimed by or for a system entity."

Summary

• Electronic user authentication principles • A model for electronic user authentication • Means of authentication • Risk assessment for user authentication • Password-based authentication • The vulnerability of passwords • The use of hashed passwords • Password cracking of user-chosen passwords • Password file access control • Password selection strategies • Token -based authentication • Memory cards • Smart cards • Electronic identity cards • Biometric authentication • Physical characteristics used in biometric applications • Operation of a biometric authentication system • Biometric accuracy • Remote user authentication • Password protocol • Token protocol • Static biometric protocol • Dynamic biometric protocol • Security issues for user authentication

Passwords And finally Ten Common Mistakes

1. Leaving passwords blank or unchanged from default value. 2. Using the letters p-a-s-s-w-o-r-d as the password. 3. Using a favourite football team or player as the password. 4. Using a partner's name as the password. 5. Using the same password for everything. 6. Writing passwords on post-it notes. 7. Pasting a list of passwords under the keyboard. 8. Storing all passwords in a spreadsheet, a database or in a file on a PDA. 9. Writing all passwords in a personal diary/notebook. 10. Giving the password to someone who claims to be the system administrator.

Risk Assessment for User Authentication

Assurance Level -> Potential impact -> Areas of risk

Assurance Level

Describes an organization's degree of certainty that a user has presented a credential 憑據 that refers to his or her identity

Password Cracking

Dictionary attacks • Develop a large dictionary of possible passwords and try each against the password file • Each password must be hashed using each salt value and then compared to stored hash values Password crackers exploit利用 the fact that people choose easily guessable passwords • Shorter password lengths are also easier to crack Rainbow table attacks • Pre-compute tables of hash values for all salts • A mammoth table of hash values • Can be countered by using a sufficiently充分 large salt value and a sufficiently large hash length John the Ripper • Open-source password cracker first developed in in 1996 • Uses a combination of brute-force and dictionary techniques

Password Authenticated Connection Establishment (PACE)

For offline applications, either the MRZ printed on the back of the card or the six-digit card access number (CAN) printed on the front is used For online applications, access is established by the user entering the 6-digit PIN (which should only be known to the holder of the card) Ensures that the contactless 無接觸 RF chip in the eID card cannot be read without explicit 顯式 access control

UNIX Implementation

Original scheme • Up to eight printable characters in length • 12-bit salt used to modify DES encryption into a one-way hash function • Zero value repeatedly encrypted 25 times • Output translated to 11 character sequence Now regarded as inadequate不足 • Still often required for compatibility 兼容性 with existing account management software or multivendor environments

Proactive主動 Password Checking

Password cracker •Compile a large dictionary of passwords not to use Rule enforcement 執行 •Specific rules that passwords must adhere 堅持 to Bloom filter •Used to build a table based on dictionary using hashes •Check desired password against this table

Passwords

Passwords are cheap to deploy, but also act as the first line of defence in a security arsenal. - They are also often the weakest link.

Electronic Identity Cards (eID)

Use of a smart card as a national identity card for citizens Most advanced deployment部署 is the German card neuer Personalausweis

Passwords Challenge Response

User and system share a secret key • Challenge: system presents user with some string • Response: user computes response based on secret key and challenge - Secrecy: difficult to recover key from response - One-way hashing or symmetric encryption work well - Freshness: if challenge is fresh and unpredictable, attacker on the network cannot replay an old response - For example, use a fresh random number for each challenge • Good for systems with pre-installed secret keys - Car keys; military friend-orfoe identification

Password Selection Strategies

User education Users can be told the importance of using hard to guess passwords and can be provided with guidelines for selecting strong passwords Computer generated passwords Users have trouble remembering them Reactive password checking System periodically runs its own password cracker to find guessable passwords Complex password policy

Passwords How Are Passwords Stored? - Hashing

Usually stored as hashes (not plain text) - Plain-text is converted into a message digest through use of a hashing algorithm (i.e. MD5, SHA)

Passwords How Are Passwords Stored

• Also stored password file in directory: /etc/passwd/ - World-readable (anyone who accessed the machine would be able to copy the password file to crack at their leisure) - Contained userIDs/groupIDs used by many system programs - Can instruct modern UNIXes to use MD5 hash function

Passwords Dictionary Attack

• Attacker can compute H(word) for every word in a dictionary and see if the result is in the password file • With 1,000,000-word dictionary and assuming 10 guesses per second, brute-force online attack takes 50,000 seconds (14 hours) on average - This is very conservative; Offline attack is much faster!

Biometric 生物識別 Authentication

• Attempts to authenticate an individual based on unique physical characteristics • Based on pattern recognition • Is technically complex and expensive when compared to passwords and tokens • Physical characteristics used include: o Facial characteristics o Fingerprints oHand geometry o Retinal pattern o Iris o Signature o Voice

Passwords AAA of Password Security

• Authentication (& Identification) - Establishes that the user is who they say they are (credentials). • Authorisation - The process used to decide if the authenticated person is allowed to access specific information or functions. • Access Control - Restriction of access (includes authentication & authorisation)

Remote User Authentication

• Authentication over a network, the Internet, or a communications link is more complex • Additional security threats such as: • Eavesdropping, capturing a password, replaying an authentication sequence that has been observed • Generally rely on some form of a challenge-response protocol to counter threats

Memory Cards

• Can store but do not process data • The most common is the magnetic stripe card • Can include an internal electronic memory • Can be used alone for physical access • Hotel room • ATM • Provides significantly greater security when combined with a password or PIN • Drawbacks of memory cards include: • Requires a special reader • Loss of token • User dissatisfaction

Modern Approaches

• Complex password policy • Forcing users to pick stronger passwords • However password-cracking techniques have also improved • The processing capacity available for password cracking has increased dramatically • The use of sophisticated 複雜的 algorithms to generate potential passwords • Studying examples and structures of actual passwords in use

Passwords Types of Password Cracking

• Dictionary Attack - Quick technique that tries every word in a specific dictionary • Hybrid Attack - Adds numbers or symbols to the end of a word • Brute Force Attack - Tries all combinations of letters, numbers & symbols • Popular programs for Windows password cracking- L0phtCrack (discontinued by Symantec when acquired @stake) - Cain & Abel (Windows & UNIX) - John the Ripper (UNIX & Windows) - Sam Inside

Passwords Threats to Password Security, Part 1

• Disclosure - Voluntary disclosure of information - Inadequate guarding of system passwords • Inference - Known pattern to creation of passwords - Use of generated passwords with predictable algorithm • Exposure - Accidental release of password • Loss - Forgetting to remember passwords - Can lead to creation of easy passwords • Snooping/Eavesdropping - Keyloggers - Network sniffing (intercepting of network communication where a password is submitted) • Guessing - Limited amount of choices which can be figured out through process of elimination - Use of blank/common passwords, passwords which can be figured out by knowing name of relatives, pets, etc. • Cracking - Automated "guessing"

Potential impact

• FIPS 199 defines three levels of potential impact on organizations or individuals should there be a breach of security: • Low • An authentication error could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals • Moderate • An authentication error could be expected to have a serious adverse effect • High • An authentication error could be expected to have a severe or catastrophic災難性 adverse effect

Passwords How Are Passwords Stored? - Hashing

• Hash function H must have some properties: - One-way: given H(password), hard to find password • No known algorithm better than trial and error - Collision-resistant: given H(password1), hard to find password2 such that: H(password1) = H(password2) - It should even be hard to find any pair p1,p2 s.t. H(p1)=H(p2)

Passwords Why Cracking is Possible

• Passwords are NOT truly random - 52 upper/lowercase letters, 10 digits, and 32 punctuation symbols equals 6 quadrillion possible 8-character passwords - People like to use dictionary words, relative and pet names equaling 1 million common passwords - On average, each person has 8-12 passwords: - Different systems impose different password requirements. - Passwords need to be changed often. - Some passwords are only used occasionally.

Smart Tokens

• Physical characteristics: o Include an embedded嵌入式 microprocessor o A smart token that looks like a bank card o Can look like calculators, keys, small portable objects • Interface: o Manual interfaces include a keypad and display for interaction 相互作用 o Electronic interfaces communicate with a compatible 兼容 reader/writer • Authentication protocol: o Classified into three categories: • Static • Dynamic password generator • Challenge-response

Passwords Cracking Protection - Salting

• Salting requires adding a random piece of data and to the password before hashing it. - This means that the same string will hash to different values at different times - Users with same password have different entries in the password file - Salt is stored with the other data as a complete hash • Hacker has to get the salt add it to each possible word and then rehash the data prior to comparing with the stored password.

Passwords Impact on Security

• Simple hacking tools are available to anyone who looks for them on the Internet. • Tools such as Cain & Abel allow admittance into almost anyone's account if a simple eight-digit password is used. People are frightened when they learn that using only an eightdigit password with standard numbers and letters will allow anyone to figure out their passwords in less than two minutes when one downloads a publicly available tool like LOphtCrack from the Internet. This was the kind of tool which we found nothing terribly sophisticated. - Richard Clark, Presidents Advisor on Cyber Security (2001-2003) Old Quote, but still applies • Sometimes even hacking tools aren't even necessary

Passwords Authentication Protocols

• TRANSFORMED PASSWORD - Password transformed using one way function before transmission - Prevents eavesdropping but not replay • CHALLENGE-RESPONSE - Server sends a random value (challenge) to the client along with the authentication request. This must be included in the response - Protects against replay Passwords Authentication Protocols • TIME STAMP - The authentication from the client to server must have time-stamp embedded - Server checks if the time is reasonable - Protects against replay - Depends on synchronization of clocks on computers • ONE-TIME PASSWORD - New password obtained by passing user-password through one-way function n times which keeps incrementing - Protects against replay as well as eavesdropping

Passwords Cracking Protection - Iteration Count

• The same password can be rehashed many times over to make it more difficult for the hacker to crack the password. • This means that the precompiled dictionary hashes are not useful since the iteration count is different for different systems - Dictionary attack is still possible!

Passwords Cracking Protection - Salting Advantages

• Without salt, attacker can precompute hashes of all dictionary words once for all password entries - Same hash function on all UNIX machines - Identical passwords hash to identical values; one table of hash values can be used for all password files Passwords Cracking Protection - Salting Advantages • With salt, attacker must compute hashes of all dictionary words once for each password entry - With 12-bit random salt, same password can hash to 212 different hash values - Attacker must try all dictionary words for each salt value in the password file

The four means of authenticating user identity are based on:

• sth the individual know • Password, PIN, answers to prearranged 預先安排 questions • sth individual processes (token) • Smartcard, electronic , keycard, physical key • sth individual static biometrics • Fingerprint, retina, face • sth individual dynamic biometrics • Voice pattern, handwriting, typing rhythm

Authentication Process

•Fundamental: building block and primary line of defense •Basis for access control and user accountability •Identification step: Presenting an identifier to the security system • Verification step: Presenting or generating authentication information that corroborates 證實 the binding 綑綁 between the entity and the identifier

Smart Cards

•Most important category of smart token o Has the appearance of a credit card o Has an electronic interface o May use any of the smart token protocols • Contain: o An entire microprocessor • Processor • Memory • I/O ports • Typically include three types of memory: o Read-only memory (ROM) • Stores data that does not change during the card's life o Electrically erasable programmable ROM (EEPROM) • Holds application data and programs o Random access memory (RAM) • Holds temporary data generated when applications are executed

Password Authentication

•Widely used line of defense against intruders 入侵者 • User provides name/login and password • System compares password with the one stored for that specified login •The user ID: • Determines that the user is authorized to access the system • Determines the user's privileges • Is used in discretionary access control