Computer Security Chapter 3
What are some common password choices?
1.) Users may pick short passwords e.g. 3% were 3 chars or less, easily guessed system can reject choices that are too short Hacker Keeps trying Countermeasure: character limit of 8
What are the 3 purposes that salt serves?
1.)It prevents duplicate passwords from being visible in password file. Hashed passwords of two users (having same passwords) will differ 2.) Difficult of offline dictionary attacks: b bits, possible pswd increased by 2b 3.) Difficult to find out person with pswds on 2 more systems has used same pswd on all! The attacked must take ea guess to submit hash function for salt value, multiplying # of guesses checked Counter: password cracker
What are some common password choices?
2.) Users may pick guessable passwords (street name, comn) so crackers use lists of likely passwords (see next slide) e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them would take about 1 hour on fastest systems to compute all variants, and only need 1 break!
What are some extremes that occur with users making passswords?
Extreme 1: Many users choose passwords that are too short, too easy to guess Extreme 2: System can assign random passwords to users, but users won't remember them , the furthest or highest degree of something
Rule Enforcement
8+ chars upper/lower/numeric/punctuation (in first 8 charcters must include at least one of each) Countermeasures: alerts crackers which passwords not to try Password cracker (ensure a password is not on the "disapproved" list) space issue: dictionary list must be large to be effective time issue: search time is too long
Explain the Salt Value Diagram?
Page 76
Exploiting Multiple password use
Attacks can also become much more effective or damaging if different network devices share the same or a similar password for a given users. Countermeasures: a policy that forbids the same of similar password on particular network devices.
Computer-generated passwords
By forming pronounceable syllables and concatenating them to form a word (not random passwords that users can't remember)
How are passwords attempted to be cracked?
Dictionary attacks Try each word then obvious variants in large dictionary against hash in password file (backward word spelling, additional #, characters)
Rainbow Table
For each password, attacker generates the hash values associated with each possible salt value. A mammoth table of hash values (which increases attacker's storage space cost) e.g. 1.4GB table cracks 99.9% of alphanumeric Windows passwords in 13.8 seconds (2003 results) Not feasible if larger salt values used
Shadow Password File
Hashed passwords are kept in seperate file from user IDs
Biometric Accuracy
If a user (User 1) is tested by the system many times, the matching score s will vary, with a pdf typically forming a Gaussian distribution A different user (User 2) should have a much lower matching score that also exhibit a Gaussian pdf (page 91)
Exploiting User Mistakes
If the system assigns a password, the the user is more likely to write it down because it is difficult to remember. This situation creates the potential for an adversary to read the written password. User may intentionally share a password, to enable a colleague to share files, for example. Social engineering hackers are able to trick user in revealing password.. Computer are shipped with reconfigured passwords for system administrators, unless they are changed they are easily guessed. Countermeasures: user training, intrusion detection, simple passwords combined with another authentication mechanism.
Unix Implementations
Original scheme used DES for hashing 12-bit salt Password 8 character in length (forming 56-bit key) Two-stage hashing To slow hashing: Whole process is repeated 25 times Result: 64-bit hash, then 64-bit block is translated to an 11-character sequence NOW ITS WEAK e.g. supercomputer can process > 50 million password guesses in about 80 min: COMPATIBLE
Electronic Monitoring
Password is communicated across across a network to log on to a remote system, eavesdropping. Replay attack Encrypted network links cannot solve this problem (encrypted password is the password and can be observed and reused by adversary)
What are some improved UNIX hash/salt schemes?
Scheme based on MD5 secure hash algorithm 48-bit salt Unlimited password length To slow hashing process: hashed with 1000 times (inner loop) Result: 128-bit hash OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt 128-bit salt Password up to 55 characters Result: 192-bit hash
Space (password cracker-"bad passwords dictionary)
The dictionary must be very large to be effective. Ex:Purude study occupies more than 30 megabytes of storage
Time (password cracker-"bad passwords dictionary)
To check for likely permutations of dictionary words, those words must be included in dictionary making it truly huge!
Biometric Accuracy
Tradeoff: Decrease in false match rate results in increase in false nonmatch rate High security app may require a very low false match rate so move t higher to the right Forensic app may call for a low false nonmatch rate (because system is looking for possible candidates to check further) so move t lower to the left Reasonable tradeoff: Pick a t that corresponds to a point where rates are equal
What are some password guessing strategies?
Try user's name, initials, account name, other relevant personal info: 130 permutations per user Try words from dictionaries:60,000 words compiled Try various permutations on words from last step e.g. make the first letter upper case, make the entire word uppercase, reverse the word, etc.: 1 million words 2 list Try various capitalization permutation on words from step 2 not considered in step 3: 2 million words to list 3 million total: Thinkinkimg Machines crack under 1 hour, 25% success rate!
Proactive password checking
a user is allowed to select his or her own password, system checks to see if its allowable, if not rejects its ass. : Balance between user acceptability and strength
Trojan horse
application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric. The adversary can then use the captured information to masquerade as a legitimate user. A simple example of this is a rogue bank machine used to capture user ID/password combinations
Client Attacks
are those in which an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path. The adversary attempts to masquerade as a legitimate user. many bits are required to represent the password. Another countermeasure is to limit the number of attempts that can be made in a given time period from a given source. attacker has no access to remote host or network link (e.g., guess password) Limit attempts
denial-of-service
attempts to disable a user authentication service by flooding the service with numerous authentication attempts. Multi-factor (because attacker must first acquire token to initiate attack)
Eavesdropping
context of passwords refers to an adversary's attempt to learn the password by observing the user, finding a written copy of the password, or some similar attack that involves the physical proximity of user and adversary. example is keystroke logging Countermeasure: Multi-factor authentication
Host attacks
directed at the user file at the host where passwords, token passcodes, or biometric templates are stored. e.g., password file) Hashing
What are some vulnerabilities from a password file access control?
exploit O/S bug to extract password file accident of protection renders password file readable users with same password on other systems access from unprotected backup media (poor physical security) sniff passwords in unprotected network traffic
Salt Value
fixed length, this value is related to the time at which the password is assigned to the user.Serve as inputs to a hashing algorithm to prodcue a fixed-lenght hash code.Stored with corresponding user id. Secure for crptanalytic attacks.
Password Protocol-Nonce
host generates a roandom number r and returns it to user host specifies two functions, h()and f() to be used in response hash function of the user's password combined with the random number using the function f. The host stores the hash function of each registered user's password, depicted as h(P(U)) for user U. When the response arrives, the host compares the incoming f(r, h(P)) to the calculated f(r, h(P(U))). If the quantities match, the user is authenticated. Chart on 93
Replay
involve an adversary repeating a previously captured user response. The most common countermeasure to such attacks is the challenge- response protocol.
Biometric Accuracy Chart
page 91
Actual Biometric Accurary Chart
page 92
Theoretical Biometric Accuracy
page 92
Dynamic Biometric Protocol
remote user authentication (pg 94)
Static Biometric Protocol
remote user authentication (pg 94)
Token Protocol
remote user authentication (pg 94)
Reacitve Password Checking
strategy is one in which the system periodoically runs its own password cracked to find guessable passwords. The system cancels any passwords that are guessed and notifies the user EXL Jack the Ripper Password (existing passwords remain vulnerable until the reactive password checker finds them)
What are the 4 goals in eliminating guessable passwords while allowing the user to select a password thats memorizable?
user education computer-generated passwords reactive password checking (e.g., "Jack the Ripper" password cracker) proactive password checking (e.g., pam_passwdqc)
User Education
using hard to guess passwords and can be provided with guidelines for selecting strong passwords Useful when there is a large user population