Computer Security Chapter 3

What are some common password choices?

1.) Users may pick short passwords e.g. 3% were 3 chars or less, easily guessed system can reject choices that are too short Hacker Keeps trying Countermeasure: character limit of 8

What are the 3 purposes that salt serves?

1.)It prevents duplicate passwords from being visible in password file. Hashed passwords of two users (having same passwords) will differ 2.) Difficult of offline dictionary attacks: b bits, possible pswd increased by 2b 3.) Difficult to find out person with pswds on 2 more systems has used same pswd on all! The attacked must take ea guess to submit hash function for salt value, multiplying # of guesses checked Counter: password cracker

What are some common password choices?

2.) Users may pick guessable passwords (street name, comn) so crackers use lists of likely passwords (see next slide) e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them would take about 1 hour on fastest systems to compute all variants, and only need 1 break!

What are some extremes that occur with users making passswords?

Extreme 1: Many users choose passwords that are too short, too easy to guess Extreme 2: System can assign random passwords to users, but users won't remember them , the furthest or highest degree of something

Rule Enforcement

8+ chars upper/lower/numeric/punctuation (in first 8 charcters must include at least one of each) Countermeasures: alerts crackers which passwords not to try Password cracker (ensure a password is not on the "disapproved" list) space issue: dictionary list must be large to be effective time issue: search time is too long

Explain the Salt Value Diagram?

Page 76

Exploiting Multiple password use

Attacks can also become much more effective or damaging if different network devices share the same or a similar password for a given users. Countermeasures: a policy that forbids the same of similar password on particular network devices.

Computer-generated passwords

By forming pronounceable syllables and concatenating them to form a word (not random passwords that users can't remember)

How are passwords attempted to be cracked?

Dictionary attacks Try each word then obvious variants in large dictionary against hash in password file (backward word spelling, additional #, characters)

Rainbow Table

For each password, attacker generates the hash values associated with each possible salt value. A mammoth table of hash values (which increases attacker's storage space cost) e.g. 1.4GB table cracks 99.9% of alphanumeric Windows passwords in 13.8 seconds (2003 results) Not feasible if larger salt values used

Shadow Password File

Hashed passwords are kept in seperate file from user IDs

Biometric Accuracy

If a user (User 1) is tested by the system many times, the matching score s will vary, with a pdf typically forming a Gaussian distribution A different user (User 2) should have a much lower matching score that also exhibit a Gaussian pdf (page 91)

Exploiting User Mistakes

If the system assigns a password, the the user is more likely to write it down because it is difficult to remember. This situation creates the potential for an adversary to read the written password. User may intentionally share a password, to enable a colleague to share files, for example. Social engineering hackers are able to trick user in revealing password.. Computer are shipped with reconfigured passwords for system administrators, unless they are changed they are easily guessed. Countermeasures: user training, intrusion detection, simple passwords combined with another authentication mechanism.

Unix Implementations

Original scheme used DES for hashing 12-bit salt Password 8 character in length (forming 56-bit key) Two-stage hashing To slow hashing: Whole process is repeated 25 times Result: 64-bit hash, then 64-bit block is translated to an 11-character sequence NOW ITS WEAK e.g. supercomputer can process > 50 million password guesses in about 80 min: COMPATIBLE

Electronic Monitoring

Password is communicated across across a network to log on to a remote system, eavesdropping. Replay attack Encrypted network links cannot solve this problem (encrypted password is the password and can be observed and reused by adversary)

What are some improved UNIX hash/salt schemes?

Scheme based on MD5 secure hash algorithm 48-bit salt Unlimited password length To slow hashing process: hashed with 1000 times (inner loop) Result: 128-bit hash OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt 128-bit salt Password up to 55 characters Result: 192-bit hash

Space (password cracker-"bad passwords dictionary)

The dictionary must be very large to be effective. Ex:Purude study occupies more than 30 megabytes of storage

Time (password cracker-"bad passwords dictionary)

To check for likely permutations of dictionary words, those words must be included in dictionary making it truly huge!

Biometric Accuracy

Tradeoff: Decrease in false match rate results in increase in false nonmatch rate High security app may require a very low false match rate so move t higher to the right Forensic app may call for a low false nonmatch rate (because system is looking for possible candidates to check further) so move t lower to the left Reasonable tradeoff: Pick a t that corresponds to a point where rates are equal

What are some password guessing strategies?

Try user's name, initials, account name, other relevant personal info: 130 permutations per user Try words from dictionaries:60,000 words compiled Try various permutations on words from last step e.g. make the first letter upper case, make the entire word uppercase, reverse the word, etc.: 1 million words 2 list Try various capitalization permutation on words from step 2 not considered in step 3: 2 million words to list 3 million total: Thinkinkimg Machines crack under 1 hour, 25% success rate!

Proactive password checking

a user is allowed to select his or her own password, system checks to see if its allowable, if not rejects its ass. : Balance between user acceptability and strength

Trojan horse

application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric. The adversary can then use the captured information to masquerade as a legitimate user. A simple example of this is a rogue bank machine used to capture user ID/password combinations

Client Attacks

are those in which an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path. The adversary attempts to masquerade as a legitimate user. many bits are required to represent the password. Another countermeasure is to limit the number of attempts that can be made in a given time period from a given source. attacker has no access to remote host or network link (e.g., guess password) Limit attempts

denial-of-service

attempts to disable a user authentication service by flooding the service with numerous authentication attempts. Multi-factor (because attacker must first acquire token to initiate attack)

Eavesdropping

context of passwords refers to an adversary's attempt to learn the password by observing the user, finding a written copy of the password, or some similar attack that involves the physical proximity of user and adversary. example is keystroke logging Countermeasure: Multi-factor authentication

Host attacks

directed at the user file at the host where passwords, token passcodes, or biometric templates are stored. e.g., password file) Hashing

What are some vulnerabilities from a password file access control?

exploit O/S bug to extract password file accident of protection renders password file readable users with same password on other systems access from unprotected backup media (poor physical security) sniff passwords in unprotected network traffic

Salt Value

fixed length, this value is related to the time at which the password is assigned to the user.Serve as inputs to a hashing algorithm to prodcue a fixed-lenght hash code.Stored with corresponding user id. Secure for crptanalytic attacks.

Password Protocol-Nonce

host generates a roandom number r and returns it to user host specifies two functions, h()and f() to be used in response hash function of the user's password combined with the random number using the function f. The host stores the hash function of each registered user's password, depicted as h(P(U)) for user U. When the response arrives, the host compares the incoming f(r, h(P)) to the calculated f(r, h(P(U))). If the quantities match, the user is authenticated. Chart on 93

Replay

involve an adversary repeating a previously captured user response. The most common countermeasure to such attacks is the challenge- response protocol.

Biometric Accuracy Chart

page 91

Actual Biometric Accurary Chart

page 92

Theoretical Biometric Accuracy

page 92

Dynamic Biometric Protocol

remote user authentication (pg 94)

Static Biometric Protocol

remote user authentication (pg 94)

Token Protocol

remote user authentication (pg 94)

Reacitve Password Checking

strategy is one in which the system periodoically runs its own password cracked to find guessable passwords. The system cancels any passwords that are guessed and notifies the user EXL Jack the Ripper Password (existing passwords remain vulnerable until the reactive password checker finds them)

What are the 4 goals in eliminating guessable passwords while allowing the user to select a password thats memorizable?

user education computer-generated passwords reactive password checking (e.g., "Jack the Ripper" password cracker) proactive password checking (e.g., pam_passwdqc)

User Education

using hard to guess passwords and can be provided with guidelines for selecting strong passwords Useful when there is a large user population