350 likes | 490 Vues
CSCE 522 Identification and Authentication. Reading. Reading for this lecture: Required: Pfleeger : Ch. 4.5, Ch. 4.3 Kerberos
E N D
Reading • Reading for this lecture: Required: • Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos • An Introduction to Computer Security: The NIST Handbook, http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf : Chapter 16, Identification and Authentication, pages 180-194 • Recommended: • Smart Card Alliance, http://www.smartcardalliance.org/ • Securing Digital Identities & Information, strong authenticationhttp://www.entrust.com/authentication/index.htm • Certificate Authority GlobalSign Loses Critical Data to ComodoHacker, http://techie-buzz.com/tech-news/globalsign-attack-certificate-authority-data-leak.html , Sept 8, 2011 • Reading for next lecture: • Pfleeger: Ch. 4.3 and 4.4 CSCE 522 - Farkas
Identification Establishes the identity of an individual/system/ap-plication/etc. Proof of identity: password, driver’s license, Id card, etc. CSCE 522 - Farkas
Authentication • Allows an entity (a user or a system) to prove its identity within a context, e.g., computer system • Typically, the entity whose identity is verified reveals knowledge of some secret S to the verifier • Strong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier CSCE 522 - Farkas
Authentication Information Must be securely maintained by the system. CSCE 522 - Farkas
Elements of Authentication • Person/group/code/system: to be authenticated • Distinguishing characteristics: differentiates the entities to be authenticated • Proprietor/system owner/administrator: responsible for the system • Authentication mechanism: verify the distinguishing characteristics • Access control mechanism: grant privileges upon successful authentication CSCE 522 - Farkas
Authentication Requirements • Network must ensure • Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages • Network must ensure data source is the one claimed • Authentication generally follows identification • Establish validity of claimed identity • Provide protection against fraudulent transactions CSCE 522 - Farkas
User Authentication • What the user knows • Password, personal information • What the user possesses • Physical key, ticket, passport, token, smart card • What the user is (biometrics) • Fingerprints, voiceprint, signature dynamics CSCE 522 - Farkas
Passwords • Commonly used method • For each user, system stores (user name, F(password)), where F is some transformation (e.g., one-way hash) in a password file • F(password) is easy to compute • From F(password), password is difficult to compute • Password is not stored in the system • When user enters the password, system computes F(password); match provides proof of identity CSCE 522 - Farkas
Vulnerabilities of Passwords • Inherent vulnerabilities • Easy to guess or snoop • No control on sharing • Practical vulnerabilities • Visible if unencrypted in distributed and network environment • Susceptible for replay attacks if encrypted naively • Password advantage • Easy to modify compromised password. CSCE 522 - Farkas
Attacks on Password • Guessing attack/dictionary attack • Social Engineering • Sniffing • Trojan login • Van Eck sniffing CSCE 522 - Farkas
Guessing Attack • Exploits human nature to use easy to remember passwords • Trial-and-error attack • Easy to detect (failed logins) and block • Problem: if the attacker has access to the password file (even if it is encrypted) • Need audit mechanism CSCE 522 - Farkas
Social Engineering • Attacker asks for password by masquerading as somebody else (not necessarily an authenticated user) • May be difficult to detect • Protection against social engineering: strict security policy and users’ education CSCE 522 - Farkas
Dictionary Attacks on Passwords • Attack 1: • Create dictionary of common words and names and their simple transformations • Use these to guess password • Attack 2: • Usually F is public and so is the password file (encrypted) • Compute F(word) for each word in dictionary • Find match CSCE 522 - Farkas
Password Salt • Used to make dictionary attack more difficult • Salt is a 12 bit number between 0 and 4095 • It is derived from the system clock and the process identifier • Compute F(password+salt); both salt and F(password+salt) are stored in the password table • User: gives password, system finds salt and computes F(password+salt) and check for match Better!: use a random number, user authenticates by sending F(password+random number) || random number CSCE 522 - Farkas
Password Management Policy • Educate users to make better choices • Define rules for good password selection and ask users to follow them • Ask or force users to change their password periodically • Actively attempt to break user’s passwords and force users to change broken ones • Screen password choices CSCE 522 - Farkas
One-time Password Use the password exactly once! The first use of the password would grant access; a second or subsequent use of the same password would not CSCE 522 - Farkas
Lamport’s scheme • Doesn’t require any special hardware • System computes one-way function F, such as F(x),F2(x),…, F1000(x) • System stores user’s name and F1000(x) • User supplies F999(x) the first time • If the login is correct, system replaces F1000(x) with F999(x) • Next login: user supplies F998(x) … and so on • User calculates Fn(x) using a hand-held calculator, a workstation, or other devices CSCE 522 - Farkas
Time Synchronized • There is a hand-held authenticator • It contains an internal clock, a secret key, and a display • Display outputs a function of the current time and the key • It changes about once per minute • User supplies the user id and the display value • Host uses the secret key, the function and its clock to calculate the expected output • Login is valid if the values match CSCE 522 - Farkas
Time Synchronized Problem: Need time synchronization between device and server Secret key Time DES One Time Password CSCE 522 - Farkas
Challenge Response • Non-repeating challenges from the host is used • The device requires a keypad Network Work station Host User ID Challenge Response CSCE 522 - Farkas
Challenge Response Secret key Challenge DES One Time Password CSCE 522 - Farkas
Devices with Personal Identification Number (PIN) • Devices are subject to theft, some devices require PIN (something the user knows) • PIN is used by the device to authenticate the user • Problems with challenge/response schemes • Key database is extremely sensitive • This can be avoided if public key algorithms are used CSCE 522 - Farkas
Smart Cards • Portable devices with a CPU, I/O ports, and some nonvolatile memory • Can carry out computation required by public key algorithms and transmit directly to the host • Some use biometrics data about the user instead of the PIN CSCE 522 - Farkas
Biometrics • Fingerprint • Retina scan • Voice pattern • Signature • Typing style CSCE 522 - Farkas
Problems with Biometrics • Expensive • Retina scan (min. cost) about $ 2,200 • Voice (min. cost) about $ 1,500 • Signature (min. cost) about $ 1,000 • False readings • Retina scan 1/10,000,000+ • Signature 1/50 • Fingerprint 1/500 • Can’t be modified when compromised CSCE 522 - Farkas
Identity Management pswd pswd System 1 System 2 I am Ann. Here is my Password1. I am Ann. Here is my Password2. pswd I am Ann. Here is my Password3. System 3 Distributed, heterogeneous domain User credentials Performance CSCE 522 - Farkas
Identity Management cont. • Need verifiable proof of identity – without being authenticated during every single interaction • Digital certificate: links identity and public key together • A user can prove his/her identity by signing the messages with his/her private key CSCE 522 - Farkas
Digital Certificates Most common digital certificate: X.509 Initially issued in 1988 Rely on PKI and hierarchy of certificate authorities Certificate Authority: issue and revoke digital certificates, accepts user notifications, publishes revocation list CSCE 522 - Farkas
Digital Certificates Basic Content • … • Issuer • Validity • Not Before • Not After • Subject • Subject Public Key Info • Public Key Algorithm • Subject Public Key • … • Certificate Signature Algorithm • Certificate Signature CSCE 522 - Farkas
Problem with X.509 • Large file • Long duration needs validation of certificate for revocation • Why are digital certificates revoked? • Exposure of private key • Incorrect/unauthorized issuance • Termination of assignment CSCE 522 - Farkas
Return to Multiple Authentication CA Verify Certificate System 1 System 2 I am Ann. Here is my X.509 I am Ann. Here is my X.509 I am Ann. Here is my X.509 System 3 CSCE 522 - Farkas
Single Sign On CA Verify Certificate I am Ann. Here is my X.509. Give me a locally verifiable token. System 1 System 2 I am Ann. Here is my SAML token SAML token I am Ann. Here is my SAML token System 3 CSCE 522 - Farkas
Next Class • Access Control CSCE 522 - Farkas