1 / 31

2012

IS 302: Information Security and Trust Week 9: User Authentication (part II) and Introduction to Internet Security. 2012. Review. Review of weak pwd authentication Unix pwd Windows password (LM and NT hashes) Attacks (dictionary and brute-force). Strong Password Authentication.

ania
Télécharger la présentation

2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IS 302: Information Security and TrustWeek 9: User Authentication (part II) and Introduction to Internet Security 2012

  2. Review • Review of weak pwd authentication • Unix pwd • Windows password (LM and NT hashes) • Attacks (dictionary and brute-force)

  3. Strong Password Authentication • Lamport scheme • Challenge response • Time stamp • To address eavesdropping and replay attacks in communications

  4. I. Lamport Scheme • Registration phase • H: one way hash function • Bob: choose a secret s; compute and send w0=H^100(s) to Alice in a secure manner Mallory s Bob, w0=H^100(s) Bob Alice H^100(s)

  5. Lamport scheme: first-time authentication • Bob sends one-time password w1=H^99(s) to Alice • Alice authenticates Bob by checking if H(w1)=w0 • If match, Alice replaces w0 with w1=H^99(s) Mallory s Bob, w0=H^100(s) w1=H^99(s) Bob Alice

  6. Lamport scheme: second time authentication • Bob sends one-time password w2=H^98(s) to Alice • Alice authenticates Bob by checking if H(w2)=w1 • If match, Alice replaces w1 with w2=H^98(s) Mallory s Bob, w1=H^99(s) w2=H^98(s) Bob Alice

  7. Discussion • Why is Lamport scheme secure against eavesdropping and replay attacks? • How many times can Alice authenticate Bob in Lamport scheme? After that?

  8. II. Challenge Response Scheme • Alice and Bob share a pwd or pwd hash S • Upon receiving Bob’s id and authentication request, Alice sends Bob a non-repeating challenge C • Bob responses with R=E(S,C) or H(S,C) Mallory Bob id S Non-repeating challenge C S Bob Response R=E(S,C) or H(S,C) Alice

  9. Discussion • Why is challenge response scheme secure against eavesdropping and replay attacks? • What is the difference between challenge response scheme and Lamport’s scheme?

  10. Case Study: MS Authentication Protocol (NTLM) • Windows 2000, NT, XP, Vista, Windows 7 Type 1 msg: a set of flags client server (enc key sizes, req for mutual auth) Type 2 msg: a set of flags + client server random challenge (8 bytes) Type 3 msg: server response = MD4/MD5 hashing or DES enc client server (server challenge + client pwd hash)

  11. NTLMv1 and NTLMv2 • LM-hash of pw: 16 bytes (DES+DES) • NT-hash of pw: 16 bytes (MD4) • C= 8-byte server challenge, random • K1 | K2 | K3 = NT-hash | 5 bytes-0 • R1 = DES(K1,C) | DES(K2,C) | DES(K3,C) • K1 | K2 | K3 = LM-hash | 5 bytes-0 • R2 = DES(K1,C) | DES(K2,C) | DES(K3,C) • Response = R1 | R2 • CS= 8-byte server challenge, random • CC=8-byte client challenge, random • CC* =8-byte client information (X, time, CC, domain name) • v2-Hash = HMAC-MD5(NT-hash, user name, domain name) • LMv2 = HMAC-MD5(v2-hash, CS, CC) • NTv2=HMAC-MD5(v2-hash, CS, CC*) • Response = LMv2 | CC | NTv2 | CC*

  12. III. Time Stamp Scheme • Alice and Bob keep synchronized clocks • Time T is used as one-time “challenge” • Bob sends Alice his id, and R=E(S,T) or H(S,T) • Alice verifies R=? E(S,T) or H(S,T) on Bob’s pwd (or pwd hash) S and her current time T Mallory Bob id, R=E(S,T) or H(S,T) S Alice S Bob

  13. Discussion • Why is time stamp secure against eavesdropping and replay attacks? • How do you compare time stamp scheme with challenge response scheme and Lamport scheme?

  14. Break

  15. Introduction to Internet Security • Secure Socket Layer (SSL) • Firewall (FW) • Intrusion Detection System (IDS)

  16. I. SSL Secure socket layer (SSL) or transport layer security (TLS) • Secure communications between clients and server in internet • TCP  SSL  web applications Application protocol SMTP,HTTP,FTP… TCP SSL IP Network Interface TCP/IP Protocol Stack

  17. SSL functionalities • Server authentication with certificate • Optional client authentication • Encrypted channel between server and client

  18. SSL HandShake Protocol 1.SSL Request 2.Server public key certificate Web client Web server 3. random number R encrypted using server public key 4. Both compute session key based on R and switch to encrypted tunnel (https)

  19. Typical Applications with SSL • E-commerce • VPN

  20. II. FW • Filter and audit traffic between internal and external network • Prevent unauthorized access to a private network Internal network External network Firewall

  21. FW Policies • Close policy: Default deny, allow (white list) firewall (p: packet) { if (allow(p)) forward(p); else drop(p); } • Open policy: Default permit, deny (black list) firewall (p: packet) { if (deny(p)) drop(p); else forward(p); }

  22. Close Policy Example boolean allow(packet p){ if (match(p.srcIP, 202.161.*.*) and match (p.dstPort, 25)) return true; elseif (match(p.srcIP, 202.161.*.*) and match (p.dstPort, 80)) return true; else return false; }

  23. Open Policy Example boolean deny(packet p){ if (match(p.srcIP, 137.132.*.*) and match (p.dstPort, 25)) return true; elseif (match(p.srcIP, 155.69.*.*) and match (p.dstPort, 80)) return true; else return false; }

  24. Windows FW • start cmd  firewall.cpl  advanced settings • Inbound rules • Outbound rules

  25. Limitation of FW Internal network External network Firewall

  26. III. Intrusion Detection System (IDS) • IDS should alert an attack in progress • With high accuracy • In real time manner • With complete diagnosis • With effective recommendations on how to react

  27. Accuracy of IDS • False positive (alarm) rate • #false-alerts/#alerts • False negative (miss) rate • #missed-attacks/#attacks

  28. Signature based IDS Signature: DB of known attack patterns IDS reports situations that match signatures Good: Low false alarm rates, instantaneous detection Bad: Cannot detect new attacks Anomaly based IDS Profile: model of normal behaviors IDS reports situations that deviate from profiles Good: Can detect some new attacks Bad: High false alarm rates, high complexity Signature-Based Vs Anomaly-Based

  29. Why false alarm rate is high in anomaly-based detection • Analogy • Test for a disease is 99% accurate • 100 disease-free people tested, 99 test negative • 100 diseased people tested, 99 test positive • Prevalence of disease is 1 in 10,000 • Alice tests positive • What is probability Alice has the disease? 1 in 101 (101=1*99%+9,999*1%) • False alarm rate: 100 in 101 99% • Now assume that test is 99.98% accurate • What is the false alarm rate? INFT 865 Ravi Sandhu 2000

  30. Advantages Complement firewall Continues to improve Disadvantages False alarms Miss some new attacks Require security personnel to handle alarms and monitor track records IDS Summary

  31. Review • How long is NTLM (v1) response message? • 64 bits • 128 bits • 384 bits • Which of the following must have a cert in SSL? • Client • Server • Both • To detect new attacks, you need to choose • Firewall • Signature-based IDS • Anomaly-based IDS

More Related