310 likes | 472 Vues
IS 302: Information Security and Trust Week 9: User Authentication (part II) and Introduction to Internet Security. 2012. Review. Review of weak pwd authentication Unix pwd Windows password (LM and NT hashes) Attacks (dictionary and brute-force). Strong Password Authentication.
E N D
IS 302: Information Security and TrustWeek 9: User Authentication (part II) and Introduction to Internet Security 2012
Review • Review of weak pwd authentication • Unix pwd • Windows password (LM and NT hashes) • Attacks (dictionary and brute-force)
Strong Password Authentication • Lamport scheme • Challenge response • Time stamp • To address eavesdropping and replay attacks in communications
I. Lamport Scheme • Registration phase • H: one way hash function • Bob: choose a secret s; compute and send w0=H^100(s) to Alice in a secure manner Mallory s Bob, w0=H^100(s) Bob Alice H^100(s)
Lamport scheme: first-time authentication • Bob sends one-time password w1=H^99(s) to Alice • Alice authenticates Bob by checking if H(w1)=w0 • If match, Alice replaces w0 with w1=H^99(s) Mallory s Bob, w0=H^100(s) w1=H^99(s) Bob Alice
Lamport scheme: second time authentication • Bob sends one-time password w2=H^98(s) to Alice • Alice authenticates Bob by checking if H(w2)=w1 • If match, Alice replaces w1 with w2=H^98(s) Mallory s Bob, w1=H^99(s) w2=H^98(s) Bob Alice
Discussion • Why is Lamport scheme secure against eavesdropping and replay attacks? • How many times can Alice authenticate Bob in Lamport scheme? After that?
II. Challenge Response Scheme • Alice and Bob share a pwd or pwd hash S • Upon receiving Bob’s id and authentication request, Alice sends Bob a non-repeating challenge C • Bob responses with R=E(S,C) or H(S,C) Mallory Bob id S Non-repeating challenge C S Bob Response R=E(S,C) or H(S,C) Alice
Discussion • Why is challenge response scheme secure against eavesdropping and replay attacks? • What is the difference between challenge response scheme and Lamport’s scheme?
Case Study: MS Authentication Protocol (NTLM) • Windows 2000, NT, XP, Vista, Windows 7 Type 1 msg: a set of flags client server (enc key sizes, req for mutual auth) Type 2 msg: a set of flags + client server random challenge (8 bytes) Type 3 msg: server response = MD4/MD5 hashing or DES enc client server (server challenge + client pwd hash)
NTLMv1 and NTLMv2 • LM-hash of pw: 16 bytes (DES+DES) • NT-hash of pw: 16 bytes (MD4) • C= 8-byte server challenge, random • K1 | K2 | K3 = NT-hash | 5 bytes-0 • R1 = DES(K1,C) | DES(K2,C) | DES(K3,C) • K1 | K2 | K3 = LM-hash | 5 bytes-0 • R2 = DES(K1,C) | DES(K2,C) | DES(K3,C) • Response = R1 | R2 • CS= 8-byte server challenge, random • CC=8-byte client challenge, random • CC* =8-byte client information (X, time, CC, domain name) • v2-Hash = HMAC-MD5(NT-hash, user name, domain name) • LMv2 = HMAC-MD5(v2-hash, CS, CC) • NTv2=HMAC-MD5(v2-hash, CS, CC*) • Response = LMv2 | CC | NTv2 | CC*
III. Time Stamp Scheme • Alice and Bob keep synchronized clocks • Time T is used as one-time “challenge” • Bob sends Alice his id, and R=E(S,T) or H(S,T) • Alice verifies R=? E(S,T) or H(S,T) on Bob’s pwd (or pwd hash) S and her current time T Mallory Bob id, R=E(S,T) or H(S,T) S Alice S Bob
Discussion • Why is time stamp secure against eavesdropping and replay attacks? • How do you compare time stamp scheme with challenge response scheme and Lamport scheme?
Introduction to Internet Security • Secure Socket Layer (SSL) • Firewall (FW) • Intrusion Detection System (IDS)
I. SSL Secure socket layer (SSL) or transport layer security (TLS) • Secure communications between clients and server in internet • TCP SSL web applications Application protocol SMTP,HTTP,FTP… TCP SSL IP Network Interface TCP/IP Protocol Stack
SSL functionalities • Server authentication with certificate • Optional client authentication • Encrypted channel between server and client
SSL HandShake Protocol 1.SSL Request 2.Server public key certificate Web client Web server 3. random number R encrypted using server public key 4. Both compute session key based on R and switch to encrypted tunnel (https)
Typical Applications with SSL • E-commerce • VPN
II. FW • Filter and audit traffic between internal and external network • Prevent unauthorized access to a private network Internal network External network Firewall
FW Policies • Close policy: Default deny, allow (white list) firewall (p: packet) { if (allow(p)) forward(p); else drop(p); } • Open policy: Default permit, deny (black list) firewall (p: packet) { if (deny(p)) drop(p); else forward(p); }
Close Policy Example boolean allow(packet p){ if (match(p.srcIP, 202.161.*.*) and match (p.dstPort, 25)) return true; elseif (match(p.srcIP, 202.161.*.*) and match (p.dstPort, 80)) return true; else return false; }
Open Policy Example boolean deny(packet p){ if (match(p.srcIP, 137.132.*.*) and match (p.dstPort, 25)) return true; elseif (match(p.srcIP, 155.69.*.*) and match (p.dstPort, 80)) return true; else return false; }
Windows FW • start cmd firewall.cpl advanced settings • Inbound rules • Outbound rules
Limitation of FW Internal network External network Firewall
III. Intrusion Detection System (IDS) • IDS should alert an attack in progress • With high accuracy • In real time manner • With complete diagnosis • With effective recommendations on how to react
Accuracy of IDS • False positive (alarm) rate • #false-alerts/#alerts • False negative (miss) rate • #missed-attacks/#attacks
Signature based IDS Signature: DB of known attack patterns IDS reports situations that match signatures Good: Low false alarm rates, instantaneous detection Bad: Cannot detect new attacks Anomaly based IDS Profile: model of normal behaviors IDS reports situations that deviate from profiles Good: Can detect some new attacks Bad: High false alarm rates, high complexity Signature-Based Vs Anomaly-Based
Why false alarm rate is high in anomaly-based detection • Analogy • Test for a disease is 99% accurate • 100 disease-free people tested, 99 test negative • 100 diseased people tested, 99 test positive • Prevalence of disease is 1 in 10,000 • Alice tests positive • What is probability Alice has the disease? 1 in 101 (101=1*99%+9,999*1%) • False alarm rate: 100 in 101 99% • Now assume that test is 99.98% accurate • What is the false alarm rate? INFT 865 Ravi Sandhu 2000
Advantages Complement firewall Continues to improve Disadvantages False alarms Miss some new attacks Require security personnel to handle alarms and monitor track records IDS Summary
Review • How long is NTLM (v1) response message? • 64 bits • 128 bits • 384 bits • Which of the following must have a cert in SSL? • Client • Server • Both • To detect new attacks, you need to choose • Firewall • Signature-based IDS • Anomaly-based IDS