1 / 58

Computer Science 653 --- Lecture 2 Passwords

Computer Science 653 --- Lecture 2 Passwords. Professor Wayne Patterson Howard University Fall 2009. Access Control. Access Control. Two parts to access control Authentication: Who goes there? Determine whether access is allowed Authenticate human to machine

ownah
Télécharger la présentation

Computer Science 653 --- Lecture 2 Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Science 653 --- Lecture 2Passwords Professor Wayne Patterson Howard University Fall 2009

  2. Access Control

  3. Access Control • Two parts to access control • Authentication: Who goes there? • Determine whether access is allowed • Authenticate human to machine • Authenticate machine to machine • Authorization: Are you allowed to do that? • Once you have access, what can you do? • Enforces limits on actions • Note: Access control often used as synonym for authorization

  4. Authentication

  5. Who Goes There? • How to authenticate a human to a machine? • Can be based on… • Something you know • For example, a password • Something you have • For example, a smartcard • Something you are • For example, your fingerprint

  6. Something You Know • The most familiar example is the password. The theory is that if you know the secret password for an account, you must be the owner of that account. • There is a problem with this theory: You might give your password away or have it stolen from you. If you write it down, someone might read it. If you tell someone, that person might tell someone else. If you have a simple, easy-to-guess password, someone might guess it or systemically crack it.

  7. Something You Have • Examples are keys, tokens, badges, and smart cards you must have to “unlock” your terminal or your account. The theory is that if you have the key or equivalent, you must be the owner of it. • The problem with this theory is that you might lose the key, it might be stolen from you, or someone might borrow it and duplicate it. Electronic keys, badges, and smart cards are gaining acceptance as authentication devices and as access devices for buildings and computer rooms.

  8. Something You Are • Examples are physiological or behavioral traits such as your fingerprint, handprint, retina pattern, voice, signature, or keystroke pattern. • Biometric systems compare your particular trait against the one stored for you and determine your authenticity. • The problem with these systems is that, on the whole, people aren’t comfortable with them.

  9. Passwords: The First Line of Defense • Remember this: • 8x3;2jqab%

  10. System Access: Logging into Your System • The first way in which a system provides computer security is by controlling access to that system. Who’s allowed to log in? How does the system decide whether a user is legitimate? How does the system keep track of who’s doing what in the system? • What’s really going on when you try to log into a system? It’s a kind of challenge. You tell the system who you are, and the system proves that you are (or you aren’t) who you claim to be. In security terms, this two-step process is called identification and authentication.

  11. Something You Know • Passwords • Lots of things act as passwords! • PIN • Social security number • Mother’s maiden name • Date of birth • Name of your pet, etc.

  12. Passwords: The Method of Choice • Passwords are still, far and away, the authentication tool of choice. In most systems, you identify yourself to the system by entering some kind of unique login identifier, followed by a password. The identifier is typically a name, initials, a login number, or an account number assigned by the system administrator based on your own name and/or group.

  13. Trouble with Passwords • “Passwords are one of the biggest practical problems facing security engineers today.” • “Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed.)”

  14. Why Passwords? • Why is “something you know” more popular than “something you have” and “something you are”? • Cost: passwords are free • Convenience: easier for SA to reset pwd than to issue user a new thumb

  15. Crypto keys Spse key is 64 bits Then 264 keys Choose key at random Then attacker must try about 263 keys Passwords Spse passwords are 8 characters, and 256 different characters Then 2568 = 264 pwds Users do not select passwords at random Attacker has far less than 263 pwds to try (dictionary attack) Keys vs Passwords

  16. The UNIX Example • As you know, for example, UNIX systems display the prompt: • login: • and expect a “name” in response. Other systems may expect an identifier of a specific length --- for example, a 3-character ID or an account number. After you enter your login ID, the system prompts: • Password: • and you type the password, and authenticates your identity by verifying that the entered password is currently valid for your account. • Passwords are your main defense against intruders. To protect your system and your data, you must select good passwords, and you must protect them carefully.

  17. Hints for Protecting Passwords • Both system administrators and users share responsibility share responsibility for enforcing password security. Here are some hints: • A password should be like a toothbrush. Use it every day; change it regularly; and don’t share it with friends. • Don’t allow any logins without passwords. If you’re the administrator, make sure every account has a password. • Don’t keep passwords that may have come with your system. Change all test or guest passwords, for example root, system, test, demo, etc. • Don’t ever let anyone use your password. • Don’t write your password down --- particularly on your computer, or anywhere around your desk. If you ever do write it down, don’t identify it as a password, and don’t write the phone number of the computer on the same piece of paper. • Don’t type a password while anyone else is watching. • Don’t record your password online or send it anywhere by electronic mail. • Don’t make a bad situation worse. If you do share your password, change it immediately. • Don’t keep the same password indefinitely.

  18. After Authentication • Once you’ve been authenticated, the system uses your ID to determine what you’re allowed to do in the system. For example, if you try to modify a sensitive file, the system checks your authenticated user ID against the list of IDs representing users who are authorized to read and write the data in that file.

  19. Bad passwords frank Fido password 4444 Pikachu 102560 AustinStamp Good Passwords? jfIej,43j-EmmL+y 09864376537263 P0kem0N FSa7Yago 0nceuP0nAt1m8 PokeGCTall150 Good and Bad Passwords

  20. Password Experiment • Three groups of users  each group advised to select passwords as follows • Group A: At least 6 chars, 1 non-letter • Group B: Password based on passphrase • Group C: 8 random characters • Results • Group A: About 30% of pwds easy to crack • Group B: About 10% cracked • Passwords easy to remember • Group C: About 10% cracked • Passwords hard to remember winner 

  21. Password Experiment • User compliance hard to achieve • In each case, 1/3rd did not comply (and about 1/3rd of those easy to crack!) • Assigned passwords sometimes best • If passwords not assigned, best advice is • Choose passwords based on passphrase • Use pwd cracking tool to test for weak pwds • Require periodic password changes?

  22. Brute Force Attacks • At one time, a system cracker would have to try to guess your password, one attempt at a time (a so-called brute force attack). Like many things, this process has been automated. In theory, the longer the password, the longer it takes to break by brute force. If a password has eight random characters, the number of possible combinations will be: • (Under the assumption that the allowable characters are the 26 letters, not case-sensitive, and the 10 numerals. Thus, 36 symbols altogether.) • 368 = 2,821,109,907,456  3 trillion. • At one search per microsecond, this is still 2,821,110 seconds, or slightly less than 1000 hours, or about six weeks. (By a standard argument of probability, you only have to expect to wait half that long, or three weeks, before you would hit the right password.)

  23. Case-sensitivity • If you make the passwords case-sensitive, you can improve this to • 628 = 218,340,105,584,896  218 trillion. • And now the same attacker, at a million tries per second, would have to take 70 times as long, or approximately 4 years. • The problem is, users don’t select random, or even decently secure passwords, and a cracker doesn’t need to figure out your password --- any password will do. Unfortunately, users typically pick passwords that are laughably easy to guess --- their initials, their children’s names, their license plates, etc.

  24. Brute Force Attacks in General • The “brute force” or “exhaustive search” password attack relies on trying every potential combination for a password • Thus, in general, if a password system requires entering exactly n symbols, and the allowable symbol set has c elements, the total number of potential passwords is: • c choices for the first symbol, then c choices for the second symbol, … • These are all mutually exclusive, so the total number of choices is c x c … c = cn

  25. Brute Force Attacks (more) • So with cn choices, if our symbol set was case sensitive letters, {A..Z,a..z} (cardinality 52) and we had to enter 7 symbols, the total number of choices would be 527 = 1,028,071,702,528 = 1.0 x 1012 • With in addition numerics and perhaps 4 special symbols {& % # $} and a requirement for 10 symbols, now we have 6610 = 1,568,336,880,910,795,776 = 1.6 x 1018

  26. Brute Force Attacks (more) • The computation gets a little more complicated if the password rule insists on at least one of each type of character, for example; or if the password can have a variable length. • E.g., if we only allowed the 26 letters, and the password could be anywhere from 6 to 10 characters, the total number of choices would be • 266 + 267 + 268 + 269 + 2610 = 146,813,767,122,880 = 1.5 x 1014

  27. How Long will the Attack Take? • It is not unreasonable to think that an automated brute force attack could test one password per microsecond • Thus, 106/sec; 3.6 x 109/hr; ~1011/day • So for the 7-symbol, case-sensitive system, we could try all passwords in 10 days • But: every one of the tries has an equal probability of succeeding; thus, the expectation is that we will succeed by the time we are halfway through. Therefore, 5 days to break this system.

  28. Attacks on Passwords • Attacker could… • Target one particular account • Target any account on system • Target any account on any system • Attempt denial of service (DoS) attack • Common attack path • Outsider  normal user  administrator • May only require one weak password!

  29. Password Retry • Suppose system locks after 3 bad passwords. How long should it lock? • 5 seconds • 5 minutes • Until SA restores service • What are +’s and -’s of each?

  30. Password File • Bad idea to store passwords in a file • But need a way to verify passwords • Cryptographic solution: hash the passwords • Store y = h(password) • Can verify entered password by hashing • If attacker obtains password file, he does not obtain passwords • But attacker with password file can guess x and check whether y = h(x) • If so, attacker has found password!

  31. Dictionary Attack • Attacker pre-computes h(x) for all x in a dictionary of common passwords • Suppose attacker gets access to password file containing hashed passwords • Attacker only needs to compare hashes to his pre-computed dictionary • Same attack will work each time • Can we prevent this attack? Or at least make attacker’s job more difficult?

  32. More General Dictionary Attacks • We can devise dictionary attacks using standard dictionaries. It is not hard to obtain lists of dictionary words online. • Then, the attacker can process this list, trying each word. • This raises the question, “how many words are there in a dictionary?” • Perhaps more generally, “how many words are there in the English language?”

  33. Password File • Store hashed passwords • Better to hash with salt • Given password, choose random s, compute y = h(password, s) and store the pair (s,y) in the password file • Note: The salt s is not secret • Easy to verify password • Attacker must recompute dictionary hashes for each user  lots more work!

  34. Password Cracking:Do the Math • Assumptions • Pwds are 8 chars, 128 choices per character • Then 1288 = 256 possible passwords • There is a password file with 210 pwds • Attacker has dictionary of 220 common pwds • Probability of 1/4 that a pwd is in dictionary • Work is measured by number of hashes

  35. Password Cracking • Attack 1 password without dictionary • Must try 256/2 = 255 on average • Just like exhaustive key search • Attack 1 password with dictionary • Expected work is about 1/4 (219) + 3/4 (255) = 254.6 • But in practice, try all in dictionary and quit if not found  work is at most 220 and probability of success is 1/4

  36. Password Cracking • Attack any of 1024 passwords in file • Without dictionary • Assume all 210 passwords are distinct • Need 255 comparisons before expect to find password • If no salt, each hash computation gives 210 comparisons  the expected work (number of hashes) is 255/210 =245 • If salt is used, expected work is 255 since each comparison requires a new hash computation

  37. Password Cracking • Attack any of 1024 passwords in file • With dictionary • Probability at least one password is in dictionary is 1 - (3/4)1024 = 1 • We ignore case where no pwd is in dictionary • If no salt, work is about 219/210 = 29 • If salt, expected work is less than 222 • Note: If no salt, we can precompute all dictionary hashes and amortize the work

  38. Other Password Issues • Too many passwords to remember • Results in password reuse • Why is this a problem? • Who suffers from bad password? • Login password vs ATM PIN • Failure to change default passwords • Social engineering • Error logs may contain “almost” passwords • Bugs, keystroke logging, spyware, etc.

  39. Social Engineering Attacks • A third approach to breaking passwords is called “social engineering.” • If one is trying to find a password for a specific individual, this is likely to be the most fruitful. • See the film, “War Games” and remember Joshua.

  40. Passwords • The bottom line • Password cracking is too easy! • One weak password may break security • Users choose bad passwords • Social engineering attacks, etc. • The bad guy has all of the advantages • All of the math favors bad guys • Passwords are a big security problem

  41. Password Cracking Tools • Popular password cracking tools • Password Crackers • Password Portal • L0phtCrack and LC4 (Windows) • John the Ripper (Unix) • Admins should use these tools to test for weak passwords since attackers will! • Good article on password cracking • Passwords - Conerstone of Computer Security

  42. Picking Passwords (à la Patterson) • Now here’s the problem with passwords, and it’s serious. There are a limited number of things a human being can remember. What was that string I gave you at the beginning of the class? • Here’s my personal strategy. It is definitely NOT the recommended way. But no one has ever guessed one of mine, and I’ve never forgotten one.

  43. What We Remember • There are many things that we do remember easily. Unfortunately, for many of these things, anyone else can remember, discover, or guess them as well. Someone can guess your password by accident or by design. If they guess it by a totally random process, then the only protection you have is to choose longer passwords. • But, if they guess it by design, it’s because you had a weakness in your choice of password. Let’s examine the ways in which one can choose passwords, and the ways in which people can guess that information.

  44. The Bulls-Eye • Let’s design a chart, like a bulls-eye, of things that are lodged in your memory. Let rank these things from 1 to 10 by ease of recollection (with 10 meaning easiest to remember). Such a chart might look something like this:

  45. Memory Reference Where I left my car keys Next dentist appt Student ID Test dates Car licence 1 5 10 Mom Girlfriend Boyfriend Dog Favorite CD Favorite place to visit Bank account number Bill collector’s phone number

  46. Ease of Learning by Opponent • Now, by the same token, let’s design another chart, also in this bulls-eye format, representing the ease (10) or the difficulty (1) of someone else remembering or learning the same information. • In this case, what’s easy to determine? My mother’s name, girlfriend/boyfriend, dog’s name, favorite CD, are probably all easy for someone to determine, if they talk to anyone who knows me at all. So I would rank all of these a 10. Where I left my car keys, or my next dentist appointment might be more difficult to determine, so they would probably be down closer to a 1. Student ID, or bank account number? Not too difficult for someone to determine. Let’s say about a 7 or 8. Let’s look at a possible “Cracker Reference”:

  47. Cracker’s Reference Where I left my car keys Next dentist appointment Student ID Mom Girlfriend Boyfriend Dog 1 5 10 Car licence Favorite place to visit

  48. Simple to Remember, Hard to Guess • So here’s the principle that’s involved. I want to be able to choose passwords that are as simple as possible to remember (in other words, maximizing the value in the bulls-eye in the memory reference chart); at the same time, making it as hard as possible for anyone else to determine, that is minimizing the value in the cracker’s reference.

  49. Simple to Remember, Hard to Guess • Furthermore, in this latter case, I have to minimize this value over all possible crackers --- i.e. anyone else who has some information about me. Thus, if 99% of the world does not know what my favorite place to visit is (therefore giving a cracker reference of 1), but I have discussed that wonderful vacation with 1 percent of the population (for whom that value might therefore be 7 or 8), I have to treat the overall value for that place name to be the 7 or 8.

  50. PFQ • So the principle, which I can state as a formula, is maximize the Memory Reference for a potential password, and minimize the greatest possible value for a Cracker Reference. Then, calculate the Privacy and Familiarity Quotient (PFQ) by dividing these two quantities: Memory Reference • PFQ = ------------------------------------------------- Max(over all people) Cracker Reference • Obviously, the best possible value for PFQ is 10/1 = 10. Your passwords should come as close as possible to that value.

More Related