1 / 73

Access Control

Access Control. Access Control. Authentication: Who goes there? Determine whether access is allowed Authenticate human to machine Authenticate machine to machine Authorization: Are you allowed to do that? Once you have access, what can you do? Enforces limits on actions

toshi
Télécharger la présentation

Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Control

  2. Access Control • Authentication:Who goes there? • Determine whether access is allowed • Authenticate human to machine • Authenticate machine to machine • Authorization:Are you allowed to do that? • Once you have access, what can you do? • Enforces limits on actions • Note: Access control often used as synonym for authorization Chapter 7 Authentication

  3. Chapter 7Authentication Passwords Biometrics Smartcard

  4. Who Goes There? Are Have Know • How to authenticate a human to a machine? • Can be based on… • Something you know: a password • Something you have: a smartcard • Something you are: your fingerprint Chapter 7 Authentication

  5. Password Chapter 7 Authentication

  6. Something You Know • Passwords • Lots of things act as passwords! • PIN (Personal Identification Number) • Social security number • Mother’s maiden name • Date of birth • Name of your pet, etc. Are Have Know Chapter 7 Authentication

  7. Trouble with Passwords - 1/2 • Passwords • are one of the biggest practical problemsfacing security engineers today. • Onesolution • use cryptographic keys as passwords • Cryptographic keys • are also large, expensive to maintain, • difficult to manage, • and they pollute the environment. Chapter 7 Authentication

  8. Trouble with Passwords - 2/2 • Humans • are incapable of securely storing high-quality cryptographic keys, and • have unacceptablespeed and accuracy when performing cryptographic operations. Chapter 7 Authentication

  9. Why Passwords? • Why is “something you know” more popular than “something you have” and “something you are”? • Two reasons • Cost: passwords are free • Convenience: easier for System Administrator to reset password than to issue new smartcard Chapter 7 Authentication

  10. Password issues • Keys and Passwords • Choosing Passwords • Attacking Systems via Passwords • Password Verification • Math of Password Cracking • Other Password Issues Chapter 7 Authentication

  11. Keys vs Passwords – 1/2 • Crypto keys • Spse key is 64 bits • Then 264 keys • Choose key at random • Then attacker must try about 263 keys • Passwords • Spse pwds are 8 characters, and 256 different choices for 1 character • Then 2568 = 264 pwds • Users do not select passwords at random • Attacker has far less than 263 pwds to try (dictionary attack) Chapter 7 Authentication

  12. Keys vs Passwords - 2/2 • DictionaryAttack • “dictionary” of 220≈1,000,000passwords: reasonable probability to crack any given password • But for randomly generated 64-bits key • Given of 220≈ 1,000,000 passwords, • Then the chance to success is only220 / 264 = 1/ 244≈ 1/17,000,000,000,000 • Nonrandomness of pwds is the root of problems Chapter 7 Authentication

  13. Choosing Password - 1/4 • Bad passwords • frank • Fido • password • 4444 • Pikachu • 102560 • AustinStamp • Good Passwords? • jfIej,43j-EmmL+y • 09864376537263 • P0kem0N • FSa7Yago • 0nceuP0nAt1m8 • PokeGCTall150 Chapter 7 Authentication

  14. Choosing Password - 2/4 • Passphase isanother solution for pwd • a sequence of words or other text used to control access to a computer system • A passphrase is similar to a password in usage, but is generally longer for added security. • Experiment: three groups of users • Group A:At least 6 chars, 1 non-letter • Group B: Password based on passphrase • Group C: 8 random characters Chapter 7 Authentication

  15. Choosing Password - 3/4 • Results • Group A:About 30% of pwds easy to crack • Group B:About 10% cracked • Passwords easy to remember • Group C: About 10% cracked • Passwords hard to remember winner Chapter 7 Authentication

  16. Choosing Password - 4/4 • Assigned passwords sometimes best • User compliance hard to achieve • In each case, 1/3rd did not comply and about 1/3rd of those easy to crack! • If passwords not assigned, best advice is • Choose passwords based on passphrase • Use pwd cracking tool to test for weak pwds • Require periodic password changes? Chapter 7 Authentication

  17. Attacks on Passwords - 1/2 • Attacker could… • Target one particular account • Target any account on system • Target any account on any system • Attempt denial of service (DoS) attack • Common attack path • Outsider  normal user  administrator • May only require one weak password! Chapter 7 Authentication

  18. Attacks on Passwords - 2/2 • Suppose system locks after 3 bad passwords. How long should it lock until SA restores service ? • 5 seconds – (insufficient to deter automatic attack) • 5 minutes – (open door to a DOS) • What are +’s and -’s of each? • The correction answer of it is not readily apparent Chapter 7 Authentication

  19. Password Verification - 1/5 • To determine the validity of an entered password, the computer must have something to compare against • But need a way to verify passwords • Store pwds in a file • Store pwds in a file after hashing • Store pwds in a file after salt hashing • Bad idea to store passwords in a file Chapter 7 Authentication

  20. Password Verification - 2/5 • Cryptographic solution: hash the passwords • Store y = hash(password) • Can verify entered password by hashing • If attacker obtains password file, he does not obtain passwords • Of course, • If attacker with pwd file can guess x and check whether y = hash(x), then attacker has found pwd! • But, • At least, the attacker can not use the file directly! Chapter 7 Authentication

  21. Password Verification - 3/5 • Spse attacker pre-computeshash(x) for all xin a dictionary of common pwds • and attacker gets access to pwd file containing hashed pwds • Attacker only needs to compare hashes to his pre-computed dictionary • Same attack will work each time • Can we prevent this attack? Or at least make attacker’s job more difficult? Chapter 7 Authentication

  22. Password Verification - 4/5 • Salt valuecan make attacker more difficult • Slat serves as IV of CBC mode: IV is not secret • Given password, choose random s, compute y = hash(pwd, s) and store the pair (s,y)in the password file • Note: The salt value is not secret Chapter 7 Authentication

  23. Password Verification - 5/5 • Easy to verify password • To verify pwd z, retrieve (s,y) from pwd file • Compute hash(z,s) and compare it y • Attacker must recompute dictionary hashes for each user  lots more work! • Spse Alice’s pwd is hashed with sa , Bob’s sb • Then to crack Alice’s pwd using the dictionary, • Trudy must compute hashes of the word in dic with sa , but crack Bob’s Trudy must recompute the hashes using sb Chapter 7 Authentication

  24. Math of Pwd Cracking – 1/7 • Assumptions • Pwds are 8 chars, 128 choices per character • Then 1288 = 256 possible passwords • There is a password file with 210 hashed pwds • Attacker has dictionary of 220 common pwds (hashed pwds) • For experience, Probability of 1/4 that a pwd is in dictionary • Work is measured by number of hashes • Comparisons are free Chapter 7 Authentication

  25. Math of Pwd Cracking – 2/7 • Case I • Attacker want to find Alice’s pwd w/o using the dictionary • Case II • Attacker want to find Alice’s pwd using the dictionary • Case III • Attacker want to find any one pwd in the hashed pwd file w/o using the dictionary • Case IV • Attacker want to find any one pwd in the hashed pwd file, using the dictionary Chapter 7 Authentication

  26. Math of Pwd Cracking – 3/7 • Case I: password without dictionary • Must try 256/2 = 255 on average • Just like exhaustive key search • Case II: password with dictionary • Expected work is about 1/4 (219) + 3/4 (255) ≈ 254.6 • But in practice, try all in dictionary and quit if not found  work is at most 220 and probability of success is 1/4 Chapter 7 Authentication

  27. Math of Pwd Cracking – 4/7 • Case III: Attack any of 1024(210) pwds in file without dictionary • Assume all 210 passwords are distinct • Need 255 comparisons before expect to find password • If no salt, each hash computation gives 210 comparisons  the expected work (number of hashes) is 255/210 =245 • If salt is used, expected work is 255 since each comparison requires a new hash computation Chapter 7 Authentication

  28. Math of Pwd Cracking – 5/7 • Case IV: Attack any of 1024 passwords in file with dictionary • Probability at least one password is in dictionary is 1 - (3/4)1024 ≈ 1 • We ignore case where no pwd is in dictionary • If no salt, work is about 219/210 = 29 • If salt, expected work is less than 222(ref next slide) • Note: If no salt, we can precompute all dictionary hashes and amortize the work Chapter 7 Authentication

  29. Math of Pwd Cracking – 6/7 • If salt, expected work is less than 222 • y0,y1,…,y1023: pwd hashes s0,s1,…,s1023: the corresponding salt values d0,d1,…,d(2^20)-1: dictionary words • Trudy first compute h(d0,s0) and compares it to y0, then she compute h(d1,s0) and compares it to y0 and so on. • That is, Trudy compares first compare y0 to all of hashed dic. words. Then she compares y1 to to all of hashed dic. words. Chapter 7 Authentication

  30. Math of Pwd Cracking – 7/7 • If y0 is in dic (prob ¼), Trudy can expect to find it about 219hashes. If not (prob ¾), Trudy compute 220hashes • If Trudy find y0 is in dic, then she’s done. If not, Trudy will have 220 hashes before moves on to y1 • Continuing, in this manner, the expected work • ¼(219) + ¾•¼(220 +219) + (¾)2•¼(2•220 +219) + … + (¾)1023•¼(1023•220 +219) < 222 Chapter 7 Authentication

  31. Other Password Issues -1/3 • Too many passwords to remember • Results in password reuse • Why is this a problem? – Trudy would be wise to try it other place where you use a password. • Failure to change default passwords • Social engineering • If someone calls you, claiming to be a SA who needs your pwd in order to correct prob., would you give out your pwd? - 34% will give it and 70% will give their pwd away for a candy bar Chapter 7 Authentication

  32. Other Password Issues -2/3 • Who suffers from bad password? • ATM PIN: only you • Login password: every one of the system • Error logs may contain “almost” passwords • Bugs, keystroke logging, spyware, etc. Chapter 7 Authentication

  33. Other Password Issues -3/3 • Popular password cracking tools • Password Crackers • Password Portal • L0phtCrack and LC4 (Windows) • John the Ripper (Unix) • Admins should use these tools to test for weak passwords since attackers will! • Good article on password cracking • Passwords - Conerstone of Computer Security Chapter 7 Authentication

  34. Passwords • The bottom line • Password cracking is too easy! • One weak password may break security • Users choose bad passwords • Social engineering attacks, etc. • The bad guy has all of the advantages • All of the math favors bad guys • Passwords are a big security problem Chapter 7 Authentication

  35. Biometrics Chapter 7 Authentication

  36. Something You Are • Biometric • “You are your key” Schneier • Examples • Fingerprint • Handwritten signature • Facial recognition • Speech recognition • Gait (walking) recognition • “Digital doggie” (odor recognition) • Many more! Are Have Know Chapter 7 Authentication

  37. Why Biometrics? • Biometrics seen as desirable replacement for passwords • Cheap and reliable biometrics needed • Today, a very active area of research • Biometrics are used in security today • Thumbprint mouse • Palm print for secure entry • Fingerprint to unlock car door, etc. • But biometrics not too popular • Has not lived up to its promise (yet?) –Why? Chapter 7 Authentication

  38. The DARK SIDE … • Social acceptance: Perceived as invasive; • People liked facial scans less as fingerprints as a substitute for a PIN in ATM. • Easy to forge: • Biometric measurements are easy to forge. • It's easy to steal a biometric after the measurement is taken. • Impossible to revoke: • What happens if a biometric is stolen? It can not be revoked…Once someone steals your biometric, it remains stolen for life. • Privacy: • issues…Biometrics are personal Chapter 7 Authentication

  39. Ideal Biometric • Universal보편성 applies to (almost) everyone • In reality, no biometric applies to everyone • Distinguishing구별성 distinguish with certainty • In reality, cannot hope for 100% certainty • Permanent영구성 physical characteristic being measured never changes • In reality, want it to remain valid for a long time • Collectable수집성 easy to collect required data • Depends on whether subjects are cooperative • Safe, easy to use, etc., etc. Chapter 7 Authentication

  40. Biometric Modes • Identification 식별 Who goes there? • Compare one to many • Example: The FBI fingerprint database • Authentication 인증 Is that really you? • Compare one to one • Example: Thumbprint mouse • Identification problem more difficult • More “random” matches since more comparisons • We are interested in authentication Chapter 7 Authentication

  41. Two phases of Bio system • Enrollment phase • Subject’s biometric info put into database • Must carefully measure the required info • Itcould be needed slow and repeated measurement • A weak point of many biometric schemes • Must be very precise for good recognition • Recognition phase • Biometric detection when used in practice • Must be quick and simple • But must be reasonably accurate Chapter 7 Authentication

  42. Cooperative Subjects • We are assuming cooperative subjects • In authentication,subjects are cooperative • In identification, problem often have uncooperative subjects • For example, facial recognition • Proposed for use in Las Vegas casinos to detect known cheaters • Also as way to detect terrorists in airports, etc. • Probably do not have ideal enrollment conditions • Subject will try to confuse recognition phase • Cooperative subjects make bio prob much more tractable!!! Chapter 7 Authentication

  43. Biometric issues • Type of Error • Biometric Examples • Fingerprints • Hand Geometry • Iris Scan • Biometric Error Rates • Biometric Conclusions Chapter 7 Authentication

  44. Biometric ExamplesType of Error Chapter 7 Authentication

  45. Biometric Errors • Fraud rate기만율versus insult rate모욕률 • Fraud  user A mis-authenticated as user B • Insult  user A not authenticate as user A • For any biometric, can decrease fraud or insult, but other will increase • For example • 99% voiceprint match  low fraud, high insult • 30% voiceprint match  high fraud, low insult • Equal error rate: rate where fraud == insult • The useful measure for comparing different biometric system Chapter 7 Authentication

  46. Biometric ExamplesFingerprint Chapter 7 Authentication

  47. Fingerprint History - 1/2 • Ancient China: as a form of signature • Scientific Form • 1798  J.C. Major suggest that Fingerprint might be unique • 1823  Professor J. E. Purkinje discussed 9 fingerprint patterns • 1856  Sir W. Hershel used fingerprint (in India) on contracts • 1880  Dr. H. Faulds article in Nature about fingerprints for ID • 1883  M.Twain’s Life on the Mississippi, a murderer ID’ed by fingerprint Chapter 7 Authentication

  48. Fingerprint History - 2/2 • Widespread use of fingerprint • 1892 Sir Francis Galton (cousin of Darwin) developed classification system • His system of “minutia” is still in use today • Also verified that fingerprints do not change • Some countries require a number of points (i.e., minutia지문특징) to match in criminal cases • In Britain, 15 points • In US, no fixed number of points required Chapter 7 Authentication

  49. Fingerprint Comparison • Examples of loops제상문, whorls외상문 and arches궁상문 • Minutia extracted from these features Loop (double) Arch Whorl소용돌이꼴 Chapter 7 Authentication

  50. Fingerprint Biometric - 1/2 • Capture image of fingerprint • Enhance image • Identify minutia Chapter 7 Authentication

More Related