Authentication Authentication attacks, causes and attacks, causes and solutions solutions Analyzing man in the middle Analyzing man in the middle and dictionary attacks and dictionary attacks against SSL/TLS and password against SSL/TLS and password based authentication systems based authentication systems Fletcher Liverance, 16 April 2009
Authentication attacks, causes and solutions. Analyzing man in the middle and dictionary attacks against SSL/TLS and password based authentication systems. Fletcher Liverance, 16 April 2009. Sources. Password-Based Authentication: Preventing Dictionary Attacks - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Authentication Authentication attacks, causes and attacks, causes and
solutionssolutionsAnalyzing man in the middle and Analyzing man in the middle and
dictionary attacks against dictionary attacks against SSL/TLS and password based SSL/TLS and password based
authentication systemsauthentication systems
Fletcher Liverance, 16 April 2009
SourcesSources
Password-Based Authentication: Preventing Password-Based Authentication: Preventing Dictionary AttacksDictionary Attacks Saikat Chakrabarti, University of KentuckySaikat Chakrabarti, University of Kentucky Mukesh Singhal, University of KentuckyMukesh Singhal, University of Kentucky ComputerComputer, IEEE CS Press, June 2007, pp. 68-74, IEEE CS Press, June 2007, pp. 68-74
SSL/TLS Session-Aware User AuthenticationSSL/TLS Session-Aware User Authentication Rolf Oppliger, eSECURITY TechnologiesRolf Oppliger, eSECURITY Technologies Ralf Hauser, PrivaSphere AGRalf Hauser, PrivaSphere AG David Basin, ETH ZurichDavid Basin, ETH Zurich ComputerComputer, IEEE CS Press, March 2008, pp. 59-65, IEEE CS Press, March 2008, pp. 59-65
OverviewOverview
What is authentication?What is authentication? Two common attacksTwo common attacks Advanced password authentication Advanced password authentication
protocolsprotocols Improvements in SSL/TLSImprovements in SSL/TLS Preventing future attacksPreventing future attacks
What is What is Authentication?Authentication?
AuthenticationAuthentication is the binding is the binding of an identity to a subjectof an identity to a subject
FaceFace VoiceVoice SignatureSignature Birth certificateBirth certificate Social security Social security
numbernumber ID cardID card Personal knowledgePersonal knowledge KeyKey PasswordPassword NameName Phone numberPhone number
How do you authenticate over a How do you authenticate over a network?network? No direct visual cuesNo direct visual cues No direct auditory cuesNo direct auditory cues No physical connectionNo physical connection
Knowledge based authenticationKnowledge based authentication Recreation of human authentication Recreation of human authentication
cuescues Electronic IDsElectronic IDs
Dictionary AttackDictionary Attack OnlineOnline
Repeated query of Repeated query of authentication serverauthentication server
SlowSlow Easy to blockEasy to block
OfflineOffline Repeated Repeated
computation and computation and comparison of comparison of password hashpassword hash
FasterFaster No interaction No interaction
requiredrequired
Top ten passwords:Top ten passwords:1.1. (username)(username)2.2. (username)123(username)1233.3. 1234561234564.4. passwordpassword5.5. 123412346.6. 12345123457.7. passwdpasswd8.8. 1231239.9. testtest10.10. 11
Man in the MiddleMan in the Middle
““a form of active wiretapping attack in a form of active wiretapping attack in which the attacker intercepts and which the attacker intercepts and selectively modifies communicated selectively modifies communicated data to masquerade as one or more data to masquerade as one or more
of the entities involved in a of the entities involved in a communication association.”communication association.”
RFC 2828 – Internet Security GlossaryRFC 2828 – Internet Security Glossary
Behind the scenesBehind the scenes Alice and Bob agree on finite field F(x)Alice and Bob agree on finite field F(x) Alice gives Bob verifier v = F(Hash(salt, password)) and salt.Alice gives Bob verifier v = F(Hash(salt, password)) and salt.
Alice sends identity to BobAlice sends identity to Bob Bob sends salt to AliceBob sends salt to Alice
Alice computes K-a = F(Rand-a) and x = Hash(s, pwd)Alice computes K-a = F(Rand-a) and x = Hash(s, pwd) Alice send K-a to BobAlice send K-a to Bob
Bob computes K-b = v + F(Rand-b)Bob computes K-b = v + F(Rand-b) Bob sends K-b and Rand-r to AliceBob sends K-b and Rand-r to Alice
Bob computes K-ab = Hash(Rand-b*Key-a*v^Rand-r)Bob computes K-ab = Hash(Rand-b*Key-a*v^Rand-r) Alice sends Cert-a to BobAlice sends Cert-a to Bob
Bob verifies Cert-a is correctBob verifies Cert-a is correct Bob sends Cert-b to AliceBob sends Cert-b to Alice
Alice verifies Cert-b is correctAlice verifies Cert-b is correct
Alternative SolutionsAlternative Solutions Delayed responseDelayed response Account lockingAccount locking Extra Extra
computationcomputation
Reverse Turing TestReverse Turing Test Captcha (Completely Automated Public Captcha (Completely Automated Public
Turing Test to Tell Computers and Humans Turing Test to Tell Computers and Humans Apart)Apart)
SSL/TLSSSL/TLS
SSL/TLS IssuesSSL/TLS Issues Prone to man in the middle attackProne to man in the middle attack
Attacker intercepts server messagesAttacker intercepts server messages Attacker replaces server certificate with its Attacker replaces server certificate with its
ownown Client encrypts all future transmissions using Client encrypts all future transmissions using
attacker’s certificateattacker’s certificate ““the naïve end user usually does SSL/TLS the naïve end user usually does SSL/TLS
server authentication poorly if at all”server authentication poorly if at all” ““developers usually decouple SSL/TLS developers usually decouple SSL/TLS
session establishment from user session establishment from user authentication”authentication”
Preventing MITM attacksPreventing MITM attacks
Enforce proper Enforce proper server server authenticationauthentication Uneducated usersUneducated users Forged certificatesForged certificates Click throughClick through Complicated Complicated
certificate certificate verification treeverification tree
TLS-SATLS-SA
Combine user authentication with Combine user authentication with SSL/TLS session establishmentSSL/TLS session establishment Provide Provide user authentication code user authentication code (UAC) (UAC)
that depends on credentials and TLS that depends on credentials and TLS sessionsession
Attacker can start session with user and Attacker can start session with user and host, but cannot forward messages host, but cannot forward messages between thembetween them
session key based on hash of session key based on hash of server certserver cert
User enters passwordUser enters password UAC is computed from UAC is computed from
session key and password and session key and password and is transmitted to serveris transmitted to server
Server authenticates client at Server authenticates client at any time by requesting user any time by requesting user ID, hash of server cert and ID, hash of server cert and the UAC.the UAC.
A Formal ApproachA Formal Approach
““protocols need more than heuristic protocols need more than heuristic arguments to provide security arguments to provide security
guarantees.”guarantees.”
Provable security via the Standard modelProvable security via the Standard model Uses complexity-theoretic hardness Uses complexity-theoretic hardness
assumptions:assumptions: Factoring the product of large primes is hardFactoring the product of large primes is hard Computing the discrete logarithm is hard in certain Computing the discrete logarithm is hard in certain
large groups.large groups. AES is a good pseudorandom permutationAES is a good pseudorandom permutation
A Formal Approach A Formal Approach (cont.)(cont.)
The The random oracle modelrandom oracle model ““A public random function that takes any A public random function that takes any
string as input and outputs n bits”string as input and outputs n bits” Use heuristically secure algorithms such as Use heuristically secure algorithms such as
SHASHA The The ideal-cipher modelideal-cipher model
A standard block cipher, with k-bit key and n-A standard block cipher, with k-bit key and n-bit input, chosen bit input, chosen uniformly uniformly from all block from all block ciphers of this form.ciphers of this form.
Use pseudorandom permutations such as AESUse pseudorandom permutations such as AES