CS687 Information Systems Security Authentication By Solomon
CS687 Information Systems Security Authentication By Solomon.
Dec 28, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CS687Information Systems Security
Authentication
By Solomon
Text Book
William Stallings & Lawrie Brown, “Computer Security: Principles and
Practice”, Pearson, 2008
By Solomon
References
• Bruice Schneier, “Applied Cryptography – Protocols, Algorithms, […]”, Second Edition, Wiley Student Edition, 2006
• Stuart McClure et al, “Hacking Exposed”, McGraw Hill, 2009
By Solomon
Topics in this chapter• Password based• Token based• Dongle• Biometric• Authentication protocol design• Real examples• Password cracking• Cryptographic authentication• Certificate Authority: X.509, VeriSign, Microsoft, peer to peer (see Phil Zimmeman – Cacert.org)• Single sign on• Kerberos, Sesame• Smart card• Certification• Mutual Authentication• Authentication in Windows and in UNIX
By Solomon
Entity
An entity can be a human user, a machine, a server or a process in
“whose” name an activity is performed and logged.
By Solomon
Identity
A piece of information that describes an entity. That piece of information can be a
name, a fingerprint, a voice signature, an iris image, etc or a combination.
By Solomon
AuthenticationIdentification
The binding of an identity to an entity.
By Solomon
Authentication
• What the entity knows (passwords or passphrases)• What the entity has (a badge or smartcard)• What the entity is (such as fingerprints or retinal
characteristics)• How the entity behaves (key strokes)
• [Where the entity is (such as in front of a particular terminal) – no matter who sits there!]
By Solomon
Authentication Process
1. Enrolment
2. Verification
By Solomon
Enrolment• The identity of the entity is established and stored in
some kind of repository.– Password, fingerprint, retinal image, etc/some time
damaged or change after long time• This stored information is critical from the security point
of view and hence must be managed properly.• This information may need to be changed from time to
time (password renewal).• It is usually the subject of strict control and policy
(password policy: length, strength, etc)
By Solomon
Verification
This is a process of establishing the identity of a person’s claimed identity
from its previously enrolled information.
By Solomon
Authentication Types
Simple passwordChallenge-response
Token-basedBiometric
By Solomon
Simple PasswordA shared secret string used to authenticate a
user to a system or a service.
What the entity knows.
By Solomon
Password Authentication Protocol (PAP – MS Windows)
Password Authentication Protocol (PAP) is a simple authentication protocol in which the
user name and password is sent to the (remote access) server in a plaintext form.
By Solomon
Attack against passwords
• Dictionary• Brute-force• Compromise the authentication process (eg.
The login program, su, and the like).– This attack is even more dangerous because it can
not even be logged
By Solomon
Countering the Attacks
• Back-off • Disconnection• Disabling• Jailing• Password policy
By Solomon
Back-off Technique
• Increasingly delay the re-prompt (request) in direct proportion with the number of failed attempts.
– Arithmetic progression– Geometric progression
By Solomon
Disconnection
After some number of failed authentication attempts, the
connection is broken and the user must re-establish it.
By Solomon
Disconnection …
Any disconnection attempt in the Windows and UNIX environment ?
By Solomon
Disabling
If n consecutive attempts to log in to an account fail, the account is disabled until a security manager can re-
enable it. This alerts security personnel to an attempted attack. They can take appropriate action to counter the
threat.
By Solomon
Jailing
The unauthenticated user is given access to a limited part of the system and is made to
believe that he or she has full access. The jail then records the attacker's actions. This technique is used to determine what the
attacker wants or simply to waste the attacker's time.
By Solomon
Password PolicyProvide and enforce enterprise wide password policy that regiments the selection, renewal and disposal of
passwords. The policy may also dictate actions to be taken in case of attempts to
crack passwords.
By Solomon
Simple Password Auth: Problems
• Passwords are reusable and hence are exposed to different attacks as seen above (such as replay, dictionary, etc).
• Not appropriate for network environments. The clear passwords could easily be sniffed while in transit.
By Solomon
Challenge Response Authentication
Simple password authentication is a “simple” form of challenge-response whereby an entity is challenged to provide a previously shared password and the entity
responds with same. But this challenge-response mechanism can be made more and more complex. A family of such authentication mechanisms are called
Challenge Response Authentication.
By Solomon
CR: Improvements
• Using one-time password• Using the shared secret differently rather than
transmitting it over the network• etc
By Solomon
CR: Multiple passwords
• The user registers a list of passwords in the system.
• Whenever the user connects to the system, the user is prompted for the password number where upon the user chooses from his list and supplies it.//server send me ex. password number 5
By Solomon
CR: Multiple passwords
Do you see any drawbacks?
By Solomon
CAPTCHA
Captcha is a means to determine whether a viewer of a Web application is a real person.
The challenge sent to the viewer is a distorted image of some text, and the viewer responds
by typing in that text. The distortion is designed to make automated optical character
recognition (OCR) difficult and preventing a computer program from passing as human.
By Solomon
CR: The password as Encryption Key
• System challenges the client by sending a randomly generated text (could be a number)
• Client responds by returning the “text” encrypted with the shared secret key.
• Take care of replay attacks.
By Solomon
CR: Digested Password
• System challenges by sending a random text.
• Client responds by returning a hashed value of the shared password and the random text.
By Solomon
CHAP in MS Windows
In Challenge Handshake Authentication Protocol (CHAP), the remote access server sends a
challenge to the remote client. The remote client computes a digest (using MD5) based on the
challenge and the user's password. The server also computes its side of the text and compares the
result to the one sent by the client. If the results match, the credentials of the remote access client
are considered authentic.
By Solomon
One-time Password (OTP)
A One-time password is a password that expires as soon as it is used.
By Solomon
One-time Password (OTP)
• OTP is a kind of challenge-response where a given password is used only once.
• OTP is randomly generated and synchronized between the user and the system.
By Solomon
Generation and Synchronization
• Using a mathematical algorithm to generate a new password based on the previous password. //change the first password based o the prevoius password
• Counter-synchronized where the new password is based on a counting of the number of passwords already generated.
• Time-synchronization between the clients and the system (per client).//each system same as client machin time sync
By Solomon
How the user generates the OTPs
• Key generation tools that is synchronized with the server.• Special electronic tokens that the user carries and that
generate OTPs. A good example is RSA SecureID token (dongle).//the dongle and server both of them generate the same password
• Software that runs on the user's mobile phone. • Server generates them and then send it to the user using a
pre-agreed out-of-band channel such as SMS messaging!!
By Solomon
Time and Counter Synchronization
Counter and time-synchronized OTP are usually supported with special devices
called tokens (see token-based authentication).
By Solomon
Time-synchronizedChallenge
Problems caused by clock skew. That is, if the authentication server and the user’s
“environment” don't keep the same time, then the expected OTP value won't be match.
By Solomon
Generation of OTPS/Key as Example
• Let h be a one-way hash function (S/Key uses MD4 or MD5, depending on the version).
• Then the user chooses an initial seed k, and the key generator calculates:
• h(k) = k1, h(k1) = k2, ..., h(kn-1) = kn
• The passwords are p1 = kn, p2 = kn-1, ..., pn-1 = k2, pn = k1//the user and
system have the same sequency of password then //the can generate the same hash function
• Both the user and the system could generate same sequence of passwords if they start from the same seed value k.
By Solomon
Synchronization of OTP Secure/Key as Example
Both need to keep the initial seed value k and the last index they have used. The users and the server have
the same password
By Solomon
Token Based Authentication
This is a form of Challenge Response supported by tokens.
By Solomon
Token
Tokens are portable computing device such as smartcards, USB tokens, USB thumb
drives, SecureID, RFID tokens etc.
By Solomon
“Token” Technologies
• Memory Cards: keeps information but cannot process information.
• Smartcards: Keeps and process information.
By Solomon
Hardware Supported CRToken-based authentication
• Provides mechanisms for hashing or enciphering information. With this type of device, the system sends a challenge. The user enters it into the device. The device returns the appropriate response. Some devices require the user to enter a personal identification number or password.
• The RSA SecureID card uses a system based on time. In addition to the features described above, the password is invalidated once a login succeeds.
By Solomon
Smartcards
• Smart cards are small, tamper-resistant devices providing users with convenient storage and processing capability.
• Suitable for cryptographic implementations because they contain many security features that enable the protection of sensitive cryptographic data and provide for a secure processing environment. //use encrypt and hash also
• Private keys can be made to be generated in a smartcard and can be processed without the need to ever leave the card.
• A PIN is usually needed to access the smartcard. Or else a fingerprint of the owner maybe used to access the data.
By Solomon
Biometrics
Biometrics are automated methods of identifying a person or verifying the identity
of a person based on a physiological or behavioural characteristic.//oldest form
authontication
By Solomon
Biometrics …– Fingerprint– Palm Scan– Hand Geometry– Iris– Retina– Facial Scan– Hand Topography– Voice Print // has tow part– Signature Dynamics– Keyboard Dynamics//system analysis tic tic
By Solomon
The Process
Acquisition (at enrolment)Verification (at authentication)
By Solomon
Acquisition
• This is the first contact of the user with the biometric system.
• The user’s biometric sample is obtained using an input device.
• Quality of the first biometric sample is crucial for further authentications.
• Take care of the ‘fail to enrol’ (FTE) group first
By Solomon
Verification
• The user’s biometric sample is taken.
• It is compared with the previously stored biometric template of the user.
By Solomon
Requirements to biometrics• Universality: everyone should have it (what about the visually impaired, the
“handicapped”, etc
• Uniqueness: small probability that two persons are the same in terms of their biometrics
• Permanence: invariance with the time
• Collectability: can be measured quantitatively
• Performance: Processing speed //example in Germany airways use irsh check it is vry fast to verify without showing pasport just use that
• Acceptability: acceptance by people
• Security: how easy to fool the system by fraudulent technique
By Solomon
Advantages
• Users cannot pass their biometric characteristics to other users as easily as they do with their cards or passwords.
• Biometric characteristics are not secret and therefore the availability of a user’s fingerprint or iris pattern does not break security the same way as availability of the user’s password.
By Solomon
Disadvantage• The performance of biometric systems is not ideal.• … and not accurate yet. “True rejection error rate”// the correct person
not accepted (Type 1 Error) and “False acceptance error rate” //accespt wrong person(Type 2 Error) are still high contrary to what many manufacturers claim.
• Not all users can use any given biometric system. People without hands cannot use fingerprint or hand-based systems. Visually impaired people have difficulties using iris or retina based techniques.
• The biometric input devices (across the Internet) must be trusted:– For providing live data (not a previous one)– For making sure that the person is alive
• Management and security of input devices presents a huge overhead.
By Solomon
Disadvantage …
• Use of biometric systems may also imply loss of anonymity. While one can have multiple identities when authentication methods are based on something the user knows or has, biometric systems can sometimes link all user actions to a single identity.
• … privacy violation
By Solomon
Disadvantage …• Biometrics cannot be used to authenticate
computers or messages.//we canot use for digital signeture
• Biometric characteristics are not secret and therefore they cannot be used to sign messages or encrypt documents. //not used for email
• Remote biometric authentication is not trivial at all. Because it requires a trusted biometric sensor.
By Solomon
Fingerprints• The patterns of friction ridges and valleys on an individual's fingertips
are unique to that individual, including identical twins.• Fingerprint systems can also be used in identification mode. Several
states check fingerprints for new applicants to social services benefits to ensure recipients do not fraudulently obtain benefits under fake names. New York State has over 900,000 people enrolled in such a system.
• The fingerprint project at the Federal Inland Revenue Authority has none other than aggregation of revenues per tax payer as objective.
By Solomon
Fingerprint …
• Fingerprint authentication is essentially a pattern recognition system that distinguishes a person by determining the authenticity of specific physiological characteristics of the fingerprint
• The distinctiveness and permanence of a fingerprint pattern make it an attractive biometric trait.
By Solomon
Verification Approaches
• fingerprint verification approaches have been developed, which can be coarsely classified into three categories: – correlation-based, – minutia-based and– ridge feature-based
By Solomon
Authentication
• Biometric systems can be hard to compare.
• Type I Error: False rejection rate.• Type II Error: False acceptance rate.
– This is an important error to avoid.
• Crossover Error Rate
By Solomon
Single Sign On• Single Sign On Capabilities
– Allow user credentials to be entered one time and the user is then able to access all resources in primary and secondary network domains
• SSO technologies include:– Kerberos– Sesame– Security Domains– Directory Services– Dumb Terminals
By Solomon
SSO• To protect the valuable corporate data contained in their broadening
computer • and network environments, organizations incorporated strict security
measures centered on the use of passwords. However, the complex procedures
• involved proved to be difficult for end-users to navigate, as they have to remember multiple passwords (as many as 8-10) and follow repetitive logon authentication prompts to access applications — all in an attempt to get their
• work done. To add to end-users’ distress, IT security teams generally require • that passwords are changed every 30 – 60 days, and place restrictions on • setting new passwords that resemble previous ones.
By Solomon
SSO Defined• A specialized form of software authentication that
enables a user to authenticate once and gain access to the resources of multiple software systems
• A simplification of the security and logon process by consolidating multiple security schemes under a single authentication process. In other words, a user can sign on once to a computer and have secure, protected access to multiple applications
By Solomon
• A consolidation of identities and passwords into a single repository that can be accessed by operating systems and applications. The key benefit to SSO is that users only need one set of credentials to access a particular line of business systems, which brings convenience to the user while reducing Help Desk calls regarding user-access issues.
By Solomon
• Single sign-on allows users to enter security credentials once (typically by logging into a workstation or a Web application) and have those credentials propagated to each local and network application the user accesses during his or her session. Local applications exchange authentication information directly, while remote network applications exchange authentication information across the network via encrypted security tokens.
By Solomon
SSO Benefits
• End users• IT Admin• Help desk• Training of new employees• Overall enterprise security
By Solomon
SSO Challenges
• Integration and management of SSO technology with the multitude of applications and platforms in an enterprise.
• Use of different authentication technologies and protocols in different applications: Simple password, challenge-response, token-based, biometrics, etc
By Solomon
SSO Proponents
• Hacking is facilitated and hence overall security is in danger.
By Solomon
By Solomon
Kerberos: the three headed dog
By Solomon
Kerberos: how it all started
MIT Athena Project, Early 1990sFree distribution (with the source code)Uses strong cryptologyAfter a client gets authenticated by Kerberos, it is given a (tempo) session key to be shared with the (application) server it wishes to communicate to assure privacy and data integrity as they go about their business.
By Solomon
Kerberos: Assumptions
Kerberos is an authentication protocol for
trusted hosts on un-trusted networks
By Solomon
Kerberos in action
By Solomon
Components of Kerberos
1. The Database2. The Authentication Server3. The Ticket Granting Server
By Solomon
1. The DatabaseEach entry contains the following information:
The principal; (ie. clients and servers)The principal’s secret key and its version no;Validity duration;The maximum renewal time;Attributes (flags);Password expiration date; //for the client The expiration date of the principal, after which no tickets will be issued.
The DB is encrypted using the Master Key of Kerberos
By Solomon
2. The Authentication Server
Typically contacted at login session orInitiated when a client wishes to obtain ‘authentication credential’ for a given serverThe client’s secret key is used for encryption/decryption (only during this initial phase)Result:
Obtain a ticket (authentication credential - TGT) allowing a client to contact the TGS for yet another authentication credential to contact a server
By Solomon
The AS Exchange (contd…)
Client --- KRB_AS_REQ ---> Kerberos
Client <-- KRB_AS_REP ---- Kerberos
By Solomon
KRB_AS_REQ
Client’s identityTGS’ identityA randomly generated nonce
To detect replay attacksTo match replies with requests (in case of multiple successive requests) all in clear text
By Solomon
KRB_AS_REPTGT:
Client’s identity; TGS’ identity;Session key (newly generated)Lifetime and timestamp
encrypted with the TGS’ secret key
[TGS’ identity];Session key (newly generated);Lifetime and timestampThe (same) nonce encrypted with client’s secret key
By Solomon
3. The Ticket Granting Server
Typically initiated when a client wants to securely communicate with an application serverThe client has already obtained TGT (authenticator) allowing it to authenticate itself to the TGSThe session key is used for encryption/decryption of exchanges with the TGSResult: Service ticket/Session key allowing a client to securely communicate with the application server
By Solomon
TGS Exchange
Client contacts the TGS to obtain an ‘authentication credential’ to talk to an application server ( TGT is already secured )
Client ---- KRB_TGS_REQ -- TGS
Client <--- KRB_TGS_REP --- TGS
By Solomon
KRB_TGS_REQAuthenticator:
Client’s identityTimestamp encrypted with the session key shared with the
TGS
Request packet:
(Application) Server’s identity; the Ticket Granting Ticket (which is already encrypted with the
secret key of the TGS) By Solomon
KRB_TGS_REP
Server’s identity;Timestamp;Session Key (newly generated) Encrypted with the session key shared b/n the client and
the TGS
Service ticket:Client’s identity;Server’s identity;Session key (newly generated)Timestampencrypted with the secret key of the (application) Server
By Solomon
The Client/Server Authentication Exchange
[ by now, the client has the authentication credential (ie. Service ticket) to present to the server ]
Client --- KRB_AP_REQ --> (Application) Server
Eg: Telnet, remote login, ftp, IIS, Flight reservation, Bank transaction, etc
Client <-- KRB_AP_REP --- Server [Optional]This is only if the client wants to authenticate the server - mutual
authentication
By Solomon
KRB_AP_REQ
Authenticator:Client’s identity;Timestamp
Encrypted with the Session key
Service ticket (already encrypted with the secret key of the
Server)
By Solomon
KRB_AP_REP
This is used only if the client requires to authenticate the server (ie. bidirectional or mutual authentication)
Authenticator:Server’s identity;Timestamp
Encrypted with the (shared) session key
By Solomon
Application Logic
Client – Server: Confidentiality
Client – Server: Data Integrity
By Solomon
Interoperability
For the sake of interoperability, Kerberos recommends and “formalizes” how clients and servers may apply confidentiality and integrity. The following two messages are formalized and recommended:
KRB_PRIV: for confidentiality KRB_SAFE: for integrity
By Solomon
Encryptions supportedFor the sake of interoperability
DES3DESAES128 and AES256RC4-HMAC (Enc-Checksum)
introduced in Windows 2000 to avoid export restriction of DES and 3DES at the time of windows 2000 releaseStronger than DESLonger keys – 128 bitsTo use single encryption algo both for US and outside of US
But it is also open to support any current or future algorithms
By Solomon
Passwords use
Passwords are not usually suitable as enc/dec keysDifferent application might want to use different enc/dec algo having different key types and lengthsIt is not possible for the user (esp. human) to keep different passwords for different applicationsstring2Key function (irreversible hash functions)Salt is used to compute the key
By Solomon
Some recommended values
Minimum lifetime 5 minutesMaximum renewable lifetime 1 weekMaximum ticket lifetime 1 dayAcceptable clock skew 5 minutes
By Solomon
Threats not addressed by Kerberos
Password guessing attackDenial of service (say during auth)Clock sync protocol is not protected by Kerberos; it should be protected on its own partAuthorizations systems (ACL) that uses Kerberos for authentication should always sync their list of principal with Kerberos in terms of using the same name, deleting old ones, adding new ones
By Solomon
Questions
Could Kerberos be used as an AS on a LAN replacing any previous services (such as OS auth)? Ie. Right from the log in, Kerberos could take over!Is Kerberos defends against password sniffing on the network?Do Kerberos and SSL (or SSH) complement or what?
By Solomon
Questions (cont’d …)
If for some security reason, the client & server do not want to use the session key because the 3rd party shared it too, devise a mechanism how they can choose a key of their own by using the session key at only the first time. Do you find your solution sound?
Do you think that the long-time keys of principals be public keys? Is Kerberos state less or not?
By Solomon
Assignment
Check the MS Windows APIs for the implementation of Kerberos and use it to write a small web application that exchanges information securely. Important issues to consider:
Session key timingWeb proper logic/decisions: what to do when session key expires, when violations occurGeneration of scenarios to test the system
By Solomon
Reading Assignment
The PKCS#11 interface. Also known as Cryptoki, was defined by RSA and
is a generic cryptographic token interface.
By Solomon
Assignment
Present your experiment on Microsoft Crypto APIs (CAPI).
By Solomon
Related Documents
