Slide 1 Nitesh Saxena Polytechnic University * Adopted from a previous lecture by Vitaly Shmatikov User(-to-Device) Authentication*

slide 1

Nitesh SaxenaPolytechnic University

*Adopted from a previous lecture by Vitaly Shmatikov

User(-to-Device) Authentication*

slide 2

Recall: Basic Problem

?

How do you prove to someone that you are who you claim to be?

Any system with access control must solve this problem

slide 3

Recall: Many Ways to Authenticate

Something you know• Passwords/PINs

Something you have• Secure tokens

Something you are• Biometrics

What is the best method to authenticate: secure as well as usable and universal? Is there any?

slide 4

(Textual) Passwords

User has a secret password. System checks it to authenticate the user. How is the password communicated?

• Eavesdropping risk

How is the password stored?• In the clear? Encrypted? Hashed?

How does the system check the password? How easy is it to guess the password?

• Easy-to-remember passwords tend to be easy to guess

• Password file is difficult to keep secret

slide 5

Passwords in the Real World

From high school pranks…• Student in Tyler changes school attendance records• Students in California change grades

– Different authentication for network login and grade system, but teachers were using the same password (very common)

…to serious cash• English accountant uses co-workers’ password to

steal $17 million for gambling

…to identity theft• Helpdesk employee uses passwords of a credit card

database to sell credit reports to Nigerian scammers

[PasswordResearch.com]

slide 6

Passwords and Computer Security

First step after any successful intrusion: install sniffer or keylogger to steal more passwords Second step: run cracking tools on password files

• Usually on other hijacked computers

In Mitnick’s “Art of Intrusion”, 8 out of 9 exploits involve password stealing and/or cracking• Excite@Home: usernames and passwords stored in the

clear in troubleshooting tickets• “Dixie bank” hack: use default router password to

change firewall rules to enable incoming connections

slide 7

UNIX-Style Passwords

t4h97t4m43 fa6326b1c2 N53uhjr438 Hgg658n53 …

user system password file“cypherpu

nk”

hashfunction

slide 8

Password Hashing

Instead of user password, store H(password) When user enters password, compute its

hash and compare with entry in password file• System does not store actual passwords!• Difficult to go from hash from password!

Hash function H must have some properties• One-way: given H(password), hard to find

password– No known algorithm better than trial and error

• Is collision resistance needed?

slide 9

UNIX Password System

Uses DES encryption as if it were a hash function• Encrypt NULL string using password as the key

– Truncates passwords to 8 characters!

• Can instruct modern UNIXes to use MD5 hash function

Problem: passwords are not truly random• With 52 upper- and lower-case letters, 10 digits

and 32 punctuation symbols, there are 948 6 quadrillion possible 8-character passwords

• Humans like to use dictionary words, human and pet names 1 million common passwords

slide 10

Dictionary Attack

Password file /etc/passwd is world-readable• Contains user IDs and group IDs which are used

by many system programs

Dictionary attack is possible because many passwords come from a small dictionary• Attacker can pre-compute H(word) for every word

in the dictionary – this only needs to be done once!!

– This is an offline attack– Once password file is obtained, cracking is instantaneous

• With 1,000,000-word dictionary and assuming 10 guesses per second, brute-force online attack takes 50,000 seconds (14 hours) on average

slide 11

Salt

shmat:fURxfg,4hLBX:14510:30:Vitaly:/u/shmat:/bin/csh

/etc/passwd entrysalt

(chosen randomly whenpassword is first set)

hash(salt,pwd)Password

• Users with the same password have different entries in the password file

• Offline dictionary attack becomes much harder

slide 12

Advantages of Salting

Without salt, attacker can pre-compute hashes of all dictionary words once for all password entries• Same hash function on all UNIX machines;

identical passwords hash to identical values• One table of hash values works for all password

files

With salt, attacker must compute hashes of all dictionary words once for each combination of salt value and password• With 12-bit random salt, same password can

hash to 4096 different hash values

slide 13

Shadow Passwords

shmat:x:14510:30:Vitaly:/u/shmat:/bin/csh

• Store hashed passwords in /etc/shadow file which is only readable by system administrator (root)

• Add expiration dates for passwords• Early Shadow implementations on Linux called

the login program which had a buffer overflow!

Hashed password is notstored in a world-readable file

/etc/passwd entry

slide 14

Password Security Risks

Keystroke loggers• Hardware

– KeyGhost, KeyShark, others

• Software (spyware)

Online attacks Offline attacks

These can be dealt with somewhat (how?), but…….

slide 15

User Issues!!

Make passwords easy to remember• “password”, “Longhorns”, “Kevin123”

Write them down Use a single password at multiple sites

• Do you use the same password for Amazon and your bank account? MyPoly? Do you remember them all?

Some services use “secret questions” to reset passwords

• “What is your favorite pet’s name?”• Paris Hilton’s T-Mobile cellphone hack

Susceptible to Social Engineering• e.g., Phishing

slide 16

Social Engineering

Univ. of Sydney study (1996)• 336 CS students emailed asking for their passwords

– Pretext: “validate” password database after suspected break-in

• 138 returned their passwords; 30 returned invalid passwords; 200 reset passwords (not disjoint)

Treasury Dept. report (2005)• Auditors pose as IT personnel attempting to correct a

“network problem”• 35 (of 100) IRS managers and employees provide

their usernames and change passwords to a known value

Other examples: Mitnick’s “Art of Deception”

slide 17

A Recent Email…

Images from Anti-Phishing Working Group’s Phishing Archive

slide 18

Images from Anti-Phishing Working Group’s Phishing Archive

slide 19

The next page requests:

Name Address Telephone Credit Card Number, Expiration Date, Security

Code PIN Account Number Personal ID Password

slide 20

Images from Anti-Phishing Working Group’s Phishing Archive

slide 21

But wait…

WHOIS 210.104.211.21:

Location: Korea, Republic Of

Images from Anti-Phishing Working Group’s Phishing Archive

slide 22

slide 23

Phishing: A Growing Problem

Over 16,000 unique phishing attacks reported in Nov. 2005, about double the number from 2004

Estimates suggest phishing affected 1.2 million US citizens and cost businesses billions of dollars in 2004

Additional losses due to consumer fears

[Anti-Phishing Working Group, Phishing Activity Trends Report, Dec. 2005]

slide 24

Basic Phishing Attack

Victim receives email seemingly from an institution• Often reports a problem with victim’s account• Email demands immediate action

Victim led to a website that mimics that of the institution• Prompted to enter account information, passwords, personal

information, etc. Two variations:

• Passive: Attacker collects victim’s information for later exploitation

• Active: Attacker relays victim’s information to the real institution and plunders the account in real time

slide 25

Current Phishing Techniques

Employ visual elements from target site DNS Tricks:

• www.ebay.com.kr• [email protected]• www.gooogle.com• Unicode attacks

JavaScript Attacks• Spoofed SSL lock

Certificates• Phishers can acquire certificates for domains they own• Certificate authorities make mistakes

slide 26

Advanced Phishing Attacks

Spear-phishing: Improved target selection Socially aware attacks [Jakobsson 2005]

• Mine social relationships from public data• Phishing email appears to arrive from someone known to the

victim Context-aware attacks [ibid]

• “Your bid on eBay has won!”• “The books on your Amazon wishlist are on sale!”

slide 27

User Issues!! Users are “task-focussed” Security is a secondary objective Users choose bad passwords and readily

disclose them Users cannot parse URLs, domain

names or PKI certificates Users are inundated with warnings and

pop-ups

slide 28

Phishing Prevention Approaches

Heuristics• Spoofguard [Chou et al. 2004], TrustBar [HerzGbar 2004], eBay

toolbar, SpoofStick• Recent studies indicate users ignore toolbar warnings [Wu

et al. 2005]

slide 29

Spoofguard example

slide 30

Other Approaches

Origin/Server Authentication• Dynamic Security Skins [DhamTyga 2004], Passmark, and the

Petname project; BankofAmerica SiteKey• All rely on user diligence – a single mistake will result in a

compromised account (slow to load image!)

slide 31

Another approach

PwdHash• Instead of the password p, share the hash of

the password (contatenated with domain name): H(p, domain)

• User types in the password p, the browser computes H(p, domain) and send it to the server

• Phishing site learns the hashed value for its own doman, which is of no “direct” use (except running a dictionary attack on the password)

slide 32

In summary

Lot of problems with the passwords• Especially due to user behavior

Can we help users pick strong(er) passwords• Use of mnemonics: Easy to remember but hard

to guess phrases– Phrase to a password

• “Jack and Jill went up the hill” (JaJwuth) (probably not good!)

• “I’ve owned 4 Gateway computers so far” (Io4Gcsf )

Other Directions…

slide 33

Graphical Passwords

Images are easy for humans to recall/recognize• Especially if you invent a memorable story to

go along with the images

Images can not be “written down”

slide 34

Dhamija and Perrig SchemePick several pictures out of many choices, identify them laterin authentication.

http://www.random-art.org/

• Using Hash Visualization, which, given a seed, automatically generate a set of pictures• No need to store images, but take

longer to create passwords

password space: N!/K! (N-K)!( N-total number of pictures; K-number of pictures selected as passwords)

slide 35

Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by

user) among many other objects, user click inside the convex hull bounded by pass-objects.

• authors suggeated using 1000 objects, which makes the display very crowed and the objects almostindistinguishable.

password space: N!/K! (N-K)!( N-total number of picture objects; K-number of pre-registered objects)

slide 36

PassFaces

Using human faces as password

slide 37

User Quotes

“I chose the images of the ladies which appealed the most”

“I simply picked the best lookin girl on each page”

“In order to remember all the pictures for my login (after forgetting my ‘password’ 4 times in a row) I needed to pick pictures I could EASILY remember... So I chose beautiful women. The other option I would have chosen was handsome men, but the women are much more pleasing to look at”

slide 38

More User Quotes

“I picked her because she was female and Asian and being female and Asian, I thought I could remember that”

“I started by deciding to choose faces of people in my own race…”

“… Plus he is African-American like me”

slide 39

Draw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the coordinates of

the grids occupied by the picture are stored in the order of

drawing

redrawing has to touch thesame grids in the same sequence in authentication user studies showed the drawing sequences is hard to Remember

slide 40

“PassPoint” SchemeUser click on any place on an image to create a password. A

tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.

can be hard to remember the sequences

Password Space: N^K( N -the number of pixels or smallest units of a picture, K - the number ofPoint to be clicked on )

slide 41

Shoulder Surfing

Graphical password schemes are perceived to be more vulnerable to “shoulder surfing”

Experimental study with graduate students at the University of Maryland Baltimore County• 4 types of passwords: Passfaces with mouse,

Passfaces with keyboard, dictionary text password, non-dictionary text password (random words and numbers)

Result: non-dictionary text password most vulnerable to shoulder surfing• Why do you think this is the case?

slide 42

Biometric Authentication

Nothing to remember Passive

• Nothing to type, no devices to carry around

Can’t share (usually) Can be fairly unique

• … If measurements are sufficiently accurate

slide 43

Problems with Biometrics

Identification vs. authentication• Identification = associating an identity with an

event or a piece of data– Example: fingerprint at a crime scene

• Authentication = verifying a claimed identity– Example: fingerprint scanner to enter a building

How hard are biometric readings to forge?• Difficulty of forgery is routinely overestimated• Analysis often doesn’t take into account the

possibility of computer-generated forgery

Revocation is difficult or impossible

slide 44

Fake Fingers

Gelatin: gummy fingers

Play-Doh fingers fool 90% of fingerprint scanners• Clarkson University

study

Suggested perspiration measurement to test “liveness” of the finger

[Schuckers]

slide 45

Face/off

slide 46

Tokens

Generally used to improve security of passwords• Two-factor authentication: “Something you have” +

“Something you know”• Use of “one time passwords”

Example: RSA SecurID (many different forms)

Problem: token might not be available, when needed; also each secure site needs a different tokens

slide 47

References

Use google Some of these can be found here:

• http://www.cs.utexas.edu/~shmat/courses/cs378_fall07/cs378_ref.html