CS162 Operating Systems and Systems Programming Lecture 26 Protection and Security II April 29 2010 Ion Stoica http inst eecs berkeley edu cs162 Review How easy to guess a password Ways of Compromising Passwords Password Guessing Often people use obvious information like birthday favorite color girlfriend s name etc Dictionary Attack Work way through dictionary and compare encrypted version of dictionary words with entries in etc passwd Dumpster Diving Find pieces of paper with passwords written on them Also used to get social security numbers etc Paradox Short passwords are easy to crack Long ones people write down Technology means we have to use longer passwords UNIX initially required lowercase 5 letter passwords total of 265 10million passwords In 1975 10ms to check a password 1 day to crack In 2005 01 s to check a password 0 1 seconds to crack Takes less time to check for all words in the dictionary 4 29 10 CS162 UCB Spring 2010 Lec 26 2 Review Making password harder to crack How can we make passwords harder to crack Can t make it impossible but can help Technique 1 Extend everyone s password with a unique number stored in password file Called salt UNIX uses 12 bit salt making dictionary attacks 4096 times harder Without salt would be possible to pre compute all the words in the dictionary hashed with the UNIX algorithm would make comparing with etc passwd easy Technique 2 Require more complex passwords Make people use at least 8 character passwords with upper case lower case and numbers 708 6x1014 6million seconds 69 days 0 01 s check Unfortunately people still pick common patterns e g Capitalize first letter of common word add one digit 4 29 10 CS162 UCB Spring 2010 Lec 26 3 Review Making password harder to crack con t Technique 3 Delay checking of passwords If attacker doesn t have access to etc passwd delay every remote login attempt by 1 second Makes it infeasible for rapid fire dictionary attack Technique 4 Assign very long passwords Long passwords or pass phrases can have more entropy randomness harder to crack Give everyone a smart card or ATM card to carry around to remember password Requires physical theft to steal password Can require PIN from user before authenticates self Better have smartcard generate pseudorandom number Client and server share initial seed Each second login attempt advances to next random number Technique 5 Zero Knowledge Proof Require a series of challenge response questions Distribute secret algorithm to user Server presents a number say 5 user computes something from the number and returns answer to server Server never asks same question twice Often performed by smartcard plugged into system 4 29 10 CS162 UCB Spring 2010 Lec 26 4 Goals for Today Distributed Authorization Remote Storage Buffer overflow Worms and Viruses Note Some slides and or pictures in the following are adapted from slides 2005 Silberschatz Galvin and Gagne Also slides adapted from Kubiatowicz and Paxson 4 29 10 CS162 UCB Spring 2010 Lec 26 5 Authorization Who Can Do What How do we decide who is authorized to do actions in the system Access Control Matrix contains all permissions in the system Resources across top Files Devices etc Domains in columns A domain might be a user or a group of permissions E g above User D3 can read F2 or execute F3 In practice table would be huge and sparse Two approaches to implementation Access Control Lists store permissions with each object Still might be lots of users UNIX limits each file to r w x for owner group world More recent systems allow definition of groups of users and permissions for each group Capability List each process tracks objects has permission to touch Popular in the past idea out of favor today Consider page table Each process has list of pages it has access to not each page has list of processes 4 29 10 CS162 UCB Spring 2010 Lec 26 6 How to perform Authorization for Distributed Systems Different Authorization Domains Issues Are all user names in world unique No They only have small number of characters Need something better more unique to identify person Suppose want to connect with any server at any time Need an account on every machine possibly with different user name for each account OR Need to use something more universal as identity Public Keys Called Principles People are their public keys 4 29 10 CS162 UCB Spring 2010 Lec 26 7 Distributed Access Control File File X X Owner Owner Key Key 0x22347EF 0x22347EF Access Control List ACL for X Group ACL Key 0xA786EF889A R Key 0x546DFEFA34 Key 0x6647DBC9AC RW Key 0x467D34EF83 Group Certificate RX Group Key 0xA2D3498672 Certificate by X s owner E H ACL Kprivate owner E H GACL Kprivate group Distributed Access Control List ACL Contains list of attributes Read Write Execute etc with attached identities Here we show public keys ACLs signed by owner of file only changeable by owner Group lists signed by group key ACLs can be on different servers than data Signatures allow us to validate them ACLs could even be stored separately from verifiers 4 29 10 CS162 UCB Spring 2010 Lec 26 8 Distributed Access Control File File X X Access Control List ACL for X ACL verifier Hash Timestamp R Key 0x546DFEFA34 Signature owner RW Key 0x467D34EF83 e at v i pr C A 9 K C B X 7D Client 1 4 Domain 1 ead 66 K a x R 0 at d E ey E K r ve e er s e at iv r p GACL Server 1 Domain 2 c RX Group Key 0xA2D3498672 nt lie Read Group Owner Owner Key Key 0x22347EF 0x22347EF Group ACL GACL verifier Hash Timestamp Key 0xA786EF889A Signature group Key 0x6647DBC9AC Server 2 Domain 3 Distributed Access Control List ACL Contains list of attributes Read Write Execute etc with attached identities Here we show public keys ACLs signed by owner of file only changeable by owner Group lists signed by group key ACLs can be on different servers than data Signatures allow us to validate them ACLs could even be stored separately from verifiers 4 29 10 CS162 UCB Spring 2010 Lec 26 9 Analysis of Previous Scheme Positive Points Identities checked via signatures and public keys Client can t generate request for data unless they have private key to go with their public identity Server won t use ACLs not properly signed by owner of file No problems with multiple domains since identities designed to be cross domain public keys domain neutral Revocation What if someone steals your private key Need to walk through all ACLs with your key and change This is very expensive Have unique string identifying you that people place into
View Full Document
Unlocking...