1 AuthenticationCS498IASpring 2007Based on slides provided by Matt Bishop for use withComputer Security: Art and Science2Reading• Chapter 12 from Computer Science: Art andScience3Overview• Basics• Passwords− Storage− Selection− Breaking them• Challenge Response• Biometrics• Multi-factor4Basics• Authentication: binding of identity to subject− Identity is that of external entity (my identity, theIllini Union Bookstore, etc.)− Subject is computer entity (process, networkconnection, etc.)Establishing Identity• One or more of the following− What you know− What you have− What you are• Examples?• Others− Where you are− Context− Time of day− ...What You Know: PasswordsAlice ServerPWfileUser: AlicePassword: xyzzyAlice: xyzzyBob: aliceCarol: secretPassword Storage• Solution 1: store in file− If file stolen, everyone’s passwords are revealed• Solution 2: store in encrypted file− Server has to keep decryption keys, where do youstore those?• Solution 3: store one-way hashes− Alice: H(“xyzzy”)− Bob: H(“alice”)− ...Dictionary Attacks• Get password file, try all possible words indictionary− H(“aardvark”)− H(“abacus”)− H(“abalone”)− ...• Better yet, precompute answers− Build a dictionary of hashes− Sophisticated techniques possibleDefense: salting• Add a “salt” to password− Alice: salt, H(salt || “xyzzy”)• E.g. UNIX passwords use two-character salt− Pre-computation now 4096 times more expensive!• Still not clear whether good enough− Password cracking tools abound− Getting better all the time (Moore’s law, etc.)− Human-memorable passwords are easy to guessPassword Generation• How do you generate your passwords?• Some methods− Random phonemes− First letter of phraseOnline Dictionary Attacks• Keep password file secure− on UNIX, pw file used to be world-readable− On Linux/modern systems, only root can read it• Online dictionary attacks still possible• Easier to prevent− Limit # of tries per time unit− Lock account after # of tries− Alert administrator after # of triesChallenge Response• Password can be intercepted• Challenge-Response Protocols:− Server->User: c− User->Server: H(c || “password”)• Advantages:− Eavesdropper learns nothing (even if pretends tobe server)• Disadvantages:− Server has to know password− Humans can’t compute hashes13One-Time Passwords• Password that can be used exactly once− After use, it is immediately invalidated• Challenge-response mechanism− Challenge is one of a number of authentications;response is password for that particular number• Problems− Synchronization of user, system− Generation of good random passwords− Password distribution problem14S/Key• One-time password scheme based on idea ofLamport• h one-way hash function (MD5 or SHA-1, forexample)• User chooses initial seed k• System calculates:h(k) = k1, h(k1) = k2, …, h(kn–1) = kn• Passwords are reverse order:p1 = kn, p2 = kn–1, …, pn–1 = k2, pn = k115S/Key Protocolusersystem{ name }usersystem{ i }usersystem{ pi }System stores maximum number of authentications n, numberof next authentication i, last correctly supplied password pi–1.System computes h(pi) = h(kn–i+1) = kn–i+2 = pi–1. If match withwhat is stored, system replaces pi–1 with pi and increments i.(Note error in the CSA&S textbook.)16Hardware Support• Token-based− Used to compute response to challenge• May encipher or hash challenge• May require PIN from user• Temporally-based− Every minute (or so) different number shown• Computer knows what number to expect when− User enters number and fixed password17Biometrics• Automated measurement of biological,behavioral features that identify a person− Fingerprints: optical or electrical techniques• Maps fingerprint into a graph, then compares withdatabase• Measurements imprecise, so approximate matchingalgorithms used− Voices: speaker verification or recognition• Verification: uses statistical techniques to testhypothesis that speaker is who is claimed (speakerdependent)• Recognition: checks content of answers (speakerindependent)18Other Characteristics• Can use several other characteristics− Eyes: patterns in irises unique• Measure patterns, determine if differences are random;or correlate images using statistical tests− Faces: image, or specific characteristics likedistance from nose to chin• Lighting, view of face, other noise can hinder this− Keystroke dynamics: believed to be unique• Keystroke intervals, pressure, duration of stroke, wherekey is struck• Statistical tests used19Cautions• These can be fooled!− Assumes biometric device accurate in the environment it isbeing used in!− Transmission of data to validator is tamperproof, correct20Key Points• Authentication ≠ cryptography− You have to consider system components• Passwords are here to stay− They provide a basis for most forms ofauthentication• Protocols are important− They can make masquerading harder• Authentication methods can be
View Full Document