CSCI 530, Spring 2010 Copyright © William C. Cheng T1CS530AuthenticationBill Chenghttp://merlot.usc.edu/cs530-s10 CSCI 530, Spring 2010 Copyright © William C. Cheng T2Identification vs. Authenticationassociating an identity (or a claimed identity) with anindividual, process, or requestIdentificationverifying a claimed identityAuthenticationEx: user ID is identification, password is authentication CSCI 530, Spring 2010 Copyright © William C. Cheng T3Basis for Authenticationwho you areIdeallysomething you knowPracticallysomething you havesomething about yousometimes mistakenly called things you areNote: policy determines how and what to doe.g., passworde.g., smartcard, magnetic stripe card, passport, driver’slicensee.g., face, hand, voice, fingerprint (i.e., biometrics) CSCI 530, Spring 2010 Copyright © William C. Cheng T4Something You Knowe.g., encryption key derived from passwordfind it, sniff it, trick you into providing itPasswordsomeone else may learn itother party must know how to checkyou must remember it (tend to use same password)how stored and checked by verifierIssuesAlgorithme-mail from eBay or Paypal asking you to validateyour passwordEx:keep in tableonce this table is obtained, the attacker may use itto login to other systems CSCI 530, Spring 2010 Copyright © William C. Cheng T5Examples of Password Systemsone way encryptionVerifier knows passwordEncrypted Passwordcan one crack password one letter at a time (as often seenin movies)?timing attacks (look at power consumptions, timebetween successive guesses)Ex: UNIXlogin namd, UID, GID, encrypted password all stores in/etc/passwdold systems make /etc/passwd globally readablenew systems move encrypted passwords to /etc/shadowsalt the password (12-bit salt) to protect againstpre-computed dictionary attack CSCI 530, Spring 2010 Copyright © William C. Cheng T6Examples of Password Systems (Cont...)Ex:Third Party ValidationLiberty AllianceMicrosoft PassportKerberosPublic key systems with Directory ServicesCSCI 530, Spring 2010 Copyright © William C. Cheng T7Attacks on PasswordBrute forceDictionaryPre-computed DictionaryGuessingFinding elsewherewhat’s your pet’s name? (favorite city, birth place, ...)sitting in Windows’ Registrysitting on USB harddrive CSCI 530, Spring 2010 Copyright © William C. Cheng T8Something You Havemag stripe (= password?)Cardssmart card, USB keytime varying passwordhow to validateIssueshow to read (i.e. infrastructure)something your device knows!verifier knows that the device is present!secure ID cardchallenge/response cardsmartcard requires special reader, this does notthe user is the device!limited data length to reduce human mistakes CSCI 530, Spring 2010 Copyright © William C. Cheng T9Something About Youmeasures some physical attributeiris scan (can’t really scan the retina)Biometricsfingerprintpicturevoicehow to prevent spoofingsuited when biometric device is trusted/secure, notsuited otherwiseIssueshand scan (geometry of hand)keystroke patterns?fingerprint reading device at home, is that a good idea?must be connected to a tamper-proof device CSCI 530, Spring 2010 Copyright © William C. Cheng T10Other Forms of Authenticatione.g., what’s the amount of your last bill?IP address, MAC addressCaller ID (or call back)Past transaction informatione.g., NFS, DHCPalso works with e-mail CSCI 530, Spring 2010 Copyright © William C. Cheng T11"Enrollment" (for Something You Know)in-person enrollmentHow to initially exchange the secretinformation known in advancethird party verificationmail or email verificatione.g., what’s the amount of your last bill?e.g., a notary publice.g., activation code in e-mail, click here to activate CSCI 530, Spring 2010 Copyright © William C. Cheng T12Multi-factor Authenticatione.g. Smart card plus PINRequire at least two of the three classes abovee.g. biometric and passwordbetter than one factorIssuesbe careful about how the second factor is validatedE.g., on card, or on remote systeme.g. credit card plus zip code of billing addressPIN goes to remote system (or goes through smartcardand then remote system)CSCI 530, Spring 2010 Copyright © William C. Cheng T13General Problems with Passwordand what it leads toSpace from which passwords are chosenToo many passwordssolution is "single sign on"? CSCI 530, Spring 2010 Copyright © William C. Cheng T14Single Sign On"Users should log in once and have access to everything"which are easily stolenMany systems store password listsusable with multiple verifiersBetter is encryption based credentialsinteroperability is complicating factorcommunicating information about authentication using amarkup language (Security Association Markup Language)Liberty Allianceoriginal version based on cookies and hotmail passwordsMicrosoft Passportnext version based on Kerberos (cross realmauthentication) CSCI 530, Spring 2010 Copyright © William C. Cheng T15Encryption Based Authenticationnonce = non repeating valueProving knowledge of encryption key{Nonce/timestamp}KcscKcssKcs CSCI 530, Spring 2010 Copyright © William C. Cheng T16Authentication with Conventional CryptographyKerberos{data}Kc,s, {t}Kc,s, {Kc,s}KsKDCcKcsKs s{Kc,s}Kc{Kc,s}Ks CSCI 530, Spring 2010 Copyright © William C. Cheng T17Authentication with Conventional CryptographyKerberos or Needham-SchroederKDCcKcs s, {t}KcKTGS{Kc,s}Kc{Kc,s}KsKsincludes challenge/responseoptional pre-authenticator in original message{data}Kc,s, {Kc,s}KsTGS{Kc,TGS}Kc{Kc,TGS}KTGSKDC TGS cKcsKs s, {t}Kc,TGS{Kc,TGS}KTGSKTGS{Kc,s}Kc,TGS{Kc,s}Ksdistributes session keys for authentication, confidentiality,and integrityKDC & TGS is usually combinedThird-party authentication serviceKDC can generate cross realm TGT (pre-arranged) CSCI 530, Spring 2010 Copyright © William C. Cheng T18KerberosCSCI 530, Spring 2010 Copyright © William C. Cheng T19Authentication with Public Key CryptographyDS = Directory Serverclient can include public key certificate in the firstmessageBased on public key certificatesDS[{Nonce/timestamp}Kses,{Kses}Kpubs]DSsKprivscKprivccontact DS mainly to check to see if the public keycertificate has ben revoked and to obtain othercertificatesconfidentiality not needed for public keyKey distributionslower than conventional cryptographyPerformancesolves n2 problemimplementations use for key distribution, then useconventional crypto for data encryptionto obtain other public key certificatesTrusted third party still neededto manage revocationin some cases, third party
View Full Document
Unlocking...