OutlineObjectivesPassword authenticationBasic password schemeSlide 5Unix password systemUNIX Password SystemDictionary Attack – some numbersSlide 9Challenge-response AuthenticationAuthenticationAuthentication: another trySlide 13Slide 14Slide 15Authentication: yet another trySlide 17Slide 18Authentication: ap5.0Slide 20BiometricsSlide 22Token-based Authentication Smart CardSmart Card ExampleGroup QuizSlide 26Single sign-on systemsMicrosoft PassportPassport log-inTrusted IntermediariesKey Distribution Center (KDC)Slide 32Ticket and Standard Using KDCKerberosTwo-Step AuthenticationStill Not Good EnoughSymmetric Keys in Kerberos“Single Logon” AuthenticationObtaining a Service TicketObtaining ServiceKerberos 4 OverviewImportant Ideas in KerberosPractical Uses of KerberosWhen NOT Use KerberosSlide 45Certification AuthoritiesSlide 47General Process of SSLAuthentication in SSL/HTTPSSingle KDC/CAMultiple KDC/CA DomainsSlide 52Slide 53Backup SlidesAdvantages of saltFour parts of Passport accountKerberos in Large NetworksOutline•User authentication–Password authentication, salt–Challenge-response authentication protocols–Biometrics–Token-based authentication•Authentication in distributed systems (multi service providers/domains)–Single sign-on, Microsoft Passport–Trusted Intermediaries (KPC and CA)Objectives•Understand the four major individual authentication mechanisms and their comparison•Understand the basic mechanisms of trusted intermediaries for distributed authentication using different crypto methods–Symmetric key: KDC (the key concept of ticket)–Asymmetric key: CA•Know the practical protocols of distributed authentication–Symmetric key: Kerberos–Asymmetric key: X.509Password authentication•Basic idea–User has a secret password–System checks password to authenticate user•Issues–How is password stored?–How does system check password?–How easy is it to guess a password?•Difficult to keep password file secret, so best if it is hard to guess password even if you have the password fileBasic password schemePassword fileUser exrygbzyf kgnosfix ggjoklbsz … …kiwifruithash functionBasic password scheme•Hash function h : strings strings–Given h(password), hard to find password–No known algorithm better than trial and error•User password stored as h(password)•When user enters password–System computes h(password)–Compares with entry in password file•No passwords stored on diskUnix password system•Hash function is 25xDES–25 rounds of DES-variant encryptions•Any user can try “dictionary attack”R.H. Morris and K. Thompson, Password security: a case history, Communications of the ACM, November 1979UNIX Password System•Password linewalt:fURfuu4.4hY0U:129:129:Belgers:/home/walt:/bin/csh25x DESInputSaltKeyConstant,A 64-bit block of 0PlaintextCiphertextCompareDictionary Attack – some numbers•Typical password dictionary – 1,000,000 entries of common passwords•people's names, common pet names, and ordinary words. –Suppose you generate and analyze 10 guesses per second•This may be reasonable for a web site; offline is much faster–Dictionary attack in at most 100,000 seconds = 28 hours, or 14 hours on average•If passwords were random–Assume six-character password •Upper- and lowercase letters, digits, 32 punctuation characters•689,869,781,056 password combinations.•Exhaustive search requires 1,093 years on averageOutline•User authentication–Password authentication, salt–Challenge-response authentication protocols–Biometrics–Token-based authentication•Authentication in distributed systems (multi service providers/domains)–Single sign-on, Microsoft Passport–Trusted IntermediariesChallenge-response AuthenticationGoal: Bob wants Alice to “prove” her identity to himProtocol ap1.0: Alice says “I am Alice”Failure scenario??“I am Alice”AuthenticationGoal: Bob wants Alice to “prove” her identity to himProtocol ap1.0: Alice says “I am Alice”in a network,Bob can not “see” Alice, so Trudy simply declaresherself to be Alice“I am Alice”Authentication: another tryProtocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP address Failure scenario??“I am Alice”Alice’s IP addressAuthentication: another tryProtocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP address Trudy can createa packet “spoofing”Alice’s address“I am Alice”Alice’s IP addressAuthentication: another tryProtocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.Failure scenario??“I’m Alice”Alice’s IP addrAlice’s passwordOKAlice’s IP addrAuthentication: another tryProtocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.playback attack: Trudy records Alice’s packetand laterplays it back to Bob “I’m Alice”Alice’s IP addrAlice’s passwordOKAlice’s IP addr“I’m Alice”Alice’s IP addrAlice’s passwordAuthentication: yet another tryProtocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.Failure scenario??“I’m Alice”Alice’s IP addrencrypted passwordOKAlice’s IP addrAuthentication: another tryProtocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.recordandplaybackstill works!“I’m Alice”Alice’s IP addrencrypptedpasswordOKAlice’s IP addr“I’m Alice”Alice’s IP addrencryptedpasswordAuthentication: yet another tryGoal: avoid playback attackFailures, drawbacks?Nonce: number (R) used only once –in-a-lifetimeap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alicemust return R, encrypted with shared secret key“I am Alice”RK (R)A-BAlice is live, and only Alice knows key to encrypt nonce, so it must be Alice!Authentication: ap5.0ap4.0 doesn’t protect against server database reading •can we authenticate using public key techniques?ap5.0: use nonce, public key cryptography“I am Alice”RBob computesK (R)A-(K (R)) = RA-K A+and knows only Alice could have the private key, that encrypted R such that(K (R)) = RA-K A+Outline•User authentication–Password authentication, salt–Challenge-response authentication protocols–Biometrics–Token-based authentication•Authentication in distributed systems (multi service providers/domains)–Single sign-on, Microsoft Passport–Trusted
View Full Document
Unlocking...