Authentication Process
Two-step process for verifying the identity claimed by a user
Identification step
Presenting the system with an identifier
Tells the system whose identity will be verified
For example, entering a username at a login prompt
Verification step
Presenting or generating authentication information
Allows the system to corroborate the binding between the entity submitting the information and the claimed identity
For example, entering a password
User authentication is the primary line of defense in a computing system
User authentication is the basis for most types of access control and for user accountability
3
Means of Authentication
The following methods can be used alone or combined
Something the individual knows
Such as password, PIN, answers to security questions
Something the individual possesses
Such as electronic keycards, smart cards, and physical keys
Something the individual is (static biometrics)
Such as fingerprint, retina, face
Something the individual does (dynamic biometrics)
Such as voice pattern, handwriting characteristics, typing rhythm
4
Password-Based Authentication
Password-based authentication
User provides name/login (user ID) and password
System compares password with the one stored for that specific user ID
User ID is used for
Determining whether the user is authorized to access the system
Determining the privileges the user has on the system
Discretionary access control
Password file
Used for storing user authentication information
Indexed by user ID
Stores hash values for passwords
5
Password Vulnerabilities
Offline dictionary attack (“dictionary attack”)
Attacker gets copy of password file
Password is stored in hash values.
Assuming the attacker knows the hash algorithm,
The attacker uses a dictionary of commonly used passwords
He hashes each values in the dictionary and compares them to the values in the file
A match indicates that the dictionary entry is the password
A 500,000 word dictionary is often enough to decrypt weak passwords
For example, English words and names, simple patterns
Multiple password use
Attacks can be more effective or damaging if different network devices share same or similar passwords
User mistakes
For example, social engineering attack, user intentionally shares password with a colleague, user writes down password (and the writing is stolen)
etc.
6
Password Salt
“Salt” is often used to make passwords more secure
A random number (set of bits) that the system associates with a user
The user does not know the value
The system stores the hash value of the plaintext password concatenated with the salt, i.e, H( salt || password )
When salt is used, an attacker knowing only the user’s username has a much more difficult task:
Search space increased by 2B, where B is the number of bits in the salt.
Overall worst-case number of combinations to check is (D)(2B), where D is the number of words in the dictionary.
Example:
Assume 500,000 words in dictionary
Assume 32-bit salt
Then, search space is:
500,000 * 232 = 2,147,483,648,000,000 (over 2 quadrillion)
Compare: attacker would only need to check 500,000 values if only the password were hashed
7
Unix Password Scheme
System assigns salt value
User is never told the salt value
Salt value is stored in plaintext form
Salt value is retrieved when user logs in
Hash function purposely runs slowly to thwart attacks
8
Advantage of Password Salt
Duplicate passwords on same system will almost certainly not be visible in the password file
If two users on same system choose the same password, the random salt values will almost certainly be different, so the hash values will be different
It is nearly impossible to determine whether a particular user chose the same password on multiple systems
Salt values, and hence hash values, will almost certainly be different
Difficulty of dictionary attack increased by a factor of 2b (see preceding slide)
9
Password File Access Control
We can use access control to reduce the likelihood that the hashed passwords will be obtained by an attacker
Make entire password file accessible only by a privileged user
Hashed password are stored in a separate file from user IDs.
Shadow password file
Can only be accessed by a privileged user
Even so, the hashed passwords can still be compromised by:
An OS vulnerability that allows a privilege escalation attack
An accident with permissions making the data readable
A user using the same password on another system that is cracked
Attacker acquires access to backup media
Passwords can even sometimes be sniffed in network traffic
Keylogging malware
10
Password Selection Strategies
Dictionary attacks can be used to gain entry even if the password file is not compromised
For example, user selects short password, or common words, or variations on user personal information that may be known by an attacker
Solutions
User education
Tell users not to use simple password, or use personal information, etc.
Not likely to succeed for a large population (e.g., across an enterprise)
Computer-generated password
If password truly random, unlikely to be remembered
Even if pronounceable, user will be tempted to write it down
11
Password Selection Strategies
Reactive password checker
Periodically attempt to crack passwords on the system
If a password is cracked, disable the login and notify user to change it
Computationally intensive, especially as a background task on a system doing things other than cracking passwords
Complex password policy
Require sufficiently long passwords
Require use of special characters, numbers, mixed case letters, etc.
Rejects common words and variations on user information
Usually implemented by a proactive password checker
Rejects disallowed passwords at the time of selection by user
Encourages user to select a password from a larger password space that is nevertheless easier for the user to remember
12
Bloom Filter
Bloom filter
A space efficient probabilistic data structure
Used for determining whether an element is a member of a set
Developed by Burton Howard Bloom in 1970
Useful for implementing a proactive password checker
Operate as a password checker
Given
A large dictionary of passwords that we wish to disallow
Some number of hash functions, all with same output space
Initialize all values to 0 for a bit array of size equal to the size of the output space
Preprocess each word in dictionary with each hash function and set the corresponding bit to 1 for each value computed by one of the hash functions
For example, Hi(Xj)=67, 67th entry of the hash table is set to 1
To check if a candidate password is in the list, apply each hash function to it
if any corresponding bit is 0, then the candidate is definitely not on the list
if all corresponding bits are 1, then candidate most likely in list
13
Bloom Filter
14
Token-based Authentication
Token
An object that the user possesses
Without the token, access is denied no matter who you are
With the token, access may be granted
Additional authentication steps may be required
Traditional token
Parallel port dongles
USB dongles
Old-style credit card with raised characters
We will discuss two types in current wide use
Memory cards
Smart cards
15
Memory Card
Can store but cannot process data
Most common type uses magnetic stripe
Can be used alone for physical access
Hotel room
Can include electronic memory
Prepaid phone card
Provides significantly greater security when combined with a password or PIN
ATM card
Drawbacks
Requires a special reader
Loss of token leaves owner unable to access
Acceptable for ATMs, but not for computer access
16
Smart Card
Includes an embedded microprocessor
Can sometimes include encryption and digital signature capabilities
Can look like a bank card, calculator, key, or other small portable object
Interface
Manual interface typically includes a keypad and display
Electronic interface
Contact: insert into a card reader
Contactless: in close proximity to a reader
Authentication protocol
Reader performs reset when card is inserted
Card and reader negotiate the communication protocol for session
Data is exchanged using protocol
17
Biometric Authentication
Biometric authentication
Authenticates user based on his or her unique physical characteristics
Static characteristics
Fingerprints
Facial characteristics
Relative location and shape of eyes, eyebrows, nose, lips, and chin shape
Could also use thermal image of underlying vascular system of the user’s face
Hand geometry – shape, lengths and widths of fingers
Retinal pattern
Detailed structure of the iris
Dynamic characteristics
Signature
Voice
18
Biometric Accuracy
Biometric measurements vary
Results for an individual feature typically form a bell curve
As a result, there can be false positive and false negative matches
Different biometrics have different costs and accuracies
19
Remote User Authentication
Authentication over a network, the Internet, or a communications link is more complex
Additional security threats include
Eavesdropping,
Capturing a password,
Replaying an observed authentication sequence
Challenge-response protocol
User transmits his or her identity to remote host
Host generate random number r (the nonce)
Host returns r to user, along with requirement to use a particular function f() and a particular hash function h() in the user’s response to the challenge
User computes and returns f( r’, h(P’)), where r’ = r and P’ = user’s password
Remote host compares f( r’, h(P’)) ) to a stored value
20
Advantages of Challenge-Response Protocol
Challenge-response defends against several types of attack:
Host stores hash of password, not password itself
Not even hash of password is transmitted
Password hash cannot be intercepted
Use of a nonce (random number used only once) defends against replay attack
21
Security Issues for User Authentication
Attacks | Authenticators | Examples | Typical defenses |
Client attack | Password | Guessing, exhaustive search | Large entropy; limited attempts |
Token | Exhaustive search | Large entropy; limited attempts, theft of object requires presence | |
Biometric | False match | Large entropy; limited attempts | |
Host attack | Password | Plaintext theft, dictionary/exhaustive search | Hashing; large entropy; protection of password database |
Token | Passcode theft | Same as password; 1-time passcode | |
Biometric | Template theft | Capture device authentication; challenge response | |
Eavesdropping, theft, and copying | Password | “Shoulder surfing” | User diligence to keep secret; administrator diligence to quickly revoke compromised passwords; multifactor authentication |
Token | Theft, counterfeiting hardware | Multifactor authentication; tamper resistant/evident token | |
Biometric | Copying (spoofing) biometric | Copy detection at capture device and capture device authentication | |
Replay | Password | Replay stolen password response | Challenge-response protocol |
Token | Replay stolen passcode response | Challenge-response protocol; 1-time passcode | |
Biometric | Replay stolen biometric template response | Copy detection at capture device and capture device authentication via challenge-response protocol | |
Trojan horse | Password, token, biometric | Installation of rogue client or capture device | Authentication of client or capture device within trusted security perimeter |
Denial of service | Password, token, biometric | Lockout by multiple failed authentications | Multifactor with token |
Summary
Authentication Process
Means of Authentication
Password-Based Authentication
Password Vulnerabilities
Password Salt
Unix Password Scheme
Advantage of Password Salt
Password File Access Control
Password Selection Strategies
Bloom Filter
Token-based Authentication
Memory Card
Smart Card
Biometric Authentication
Biometric Accuracy
Remote User Authentication
Advantages of Challenge-Response Protocol
Security Issues for User Authentication
23