Bishop Chapter 12 Authentication csci 5233 Computer Security
Bishop: Chapter 12 Authentication csci 5233 Computer Security 1
Outline • Introduction • Passwords-based authentication • Challenge-response • Other methods: – Biometrics-based authentication – Location-based authentication – Hybrid approach csci 5233 Computer Security 2
Authentication • Authentication: Binding of identity to the subject – Entity knows something • – Entity has something • – Badge, smart card Entity is something • – Passwords, id numbers Biometrics Entity is someplace • Source IP, restricted area terminal csci 5233 Computer Security 3
Authentication • Five components in an authentication system (AS) – A: set of authentication information • used by the entity to prove its identify • e. g. , id/password – C: set of complementary information • used by the AS to validate A • e. g. , passwords – F: • • • set of complementation functions f: A→C Given a A, generate appropriate c C e. g. , Given id & password, the AS retrieves the stored password. csci 5233 Computer Security 4
Authentication • (Cont. ) – L: • • • – S: set of selection functions • Enables the entity to generate/alter A and/or C • e. g. , mechanisms allowing a user to change its password (such as passwd in UNIX) set of authentication functions l: A C → { true, false } verify the entity’s identity e. g. , Given the id/password provided by the entity, and the retrieved password, the AS compares the two passwords to determine if the entity should be authenticated. l in this case is the equivalent( ) function. csci 5233 Computer Security 5
Passwords-based Authentication • A password is information associated with an entity that confirms its identity. • How can passwords be protected? • A solution: one-way hashing A user’s password is encrypted and then stored. The stored password is never decrypted. It should be difficult for an attacker to revert the stored password to the plaintext password. A user A may try to guess the password of another user, B, and thus impersonate B. (next slide) csci 5233 Computer Security 6
Passwords-based Authentication • Impersonating by guessing passwords The goal: To find an a A such that, for f F, f(a) = c C, and c is associated with an entity. • General approaches 1. Hide enough information so that one of a, c, or f cannot be found. 2. Prevent access to the authentication functions L. 3. Other approaches? The 3 -tries “principle” csci 5233 Computer Security 7
Passwords-based Authentication • A dictionary attack is the guessing of a password by repeated trial and error. • The dictionary may be a set of strings in random order, or a set of strings in decreasing order of probability of selection. • Type one dictionary attack: Given c C and f F, the attack takes each guess g and computes f(g) for each f F. If f(g) corresponds to the c for the entity, then g authenticates the entity under f. • Type 2 dictionary attack: Given l L, the attack takes a guess g. If l returns true, given g, then g is the correct password. csci 5233 Computer Security 8
Passwords-based Authentication • Countering dictionary attack – – The goal: To maximize the time needed to guess the password Anderson’s Formula: P: The probability that an attacker guesses a password in a specified period of time G: The number of guesses that can be tested in one time unit T: The number of time units during which guessing occurs N: The number of possible passwords A generalized form of the formula: Examples: next slide csci 5233 Computer Security 9
Passwords-based Authentication • An example: – Let S be the length of the password. – Let A be the number of characters in the alphabet from which the characters of the password are drawn. Then N = AS. – Let E be the number of characters exchanged when logging in. – Let R be the number of bytes per minute that can be sent over a communication link. – Let G be the number of guesses per minute. Then G = R / E. – If the attack extends over M months, T = 30 x 24 x 60 x M. – Let P be the probability that the attack would succeed. Then csci 5233 Computer Security 10
Passwords-based Authentication • Analysis of the Anderson Formula: – The goal is to maximize the time needed for the attacker to guess the password (T). – That is, to decrease the chance that the attack may succeed (P). • • Approaches: – To increase N, the set of possible passwords – To decrease the time allowed to guess the passwords, that is, to reduce T – To decrease G Question: How can each of the approaches be implemented? See the 2 nd example on page 313. csci 5233 Computer Security 11
Passwords-based Authentication • Password Selection – Random – Pronounceable nonsense – Use selection • – Controls on allowable Password checking, aging csci 5233 Computer Security 12
Outline • Introduction • Passwords-based authentication • Challenge-response • Other methods: – Biometrics-based authentication – Location-based authentication – Hybrid approach csci 5233 Computer Security 13
Challenge-Response • The fundamental problem with passwords is that they are reusable. That is, a valid password may be replayed by an attacker. • Solution? To associate a password with only one session • A challenge-response AS is one in which the system S sends a random message m (the challenge) to a user U, and U replies with r = f(m). f( ) is a secret function agreed upon by both S and U. 1. U request to connect S 2. S challenge (c) U 3. U response (r) S // S validates r by determining whether r = f(c). csci 5233 Computer Security 14
Challenge-Response • A function f is called a pass algorithm, if f is the secret in a challenge-response AS. • A sample pass algorithm: – Suppose f(c) = cc mod <the-current-year>. – On November 12, 2004, when the AS sends c = 5 to U, U should return 1121 in order to be authenticated. Otherwise the authentication fails. csci 5233 Computer Security 15
Challenge-Response • One-Time Passwords A one-time password is a password that is invalidated as soon as it is used. A form of challenge-response authentication. The user and the AS agree on the mechanism of generating a sequence of passwords. Every time a password in the sequence is used, it is invalidated. The next time the user logs in, the next password in the sequence is used. csci 5233 Computer Security 16
Challenge-Response • Hardware-supported C/R authentication One or more hardware devices are used in the C/R validation procedure. • Two forms 1. Tokens: A token is a device that provides mechanisms for hashing or enciphering information. a) AS c U b) U c token c) token r U d) U r AS 2. Time-based: A device, which is attached to a computer, displays a different number every 60 seconds. To log in, the user enters the number displayed on the device, followed by his/her password. e. g. , RSA Secur. ID Card csci 5233 Computer Security 17
Challenge-Response • Advantages of hardware-supported authentication? – • Two-factor authentication Links: – – RSA Secur. ID Card (SD 200): http: //www. mocomsystems. com/rsa_secur. ID_card. html RSA Secur. ID® Card Studio: http: //www. rsasecurity. com/company/news/releases/pr. asp? doc_id=880 – Authentication using RSA Secur. ID Card: http: //www. safestone. com/downloads/datasheets/rsa_securid. pdf • More Information: – The Power Behind RSA Secur. ID® Two-factor User Authentication: RSA ACE/Server® (an RSA white paper) http: //www. rsasecurity. com/products/securid/whitepapers/AS 51_SB_0203. pdf#xml=http: //www. rsasecurity. com/programs/texis. exe/webi nator/search/xml. txt? query=RSA+Secur. ID+Card+&pr=default&order=r&cq=&id=3 fb 204 b 72 csci 5233 Computer Security 18
Challenge-Response • Attacks on Challenge-Response Authentication – If the attacker have sufficient number of challenges (c) and the respective responses (r), he can try to deduce the encryption algorithm. – Example: the compromised Kerberos AS – A solution: encrypted key challenge [Bellovin/Merritt, 1992] • • • Use shared key to share session key Session key encrypts challenge Challenge thus indistinguishable from random data csci 5233 Computer Security 19
Outline • Introduction • Passwords-based authentication • Challenge-response • Other methods: – Biometrics-based authentication – Location-based authentication – Hybrid approach csci 5233 Computer Security 20
Biometrics-Based Authentication • • • Automatic measurement of biological or behavioral features that identify a person Used for human subject identification Based on physical characteristics that are tough to copy – – – fingerprint voice patterns iris patterns / retina scans face recognition keystroke dynamics (interval, timing, pressure, duration, location, etc. ) Combined approach csci 5233 Computer Security 21
Location-Based Authentication • Location signature = unique location + unique time – – • Location signature sensor (LSS) – – • Describes the physical location of an entity Relies on GPS A hardware device used by the user’s host to obtain a LS for the user The LS is transmitted from the user site to the AS site for authentication. Attacks at location-based authentication • • Stolen LSS: impersonation attacks ? Intercepted LS: replay attacks ? csci 5233 Computer Security 22
Location-Based Authentication • Strengths of LBA: 1. Hardware-based authentication 2. A stolen LSS is useless. (True? ) 3. The authentication can be done continuously. • Any weakness ? csci 5233 Computer Security 23
Hybrid Authentication • The principle of multiple factors • Examples: • LSS + id/password • Challenge/response + smart card • What you are + what you have (examples? ) csci 5233 Computer Security 24
Summary • Passwords-based authentication • Challenge/Response • Other methods: – Biometrics-based authentication – Location-based authentication – Hybrid approach csci 5233 Computer Security 25
Next • Chapter 14: Identity csci 5233 Computer Security 26
- Slides: 26