31
1 Rethinking Password Strategies Ravi Sandhu Chief Scientist [email protected] 703 283 3484

1 Rethinking Password Strategies Ravi Sandhu Chief Scientist [email protected] 703 283 3484 [email protected]

Embed Size (px)

Citation preview

Page 1: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

1

Rethinking Password Strategies

Ravi SandhuChief Scientist

[email protected] 283 3484

Page 2: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

2

Outline

• Security doctrine for the 21st century

• Password vulnerabilities and countermeasures

• Available technologies

Page 3: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

3

Secure doctrine for the 21st century

• Good enough security– Absolute security is not possible

– Too much security is counterproductive

– Too little security is not acceptable

– The goal is to find the sweet spot

• Security dollars must work smarter and harder– Security threats are growing

– Security budgets are flat and expertise is shrinking

– Need more bang for the buck

• Prevent catastrophic failure and tolerate sporadic isolated failures– Focus on preventing catastrophic failure

– Tolerate sporadic isolated failures

Page 4: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

4

The threat environment is getting worse

1990 1995 2000 2005

Illegal modems, floppy-viruses, insider theft

Info Web sites, firewalls, email-viruses, insider theft

Online web sites, IDS, worms, insider theft

XML, disappearing boundaries, insider theft

Claim: The potential threat has gone up

hundredfold.

RISK

Page 5: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

5

Resources and expertise are not growing

1990 1995 2000 2005

Dollars devoted to problem

Skilled resources to address the problems

Page 6: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

6

Work smarter and harder

• Starting point:– Risks went up 100 fold

– Security dollars went up a little

– Skilled resources went down

• So what could happen?• Option: Your security budget goes up enormously• Reality: Security budget stays flat as % of IT budget.

The security dollars have to work smarter and harder!

Page 7: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

7

Some thoughts on “smarter”...

• Proposition: We waste dollars on non/small problems (the 20/80 rule of security!)

• Example: Unnecessary encryption (40 bit vs. 128 bit SSL)

• Explanation: – Security has many roots in the cold war era. The

communication link was the problem. In our world the end points are a MUCH bigger problem. So why do we waste so many dollars encrypting links unlikely to be attacked?

Challenge spending on non-problems

Page 8: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

8

Some thoughts on “smarter”...

• Proposition: We are vulnerable to peer pressure. Sometimes our peers are just wrong.

• Example: Bank B has to deploy technology/policy X because Bank A did so. And then Bank C, Bank D... Soon we’ve spent scarce dollars on technology/policy of doubtful value. (e.g. password aging)

• Explanation: It’s hard to buck a so-called ‘best practice’ in our business, even if the evidence is lacking.

Challenge best practices

Page 9: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

9

Some thoughts on “smarter”...

• Proposition: the vendor crypto-techno-geeks lead us by the nose.

• Example: The entire PKI fiasco. How much did we spend? What value have we seen? Who told the crypto-geeks that they decide what sort of digital signatures are legal?

• Explanation: Security is an obscure science where you are trying to prove the negative. Its hard to question the crypto-experts in their Ivory Towers.

Challenge the geeks

Page 10: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

10

Some thoughts on “smarter”...

• Proposition: Vendor business models drive our infrastructure, as opposed to our needs.

• Example: Why do SSL certificates expire annually causing us outages? Who determined that a technology company can better manage a “certificate authority infrastructure” than a bank that secures tens of billions of dollars?

• Explanation: FUD (Fear-Uncertainty-Doubt)

Challenge vendor business models

Page 11: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

11

Some thoughts on “harder”...

• Proposition: Security products must address your “lack of skilled resources” issue.

• Example: Many products need “experts” to set up and run them.

• Explanation: Most products are designed by the “experts” for the “experts”. They do not realize that most products are run by “non-experts” with little time to get trained on everything.

Ask: Can a reasonably competent systems/network person with little security experience run the product?

Page 12: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

12

Some thoughts on “harder”...

• Proposition: Security products must be “defensive”

• Example: Many security products work great as long as those operating them “walk on water and don’t get their feet wet”.

• Explanation: Designed by security geeks who’ve never lived in a real operational world.

Ask: Can an average person having a real bad day, be woken at 2AM to fix an issue without opening up a major hole

inadvertently?

Page 13: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

13

Some thoughts on “harder”...

• Proposition: Security products must address fundamental problems, before the esoteric.

• Example: Weak passwords are a major critical problem. Why spend money on esoteric new problems before this is fixed?

• Explanation: The fundamental problems are often not “sexy”.

Ask: “Before securing the attic window, we should get a better lock on the front door!”

Page 14: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

14

Some thoughts on “harder”...

• Proposition: To get more from your security dollars, a security product must solve multiple problems.

• Example: One product for passwords, one for PKI, one for 2-factor, one for signatures... (and that’s for the Internet, lets get even more for wireless...)

• Explanation: Vendors address niches. Your business sees the big picture.

Ask: Can I reuse the product, for multiple functions across multiple channels?

Page 15: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

15

Outline

• Security doctrine for the 21st century

• Password vulnerabilities and countermeasures

• Available technologies

Page 16: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

16

A Common Misperception

• Fact: Password based systems are often vulnerable to attacks

• Myth: Passwords are inherently insecure.• Fact: It is completely possible to design a

sufficiently secure password system.• Fact: A sufficiently secure password system must

use some form of PKI under the covers– This is a mathematical theorem proved in 1998

Designing sufficiently secure password-based systems is non-trivial but it is possible by

proper use of PKI under the covers.

Page 17: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

17

Another Common Misperception

• Fact: Users hate current password systems that require– too many passwords and – force too many changes

• Myth: Users inherently hate passwords. • Fact: It is completely possible to design a user

friendly password system with PKI beneath the covers

Designing user-friendly and sufficiently secure password-based systems is non-trivial but it is

possible by proper use of PKI under the covers.

Page 18: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

18

Yet Another Common Misperception

• Myth: Security is increased by forcing users to change their passwords frequently

• Fact: There is no empirical evidence to show this and much anecdotal evidence to show the opposite– Changing passwords too frequently will degrade security

because of user reaction

A strong password-based system should not force frequent password changes

Page 19: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

19

Password Vulnerabilities and Countermeasures

• End-user Vulnerabilities– User education and awareness– Technology can help mitigate some (but not all) of these

• Sniffing Attacks– Everything on the wire should be encrypted

• Server Spoofing Attacks– Need server authentication

• Guessing Attacks: online– Prevented by throttling

• Guessing Attacks: offline (Dictionary attacks)– Prevented by PKI encryption on the wire and hardened password

server on the backend

Page 20: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

20

End-user Vulnerabilities

• Poor password selection– Users choose easy-to-guess passwords

– Countermeasure: enforce complexity rules

• Passwords written down by users– Infrequently used passwords are often written down

– Countermeasure: reduce number of passwords a user needs to remember

• Password shoulder surfing– Password exposed to observant bystander

– Countermeasure: user awareness

• Password reuse across multiple servers– Password becomes vulnerable at weak servers

– Countermeasure: user awareness

Page 21: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

21

End-user Vulnerabilities

• Password sharing– Users will share passwords with others only if there is no

personal risk

– Countermeasure: personal risk must be injected into the system (perhaps by policy and procedure)

• Password reset costs– Users forget passwords

– Countermeasure: automate password resets BUT be careful not to reduce security too much

• Undetected theft– Users are not aware if their passwords are compromised

– Countermeasure: detection technology and feedback to the user

Page 22: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

22

Sniffing attacks

• Sniffing on the wire is easily prevented by widely deployed technologies such as SSL and IPSEC– No excuse for letting this happen anymore

• Sniffing on the desktop by malicious code– Password exposure is limited to a single user

– Users need to be free of viruses, worms and Trojan horses for all kinds of reasons

– Windows 2000, Windows XP allow tighter control of the desktop by the organization

– Ultimately we need stronger platforms that reduce the risk of malicious code

Page 23: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

23

Server-spoofing attacks

• To prevent server-spoofing we need server authentication and user awareness– SSL with server-side certificates is a “good enough” and widely

deployed solution for this problem

• In future we can move to solutions where the password is never communicated to the server– SSL enhanced with password-based client-side certificates is

the most promising technology

– Need a footprint on the desktop

Page 24: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

24

Guessing Attacks: online

• Attacker tries various passwords until he succeeds– Slow down (throttle) the rate at which an attacker can try

different guesses

– Many strategies are used in practice

• 3 strikes and lock the account for password reset

• 3 strikes and lock the account for some time

• Slowdown each successive guess

– Aggressive strategies can lead to denial of service to legitimate users

– Loss is limited to small number of passwords

Page 25: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

25

Guessing Attacks: offline aka Dictionary Attack

• Attacker obtains “encrypted password”• Attacker tries passwords from a “dictionary” of commonly

used passwords and compares with encrypted password– Encrypted password is often “salted” to make this harder

• Various studies have shown that 25% to 50% of passwords fall to this attack– This is catastrophic failure

• In the past these attacks would take months, with current processor speeds they take hours or days or even less

• We are at the point where exhaustive search is feasible so even a dictionary is not needed

This is the single biggest vulnerability in most existing password systems and it leads to catastrophic failure

Page 26: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

26

Guessing Attacks: offline aka Dictionary Attack

• How to prevent: old approach– Force user to select passwords that withstand dictionary attack

• Record shows that this is easier said than done• Trend is that exhaustive search on entire space of human-

memorizable passwords is feasible

– Password aging to force a change every 30 days or so• Would need to age much faster than 30 days to have any effect on

feasibility of attack

– “Hide” password files (e.g. shadow files)• Old solution dating to when users had access to ‘system’; current

end users usually don’t have access to ‘system’.• Meaningless against hackers and “admin account” compromise

– Harden password system OS• Very hard to maintain in hardened manner. • “admin accounts” tend to have carte-blanche access.• Too many insider accounts.

Page 27: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

27

Guessing Attacks: offline aka Dictionary Attack

• How to prevent: modern approach– Make password system OS very hard to penetrate.

– Use least privilege based partitioning to sharply minimize or eliminate “insider account” attacks.

– Use PKI technology to eliminate traditional encrypted password file

– Make it non-invasive to end-user (zero client footprint, pure back-end solution).

– Make it very easy to integrate with existing systems (e.g. IBM WebSeal, Netegrity, LDAP, Active Directory, etc.)

Page 28: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

28

Outline

• Security doctrine for the 21st century

• Password vulnerabilities and countermeasures

• Available technologies

Page 29: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

29

Support multiple security levels on a single infrastructure

Weak Password Systems, Catastrophic Dictionary attacks

Zero Footprint Hardened Password

Roaming PKI

No change for users

No change for issuer

No password file (PKI hardened)

Password Usability

PKI Security

Password plus USB token or variant

Secure Identity

ApplianceTM

Two-factor PKI

Page 30: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

30

2-Key RSA vs. 3-Key RSA: Hardened Passwords

2-Key RSA2-Key RSA

Keys:Keys:

a)a) Alice Public = eAlice Public = eb)b) Alice Private = Alice Private = dd

c)c) Alice Cert = CAlice Cert = C

Challenge/Response:Challenge/Response:

a)a) Challenge sentChallenge sent

b)b) Response signed with dResponse signed with d

c)c) Verified with e and CVerified with e and C

Observation: Guessing d from e Observation: Guessing d from e is extremely difficult.is extremely difficult.

3-Key RSA3-Key RSA

Keys:Keys:

a)a) Alice Public = eAlice Public = eb)b) Alice Private = Alice Private = dd

– Alice has D1=PKCS5(password)Alice has D1=PKCS5(password)– Appliance has D2Appliance has D2

c)c) Alice Cert = CAlice Cert = C

Challenge/Response:Challenge/Response:

a)a) Challenge sentChallenge sent

b)b) Response signed with D1Response signed with D1

c)c) Verified with D2, e and CVerified with D2, e and C

Observation: Guessing D1 from D2 Observation: Guessing D1 from D2 is extremely difficult. is extremely difficult.

Page 31: 1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

31

Hardened Operating System

Redundant very high availability architecture

Powerful monitoring ability (SNMP based)

SIA Solution – How it works

Appliance Architecture

Compartmentalized System

Systems Partition

Security Admin

Partition

User Admin

Partition

User Private Data

Partition

Indepe-pendent

Audit Controls

3-Key RSA

Key 1: Derived from Password

Key 2: Verification/Co-Signing Key on Appliance

Key 3: Traditional Verification Public Key

PKI hardened passwords