Computer Security: protection afforded to an automated information system in order to attain the applicable

objectives of preserving the integrity, availability and confidentiality of information system resources

(includes hardware, software, firmware, information/data, and telecommunications).

Key Security Concepts

Confidentiality: Preserving authorized restrictions on information access and disclosure, including means

for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized

disclosure of information.

Integrity: Guarding against improper information modification or destruction, and includes ensuring

information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or

destruction of information.

Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the

disruption of access to or use of information or an information system.

Although the use of the CIA triad to define security objectives is well established, some in the security field

feel that additional concepts are needed to present a complete picture. Two of the most commonly mentioned

are:

Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the

validity of a transmission, a message, or message originator.

Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely

to that entity.

Computer Security Challenges

1. not simple

2. must consider potential attacks

3. procedures used counter-intuitive

4. involve algorithms and secret info

5. must decide where to deploy mechanisms

6. battle of wits between attacker / admin

7. not perceived on benefit until fails

8. requires regular monitoring

9. too often an after-thought

10. regarded as impediment to using system

Computer security is both fascinating and complex. Some of the reasons follow:

1. Computer security is not as simple as it might first appear to the novice. The requirements seem to be

straightforward, but the mechanisms used to meet those requirements can be quite complex and subtle.

2. In developing a particular security mechanism or algorithm, one must always consider potential attacks

(often unexpected) on those security features.

3. Hence procedures used to provide particular services are often counterintuitive.

4. Having designed various security mechanisms, it is necessary to decide where to use them.

5. Security mechanisms typically involve more than a particular algorithm or protocol, but also require

participants to have secret information, leading to issues of creation, distribution, and protection of that secret

information.

6. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the

designer or administrator who tries to close them.

7. There is a natural tendency on the part of users and system managers to perceive little benefit from security

investment until a security failure occurs.

8. Security requires regular monitoring, difficult in today's short-term environment.

9. Security is still too often an afterthought - incorporated after the design is complete.

10. Many users / security administrators view strong security as an impediment to efficient and user-friendly

operation of an information system or use of information.

Adversary (threat agent) - An entity that attacks, or is a threat to, a system.

Attack -An assault on system security that derives from an intelligent threat; a deliberate attempt to evade

security services and violate security policy of a system.

Countermeasure - An action, device, procedure, or technique that reduces a threat, a vulnerability, or an

attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering andreporting it

so that corrective action can be taken.

Risk - An expectation of loss expressed as the probability that a particular threat will exploit a particular

vulnerability with a particular harmful result.

Security Policy - A set of rules and practices that specify how a system or org provides security services to

protect sensitive and critical system resources.

System Resource (Asset) - Data; a service provided by a system; a system capability; an item of system

equipment; a facility that houses system operations and equipment.

Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or

event that could breach security and cause harm.

Vulnerability - Flaw or weakness in a system's design, implementation, or operation and management that

could be exploited to violate the system's security policy.

Vulnerabilities and Attacks

system resource vulnerabilities may

be corrupted (loss of integrity)

become leaky (loss of confidentiality)

become unavailable (loss of

availability)

attacks are threats carried out and may be

passive

active

insider

outsider

In the context of security, our concern is with the vulnerabilities of system resources which [NRC02] shows

may be:

corrupted, so that it does the wrong thing or gives wrong answers. e.g. data stored may be different from

what it should be because it has been improperly modified.

become leaky. e.g. someone who should not have access to some or all of the information available through

the network obtains such access.

become unavailable or very slow. e.g. using the system / network impossible.

These three general types of vulnerability correspond to the concepts of integrity, confidentiality, and

availability, enumerated earlier in this section.

Corresponding to the various types of vulnerabilities to a system resource are threats that are capable of

exploiting those vulnerabilities, which represent a potential security harm to an asset. An attack is a threat

that is carried out. We can distinguish two type of attacks:

Active attack: attempts to alter system resources or affect their operation

Passive attack: attempts to learn or make use of information from the system but does not affect system

resources

We can also classify attacks based on the origin of the attack:

Inside attack: Initiated by an entity inside the security perimeter (an "insider)

Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system

(an "outsider").

Countermeasures

means used to deal with security attacks

prevent

detect

recover

may result in new vulnerabilities

will have residual vulnerability

goal is to minimize risk given constraints

A countermeasure is any means taken to deal with a security attack. Ideally, a countermeasure can be

devised to prevent a particular type of attack from succeeding. When prevention is not possible, or fails

in some instance, the goal is to detect the attack, and then recover from the effects of the attack. A

countermeasure may itself introduce new vulnerabilities. In and case, residual vulnerabilities may remain

after the imposition of countermeasures. Such vulnerabilities may be exploited by threat agents

representing a residual level of risk to the assets. Owners will seek to minimize that risk given other

constraints.

Threat Consequences

unauthorized disclosure

exposure, interception, inference, intrusion

deception

masquerade, falsification, repudiation

disruption

incapacitation, corruption, obstruction

usurpation

misappropriation, misuse

Network Security Attacks

classify as passive or active

passive attacks are eavesdropping

release of message contents

traffic analysis

are hard to detect so aim to prevent

active attacks modify/fake data

masquerade

replay

modification

denial of service

hard to prevent so aim to detect

A useful means of classifying network security attacks is in terms of:

Passive attacks are eavesdropping on, or monitoring of, transmissions to obtain information that is being

transmitted. Two types of passive attacks are:

release of message contents - opponent learns contents of sensitive transmissions

traffic analysis - can occur even when contents of messages are masked, e.g using encryption, but an

opponent can still observe the pattern of messages and determine location and identity of

communicating hosts, frequency and length of messages being exchanged, and hence guess nature of

communications.

Passive attacks are very difficult to detect because they do not involve any alteration of the data. However, it

is feasible to prevent the success of these attacks, usually by means of encryption. Thus, emphasis is on

prevention rather than detection.

Active attacks involve modification of data stream or creation of false data:

masquerade - when one entity pretends to be another.

replay passive capture of data and subsequent retransmission.

modification of messages a legitimate message is altered, delayed or reordered.

denial of service prevents or inhibits the normal use or management of communications facilities, or

the disruption of an entire network

Active attacks present the opposite characteristics of passive attacks. It is quite difficult to prevent active

attacks absolutely. Instead, the goal is to detect them and to recover from any disruption or delays caused by

them.

Security Functional Requirements

technical measures:

access control; identification & authentication; system & communication protection; system &

information integrity

management controls and procedures

awareness & training; audit & accountability; certification, accreditation, & security

assessments; contingency planning; maintenance; physical & environmental protection;

planning; personnel security; risk assessment; systems & services acquisition

overlapping technical and management:

configuration management; incident response; media protection

X.800 Security Architecture

X.800, Security Architecture for OSI

systematic way of defining requirements for security and characterizing approaches to satisfying them

defines:

security attacks - compromise security

security mechanism - act to detect,

prevent, recover from attack

security service - counter security

attacks

The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined

briefly as:

Security attack: Any action that compromises the security of information owned by an organization. cf.

network security attacks slide earlier

Security mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.

cf. functional requirements from previous slide or Table 1.6 in text.

Security service: A service that enhances the security of the data processing systems and the information

transfers of an organization. The services are intended to counter security attacks, and they make use of

one or more security mechanisms to provide the service.

Security Taxonomy

The key elements are:

Action: A step taken by a user or process in order to achieve a result

Target: A computer or network logical entity or physical entity

Event: An action directed at a target that is intended to result in a change of state, or status, of the target

Tool: A means of exploiting a computer or network vulnerability

Vulnerability: A weakness in a system allowing unauthorized action

Unauthorized result: An unauthorized consequence of an event

Attack: A series of steps taken by an attacker to achieve an unauthorized result

Attacker: An individual who attempts one or more attacks in order to achieve an objective

Objectives: The purpose or end goal of an incident

Incident: a group of attacks that can be distinguished from other attacks because of the distinctiveness of

the attackers, attacks, objectives, sites, and timing

Over time, the attacks on the Internet and Internet-attached systems have grown more sophisticated while the

amount of skill and knowledge required to mount an attack has declined, as shown here in Figure 1.6 from the

text. Attacks have become more automated and can cause greater amounts of damage. This increase in attacks

coincides with an increased use of the Internet and with increases in the complexity of protocols, applications,

and the Internet itself. Critical infrastructures increasingly rely on the Internet for operations. Individual users

rely on the security of the Internet, email, the Web, and Web-based applications to a greater extent than ever.

Thus, a wide range of technologies and tools are needed to counter the growing threat.

Computer Security Strategy

specification/policy

what is the security scheme supposed to do?

codify in policy and procedures

implementation/mechanisms

how does it do it?

prevention, detection, response, recovery

correctness/assurance

does it really work?

assurance, evaluation

Specification/policy: What is the security scheme supposed to do? A security policy is an informal

description of desired system behavior. In developing a security policy, a security manager needs to consider

the context, in terms of: value of the assets being protected; vulnerabilities of the system; potential threats and

the likelihood of attacks. Further, the manager must consider the following tradeoffs between Ease of use

versus security and Cost of security versus cost of failure and recovery.

Implementation/mechanisms: How does it do it? Security implementation involves four complementary

courses of action: prevention (ideal security scheme is when no attack is successful. Not practical in all cases,

is a reasonable goal), detection (when practical to detect security attacks), response (to halt the attack and

prevent further damage), recovery (from attack consequences, such as using a backup system).

Correctness/assurance: Does it really work? Have the concepts of assurance and evaluation. Assurance as

the degree of confidence one has that the security measures, both technical and operational, work as intended

to protect the system and the information it processes. Evaluation is the process of examining a computer

product or system with respect to certain criteria. Evaluation involves testing, and may also involve formal

analytic or mathematical techniques.

Ch. 2

Cryptographic Tools

cryptographic algorithms important element in security services

review various types of elements

symmetric encryption

public-key (asymmetric) encryption

digital signatures and key management

secure hash functions

example is use to encrypt stored data

Symmetric Encryption

Plaintext: This is the original message or data that is fed into the algorithm as input.

Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the

plaintext.

Secret key: The secret key is also input to the encryption algorithm. The exact substitutions and

transformations performed by the algorithm depend on the key.

Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret

key. For a given message, two different keys will produce two different ciphertexts.

Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext

and the secret key and produces the original plaintext.

There are two requirements for secure use of symmetric encryption:

1. We need a strong encryption algorithm.

2. Sender and receiver must have secure obtained, & keep secure, the secret key.

Attacking Symmetric Encryption

cryptanalysis

rely on nature of the algorithm

plus some knowledge of plaintext characteristics

even some sample plaintext-ciphertext pairs

exploits characteristics of algorithm to deduce specific plaintext or key

brute-force attack

try all possible keys on some ciphertext until get an intelligible translation into plaintext

Symmetric Encryption Algorithms

DES and Triple-DES

Data Encryption Standard (DES) is the most widely used encryption scheme

uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block

concerns about algorithm & use of 56-bit key

Triple-DES

repeats basic DES algorithm three times

using either two or three unique keys

much more secure but also much slower

Advanced Encryption Standard (AES)

needed a better replacement for DES

NIST called for proposals in 1997

selected Rijndael in Nov 2001

published as FIPS 197

symmetric block cipher

uses 128 bit data & 128/192/256 bit keys

now widely available commercially

Message Authentication

protects against active attacks

verifies received message is authentic

contents unaltered

from authentic source

timely and in correct sequence

can use conventional encryption

only sender & receiver have key needed

or separate authentication mechanisms

append authentication tag to cleartext message

Encryption protects against passive attack (eavesdropping). Message authentication protects against active

attacks (falsification of data and transactions), by verifying that received messages are authentic, that is that

the contents of the message have not been altered and that the source is authentic. We may also wish to verify

a message's timeliness and sequence relative to other messages flowing between two parties.

It is possible to perform authentication simply by the use of conventional encryption. If we assume that only

the sender and receiver share a key (which is as it should be), then only the genuine sender would be able to

encrypt a message successfully for the other participant. Furthermore, if the message includes an error-

detection code and a sequence number, the receiver is assured that no alterations have been made and that

sequencing is proper. If the message also includes a timestamp, the receiver is assured that the message has

not been delayed beyond that normally expected for network transit.

Alternatively there are several approaches to message authentication that do not rely on encryption. In all of

these approaches, an authentication tag is generated and appended to each message for transmission. The

message itself is not encrypted and can be read at the destination independent of the authentication function

at the destination.

Message Authentication Codes

One authentication technique involves the use of a secret key to generate a small block of data, known as a

message authentication code, that is appended to the message. This technique assumes that two

communicating parties, say A and B, share a common secret key KAB. When A has a message to send to B, it

calculates the message authentication code as a function of the message and the key: MACM = F(KAB, M). The

message plus code are transmitted to the intended recipient. The recipient performs the same calculation on

the received message, using the same secret key, to generate a new message authentication code. The received

code is compared to the calculated code, as shown here in Figure 2.4 from the text. If we assume that only the

receiver and the sender know the identity of the secret key, and if the received code matches the calculated

code, then:

1. The receiver is assured that the message has not been altered.

2. The receiver is assured that the message is from the alleged sender.

3. If the message includes a sequence number, then the receiver can be assured of the proper sequence.

A number of algorithms could be used to generate the code. The NIST specification, FIPS PUB 113,

recommends the use of DES. DES is used to generate an encrypted version of the message, and the last number

of bits of ciphertext are used as the code. A 16- or 32-bit code is typical.

Secure Hash Functions

An alternative to the message authentication code is the one-way hash function. As with the message

authentication code, a hash function accepts a variable-size message M as input and produces a fixed-size

message digest H(M) as output (Figure 2.5). Unlike the MAC, a hash function does not also take a secret key

as input. To authenticate a message, the message digest is sent with the message in such a way that the message

digest is authentic.

Enkripsi Asimetris

Pada algoritma asymmetric, terdapat dua buah kunci yaitu kunci publik untuk encrypt dan kunci private

untuk decrypt. Ketika seseorang (misal Alice) akan mengirimkan pesan ke Bob, maka Alice akan mengenkripsi

pesan tersebut menggunakan kunci publik Bob dan Bob akan membuka pesan yang diterimanya menggunakan

kunci private. Hal tersebut merupakan kelebihan pada sistem asymmetric karena user cukup menyimpan secara

rahasia kunci private miliknya, sedangkan kunci publik dapat disebarkan ke seluruh user yang ingin

berkomunikasi dengannya tanpa perlu khawatir orang yang tidak berhak dapat membuka pesan menggunakan

kunci publik yang telah disebar tersebut.

Pada sistem symmetric, kunci yang digunakan untuk encrypt dan decrypt adalah sama, sehingga user

yang saling berkomunikasi menggunakan sistem symmetric harus saling berkirim kunci yang sama karena jika

mereka tidak menggunakan kunci yang sama maka pesan tidak dapat terbuka di sisi penerima. Jika terdapat

seseorang yang berada di tengah2 proses kirim terima kunci dan berhasil mendapatkan kunci tersebut maka maka

semua pesan dapat terbuka. Berbeda dengan sistem asymmetric, user hanya perlu mengirimkan kunci publik

supaya orang lain dapat berkomunikasi dengan dirinya.

Authentication Asimetris

A user encrypts data using his or her own private key. Anyone who knows the corresponding public key will

then be able to decrypt the message. This is directed toward providing authentication and/or data integrity. If

a user is able to successfully recover the plaintext from Bobs ciphertext using Bobs public key, this indicates

that only Bob could have encrypted the plaintext, thus providing authentication. Further, no one but Bob would

be able to modify the plaintext because only Bob could encrypt the plaintext with Bobs private key. This can

be adapted to provide authentication or data integrity. Suppose that Bob wants to send a message to Alice and,

although it is not important that the message be kept secret, he wants Alice to be certain that the message is

indeed from him. In this case Bob could use his own private key to encrypt the message. Here the entire

message is encrypted, which, although validating both author and contents, requires a great deal of storage

and additional processing cost.

Public Key Requirements

1. computationally easy to create key pairs

2. computationally easy for sender knowing public key to encrypt messages

3. computationally easy for receiver knowing private key to decrypt ciphertext

4. computationally infeasible for opponent to determine private key from public key

5. computationally infeasible for opponent to otherwise recover original message

6. useful if either key can be used for each role

Public Key Algorithms

RSA (Rivest, Shamir, Adleman)

developed in 1977

only widely accepted public-key encryption alg

given tech advances need 1024+ bit keys

Diffie-Hellman key exchange algorithm

only allows exchange of a secret key

Digital Signature Standard (DSS)

provides only a digital signature function with SHA-1

Elliptic curve cryptography (ECC)

new, security like RSA, but with much smaller keys

Random Numbers

random numbers have a range of uses

requirements:

randomness

based on statistical tests for uniform distribution and independence

unpredictability

successive values not related to previous

clearly true for truly random numbers

but more commonly use generator

Random numbers play an important role in the use of encryption for various network security applications,

such as in the generation of: keys for public-key algorithms, stream keys in a stream cipher, for temporary

session keys, and in key distribution scenarios.

Pseudorandom verses Random Numbers

often use algorithmic technique to create pseudorandom numbers

which satisfy statistical randomness tests

but likely to be predictable

true random number generators use a nondeterministic source

e.g. radiation, gas discharge, leaky capacitors

increasingly provided on modern processors

Cryptographic applications typically make use of algorithmic techniques for random number generation.

These algorithms are deterministic and therefore produce sequences of numbers that are not statistically

random. However, if the algorithm is good, the resulting sequences will pass many reasonable tests of

randomness. Such numbers are referred to as pseudorandom numbers.

A true random number generator (TRNG) uses a nondeterministic source to produce randomness. Most

operate by measuring unpredictable natural processes, such as pulse detectors of ionizing radiation events,

gas discharge tubes, and leaky capacitors. Increasingly have true random sources in modern computer

chips.

Practical Application: Encryption of Stored Data

common to encrypt transmitted data

much less common for stored data

which can be copied, backed up, recovered

approaches to encrypt stored data:

back-end appliance

library based tape encryption

background laptop/PC data encryption

Some more recent approaches for doing this include:

Back-end appliance: a hardware device that sits between servers and storage systems and encrypts all data

going from the server to the storage system and decrypts data going in the opposite direction.

Library-based tape encryption: provided by means of a co-processor board embedded in the tape drive

and tape library hardware. The co-processor encrypts data using a nonreadable key configured into the board.

The tapes can then be sent off-site to a facility that has the same tape drive hardware.

Background laptop and PC data encryption: software products that provide encryption that is transparent

to the application and the user. Some encrypt all or designated files and folder,. others create a virtual disk

locally on the hard drive or on a network storage device, with all data on the virtual disk encrypted. Various

key management solutions are offered to restrict access to the owner of the data.

Ch. 3

User Authentication

fundamental security building block

basis of access control & user accountability

is the process of verifying an identity claimed by or for a system entity

has two steps:

identification - specify identifier

verification - bind entity (person) and identifier

distinct from message authentication

The process of verifying an identity claimed by or for a system entity. An authentication process consists of

two steps:

Identification step: Presenting an identifier to the security system. (Identifiers should be assigned

carefully, because authenticated identities are the basis for other security services, such as access

control service.)

Verification step: Presenting or generating authentication information that corroborates the binding

between the entity and the identifier.

In essence, identification is the means by which a user provides a claimed identity to the system; user

authentication is the means of establishing the validity of the claim. Note that user authentication is distinct

from message authentication.

Means of User Authentication

four means of authenticating user's identity

based one something the individual

knows - e.g. password, PIN

possesses - e.g. key, token, smartcard

is (static biometrics) - e.g. fingerprint, retina

does (dynamic biometrics) - e.g. voice, sign

can use alone or combined

all can provide user authentication

all have issues

There are four general means of authenticating a user's identity, which can be used alone or in combination:

Something the individual knows: Examples includes a password, a personal identification number

(PIN), or answers to a prearranged set of questions.

Something the individual possesses: Examples include electronic keycards, smart cards, and physical

keys. This type of authenticator is referred to as a token.

Something the individual is (static biometrics): Examples include recognition by fingerprint, retina,

and face.

Something the individual does (dynamic biometrics): Examples include recognition by voice pattern,

handwriting characteristics, and typing rhythm.

Password Authentication

widely used user authentication method

user provides name/login and password

system compares password with that saved for specified login

authenticates ID of user logging and

that the user is authorized to access system

determines the users privileges

is used in discretionary access control

Password Vulnerabilities

offline dictionary attack

specific account attack

popular password attack

password guessing against single user

workstation hijacking

exploiting user mistakes

exploiting multiple password use

electronic monitoring

We can identify the following attack strategies and countermeasures:

Offline dictionary attack: A determined hacker may bypass access controls and gain access to the system

password file. The attacker then compares the password hashes against hashes of commonly used

passwords.

Specific account attack: The attacker targets a specific account and submits password guesses until the

correct password is discovered.

Popular password attack: The attacker chooses a popular password and try it against a wide range of user

IDs.

Password guessing against single user: The attacker attempts to gain knowledge about the account holder

and system password policies and uses that knowledge to guess the password.

Workstation hijacking; The attacker waits until a logged-in workstation is unattended.

Exploiting user mistakes: If the system assigns a password, then the user is more likely to write it down

because it is difficult to remember.

Exploiting multiple password use. When different network devices share the same or a similar password

for a given user.

Electronic monitoring: If a password is communicated across a network to log on to a remote system, it

is vulnerable to eavesdropping.

Countermeasures

stop unauthorized access to password file

intrusion detection measures

account lockout mechanisms

policies against using common passwords but rather hard to guess passwords

training & enforcement of policies

automatic workstation logout

encrypted network links

Countermeasures against the listed vulnerabilities include controls to: prevent unauthorized access to the

password file, intrusion detection measures to identify a compromise, rapid re-issuance of passwords

should the password file be compromised; account lockout mechanism which locks out access to the

account after a number of failed login attempts; policies to inhibit the selection by users of common

passwords; training in and enforcement of password policies that make passwords difficult to guess;

automatically logging the workstation out after a period of inactivity; a policy that forbids the same or

similar password on particular network devices; encrypted communications links.

UNIX Implementation

original scheme

8 character password form 56-bit key

12-bit salt used to modify DES encryption into a one-way hash function

0 value repeatedly encrypted 25 times

output translated to 11 character sequence

now regarded as woefully insecure

e.g. supercomputer, 50 million tests, 80 min

sometimes still used for compatibility

Improved Implementations

have other, stronger, hash/salt variants

many systems now use MD5

with 48-bit salt

password length is unlimited

is hashed with 1000 times inner loop

produces 128-bit hash

OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt

uses 128-bit salt to create 192-bit hash value

Password Cracking

dictionary attacks

try each word then obvious variants in large dictionary against hash in password file

rainbow table attacks

precompute tables of hash values for all salts

a mammoth table of hash values

e.g. 1.4GB table cracks 99.9% of alphanumeric Windows passwords in 13.8 secs

not feasible if larger salt values used

The traditional approach to password guessing, or password cracking as it is called, is to develop a large

dictionary of possible passwords and to try each of these against the password file. This means that each

password must be hashed using each available salt value and then compared to stored hash values. If no match

is found, then the cracking program tries variations on all the words in its dictionary of likely passwords. Such

variations include backward spelling of words, additional numbers or special characters, or sequence of

characters, An alternative is to trade off space for time by precomputing potential hash values. In this approach

the attacker generates a large dictionary of possible passwords. For each password, the attacker generates the

hash values associated with each possible salt value.

Password Choices

users may pick short passwords

e.g. 3% were 3 chars or less, easily guessed

system can reject choices that are too short

users may pick guessable passwords

so crackers use lists of likely passwords

e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them

would take about 1 hour on fastest systems to compute all variants, and only need 1 break!

Password File Access Control

can block offline guessing attacks by denying access to encrypted passwords

make available only to privileged users

often using a separate shadow password file

still have vulnerabilities

exploit O/S bug

accident with permissions making it

readable

users with same password on other

systems

access from unprotected backup media

sniff passwords in unprotected network

traffic

One way to thwart a password attack is to deny the opponent access to the password file. If the hashed

password portion of the file is accessible only by a privileged user, then the opponent cannot read it without

already knowing the password of a privileged user. Often, the hashed passwords are kept in a separate file

from the user IDs, referred to as a shadow password file. Special attention is paid to making the shadow

password file protected from unauthorized access. Although password file protection is certainly

worthwhile, there remain vulnerabilities: a hacker may be able to exploit a software vulnerability in the

operating system to bypass the access control system long enough to extract the password file; an accident

of protection might render the password file readable; some users may use the same password on other

less protected or compromised machines; a lack of or weakness in physical security (e.g. of backups) may

provide opportunities for a hacker to access a copy of the file; passwords may be captured by sniffing

network traffic.

Using Better Passwords

clearly have problems with passwords

goal to eliminate guessable passwords

whilst still easy for user to remember

techniques:

user education

computer-generated passwords

reactive password checking

proactive password checking

Four basic techniques are in use:

User education - Users can be told the importance of using hard-to-guess passwords and can be provided

with guidelines for selecting strong passwords. Can be problematic when have a large user population or

a lot of turnover, and because many users will simply ignore the guidelines.

Computer-generated passwords - have a history of poor acceptance by users, if random in nature, users

will not remember them, if pronounceable, the user may still be tempted to write it down.

Reactive password checking - where the system periodically runs its own password cracker to find

guessable passwords.The system cancels any passwords that are guessed and notifies the user. Can be

costly in resources to implement.

Proactive password checking - where user selects own password which the system then checks to see if

it is is allowable and, if not, rejects it. It must strike a balance between user acceptability and strength.

Likely the best solution.

Proactive Password Checking

rule enforcement plus user advice, e.g.

8+ chars, upper/lower/numeric/punctuation

may not suffice

password cracker

time and space issues

Markov Model

generates guessable passwords

hence reject any password it might generate

Bloom Filter

use to build table based on dictionary using hashes

check desired password against this table

The first approach is a simple system for rule enforcement coupled with advice to the user, e.g:

All passwords must be at least eight characters long.

In the first eight characters, the passwords must include at least one each of uppercase, lowercase,

numeric digits, and punctuation marks.

Another method is to compile a large dictionary of possible badpasswords. When a user selects a

password, the system runs a Password Cracker to make sure that it is not on the disapproved list. This still

consumes significant time and space.

Use a Markov Model for the generation of guessable passwords, and reject any passwords likely to be

generated by the model (see text for more details).

Use a Bloom filter, which is a set of k independent hash functions which map a password into a set of hash

values in the range 0 N1. These are used to set bits in a lookup table of size N. When a new password

is presented to the checker, its k hash values are calculated. If all the corresponding bits of the hash table

are equal to 1, then the password is rejected. All passwords in the dictionary will be rejected. But there

will also be some other false positives

Token Authentication

object user possesses to authenticate, e.g.

embossed card

magnetic stripe card

memory card

smartcard

These include:

Embossed - Raised characters only, on front, e.g. Old credit card

Magnetic stripe - Magnetic bar on back, characters on front, e.g. Bank card

Memory - has Electronic memory inside, e.g. Prepaid phone card

Smartcard - has Electronic memory and processor inside, e.g. Biometric ID card

Memory Card

store but do not process data

magnetic stripe card, e.g. bank card

electronic memory card

used alone for physical access

with password/PIN for computer use

drawbacks of memory cards include:

need special reader

loss of token issues

user dissatisfaction

Memory cards can store but not process data. The most common such card is the bank card with a magnetic

stripe on the back. A magnetic stripe can store only a simple security code, which can be read (and

unfortunately reprogrammed) by an inexpensive card reader. There are also memory cards that include an

internal electronic memory. Memory cards can be used alone for physical access, such as a hotel room.

For computer user authentication, such cards are typically used with some form of password or personal

identification number (PIN). A typical application is an automatic teller machine (ATM). The memory

card, when combined with a PIN or password, provides significantly greater security than a password

alone. An adversary must gain physical possession of the card (or be able to duplicate it) plus must gain

knowledge of the PIN. Among the potential drawbacks are the following [NIST95]:

Requires special reader: This increases the cost of using the token and creates the requirement to maintain

the security of the readers hardware and software.

Token loss: A lost token temporarily prevents its owner from gaining system access. Thus there is an

administrative cost in replacing the lost token. In addition, if the token is found, stolen, or forged, then an

adversary now need only determine the PIN to gain unauthorized access.

User dissatisfaction: Although users may have no difficulty in accepting the use of a memory card for

ATM access, its use for computer access may be deemed inconvenient.

Smartcard

credit-card like

has own processor, memory, I/O ports

wired or wireless access by reader

may have crypto co-processor

ROM, EEPROM, RAM memory

executes protocol to authenticate with reader/computer

also have USB dongles

Biometric Authentication

authenticate user based on one of their physical characteristics

A biometric authentication system attempts to authenticate an individual based on unique physical

characteristics.These include static characteristics, such as fingerprints, hand geometry, facial

characteristics, and retinal and iris patterns; and dynamic characteristics, such as voiceprint and signature.

Compared to passwords and tokens, biometric authentication is both technically complex and expensive,

and have yet to mature as a standard tool for user authentication to computer systems. Figure 3.6 from the

text gives a rough indication of the relative cost and accuracy of the most common biometric measures:

Facial characteristics: define characteristics based on relative location and shape of key facial features,

such as eyes, eyebrows, nose, lips, and chin shape.

Fingerprints: the pattern of ridges and furrows on the surface of the fingertip, believed to be unique across

the entire human population. Automated fingerprint systems extract a number of features to use as a

surrogate for the full pattern.

Hand geometry: identify features of hand,: e.g. shape, lengths & widths of fingers.

Retinal pattern: formed by veins beneath the retinal surface is unique and therefore suitable for

identification. Uses a digital image of the retinal pattern by projecting a low-intensity beam of visual or

infrared light into the eye.

Iris: Another unique physical characteristic is the detailed structure of the iris.

Signature: each individual has a unique style of handwriting, esp in signature.

Voice: patterns are more closely tied to physical and anatomical characteristics of the speaker, but still

have a variation from sample to sample over time from the same speaker,complicating the biometric

recognition task.

Biometric Accuracy

never get identical templates

problems of false match / false non-match

Biometric Accuracy

can plot characteristic curve

pick threshold balancing error rates

The iris system had no false matches in over 2 million cross-comparisons. Note that over a broad range of

false match rates, the face biometric is the worst performer.

Remote User Authentication

authentication over network more complex

problems of eavesdropping, replay

generally use challenge-response

user sends identity

host responds with random number

user computes f(r,h(P)) and sends back

host compares value from user with own computed value, if match user authenticated

protects against a number of attacks

Authentication Security Issues

client attacks

host attacks

eavesdropping

replay

trojan horse

denial-of-service

Client attacks are those in which an adversary attempts to achieve user authentication without access to the

remote host or to the intervening communications path. The adversary attempts to masquerade as a legitimate

user. e.g. in a password-based system, the adversary may attempt to guess the likely user password. Host

attacks are directed at the user file at the host where passwords,token passcodes, or biometric templates are

stored. Eavesdropping refers to an adversarys attempt to learn the password by observing the user, finding a

written copy of the password, keystroke logging, etc. Replay attacks involve an adversary repeating a

previously captured user response. The most common countermeasure to such attacks is the challenge-

response protocol. In a Trojan horse attack, an application or physical device masquerades as an authentic

application or device for the purpose of capturing a user password, passcode, or biometric. The adversary can

then use the captured information to masquerade as a legitimate user. A denial-of-service attack attempts to

disable a user authentication service by flooding the service with numerous authentication attempts.

FMR : Suatu keadaan dimana sistem mengenal imposter sebagai user asli

FNMR : Suatu keadaan dimana sistem tidak dapat menerima user asli