CSCE 522CSCE 522

Identification and AuthenticationIdentification and Authentication

CSCE 522 - Farkas 2

ReadingReadingReading for this lecture:

Required:

– Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos– An Introduction to Computer Security: The NIST Handbook,

http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf : Chapter 16, Identification and Authentication, pages 180-194

Recommended:– Smart Card Alliance, http://www.smartcardalliance.org/ – Securing Digital Identities & Information, strong authentication

http://www.entrust.com/authentication/index.htm – Certificate Authority GlobalSign Loses Critical Data to ComodoHacker,

http://techie-buzz.com/tech-news/globalsign-attack-certificate-authority-data-leak.html , Sept 8, 2011

Reading for next lecture:– Pfleeger: Ch. 4.3 and 4.4

Identification Identification

Establishes the identity of an individual/system/ap-plication/etc.

Proof of identity: password, driver’s license, Id card, etc.

CSCE 522 - Farkas 3

CSCE 522 - Farkas 4

AuthenticationAuthentication Allows an entity (a user or a system) to prove its

identity within a context, e.g., computer system Typically, the entity whose identity is verified

reveals knowledge of some secret S to the verifier Strong authentication: the entity reveals

knowledge of S to the verifier without revealing S to the verifier

CSCE 522 - Farkas 5

Authentication InformationAuthentication Information

Must be securely maintained by the

system.

CSCE 522 - Farkas 6

Elements of AuthenticationElements of Authentication Person/group/code/system: to be authenticated Distinguishing characteristics: differentiates the

entities to be authenticated Proprietor/system owner/administrator:

responsible for the system Authentication mechanism: verify the

distinguishing characteristics Access control mechanism: grant privileges upon

successful authentication

CSCE 522 - Farkas 7

Authentication RequirementsAuthentication Requirements Network must ensure

– Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages

Network must ensure data source is the one claimed

Authentication generally follows identification– Establish validity of claimed identity– Provide protection against fraudulent transactions

CSCE 522 - Farkas 8

User AuthenticationUser AuthenticationWhat the user knows

– Password, personal information

What the user possesses– Physical key, ticket, passport, token, smart card

What the user is (biometrics)– Fingerprints, voiceprint, signature dynamics

CSCE 522 - Farkas 9

PasswordsPasswords Commonly used method For each user, system stores (user name,

F(password)), where F is some transformation (e.g., one-way hash) in a password file– F(password) is easy to compute– From F(password), password is difficult to compute– Password is not stored in the system

When user enters the password, system computes F(password); match provides proof of identity

CSCE 522 - Farkas 10

Vulnerabilities of PasswordsVulnerabilities of Passwords Inherent vulnerabilities

– Easy to guess or snoop– No control on sharing

Practical vulnerabilities– Visible if unencrypted in distributed and network

environment– Susceptible for replay attacks if encrypted naively

Password advantage– Easy to modify compromised password.

CSCE 522 - Farkas 11

Attacks on PasswordAttacks on PasswordGuessing attack/dictionary attackSocial EngineeringSniffingTrojan loginVan Eck sniffing

CSCE 522 - Farkas 12

Guessing AttackGuessing AttackExploits human nature to use easy to

remember passwordsTrial-and-error attackEasy to detect (failed logins) and block

– Problem: if the attacker has access to the password file (even if it is encrypted)

Need audit mechanism

CSCE 522 - Farkas 13

Social EngineeringSocial EngineeringAttacker asks for password by

masquerading as somebody else (not necessarily an authenticated user)

May be difficult to detectProtection against social engineering: strict

security policy and users’ education

CSCE 522 - Farkas 14

Dictionary Attacks on PasswordsDictionary Attacks on Passwords Attack 1:

– Create dictionary of common words and names and their simple transformations

– Use these to guess password Attack 2:

– Usually F is public and so is the password file (encrypted)

– Compute F(word) for each word in dictionary– Find match

CSCE 522 - Farkas 15

Password SaltPassword Salt Used to make dictionary attack more difficult Salt is a 12 bit number between 0 and 4095 It is derived from the system clock and the process

identifier Compute F(password+salt); both salt and F(password+salt)

are stored in the password table User: gives password, system finds salt and computes

F(password+salt) and check for match

Better!: use a random number, user authenticates by sending F(password+random number) || random number

CSCE 522 - Farkas 16

Password Management PolicyPassword Management PolicyEducate users to make better choicesDefine rules for good password selection

and ask users to follow themAsk or force users to change their password

periodicallyActively attempt to break user’s passwords

and force users to change broken onesScreen password choices

CSCE 522 - Farkas 17

One-time PasswordOne-time Password

Use the password exactly once!

The first use of the password would grant access; a second or subsequent use of the

same password would not

CSCE 522 - Farkas 18

Lamport’s schemeLamport’s scheme

Doesn’t require any special hardware System computes one-way function F, such as

F(x),F2(x),…, F1000(x) System stores user’s name and F1000(x) User supplies F999(x) the first time If the login is correct, system replaces F1000(x) with

F999(x) Next login: user supplies F998(x) … and so on User calculates Fn(x) using a hand-held calculator, a

workstation, or other devices

CSCE 522 - Farkas 19

Time SynchronizedTime Synchronized There is a hand-held authenticator

– It contains an internal clock, a secret key, and a display– Display outputs a function of the current time and the

key– It changes about once per minute

User supplies the user id and the display value Host uses the secret key, the function and its clock

to calculate the expected output Login is valid if the values match

CSCE 522 - Farkas 20

Time SynchronizedTime Synchronized

Secret key

Time

One Time PasswordDES

Problem: Need timesynchronization betweendevice and server

CSCE 522 - Farkas 21

Challenge ResponseChallenge Response

Work station Host

Network

• Non-repeating challenges from the host is used• The device requires a keypad

User ID

Challenge

Response

CSCE 522 - Farkas 22

Challenge ResponseChallenge Response

Secret key

Challenge

One Time PasswordDES

CSCE 522 - Farkas 23

Devices with Personal Identification Devices with Personal Identification Number (PIN)Number (PIN)

Devices are subject to theft, some devices require PIN (something the user knows)

PIN is used by the device to authenticate the user

Problems with challenge/response schemes– Key database is extremely sensitive– This can be avoided if public key algorithms

are used

CSCE 522 - Farkas 24

Smart CardsSmart CardsPortable devices with a CPU, I/O ports, and

some nonvolatile memoryCan carry out computation required by

public key algorithms and transmit directly to the host

Some use biometrics data about the user instead of the PIN

CSCE 522 - Farkas 25

BiometricsBiometricsFingerprintRetina scanVoice patternSignatureTyping style

CSCE 522 - Farkas 26

Problems with BiometricsProblems with Biometrics Expensive

– Retina scan (min. cost) about $ 2,200– Voice (min. cost) about $ 1,500– Signature (min. cost) about $ 1,000

False readings– Retina scan 1/10,000,000+– Signature 1/50– Fingerprint 1/500

Can’t be modified when compromised

Identity ManagementIdentity Management

Distributed, heterogeneous domainUser credentialsPerformance

CSCE 522 - Farkas 27

I am Ann. Here is my Password1.

System 1

System 3

System 2I am Ann. Here is my Password2.

I am Ann. Here is my Password3.

pswd

pswd

pswd

Identity Management cont.Identity Management cont.

Need verifiable proof of identity – without being authenticated during every single interaction

Digital certificate: links identity and public key together– A user can prove his/her identity by signing the

messages with his/her private key

CSCE 522 - Farkas 28

Digital CertificatesDigital Certificates

Most common digital certificate: X.509Initially issued in 1988Rely on PKI and hierarchy of certificate

authoritiesCertificate Authority: issue and revoke

digital certificates, accepts user notifications, publishes revocation list

CSCE 522 - Farkas 29

Digital Certificates Basic Digital Certificates Basic ContentContent

– …– Issuer– Validity

Not Before Not After

– Subject– Subject Public Key Info

Public Key Algorithm Subject Public Key

– …– Certificate Signature Algorithm

– Certificate Signature

CSCE 522 - Farkas 30

Problem with X.509Problem with X.509

Large fileLong duration needs validation of

certificate for revocationWhy are digital certificates revoked?

– Exposure of private key– Incorrect/unauthorized issuance– Termination of assignment

CSCE 522 - Farkas 31

Return to Multiple Return to Multiple AuthenticationAuthentication

CSCE 522 - Farkas 32

I am Ann. Here is my X.509

System 1

System 3

System 2I am Ann. Here is my X.509

I am Ann. Here is my X.509

CA

Verify Certificate

Single Sign OnSingle Sign On

CSCE 522 - Farkas 33

I am Ann. Here is my X.509. Give me a locally verifiable token.

System 1

System 3

System 2I am Ann. Here is my

SAML token

I am Ann. Here is my

SAML token

SAML token

CA

Verify Certificate

CSCE 522 - Farkas 34

Next ClassNext Class

Access Control