Upload
dora-mccoy
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Date: Sun, 25 Jan 2009 03:33:10 -0500From: Steven J Klein <[email protected]>Subject: England's NHS loses patient data: bad news, good news, bad news
Bad news: A National Health Service employee lost a flash drive containing personal information of up to 6,360 patients.
Good news: The data on the flash drive was encrypted.
Bad news: The password was written on a sticky-note attached to the drive.
Paraphrased from the *Lancashire Evening Post*
1
2
Neo: I suppose the most obvious question is: how can I trust you?
The Oracle: Bingo! It is a pickle. The bad news is that there’s no way if you can really know whether I’m here to help you or not, so it’s really up to you . You just have to make your own mind to either accept what I’m going to tell you, or reject it.
“Have I reached the party to whom I am speaking?” -- Lily Tomlin as Ernestine
3
FIPS-181* Password Gen StandardPassword Score (Mac OS X)
Chester WEAK
blibdonbiz FAIR
gothignuhoiv FAIR
gothignuhoiv$ GOOD
Gothignuhoiv GOOD
Gothignuhoiv$ EXCELLENT
tapes8(Lynne EXCELLENT
cusmannyukjagomm GOOD
4
* http://www.itl.nist.gov/fipspubs/fip181.htm
Leaky Authentication #1 *
Welcome to XYU Computing Services
Enter Username: foople
*** Unknown Username – Retry
Enter Username: _
5* -- Adapted from Pfleeger & Pfleeger
Leaky Authentication #2*
Welcome to XYU Computing Services
Enter Username: foople
Enter Password: *******
*** Authentication Failed
*** Attempt 1 of 3
Enter Username: _
6* -- Adapted from Pfleeger & Pfleeger
Leaky Authentication #3*
Enter Username: fopple
Enter Password: *******
*** Authentication Failed
*** Attempt 1 of 3
Enter Username: foople
Enter Password: *******
*** Authentication Succeeded
Welcome to XYU Computing Services
->
7* -- Adapted from Pfleeger & Pfleeger
Schneier on Passwords
Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
9
Radica’s Password Journal
11
Schneier on Passwords
Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
12
NO !!!Passwords aren’t the answer for all system authentication needs
CAPTCHAS
• "Completely Automated Public Turing test to tell Computers and Humans Apart.”– Luis von Ahn, Manuel
Blum, Nicholas J. Hopper (all of Carnegie Mellon University), and John Langford (then of IBM) in 2000
13
14
What you have: Security Tokens
15
One-time password w/ clock
16
One-time password using an iterated Hash function
17
Iterated password allows a simple attack if Alice fails to authenticate the server
18
ISO SC27 Example
19
ISO SC27 Attack 1
20
ISO SC27 Attack 2
21
Protocol Design Gotcha’s
• Replay attacks• Reflection attacks• Oracle / Dictionary attacks• Extra participants
Best advice: Don’t design your own if you can avoid it!Use a standard, well-vetted protocol instead!
22
What you are: Biometrics
23
Identity is always driven by our senses, each with variable levels of accuracy
Of course, choosing which sense to use in any given identification situation is subject to– Environment– Etiquette– Local laws
Sight and Sound
• With speech, we believe we know who we’re talking to because – We may recognize their voice (fairly strong
authentication, but subject to colds, etc.)– We called them on the telephone and we that we
reached the right person (uhm, well maybe ... )– They called us on the telephone and assume they
are who they say they are (uhm, well ...)
26
Sight Only
• We may be able to see the person (strong authentication, but subject to haircuts or hair coloring, tans, aging, weight loss, etc.)
• With the written word, we believe we know who is “talking” to us because– the publishers must have checked …– that’s their logo on the webpage …– the label on that watch really says Rolex™, but it’s just
printed small … right?– surely not all of those Nigerian emails are fraudulent
27
Touch
• Embossed seals on paper• Highly-developed tactile senses of sight-
impaired folks
28
... But awkward to do quickly or with the general public
Smell
Humans aren’t particularly good at this one– “I know that perfume”– “Gee, your hair smells terrific!”– “Uhm, could you stand over there?”
29
Again, tough to do with the general public, but there is ongoing research ...
Taste
Beyond identifying basalt samples in the “lick lab” of Geology 101, Humans just aren’t gifted here.
30
Credibility of Identity Varies
• Depends upon context and environment• May be influenced by others• May change from day to day• May be misled by disguises
31
Old ways of establishing identity
Before the digital age, these were based upon physical things/actions or sensory inputs.
Is digital identity an improvement?
Are strong biometrics the answer?The ones that work best scare people the most
Plus, they are hard to obtain without getting up close
And they’re really personal!
35
Why are biometrics scary?Biometrics cannot be replaced
– most biometrics are not a secret – once compromised, compromised forever
What if a biometric is used for cross matching?– Biometrics collected for one application can be
shared to retrieve other private information (health care, law-enforcement, financial background)
Biometrics Challenge
Can we find a technique which permits us to safely replace biometrics as easily as a stolen credit card ?
38
One solution is to use Cancelable Biometrics• Intentional repeatable
distortion– alters signal but still in
correct format– generates a similar signal
each time
• Compromised scenario:– a new distortion creates a
new biometrics
• Comparison scenario:– different distortions for
different accounts
© New Yorker Magazine (Charles Addams)
39
Hash Functions : Ideal for passwords and text
33B21856A91D2FBB5BC4144C69B23F85
FIRE ALL LINUX PROGRAMMERS
43C08679B2FD54C65467DDCC9C00AD49
1 character difference
65 bitsdifference !!
SHA
HIRE ALL LINUX PROGRAMMERS
SHA
Can we simply hash a fingerprint?!
40
Hashing : Doesn’t work for biometrics
26 pointsmatch
Don’t match at ALL !!F313C86188DDE96bD48AD5
8CDECDB9E8
SHA
80BC979099C2FA643E4C54
32A03E01B8
SHA
15 pointsdon’t match
OK
Encryption vs. Distortion
41
Encryption Intentional Distortion
Encrypted signal does not resemble original.
Transformed signal looks like a normal signal.*
Original is recovered after decryption.
Original signal is generally not recoverable.
What we need is a way of moving around in the space of a class of biometric data in an irreversible manner
ONE WAY
MAPPIN
G
43
Open issuesPractical:
Will this solve fake input (fake finger, fake face)?– No, if we have access to the transform database
Where do we store the transform?– server– smartcard/card
Theoretical: How many distortion transforms are possible for a given biometrics?
Is the original signal reconstructible from a set of distorted versions?
Technical: Which distortion transform model is better: signal or feature?
– possibly a combination of both
How will the error rates change?
44
XY Permutation (feature domain)block scramble
>> points positions are distorted rather than whole image <<
45
Radial Permutation Transform
7
7
sector scramble
46
Direction Field Transformsurface warp
47
Impact on PerformanceBEST
WORST
Selection of possible error tradeoffs
more imposters get in
genuine person more often rejected
48 25 October 2006
Fingerprint example: two impressions
Registration based on “core” and “delta”
Original 1 Original 2
49 25 October 2006
Distorted versions still appear similar
Distorted 1 Distorted 2
50 25 October 2006
Fingerprints mostly matched by “Minutiae”Finding minutiae
Livescan Input Enhancement
Match ridge endings and bifurcations between prints and evaluate
51 25 October 2006
Minutiae of distortions match, but not to original
Original 1 Distorted 1 Distorted 2
no match match
52 25 October 2006
Real example: two images of the same face
53 25 October 2006
Registration and Distortion
54
Cancelable Biometrics: ExampleTwo images of the same face
repeatable distortion
DON’TMATCH
DON’T MATCH
MATCH
MATCH
55
Distortions have limits
Cancelable Biometrics in the Marketplace ?
The company genkey has an product called BioHash® SDK .
http://www.genkey.com/en/technology/biohashr-sdk
56
Coin Flipping Protocol*
58
1 Alice & Bob generate public-key/private-key pairs2 Alice creates 2 messages, one for heads and one for tails. Alice encrypts them
both with her public key and sends them to Bob in random order:EA(M1), EA(M2)
3 Bob chooses one at random, encrypts it with his public key and returns it to AliceEB(EA(Mn)), where n or 1 or 2
4 Alice can’t read it, but decrypts it with her private key and returns it to BobDA(EB(EA(M)))=> EB(M1) or EB(M2)
5 Bob decrypts the message to reveal the result (heads or tails) and sends to Alice6 Alice reads the result and verifies the string is correct7 Alice and Bob reveal their key-pairs so that both can verify the other didn’t cheat
Works only if PK algorithm is commutative: DA(DB(EA(EB(M)))) = DB(DA(EA(EB(M))))
* Adapted from Schneier, pp. 90-91
Zero Knowledge Example 1
How can I prove to you that I know where Waldo is in the picture, without giving away his specific position?
Start with a sheet of paper much larger than the picture, cut a small hole in it, and place the hold over Waldo.
The viewer can see Waldo, but cannot be sure how the picture is positioned under the cover.
60
61
62
Zero Knowledge Example 2• Alice says she can count the # of leaves on a tree.• Bob selects a tree, and tells Alice to look away.• Bob says he will pick between 1 and 100 leaves from the tree.• Bob tells Alice to turn around.• Alice correctly tells him how many leaves he picked. The
probability of Alice guessing correctly is 1/100.• They repeat the cycle, and Alice is correct again, while the
probability of guessing correctly twice (independently) is 1/10000 !• The more times they repeat the cycle with Alice answering
correctly, the less likely it is that she is guessing.• THEREFORE, Alice must be able to count the leaves on the tree!
63
ZK Example 2: Proving knowledge of a private key*
64
1 Alice says she knows Carol’s private key and wants to prove it to Bob without revealing it OR decrypting anything encrypted with Carol’s keys. Carol’s public key is e, private key is d, and RSA modulus is n .
2 Alice and Bob agree on a random k and m such that km = e (mod n)
3 Alice and Bob generate a random ciphertext, C.4 Alice computes, using Carol’s private key:
M = Cd mod n and then X = Mk mod n and sends X to Bob.5 Bob confirms that Xm mod n = C , and if it does, he believes Alice.
* - simplified, from Schneier pp.548-549