View
219
Download
2
Tags:
Embed Size (px)
Citation preview
slide 1
Nitesh SaxenaPolytechnic University
*Adopted from a previous lecture by Vitaly Shmatikov
User(-to-Device) Authentication*
slide 2
Recall: Basic Problem
?
How do you prove to someone that you are who you claim to be?
Any system with access control must solve this problem
slide 3
Recall: Many Ways to Authenticate
Something you know• Passwords/PINs
Something you have• Secure tokens
Something you are• Biometrics
What is the best method to authenticate: secure as well as usable and universal? Is there any?
slide 4
(Textual) Passwords
User has a secret password. System checks it to authenticate the user. How is the password communicated?
• Eavesdropping risk
How is the password stored?• In the clear? Encrypted? Hashed?
How does the system check the password? How easy is it to guess the password?
• Easy-to-remember passwords tend to be easy to guess
• Password file is difficult to keep secret
slide 5
Passwords in the Real World
From high school pranks…• Student in Tyler changes school attendance records• Students in California change grades
– Different authentication for network login and grade system, but teachers were using the same password (very common)
…to serious cash• English accountant uses co-workers’ password to
steal $17 million for gambling
…to identity theft• Helpdesk employee uses passwords of a credit card
database to sell credit reports to Nigerian scammers
[PasswordResearch.com]
slide 6
Passwords and Computer Security
First step after any successful intrusion: install sniffer or keylogger to steal more passwords Second step: run cracking tools on password files
• Usually on other hijacked computers
In Mitnick’s “Art of Intrusion”, 8 out of 9 exploits involve password stealing and/or cracking• Excite@Home: usernames and passwords stored in the
clear in troubleshooting tickets• “Dixie bank” hack: use default router password to
change firewall rules to enable incoming connections
slide 7
UNIX-Style Passwords
t4h97t4m43 fa6326b1c2 N53uhjr438 Hgg658n53 …
user system password file“cypherpu
nk”
hashfunction
slide 8
Password Hashing
Instead of user password, store H(password) When user enters password, compute its
hash and compare with entry in password file• System does not store actual passwords!• Difficult to go from hash from password!
Hash function H must have some properties• One-way: given H(password), hard to find
password– No known algorithm better than trial and error
• Is collision resistance needed?
slide 9
UNIX Password System
Uses DES encryption as if it were a hash function• Encrypt NULL string using password as the key
– Truncates passwords to 8 characters!
• Can instruct modern UNIXes to use MD5 hash function
Problem: passwords are not truly random• With 52 upper- and lower-case letters, 10 digits
and 32 punctuation symbols, there are 948 6 quadrillion possible 8-character passwords
• Humans like to use dictionary words, human and pet names 1 million common passwords
slide 10
Dictionary Attack
Password file /etc/passwd is world-readable• Contains user IDs and group IDs which are used
by many system programs
Dictionary attack is possible because many passwords come from a small dictionary• Attacker can pre-compute H(word) for every word
in the dictionary – this only needs to be done once!!
– This is an offline attack– Once password file is obtained, cracking is instantaneous
• With 1,000,000-word dictionary and assuming 10 guesses per second, brute-force online attack takes 50,000 seconds (14 hours) on average
slide 11
Salt
shmat:fURxfg,4hLBX:14510:30:Vitaly:/u/shmat:/bin/csh
/etc/passwd entrysalt
(chosen randomly whenpassword is first set)
hash(salt,pwd)Password
• Users with the same password have different entries in the password file
• Offline dictionary attack becomes much harder
slide 12
Advantages of Salting
Without salt, attacker can pre-compute hashes of all dictionary words once for all password entries• Same hash function on all UNIX machines;
identical passwords hash to identical values• One table of hash values works for all password
files
With salt, attacker must compute hashes of all dictionary words once for each combination of salt value and password• With 12-bit random salt, same password can
hash to 4096 different hash values
slide 13
Shadow Passwords
shmat:x:14510:30:Vitaly:/u/shmat:/bin/csh
• Store hashed passwords in /etc/shadow file which is only readable by system administrator (root)
• Add expiration dates for passwords• Early Shadow implementations on Linux called
the login program which had a buffer overflow!
Hashed password is notstored in a world-readable file
/etc/passwd entry
slide 14
Password Security Risks
Keystroke loggers• Hardware
– KeyGhost, KeyShark, others
• Software (spyware)
Online attacks Offline attacks
These can be dealt with somewhat (how?), but…….
slide 15
User Issues!!
Make passwords easy to remember• “password”, “Longhorns”, “Kevin123”
Write them down Use a single password at multiple sites
• Do you use the same password for Amazon and your bank account? MyPoly? Do you remember them all?
Some services use “secret questions” to reset passwords
• “What is your favorite pet’s name?”• Paris Hilton’s T-Mobile cellphone hack
Susceptible to Social Engineering• e.g., Phishing
slide 16
Social Engineering
Univ. of Sydney study (1996)• 336 CS students emailed asking for their passwords
– Pretext: “validate” password database after suspected break-in
• 138 returned their passwords; 30 returned invalid passwords; 200 reset passwords (not disjoint)
Treasury Dept. report (2005)• Auditors pose as IT personnel attempting to correct a
“network problem”• 35 (of 100) IRS managers and employees provide
their usernames and change passwords to a known value
Other examples: Mitnick’s “Art of Deception”
slide 19
The next page requests:
Name Address Telephone Credit Card Number, Expiration Date, Security
Code PIN Account Number Personal ID Password
slide 21
But wait…
WHOIS 210.104.211.21:
Location: Korea, Republic Of
Images from Anti-Phishing Working Group’s Phishing Archive
slide 23
Phishing: A Growing Problem
Over 16,000 unique phishing attacks reported in Nov. 2005, about double the number from 2004
Estimates suggest phishing affected 1.2 million US citizens and cost businesses billions of dollars in 2004
Additional losses due to consumer fears
[Anti-Phishing Working Group, Phishing Activity Trends Report, Dec. 2005]
slide 24
Basic Phishing Attack
Victim receives email seemingly from an institution• Often reports a problem with victim’s account• Email demands immediate action
Victim led to a website that mimics that of the institution• Prompted to enter account information, passwords, personal
information, etc. Two variations:
• Passive: Attacker collects victim’s information for later exploitation
• Active: Attacker relays victim’s information to the real institution and plunders the account in real time
slide 25
Current Phishing Techniques
Employ visual elements from target site DNS Tricks:
• www.ebay.com.kr• [email protected]• www.gooogle.com• Unicode attacks
JavaScript Attacks• Spoofed SSL lock
Certificates• Phishers can acquire certificates for domains they own• Certificate authorities make mistakes
slide 26
Advanced Phishing Attacks
Spear-phishing: Improved target selection Socially aware attacks [Jakobsson 2005]
• Mine social relationships from public data• Phishing email appears to arrive from someone known to the
victim Context-aware attacks [ibid]
• “Your bid on eBay has won!”• “The books on your Amazon wishlist are on sale!”
slide 27
User Issues!! Users are “task-focussed” Security is a secondary objective Users choose bad passwords and readily
disclose them Users cannot parse URLs, domain
names or PKI certificates Users are inundated with warnings and
pop-ups
slide 28
Phishing Prevention Approaches
Heuristics• Spoofguard [Chou et al. 2004], TrustBar [HerzGbar 2004], eBay
toolbar, SpoofStick• Recent studies indicate users ignore toolbar warnings [Wu
et al. 2005]
slide 30
Other Approaches
Origin/Server Authentication• Dynamic Security Skins [DhamTyga 2004], Passmark, and the
Petname project; BankofAmerica SiteKey• All rely on user diligence – a single mistake will result in a
compromised account (slow to load image!)
slide 31
Another approach
PwdHash• Instead of the password p, share the hash of
the password (contatenated with domain name): H(p, domain)
• User types in the password p, the browser computes H(p, domain) and send it to the server
• Phishing site learns the hashed value for its own doman, which is of no “direct” use (except running a dictionary attack on the password)
slide 32
In summary
Lot of problems with the passwords• Especially due to user behavior
Can we help users pick strong(er) passwords• Use of mnemonics: Easy to remember but hard
to guess phrases– Phrase to a password
• “Jack and Jill went up the hill” (JaJwuth) (probably not good!)
• “I’ve owned 4 Gateway computers so far” (Io4Gcsf )
Other Directions…
slide 33
Graphical Passwords
Images are easy for humans to recall/recognize• Especially if you invent a memorable story to
go along with the images
Images can not be “written down”
slide 34
Dhamija and Perrig SchemePick several pictures out of many choices, identify them laterin authentication.
http://www.random-art.org/
• Using Hash Visualization, which, given a seed, automatically generate a set of pictures• No need to store images, but take
longer to create passwords
password space: N!/K! (N-K)!( N-total number of pictures; K-number of pictures selected as passwords)
slide 35
Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the convex hull bounded by pass-objects.
• authors suggeated using 1000 objects, which makes the display very crowed and the objects almostindistinguishable.
password space: N!/K! (N-K)!( N-total number of picture objects; K-number of pre-registered objects)
slide 37
User Quotes
“I chose the images of the ladies which appealed the most”
“I simply picked the best lookin girl on each page”
“In order to remember all the pictures for my login (after forgetting my ‘password’ 4 times in a row) I needed to pick pictures I could EASILY remember... So I chose beautiful women. The other option I would have chosen was handsome men, but the women are much more pleasing to look at”
slide 38
More User Quotes
“I picked her because she was female and Asian and being female and Asian, I thought I could remember that”
“I started by deciding to choose faces of people in my own race…”
“… Plus he is African-American like me”
slide 39
Draw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the coordinates of
the grids occupied by the picture are stored in the order of
drawing
redrawing has to touch thesame grids in the same sequence in authentication user studies showed the drawing sequences is hard to Remember
slide 40
“PassPoint” SchemeUser click on any place on an image to create a password. A
tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.
can be hard to remember the sequences
Password Space: N^K( N -the number of pixels or smallest units of a picture, K - the number ofPoint to be clicked on )
slide 41
Shoulder Surfing
Graphical password schemes are perceived to be more vulnerable to “shoulder surfing”
Experimental study with graduate students at the University of Maryland Baltimore County• 4 types of passwords: Passfaces with mouse,
Passfaces with keyboard, dictionary text password, non-dictionary text password (random words and numbers)
Result: non-dictionary text password most vulnerable to shoulder surfing• Why do you think this is the case?
slide 42
Biometric Authentication
Nothing to remember Passive
• Nothing to type, no devices to carry around
Can’t share (usually) Can be fairly unique
• … If measurements are sufficiently accurate
slide 43
Problems with Biometrics
Identification vs. authentication• Identification = associating an identity with an
event or a piece of data– Example: fingerprint at a crime scene
• Authentication = verifying a claimed identity– Example: fingerprint scanner to enter a building
How hard are biometric readings to forge?• Difficulty of forgery is routinely overestimated• Analysis often doesn’t take into account the
possibility of computer-generated forgery
Revocation is difficult or impossible
slide 44
Fake Fingers
Gelatin: gummy fingers
Play-Doh fingers fool 90% of fingerprint scanners• Clarkson University
study
Suggested perspiration measurement to test “liveness” of the finger
[Schuckers]
slide 46
Tokens
Generally used to improve security of passwords• Two-factor authentication: “Something you have” +
“Something you know”• Use of “one time passwords”
Example: RSA SecurID (many different forms)
Problem: token might not be available, when needed; also each secure site needs a different tokens