Computer Security Lecture: Authentication PDF

Computer Security 23164404-3 Lecture 2 Chapter 3 User Authentication RFC 4949 RFC 4949 defines user authentication as: “The process of verifying an identity claimed by or for a system entity.” Authentication Process Fundamental building Identification step block and primary l Presenting an identifier to the security system line of defense Verification step l Presenting or generating Basis for access authentication information that corroborates the binding control and user between the entity and accountability the identifier Registration, Credential Issuance, and Maintenance Registration Identity Proofing Subscriber/ Authenticated Session Relying Authority (RA) User Registration Claimant Party (RP) Au th Registration t ial ce en tic Authenticated n Confirmation e de suan Ex at e Assertion r s ch d n , C on/I an Pr ke rati ge oto o T ist co g l Re Credential Token/Credential Service Verifier Provider (RA) Validation E-Authentication using Token and Credential Figure 3.1 The NIST SP 800-63-2 E-Authentication Architectural Model The three means of authenticating user identity are based on: Password, PIN, answers to Something you knows prearranged questions Something you have Smartcard, electronic keycard, (token) physical key Something you are Fingerprint, retina, (static biometrics) face Some books add an extra way of authenticating: Something you does Voice pattern, handwriting, (dynamic biometrics) typing rhythm Risk Assessment for User Authentication Assurance There are three separate Level concepts: Potential impact Areas of risk Assurance Level More specifically is defined Four levels of assurance as: Level 1 Describes an organization’s The degree of confidence in the Little or no confidence in the asserted identity's validity degree of certainty that a vetting process used to establish the identity of the individual to user has presented a whom the credential was issued Level 2 credential that refers to his Some confidence in the asserted identity’s validity or her identity Level 3 High confidence in the asserted identity's The degree of confidence that the validity individual who uses the credential is the individual to whom the Level 4 credential was issued Very high confidence in the asserted identity’s validity Potential Impact FIPS 199 defines three levels of potential impact on organizations or individuals should there be a breach of security: Low An authentication error could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals Moderate An authentication error could be expected to have a serious adverse effect High An authentication error could be expected to have a severe or catastrophic adverse effect Table 3.1 Assurance Level Impact Profiles Potential Impact Categories for Authentication Errors 1 2 3 4 Inconvenience, distress, or damage to standing or Low Mod Mod High reputation Low Mod Mod High Financial loss or organization liability None Low Mod High Harm to organization programs or interests None Low Mod High Unauthorized release of sensitive information Mod/ Personal safety None None Low High Civil or criminal violations None Low Mod High Maximum Potential Impacts for Each Assurance Level Password Authentication Widely used line of defense against intruders User provides name/login and password System compares password with the one stored for that specified login The user ID: Determines that the user is authorized to access the system Determines the user’s privileges Is used in discretionary access control Password Vulnerabilities Offline Password guessing Workstation Electronic dictionary against hijacking monitoring attack single user Exploiting Specific Popular Exploiting multiple account password user password attack attack mistakes use Password Password File User ID Salt Hash code Salt slow hash Load function (a) Loading a new password Password File User id User ID Salt Hash code Salt Select Password slow hash function Hashed password Compare (b) Verifying a password Figure 3.2 UNIX Password Scheme UNIX Implementation Original scheme Up to eight printable characters in length 12-bit salt used to modify DES encryption into a one-way hash function Zero value repeatedly encrypted 25 times Output translated to 11 characters sequence Now regarded as inadequate Still often required for compatibility with existing account management software or multivendor environments Improved Implementations OpenBSD uses Blowfish block cipher-based hash algorithm called Bcrypt Most secure version of Unix hash/salt scheme Much stronger hash/salt Uses 128-bit salt to create 192-bit schemes available for Unix hash value Recommended hash function is based on MD5 Salt of up to 48-bits Password length is unlimited Produces 128-bit hash Uses an inner loop with 1000 iterations to achieve slowdown Password Cracking Dictionary attacks Rainbow table attacks Develop a large dictionary Pre-compute tables of of possible passwords and hash values for all salts try each against the A mammoth table of hash password file values Each password must be Can be countered by using hashed using each salt a sufficiently large salt value and then compared value and a sufficiently to stored hash values large hash length Password crackers John the Ripper exploit the fact that Open-source password people choose easily cracker first developed in guessable passwords in 1996 Uses a combination of Shorter password lengths brute-force and dictionary are also easier to crack techniques Modern Approaches Complex password policy Forcing users to pick stronger passwords However, password-cracking techniques have also improved The processing capacity available for password cracking has increased dramatically The use of sophisticated algorithms to generate potential passwords Studying examples and structures of actual passwords in use 50% 40% Percent guessed 30% 20% 10% 0% 104 107 1010 1013 Number of guesses Figure 3.3 The Percentage of Passwords Guessed After a Given Number of Guesses Password File Access Control Can block offline guessing attacks by denying access to encrypted passwords Make available only Vulnerabilities to privileged users Weakness in Accident with Users with Sniff the OS that permissions same passwords in Access from password on backup media allows access making it other network Shadow to the file readable traffic password file systems Password Selection Strategies User education Users can be told the importance of using hard to guess passwords and can be provided with guidelines for selecting strong passwords Computer generated passwords Users have trouble remembering them Reactive password checking System periodically runs its own password cracker to find guessable passwords Complex password policy User is allowed to select their own password, however the system Goal is to eliminate guessable passwords while allowing the user checks to see if the password is allowable, and if not, rejects it to select a password that is memorable Proactive Password Checking Password Rule enforcement cracker Specific rules that passwords must Compile a large adhere to dictionary of passwords not to use Bloom filter Used to build a table based on dictionary using hashes Check desired password against this table 1 0.1 2 hash functions Pr[false positive] 0.01 4 hash functions 6 hash functions 0.001 0 5 10 15 20 Ratio of hash table size (bits) to dictionary size (words) Figure 3.4 Performance of Bloom Filter Table 3.2 Card Type Defining Feature Example Embossed Raised characters only, on Old credit card front Magnetic stripe Magnetic bar on back, characters on front Bank card Memory Electronic memory inside Prepaid phone card Smart Electronic memory and processor inside Biometric ID card Contact Electrical contacts exposed on surface Contactless Radio antenna embedded inside Types of Cards Used as Tokens Memory Cards Can store but do not process data The most common is the magnetic stripe card Can include an internal electronic memory Can be used alone for physical access Hotel room ATM Provides significantly greater security when combined with a password or PIN Drawbacks of memory cards include: Requires a special reader Loss of token User dissatisfaction Smart Tokens Physical characteristics: Include an embedded microprocessor A smart token that looks like a bank card Can look like calculators, keys, small portable objects Interface: Manual interfaces include a keypad and display for interaction Electronic interfaces communicate with a compatible reader/writer Authentication protocol: Classified into three categories: Static Dynamic password generator Challenge-response Smart Tokens Most important category of smart token Has the appearance of a credit card Has an electronic interface May use any of the smart token protocols Contain: An entire microprocessor Processor Memory I/O ports Typically include three types of memory: Read-only memory (ROM) Stores data that does not change during the card’s life Electrically erasable programmable ROM (EEPROM) Holds application data and programs Random access memory (RAM) Holds temporary data generated when applications are executed 2 3 1 5 6 4 8 9 7 0 # X Smart card Card reader Smart Card Activation ATR Protocol negotiation PTS Negotiation Answer PTS Command APDU Response APDU End of Session APDU = application protocol data unit ATR = Answer to reset PTS = Protocol type selection Figure 3.5 Smart Card/Reader Exchange Electronic Identity Cards (eID) Most advanced deployment is Use of a smart card as a the German card neuer national identity card for citizens Personalausweis Can serve the same purposes as other Has human-readable data printed on its national ID cards, and similar cards such as a surface driver’s license, for access to government and Personal data commercial services Document number Card access number (CAN) Machine readable zone (MRZ) Can provide stronger proof of identity and can be used in a wider variety of applications In effect, is a smart card that has been verified by the national government as valid and authentic Table 3.3 Electronic Functions and Data for eID Cards CAN = card access number MRZ = machine readable zone PACE = password authenticated connection establishment PIN = personal identification number t r e ques ion at u t hentic 4. A e r eques t e x c hang N col eID 5. PI n p roto d irect server a t i o or r e u t hentic r e s ult f 7. A ion 6. User enters PIN h en ticat ut 8. A 2. Se rvic e req 1. User requests service 3. R uest (e.g., via Web browser) edir ect t 9. A o eID uthe mes ntica sage tion 10. S r esul ervi t for ce g war rant ded ed Host/application server Figure 3.6 User Authentication with eID Password Authenticated Connection Establishment (PACE) For offline applications, either the MRZ printed on For online the back of the card applications, access or the six-digit card is established by the access number (CAN) Ensures that the user entering the 6- printed on the front is contactless RF chip in digit PIN (which used the eID card cannot should only be known be read without to the holder of the explicit access control card) Biometric Authentication Attempts to authenticate an individual based on unique physical characteristics Based on pattern recognition Is technically complex and expensive when compared to passwords and tokens Physical characteristics used include: o Facial characteristics o Fingerprints o Hand geometry o Retinal pattern o Iris o Signature o Voice Iris Hand Cost Retina Signature Face Finger Voice Accuracy Figure 3.7 Cost Versus Accuracy of Various Biometric Characteristics in User Authentication Schemes. Name (PIN) Biometric Feature sensor extractor Biometric database User interface (a) Enrollment Name (PIN) Biometric Feature sensor extractor Biometric database User interface Feature true/false matcher One template (b) Verification Biometric Feature sensor extractor Biometric database User interface user's identity or Feature "user unidentified" matcher N templates (c) Identification Figure 3.8 A Generic Biometric System. Enrollment creates an association between a user and the user's biometric characteristics. Depending on the application, user authentication either involves verifying that a claimed user is the actual user or identifying an unknown user. Probability density function decision threshold (t) imposter profile of profile genuine user false nonmatch false possible match possible Matching score (s) average matching average matching value of imposter value of genuine user Figure 3.9 Profiles of a Biometric Characteristic of an Imposter and an Authorized Users In this depiction, the comparison between presented feature and a reference feature is reduced to a single numeric value. If the input value (s) is greater than a preassigned threshold (t), a match is declared. 100% in cr ea se th re s ho 10% ld false nonmatch rate in se crea de d c co ecr uri sed cr ea nv ea ty, se en sed th ien re de ecu ase nce ce sh cr rit d s e ie o ea y, ld in ven se co c d n 1% e lin ate rr rro al e equ 0.1% 0.0001% 0.001% 0.01% 0.1% 1% 10% 100% false match rate 100% Figure 3.10 Idealized Biometric Measurement Operating Characteristic Curves (log-log scale) Face Fingerprint Voice Hand Iris 100% false nonmatch rate 10% 1% 0.1% 0.0001% 0.001% 0.01% 0.1% 1% 10% 100% false match rate Figure 3.11 Actual Biometric Measurement Operating Characteristic Curves, reported in [MANS01]. To clarify differences among systems, a log-log scale is used. Remote User Authentication Authentication over a network, the Internet, or a communications link is more complex Additional security threats such as: Eavesdropping, capturing a password, replaying an authentication sequence that has been observed Generally, rely on some form of a challenge-response protocol to counter threats Client Client Host Host U U U, User U, User r, random number r, random number (r, h(), f()) h(), f(), functions (r, h(), f()) h(), f(), functions P’ P’ W’ r’, return of r password to f(r’, h(P’)) passcode via token r’, return of r f(r’, h(W’)) if f(r’, h(P’)) = f(r, h(P(U))) if f(r’, h(W’)) = yes/no then yes else no f(r, h(W(U))) yes/no then yes else no (b) Protocol for a password (b) Protocol for a token Client Client (b) Protocol for a password (b) Protocol for a token Client Client Host Host U U U, User U, User r, random number r, random number (r, E()) E(), function x, random sequence challenge (r, x, E()) B’ BT’ biometric E(), function D‘ biometric device B’, x’ BS’(x’) E(r’, D’, BT’) E(r’, BS’(x’)) r’, return of r r’, return of r E–1E(r’, P’, BT’) = E–1E(r’, BS’(x’)) = (r’, P’, BT’) (r’, BS’(x’)) if r’ = r AND D’ = D extract B’ AND BT’ = BT(U) from (r’, BS’(x’)) then yes else no if r’ = r AND x’ = x yes/no AND B’ = B(U) yes/no then yes else no (c) Protocol for static biometric (d) Protocol for dynamic biometric Figure 3.12 Basic Challenge-Response Protocols for Remote User Authentication Table 3.4 Some Potential Attacks, Susceptible Authenticators, and Typical Defenses Eavesdropping Adversary attempts to learn the password by some sort of attack that involves the physical proximity of user and Host Attacks adversary Denial-of-Service Directed at the user file Attempts to disable a user at the host where authentication service by passwords, token flooding the service with passcodes, or biometric numerous authentication templates are stored attempts Replay Trojan Horse An application or physical Adversary repeats a device masquerades as previously captured an authentic application user response or device for the purpose Client Attacks of capturing a user Adversary attempts to password, passcode, or achieve user biometric authentication without access to the remote host or the intervening communications path Iris Iris Iris scanner scanner scanner Iris workstation Iris workstation Iris workstation LAN switch Iris Merge Remote Iris database Iris Engine 1 Iris Engine 2 Network switch Figure 3.13 General Iris Scan Site Architecture for UAE System Case Study: ATM Security Problems Summary Electronic user authentication principles Biometric authentication A model for electronic user authentication Physical characteristics used in Means of authentication biometric applications Risk assessment for user authentication Operation of a biometric Password-based authentication authentication system The vulnerability of passwords Biometric accuracy The use of hashed passwords Remote user authentication Password cracking of user-chosen Password protocol passwords Token protocol Password file access control Static biometric protocol Password selection strategies Dynamic biometric protocol Token-based authentication Security issues for user Memory cards authentication Smart cards Electronic identity cards Questions 47 Thank You

Computer Security Lecture: Authentication PDF

Document Details

Tags

Related

Summary

Full Transcript