Chapter 3_v2 _bf8fe41fd618d55d749625c8e9c1c10a.pdf

Full Transcript

Cybersecurity Fundamentals
(CY 101)
Chapter 3: User Authentication
 Outline

Ø Digital User Authentication Principles
ØPassword-Based Authentication
ØToken-Based Authentication
ØBiometric Authentication
ØSecurity Issues for User Authentication
 Digital User Authentication

Digital Identity is “A unique
representation of a subject
engaged in an online transaction.”
NIST SP 800-63-3 (Digital Authentication
Guideline, June 2017)

Digital user authentication is the
process of determining the validity
of one or more authenticators used
to claim a digital identity.
 Security Requirements For Identification And
Authentication
Table 3.1, from NIST SP 800-171 (Protecting Controlled Unclassified Information in
Nonfederal Information Systems and Organizations, February 2020), provides a
useful list of security requirements for identification and authentication services.
ØBasic Security Requirements:
1. Identify information system users, processes acting on behalf of users, or
devices.
2. Authenticate (or verify) the identities of those users, processes, or devices,
as a prerequisite to allowing access to organizational information systems.
ØDerived Security Requirements:
3. Use multifactor authentication for local and network access to privileged
accounts and for network access to non-privileged accounts.
Security Requirements For Identification And
Authentication (cont’d.)
4. Employ replay-resistant authentication mechanisms for network access to
privileged and non-privileged accounts.
5. Prevent reuse of identifiers for a defined period.
6. Disable identifiers after a defined period of inactivity.
7. Enforce a minimum password complexity and change of characters when new
passwords are created.
8. Prohibit password reuse for a specified number of generations.
9. Allow temporary password use for system logons with an immediate change to
a permanent password.
10. Store and transmit only cryptographically-protected passwords.
11. Obscure feedback of authentication information.
A Model for Digital User Authentication

Figure 3.1 The NIST SP 800-63-3 E-Authentication Architectural Model
 Means of Authentication

There are four general means of authenticating a user’s identity, which
can be used alone or in combination:

Something the individual Something the individual Something the individual is Something the individual
knows possesses (token) (static biometrics) does (dynamic biometrics)
Password, PIN, answers to Smartcard, electronic keycard, Fingerprint, retina, face Voice pattern, handwriting,
prearranged questions physical key typing rhythm
 Multifactor Authentication
ØMultifactor authentication (MFA) refers to an authentication process
where the user presents two or more pieces of evidence (or factors) to
verify their identity.
 Assurance Levels for User Authentication

ØAn organization can choose from a range of authentication
technologies, based on the degree of confidence in identity proofing and
authentication processes
ØNIST SP 800-63-3 defines three separate levels for each of Identity
Assurance Level (IAL) and Authenticator Assurance Level (AAL).
ØThree levels of IALs
IAL1: No need to link the applicant to a specific real-life identity
IAL2: Provides evidence for the claimed identity using either remote or
physically-present identity proofing
IAL3: Requires physical presence for identity proofing.
Assurance Levels for User Authentication (cont’d.)

ØThree levels of AALs
AAL1: Provides some assurance of authentication via user-supplied ID and
password.
AAL2: Provides high confidence of authentication via proof of possession and
control of two authentication factors
AAL3: Provides very high confidence of authentication via proof of possession
and control of two authentication factors
 Password-Based Authentication

ØA widely used line of defense against intruders is the password system.
ØPassword-Based Authentication contains a username/login (ID) and
password.
ØThe password serves to authenticate the ID of the individual logging on
to the system.
ØThe system compares the password to a previously stored password for
that user ID, maintained in a system password file.
ØIn turn, the ID provides security in the following ways:
The ID determines whether the user is authorized to gain access to a system.
The ID determines the privileges accorded to the user.
The ID is used in what is referred to as discretionary access control.
 Password Vulnerabilities

ØThe main forms of attack against password-based authentication

Password
Offline Specific account Popular
guessing against
dictionary attack attack password attack
single user

Exploiting
Workstation Exploiting user Electronic
multiple
hijacking mistakes monitoring
password use
 The Use of Hashed Passwords

ØA widely used password security technique is the use of hashed passwords
and a salt value.
ØPassword hashing:
§ turns the password into a fixed-length (string of letters and/or numbers) using a hashing
algorithm.
§ The password hashing helps prevent cybercriminals from getting access to the
passwords file.
ØSalt value:
§ is a secret pseudorandom or random string that is combined with a password
§ the salt serves three purposes:
It prevents duplicate passwords from being visible in the password file.
It greatly increases the difficulty of offline dictionary attacks.
It becomes nearly impossible to find out whether a person with passwords on two or more
systems has used the same password on all of them.
 The Use of Hashed Passwords

ØThe hashed password scheme is found
on virtually all UNIX variants as well as
on a number of other operating
systems.
ØThe hash algorithm is designed to be
slow to execute in order to thwart
attacks.
ØThis method has been shown to be
secure against a variety of cryptanalytic
attacks

Figure 3.3: UNIX Password Scheme
 UNIX Implementation

ØOriginal scheme
Up to 8 printable characters in length
12-bit salt used to modify DES encryption into a one-way hash function
Zero value repeatedly encrypted 25 times
Output translated to 11 character sequence

ØNow regarded as inadequate
Still often required for compatibility with existing account
management software or multivendor environments
 Improved Implementations

ØMuch stronger hash/salt schemes available for Unix
ØRecommended hash function is based on MD5
Salt of up to 48-bits
Password length is unlimited
Produces 128-bit hash
Uses an inner loop with 1000 iterations to achieve slowdown
ØOpen BSD uses Blowfish block cipher based hash algorithm called Bcrypt
Most secure version of Unix hash/salt scheme
Uses 128-bit salt to create 192-bit hash value
 Password Cracking

ØDictionary attacks
Develop a large dictionary of possible passwords and try each against the password file
Each password must be hashed using each available salt value and then compared with
stored hash values
ØRainbow table attacks
Pre-compute tables of hash values for all salts
A mammoth table of hash values
Can be countered by using a sufficiently large salt value and a sufficiently large hash
length
ØPassword crackers exploit the fact that people choose easily guessable
passwords
Shorter password lengths are also easier to crack
ØJohn the Ripper
Open-source password cracker first developed in 1996
Uses a combination of brute-force and dictionary techniques
 Exercises

1) An attacker plans to gain unauthorized access to a system by
systematically trying all possible words or combinations from a pre-
existing list. What is the term for this type of attack?
Dictionary attacks
2) An attacker plans to use a rainbow table to crack passwords. Suggest how
an organization can defend against such attacks.
Use sufficiently large and unique salt values for each user's password, making pre-
computation impractical due to the vast number of possible hash values.
3) Why are shorter password lengths easier to crack?
Shorter password lengths are easier to crack because they have fewer possible
combinations, making them more susceptible to brute-force and dictionary attacks.
Modern Approaches

However password-
Complex password
cracking techniques
policy
have also improved

The processing capacity
The use of sophisticated Studying examples and
Forcing users to pick available for password
algorithms to generate structures of actual
stronger passwords cracking has increased
potential passwords passwords in use
dramatically
 The Percentage of
Passwords Guessed
after a Given Number
of Guesses

Figure 3.4
 Password File Access Control

Can block offline guessing attacks by denying access to encrypted
passwords
Make available only to privileged users
Shadow password file

Vulnerabilities

Weakness in the OS that allows access to the file
Accident with permissions making it readable
Users with same password on other systems
Access from backup media
Sniff passwords in network traffic
 Password Selection Strategies

Computer generated Reactive password Complex password
User education
passwords checking policy
Users can be told Users have trouble System periodically User is allowed to
the importance of remembering them runs its own select their own
using hard to guess password cracker to password, however
passwords and can find guessable the system checks
be provided with passwords to see if the
guidelines for password is
selecting strong allowable, and if
passwords not, rejects it
Goal is to eliminate
guessable
passwords while
allowing the user to
select a password
that is memorable
 Proactive Password Checking

Rule Password
Bloom filter
enforcement checker
Specific rules Compile a Used to build a
that passwords large table based on
must adhere to dictionary of hash values
passwords not Check desired
to use password
against this
table
 Token-Based Authentication

ØObjects that a user possesses for the purpose of user authentication are
called tokens
ØTwo types of tokens that are widely used; these are
Card-Based Tokens
Hardware Tokens
ØAdditionally, there's a growing trend in using mobile phones for
authentication purposes. Users can authenticate themselves using their
mobile phones in two primary ways:
SMS Messages
Software Apps
 Memory Cards
ØMemory Card
Can store but do not process data
The most common card is a bank card with a
magnetic stripe on the back.
Can include an internal electronic memory
ØCan be used alone for physical access
Hotel room
Gift card
ØProvides significantly greater security when
combined with a password or PIN
ØDrawbacks of memory cards include:
Requires a special reader
Loss of token
User dissatisfaction
 Smart Tokens

A wide variety of devices qualify as smart tokens. These can be categorized
along four dimensions that are not mutually exclusive:
Physical Electronic Authentication
User interface:
characteristics: interface protocol:
Include an embedded Manual interfaces A smart card or other Classified into three
microprocessor include a keypad and token requires an categories:
A smart token that display for electronic interface Static

looks like a bank card human/token to communicate with Dynamic password generator
Challenge-response
interaction a compatible
Can look like reader/writer
calculators, keys,
small portable Contact and
objects contactless interfaces
 Smart Cards

ØFor user authentication, the most important
category of smart token is the smart card
Has the appearance of a credit card
Has an electronic interface
May use any of the smart token protocols

ØA smart card contains within it an entire
microprocessor, including
Processor
memory
I/O ports
 Smart Cards (cont’d.)

ØTypically include three types of
memory:
Read-only memory (ROM)
Stores data that does not change
during the card’s life
Electrically erasable programmable
ROM (EEPROM)
Holds application data and programs
Random access memory (RAM)
Holds temporary data generated
when applications are executed
 Electronic Identity Cards (eID)
ØUse of a smart card as a national identity card for citizens
Can serve the same purposes as other national ID cards, and similar cards such as
a driver’s license, for access to government and commercial services
Can provide stronger proof of identity and can be used in a wider variety of
applications
In effect, is a smart card that has been verified by the national government as
valid and authentic
ØMost advanced deployment is the German card neuer Personalausweis
Has human-readable data printed on its surface
§ Personal data
§ Document number
§ Card access number (CAN)
§ Machine readable zone (MRZ)
 Eid Functions
The card has the following three separate electronic functions, each with
its own protected dataset
PAC E
Function Purpose Data Uses
Password
e Pass Authorized offline CAN or MRZ Face image; two fingerprint images Offline biometric identity
(mandatory) inspection systems read (optional); MRZ data verification reserved for
the data. government access
eID (activation Online applications read eID PIN Family and given names; artistic name Identification; age verification;
optional) the data or access and doctoral degree; date and place of community ID verification;
functions as authorized. birth; address and community ID; restricted identification
expiration date (pseudonym); revocation query
Offline inspection CAN or MRZ Family and given names; artistic name Identification; age verification;
e I D (activation optional

systems read the data and doctoral degree; date and place of community ID verification;
and update the address birth; address and community ID; restricted identification
and community I D. expiration date (pseudonym); revocation query
 Eid Functions (cont’d.)

Function Purpose PAC E Password Data Uses

eSign (certificate A certification authority eID PIN Signature key; X.509 Electronic signature
optional) installs the signature certificate creation
certificate online.
Citizens make electronic CAN Signature key; X.509 Electronic signature
eSign (certificate optional)

signature with eSign PI certificate creation
N.

CAN = card access number
M RZ = machine-readable zone
PACE = password authenticated connection establishment
PI N = personal identification number
 User Authentication with eID
User authentication is a good example of online use of the eID function.
Figure 3.6 illustrates a Web-based scenario
 Password Authenticated Connection
ØPassword Authenticated Connection Establishment (PACE) ensures that
the contactless RF chip in the eID card cannot be read without explicit
access control.

For online applications, For offline applications,
Ensures that the
access is established by either the MRZ printed on
contactless RF chip in the
the user entering the six- the back of the card or the
eID card cannot be read
digit PIN (which should be six-digit card access
without explicit access known only to the holder number (CAN) printed on
control
of the card) the front is used
 Hardware Authentication Tokens

ØOne-time password (O T P) device:
Has a secret key to generate an OTP
User enters the OTP and the system validates the value entered
Uses a block cipher/hash function to combine secret key and time or
nonce value to create OTP
Has a tamper-resistant module for secure storage of the secret key
 Hardware Authentication Tokens (cont’d.)

ØTime-based one-time password
(TOTP):
Uses HMAC with a hash function
Used in many hardware tokens
and by many mobile
authenticator apps
Password is computed from the
current Unix format time value
ØSystems using time based OTP need
to allow for clock drift between
token and verifying system
ØSystems using nonce need to allow
for failed authentication attempts
 Hardware Authentication Tokens (cont’d.)

ØDisadvantage: any other person can see the code
ØAlternative: use of a communications link
ØSingle-factor vs. multifactor:
Single-factor: provides authentication service with just one factor
Multifactor: provides authentication service after a local authentication step
ØFIDO2
Includes “WebAuthn” standard and “Client to Authenticator Protocol 2 (CTAP2)”
Uses a user agent as an intermediary between authenticator and authenticating
service
Prominent members: Google and Microsoft
 Exercises

ØTo bolster security measures, a bank is considering implementing token-
based authentication within its mobile banking application. Taking into
account the diverse range of token options available, what specific types
of tokens should the bank choose to ensure optimal security and user
experience?
Time-Based One-Time Password (TOTP) Tokens TOTP tokens generate unique
passwords that expire after a short period, typically 30 seconds. These tokens are
highly secure and convenient for users
 Authentication Using a Mobile Phone

ØAuthentication code via message:
One of the simplest authentication approaches
Used for banking, government service access, etc.
No need to have any additional app on the phone
Disadvantage:
§ Requires mobile coverage to receive SMS
§ When mobile phone is lost or stolen, user will lose access or an attacker
might gain access
§ Attackers might use a SIM swap attack
§ Attacker might also intercept messages using either a fake mobile tower, or
by attacking SS7 signaling protocol
 Authentication Using a Mobile Phone (cont’d.)

ØMobile authentication apps:
Implements a one-time password generator
Implements the “Time-based one-time password (TOTP)” algorithm
Does not require a network connection
Can be used with multiple accounts
More secure than authentication code
Disadvantages:
§ Phone might be lost or stolen
§ Attacker might compromise by installing malware
§ Attacker might convince the user to reveal secret code
 Biometric Authentication

ØAttempts to authenticate an individual based on unique physical characteristics
ØBased on pattern recognition
ØIs technically complex and expensive when compared to passwords and tokens
ØPhysical characteristics used include:
ØFacial characteristics
ØFingerprints
Hand geometry
Retinal pattern
Iris
Signature
Voice
 Cost versus Accuracy
of Various Biometric
Characteristics in User
Authentication
Schemes

Figure 3.7
 Remote User Authentication
ØAuthentication over a network, the Internet, or a communications link is
more complex
ØAdditional security threats such as:
Eavesdropping, capturing a password, replaying an authentication sequence that
has been observed
ØGenerally rely on some form of a challenge-response protocol to
counter threats
Basic Challenge-
Response Protocols
for Remote User
Authentication

Figure 3.12
 Security Issues for User Authentication
As with any security service, user authentication, particularly remote
user authentication, is subject to a variety of attacks
Attacks Authenticators Examples Typical Defenses
Password Guessing, exhaustive search Large entropy; limited attempts
Token Exhaustive search Large entropy; limited attempts; theft of object
Client attack requires presence
Biometric False match Large entropy; limited attempts

Password Plaintext theft, Hashing; large entropy; protection of password
dictionary/exhaustive search database
Token Passcode theft Same as password; 1-time passcode
Host attack
Biometric Template theft Capture device authentication; challenge
response
Eavesdropping, Password “Shoulder surfing” User diligence to keep secret; administrator
theft, and copying diligence to quickly revoke compromised
passwords; multifactor authentication
 Security Issues for User Authentication (cont’d.)
Attacks Authenticators Examples Typical Defenses
Eavesdropping, Token Theft, counterfeiting Multifactor authentication; tamper
theft, and copying hardware resistant/evident token
Biometric Copying (spoofing) biometric Copy detection at capture device and capture
device authentication
Password Replay stolen password Challenge-response protocol
response
Token Replay stolen passcode Challenge-response protocol; 1-time passcode
Replay response
Biometric Replay stolen biometric Copy detection at capture device and capture
template response device authentication via challenge-response
protocol

Trojan horse Password, token, Installation of rogue client or Authentication of client or capture device within
biometric capture device trusted security perimeter

Denial of service Password, token, Lockout by multiple failed Multifactor with token
biometric authentications
 Client Attacks: Adversary attempts to achieve user authentication
without access to the remote host or the intervening
communications path

Host Attacks: Directed at the user file at the host where
passwords, token passcodes, or biometric templates are stored

Authentication Eavesdropping: Adversary attempts to learn the password by
some sort of attack that involves the physical proximity of user
Authentication
Security Issues and adversary

Security Issues Replay: Adversary repeats a previously captured user response

Trojan Horse: An application or physical device masquerades as an
authentic application or device for the purpose of capturing a user
password, passcode, or biometric

Denial-of-Service: Attempts to disable a user authentication
service by flooding the service with numerous authentication
attempts
General Iris
Scan Site
Architecture for
UAE System
Authentication
Security Issues
Figure 3.13
 Case Study: ATM Security Problems

ØMost small to mid-sized issuers of
debit cards contract processors to
provide core data processing and
electronic funds transfer (EFT)
services. The bank’s ATM machine
may link directly to the processor or
to the bank.

Figure 3.14: ATM Architectures
Questions/Comments?