750 likes | 938 Views
Do’s and Don’ts of Client Authentication on the Web. Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster. MIT Laboratory for Computer Science. http://cookies.lcs.mit.edu. Presenters:. Vaibhav Gowadia Cory Calmbacher. Goal.
E N D
Do’s and Don’ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster MIT Laboratory for Computer Science http://cookies.lcs.mit.edu Presenters: Vaibhav Gowadia Cory Calmbacher University of South Carolina
Goal Identify common mistakes in web authentication and recommend secure authentication protocol. University of South Carolina
Outline • Security Objectives • Security Requirements • Limitations • Proposed Design • Case Studies • Evaluation University of South Carolina
Security Objectives • Authentication • Confidentiality • Privacy University of South Carolina
What requires authentication? • Clients want to ensure that only authorized people can access and modify personal information that they share with Web sites. • Web sites want to ensure that only authorized users have access to the services and content it provides. University of South Carolina
What requires confidentiality? • Online Brokerages • Auction sites • Banks • Online merchants University of South Carolina
What requires privacy? University of South Carolina
Outline • Security Objectives • Security Requirements • Limitations • Proposed Design • Case Studies • Evaluation University of South Carolina
Security Requirements • Secure Authentication • Granularity • Secure against attacks University of South Carolina
Secure Authentication • Cryptography Proper use of existing cryptographic tools preferred over designing new scheme • Passwords Primary means of authentication today • Authenticators Tokens presented by client to gain access to system University of South Carolina
Use Cryptography Appropriately • Use the appropriate amount of security • Do not be inventive • Do not rely on the secrecy of a protocol • Understand the properties of cryptographic tools • Do not compose security schemes University of South Carolina
Protect Passwords • Limit exposure of passwords • Prohibit guessable password • Reauthenticate before changing passwords University of South Carolina
Handling of Authenticators • Make authenticators unforgeable • Protect authenticators that must be secret • Limit lifetime of authenticators • Bind authenticators to addresses • Avoid using persistent cookies University of South Carolina
Granularity • Fine-grained Useful if specific authorization or accountability of user is required • Coarse-grained University of South Carolina
Fine Grained University of South Carolina
Happy Gilmore University of South Carolina
CLICK University of South Carolina
Granularity • Fine-grained Useful if specific authorization or accountability of user is required • Coarse-grained Useful if partial user anonymity is desired University of South Carolina
Coarse Grained University of South Carolina
Attacks • Goal of adversary: Break an authentication scheme faster than by brute force • Types: • Existential forgery Forge authenticator for at least one user • Selective forgery Forge authenticator for any chosen user • Replay attack • Total break Recovery of secret key used to mint authenticators University of South Carolina
Adversaries • Interrogative Adversary • Can query a Web server, but not see traffic • Bases next query on previous query results • Eavesdropping Adversary Can see traffic, but not modify • Active Adversary Can see and modify all traffic University of South Carolina
Outline • Security Objectives • Security Requirements • Limitations • Proposed Design • Case Studies • Evaluation University of South Carolina
Security Model Limitations • Performance Higher security implies lower performance • User Acceptability Non-confrontational • Deployability Use protocols and technologies commonly available University of South Carolina
Deployability • Cannot rely on hardware token systems (such as smart card readers) • Limit reliance on computation • ActiveX • Java • JavaScript • SSL • Cookies! University of South Carolina
Text file stored on client’s hard drive Contains information about visitors to a website (such as username and preferences) Types: Persistent Cookies: Stored on computer indefinitely (unless user deletes) Ephemeral / Temporary Cookie: Stored in browser’s memory and disappears when user closes browser What are Cookies? University of South Carolina
Outline • Security Objectives • Security Requirements • Limitations • Proposed Design • Case Studies • Evaluation University of South Carolina
Web-based Authentication University of South Carolina
1. Username, Password 2. Authentication Token Web-based Authentication Is <username,password> valid ? Server User Login Procedure University of South Carolina
3. Request, Auth Token 4. Content Web-based Authentication Is Authenticator valid ? Server User Subsequent Requests University of South Carolina
Features of Authenticator • Personalizable • Stateless verification • Server controls lifetime • Can refer to session info on server University of South Carolina
Cookie Recipe • Ingredients • Expiration Time • Data (Optional: Non-confidential info) • Procedure exp=&data=&digest=MAC(exp= &data=) University of South Carolina
Note • This recipe does not require session identifiers, i.e. #state is O(1) • Maintaining session ID’s is O(n) • Session identifiers requires synchronized, duplicated data between servers University of South Carolina
Cookie Example domain .wsj.com Path /cgi SSL? FALSE Expiration 941452067 Variable name fastlogin Value bitdiddleMaRdw2J1h6Lfc University of South Carolina
Cookie Validation • Authentication: Server recalculates MAC • Revocation mechanism: Not provided University of South Carolina
Security Analysis • Forging Authenticator • Solution: MAC • Cookie hijacking • Solution: SSL • Brute force Key Search • Solution: Key rotation University of South Carolina
Outline • Security Objectives • Security Requirements • Limitations • Proposed Design • Case Studies • Evaluation University of South Carolina
Case Studies University of South Carolina
High School Alumni University of South Carolina
High School Alumni University of South Carolina
High School Alumni • Problem: No cryptographic authentication • Adversary: Interrogative • Break: Universal forgery • Today: Sold to another reunion site University of South Carolina
Instant Shop University of South Carolina
Instant Shop: What’s Inside <form action=commit sale.cgi> <input type=hidden name=item1 value=10> Batteries $10 <input type=hidden name=item2 value=99> Biology textbook $99 <input type=hidden name=item3 value=25> Britney Spears CD $25 <input type=submit> Confirm purchase </form> University of South Carolina
Instant Shop: What’s Inside <form action=commit sale.cgi> <input type=hidden name=item1 value=0> Batteries $10 <input type=hidden name=item2 value=0> Biology textbook $99 <input type=hidden name=item3 value=0> Britney Spears CD $25 <input type=submit> Confirm purchase </form> University of South Carolina
Instant Shop • Problem: Server trusts users not to modify HTML variables • Adversary: Interrogative • Today: Out of business University of South Carolina
Sprint PCS University of South Carolina
Sprint PCS University of South Carolina
Sprint PCS • Problem: Secure content can leak through plaintext channels • Adversary: Eavesdropper • Break: Replay University of South Carolina
Fat Brain University of South Carolina
Fat Brain University of South Carolina