210 likes | 418 Views
Chapter 11: Authentication. Basics Passwords. Establishing Identity. Authentication: binding of identity to subject One or more of the following What entity knows ( eg. Password, SSN) What entity has ( eg. badge, smart card) What entity is ( eg. fingerprints, biometrics)
E N D
Chapter 11: Authentication • Basics • Passwords
Establishing Identity • Authentication: binding of identity to subject • One or more of the following • What entity knows (eg. Password, SSN) • What entity has (eg. badge, smart card) • What entity is (eg. fingerprints, biometrics) • Where entity is (eg. In front of a particular terminal)
An example: • You know some password • The computer also knows it (could be the password itself or some post computation result) • A function maps your password to the stored information • Examine whether they match • You can also change the password
Authentication System • Authentication system contains: (A, C, F, L, S) • A: information that proves identity (what you know) • C: information stored on computer and used to validate authentication information (what computer knows) • F: complementation function; f : AC (function maps your knowledge to stored information) • L: functions that prove identity: A x C {T, F} • S: functions enabling entity to create, alter information in A or C
Example • Password system, with passwords stored in clear text • A: set of strings making up passwords • All 8 character strings • C = A • All 8 character strings • F: Mapping an input password to itself • L: single equality test function { eq } • Input ?= stored password • S: function to set/change password
Passwords • Based on what people know • Sequence of characters • Examples: 10 digits, a string of letters, etc. • Generated randomly, by user, by computer with user input • Algorithms • Examples: challenge-response, one-time passwords
Storage • Password stored in cleartext • If password file compromised, all passwords revealed • Encipher file • Need to have decipherment, encipherment keys in memory • If attackers get a hold of the keys, reduces to previous problem • Store one-way hash of password • If file is read, attacker must still guess passwords or invert the hash
Anatomy of Attacking • Goal: locate aA such that: • For some fF, f(a) = cC • c is associated with entity • Two ways to determine whether a meets these requirements: • Approach 1: if attacker knows function f, she/he can try as above • E.g., attacker gets the file containing hashed passwords, she/he can start to hash all possible passwords • Approach 2: try to login by guessing a password
Preventing Attacks • How to prevent this: • Hide one of a, f, or c • Prevents attack from above • Example: • You do not know the function f • You cannot get c • Block access to all lL or result of l(a) • Restrict the number of trying you can conduct in every unit time • Prevent attacker from knowing if guess succeeded • Prevent any logins to an account from a network
Dictionary Attacks • Trial-and-error from a list of potential passwords • Off-line: know f and c, and repeatedly try different guesses gA until the list is done or passwords guessed • Examples: pre-compute the hash of possible password • On-line: have access to functions in L and try guesses g until some l(g) succeeds • Examples: trying to log in by guessing a password
Guessing probability • P: probability of guessing a password, • ≥ tried password / total number of password • Put it in a formula: • G: number of guesses tried in 1 time unit • T: number of time units • N: number of possible passwords (|A|) • Then P ≥ TG/N
Example • Goal • Passwords drawn from a 96-char alphabet • Can test 104 guesses per second • Probability of a success to be 0.5 over a 365 day period • What is minimum password length? • Solution • P >= GT/N • GT/N = 0.5, G= 104 , T=60 * 60 * 24 * 365, N= 96^length • N ≥ TG/P = (365246060)104/0.5 = 6.311011 • Choose length such that 96^length ≥ N • So length ≥ 6, meaning passwords must be at least 6 chars long
Pronounceable Passwords • Generate phonemes randomly • Phoneme is unit of sound, something easy to pronounce • Examples: helgoret, juttelon are; przbqxdfl, zxrptglfn are not • Remember the names of brands: Mazda, Toshiba, etc • Problem: too few • For example, there are about 440 phonemes • If every phoneme contains 3 characters, then a 9-char password contains only 3 phonemes • Attacker needs to search only 440^3 = 85 million passwd • Solution: key crunching • Run long key through hash function and convert to printable sequence • Use this sequence as password
Salting • Goal: mitigate dictionary attacks • Problem: Say all passwords are 8-char long, the attacker can pre-compute hash values of all 8-char strings. Later when she/he gets the hash file, she/he can easily determine the string • Method: • Introduce additional information so that it is very difficult for attackers to conduct pre-computation • Still very efficient for the system to authenticate a user • Example • Use salt as first part of input to hash function
Guessing Through L • Cannot prevent these • Otherwise, legitimate users cannot log in • Make them slow • Backoff • Disconnection • Disabling • Be very careful with administrative accounts! • Can be used to conduct DoS attacks • Jailing • Allow in, but restrict activities
Password Aging • Force users to change passwords after some time has expired • How do you force users not to re-use passwords? • Record previous passwords • Block changes for a period of time • Give users time to think of good passwords • Don’t force them to change before they can log in • Warn them of expiration days in advance
Key management in some UNIX systems • don't use the shadow passwordfiles • the passwords are stored encrypted in the file /etc/passwd • Format of the stored record • Account; coded password data; homedir; • Gigawalt; fURfuu4.4hY0U; /home/gigawalt
It becomes more difficult for attackers to try all possible password offline • If an attacker gets the /etc/passwd file and knows all salt, then it is still ok to him/her • Make the salt private: stored in a file with restricted access permissions • Challenges • Keep the salt private • Maintain salt for users
Key Points • Authentication is not cryptography • You have to consider system components • Passwords are important • They provide a basis for most forms of authentication • Protocols are important • They can make attacks harder • Authentication methods can be combined