190 likes | 322 Views
Protecting Online Identity™. Authentication: the problem that will not go away. Prof. Ravi Sandhu Chief Scientist sandhu@tricipher.com 703 283 3484. The State of Cyber Security. We are in the midst of big change Nobody knows where we are headed
E N D
Protecting Online Identity™ Authentication: the problem that will not go away Prof. Ravi Sandhu Chief Scientist sandhu@tricipher.com 703 283 3484
The State of Cyber Security • We are in the midst of big change • Nobody knows where we are headed • Conventional wisdom on where we are headed is likely wrong
Security Schools of Thought • OLD THINK: We had it figured out. If the industry had only listened to us our computers and networks today would be secure. • REALITY: Today’s and tomorrow’s cyber systems and their security needs are fundamentally different from the timesharing era of the early 1970’s.
Stand-alone mainframes and mini-computers Internet Mutually suspicious security with split responsibility Enterprise security Few and standard services Many and new innovative services Vandals Criminals Change Drivers
Authentication Characterized Authentication • is fundamental to security • is hard Authentication can enable • single sign on (or reduced sign on) • digital signatures
Authentication Sliced • Something you know • Passwords, Personal facts • Something you have • Smart card, One-Time-Password generator, PC … • Something you are • Fingerprint, Iris, DNA, Voiceprint, … • Multifactor = 2 or more of these • Leap to 2-factor from 1-factor provides biggest gain • 2 factors typically from different categories above
Authentication Sliced Differently: Take 1 • Shared secrets versus public-private keys • Shared secrets do not scale, especially across administrative domains • Shared secrets do not facilitate single sign-on • The holy grail of public key infrastructure continues to offer the best hope for scalability and single sign-on • Mostly true BUT don’t forget • Kerberos, symmetric key single sign-on within an enterprise • ATM network
Authentication Sliced Differently: Take 2 • One-way authentication versus mutual authentication • One-way authentication is the norm • It is particularly susceptible to phishing • One-time passwords are susceptible to MITM attacks due to lack of mutual authentication
Strong Authentication • Two-factor (or multi-factor) • Mutual authentication
Weak User Authentication Strong User Authentication Transaction Authentication Existing Authentication Methods & Threats
Why Are These Security Measures Vulnerable? • Authentication technologies are vulnerable to MITM Phishing 2.0 attacks when: • They rely on weak, easily spoofable information • They rely on ‘shared secrets’ • They use only one-way SSL security • Vulnerable Authentication Technologies : • IP Geo, Device Fingerprint, OTP Tokens, Scratch Cards, Grid Cards, Cookies, Text, and Pictures
Man-in-the-Middle Attacks Are Happening A man-in-the-middle attack (MITM): attacker is able to read, insert and modify transactions between two parties without either party knowing that the link between them has been compromised. • CitiBank Attack: • July 10th, 2006 • Defeated OTP Tokens • 35 MITM Sites in Russia • Amazon Attack: • January 3rd, 2007 • Defeated Username/Password • Bank of America: • April 10th, 2007 • Defeats Sitekey Cookie/Picture (Movie) • ABN AMRO: • April 20th, 2007 • Defeats OTP Token
The Citibank Attack Decrypted Links to fake CitiBusiness login page, hosted in Russia by Tufel-Club.ru and routed through botnet. Phishing email Inputs and steals users’ credentials (including Token code) in real time at the actual CitiBusiness.com site Attacker changes transaction or executes a new transaction
IP Spoofing Story • IP Spoofing predicted in Bell Labs report ≈ 1985 • 1st Generation firewalls deployed ≈ 1992 • IP Spoofing attacks proliferate in the wild ≈ 1993 • VPNs emerge ≈ late 1990’s • Vulnerability shifts to accessing end-point • Network Admission Control ≈ 2000’s
Evolution of Phishing • Phishing 1.0 • Attack: Capture reusable passwords • Defense: user education, cookies, pictures • Phishing 2.0 • Attack: MITM in the 1-way SSL channel, breaks OTPs • Defense: 2-way SSL • Phishing 3.0 • Attack: Browser-based MITB client in front of 2-way SSL • Defense: Transaction authentication outside browser • Phishing 4.0 • Attack: PC-based MIPC client in front of 2-way SSL • Defense: Transaction authentication outside PC, PC hardening
Sandhu’s Laws of Attackers • Attackers exist • You will be attacked • Attackers have sharply escalating incentive • Money, terrorism, warfare, espionage, sabotage, … • Attackers are lazy (follow path of least resistance) • Attacks will escalate BUT no faster than necessary • Attackers are innovative (and stealthy) • Eventually all feasible attacks will manifest • Attackers are copycats • Known attacks will proliferate widely • Attackers have asymmetrical advantage • Need one point of failure
Sandhu’s Laws of Defenders • Defenses are necessary • Defenses have escalating scope • Defenses raise barriers for attackers • Defenses will require new barriers over time • Defenses with better barriers have value • Defenses will be breached
Sandhu’s Laws of Users • Users exist and are necessary • Users have escalating exposure • Users are lazy and expect convenience • Users are innovative and will bypass inconvenient security • Users are the weakest link • Users expect to be protected
Operational Principles • Prepare for tomorrow’s attacks, not just yesterday’s • Good defenders strive to stay ahead of the curve, bad defenders forever lag • Take care of tomorrow’s attacks before next year’s attacks • Researchers will and should pursue defense against attacks that will manifest far in the future BUT these solutions will deploy only as attacks catch up • Use future-proof barriers • Defenders need a roadmap and need to make adjustments • It’s all about trade-offs • Security, Convenience, Cost