View
219
Download
2
Category
Tags:
Preview:
Citation preview
Access Control
Access Control
Authentication: Who goes there? Determine whether access is allowed Authenticate human to machine Authenticate machine to machine
Authorization: Are you allowed to do that? Once you have access, what can you do? Enforces limits on actions
Note: Access control often used as synonym for authorization
Chapter 7 Authentication 2
Chapter 7Authentication
PasswordsBiometricsSmartcard
Who Goes There?
How to authenticate a human to a machine?
Can be based on… Something you know: a password Something you have: a smartcard Something you are: your
fingerprint
Chapter 7 Authentication 4
Are
Know Have
Password
Chapter 7 Authentication 5
Something You Know
Passwords Lots of things act as passwords!
PIN (Personal Identification Number) Social security number Mother’s maiden name Date of birth Name of your pet, etc.
Chapter 7 Authentication 6
Are
HaveKnow
Trouble with Passwords - 1/2
Passwords are one of the biggest practical
problems facing security engineers today.
One solution use cryptographic keys as passwords
Cryptographic keys are also large, expensive to maintain, difficult to manage, and they pollute the environment.
Chapter 7 Authentication 7
Trouble with Passwords - 2/2
Humans are incapable of securely storing high-
quality cryptographic keys, and have unacceptable speed and accuracy
when performing cryptographic operations.
Chapter 7 Authentication 8
Why Passwords?
Why is “something you know” more popular than “something you have” and “something you are”?
Two reasons Cost: passwords are free Convenience: easier for System
Administrator to reset password than to issue new smartcard
Chapter 7 Authentication 9
Password issues
Keys and Passwords Choosing Passwords Attacking Systems via Passwords Password Verification Math of Password Cracking Other Password Issues
Chapter 7 Authentication 10
Keys vs Passwords – 1/2
Crypto keys Spse key is 64
bits Then 264 keys Choose key at
random Then attacker
must try about 263 keys
Passwords Spse pwds are 8
characters, and 256 different choices for 1 character
Then 2568 = 264 pwds Users do not select
passwords at random Attacker has far less
than 263 pwds to try (dictionary attack)
Chapter 7 Authentication 11
Keys vs Passwords - 2/2
Dictionary Attack “dictionary” of 220 ≈1,000,000
passwords: reasonable probability to crack any given password
But for randomly generated 64-bits key Given of 220 ≈ 1,000,000 passwords, Then the chance to success is only
220 / 264 = 1/ 244 ≈ 1/17,000,000,000,000 Nonrandomness of pwds is the root
of problems Chapter 7 Authentication 12
Choosing Password - 1/4
Bad passwords frank Fido password 4444 Pikachu 102560 AustinStamp
Good Passwords? jfIej,43j-EmmL+y 09864376537263 P0kem0N FSa7Yago 0nceuP0nAt1m8 PokeGCTall150
Chapter 7 Authentication 13
Choosing Password - 2/4
Passphase is another solution for pwd a sequence of words or other text used
to control access to a computer system A passphrase is similar to a password in
usage, but is generally longer for added security.
Experiment: three groups of users Group A: At least 6 chars, 1 non-letter Group B: Password based on
passphrase Group C: 8 random characters
Chapter 7 Authentication 14
Choosing Password - 3/4
Results Group A: About 30% of pwds easy to
crack Group B: About 10% cracked
Passwords easy to remember Group C: About 10% cracked
Passwords hard to remember
Chapter 7 Authentication
winner
15
Choosing Password - 4/4
Assigned passwords sometimes best User compliance hard to achieve In each case, 1/3rd did not comply and about
1/3rd of those easy to crack! If passwords not assigned, best advice is
Choose passwords based on passphrase Use pwd cracking tool to test for weak pwds Require periodic password changes?
Chapter 7 Authentication 16
Attacks on Passwords - 1/2
Attacker could… Target one particular account Target any account on system Target any account on any system Attempt denial of service (DoS) attack
Common attack path Outsider normal user administrator May only require one weak password!
Chapter 7 Authentication 17
Attacks on Passwords - 2/2
Suppose system locks after 3 bad passwords. How long should it lock until SA restores service ?
5 seconds – (insufficient to deter automatic attack)
5 minutes – (open door to a DOS) What are +’s and -’s of each? The correction answer of it is not
readily apparent
Chapter 7 Authentication 18
Password Verification - 1/5
To determine the validity of an entered password, the computer must have something to compare against
But need a way to verify passwords Store pwds in a file Store pwds in a file after hashing Store pwds in a file after salt hashing
Bad idea to store passwords in a file Chapter 7 Authentication 19
Password Verification - 2/5
Cryptographic solution: hash the passwords Store y = hash(password) Can verify entered password by hashing If attacker obtains password file, he does not
obtain passwords Of course,
If attacker with pwd file can guess x and check whether y = hash(x), then attacker has found pwd!
But, At least, the attacker can not use the file
directly!
Chapter 7 Authentication 20
Password Verification - 3/5
Spse attacker pre-computes hash(x) for all x in a dictionary of common pwds
and attacker gets access to pwd file containing hashed pwds Attacker only needs to compare hashes to
his pre-computed dictionary Same attack will work each time
Can we prevent this attack? Or at least make attacker’s job more difficult?
Chapter 7 Authentication 21
Password Verification - 4/5
Salt value can make attacker more difficult Slat serves as IV of CBC mode: IV is not secret
Given password, choose random s, compute
y = hash(pwd, s)
and store the pair (s,y) in the password file
Note: The salt value is not secret
Chapter 7 Authentication 22
Password Verification - 5/5
Easy to verify password To verify pwd z, retrieve (s,y) from pwd file Compute hash(z,s) and compare it y
Attacker must recompute dictionary hashes for each user lots more work! Spse Alice’s pwd is hashed with sa , Bob’s sb
Then to crack Alice’s pwd using the dictionary,
Trudy must compute hashes of the word in dic with sa , but crack Bob’s Trudy must recompute the hashes using sb
Chapter 7 Authentication 23
Other Password Issues -1/3
Too many passwords to remember Results in password reuse Why is this a problem? – Trudy would be
wise to try it other place where you use a password.
Failure to change default passwords Social engineering
If someone calls you, claiming to be a SA who needs your pwd in order to correct prob., would you give out your pwd? - 34% will give it and 70% will give their pwd away for a candy bar
Chapter 7 Authentication 24
Other Password Issues -2/3
Who suffers from bad password? ATM PIN: only you Login password: every one of the system
Error logs may contain “almost” passwords
Bugs, keystroke logging, spyware, etc.
Chapter 7 Authentication 25
Other Password Issues -3/3
Popular password cracking tools Password Crackers Password Portal L0phtCrack and LC4 (Windows) John the Ripper (Unix)
Admins should use these tools to test for weak passwords since attackers will!
Good article on password cracking Passwords - Conerstone of Computer
Security
Chapter 7 Authentication 26
Passwords
The bottom line Password cracking is too easy!
One weak password may break security Users choose bad passwords Social engineering attacks, etc.
The bad guy has all of the advantages All of the math favors bad guys
Passwords are a big security problem
Chapter 7 Authentication 27
Biometrics
Chapter 7 Authentication 28
Something You Are
Biometric “You are your key” Schneier
Chapter 7 Authentication
Examples Fingerprint Handwritten signature Facial recognition Speech recognition Gait (walking) recognition “Digital doggie” (odor
recognition) Many more!
29
Know Have
Are
Why Biometrics?
Biometrics seen as desirable replacement for passwords Cheap and reliable biometrics needed Today, a very active area of research
Biometrics are used in security today Thumbprint mouse Palm print for secure entry Fingerprint to unlock car door, etc.
But biometrics not too popular Has not lived up to its promise (yet?) –
Why?
Chapter 7 Authentication 30
The DARK SIDE … Social acceptance: Perceived as invasive;
People liked facial scans less as fingerprints as a substitute for a PIN in ATM.
Easy to forge: Biometric measurements are easy to forge. It's easy to steal a biometric after the
measurement is taken. Impossible to revoke:
What happens if a biometric is stolen? It can not be revoked…Once someone steals your biometric, it remains stolen for life.
Privacy: issues…Biometrics are personal
Chapter 7 Authentication 31
Ideal Biometric
Universal 보편성 applies to (almost) everyone In reality, no biometric applies to everyone
Distinguishing 구별성 distinguish with certainty In reality, cannot hope for 100% certainty
Permanent 영구성 physical characteristic being measured never changes In reality, want it to remain valid for a long time
Collectable 수집성 easy to collect required data Depends on whether subjects are cooperative
Safe, easy to use, etc., etc.
Chapter 7 Authentication 32
Biometric Modes
Identification 식별 Who goes there? Compare one to many Example: The FBI fingerprint database
Authentication 인증 Is that really you? Compare one to one Example: Thumbprint mouse
Identification problem more difficult More “random” matches since more
comparisons We are interested in authentication
Chapter 7 Authentication 33
Two phases of Bio system
Enrollment phase Subject’s biometric info put into database Must carefully measure the required info
It could be needed slow and repeated measurement A weak point of many biometric schemes
Must be very precise for good recognition
Recognition phase Biometric detection when used in practice Must be quick and simple But must be reasonably accurate
Chapter 7 Authentication 34
Cooperative Subjects
We are assuming cooperative subjects In authentication, subjects are cooperative In identification, problem often have
uncooperative subjects For example, facial recognition
Proposed for use in Las Vegas casinos to detect known cheaters
Also as way to detect terrorists in airports, etc. Probably do not have ideal enrollment conditions
Subject will try to confuse recognition phase Cooperative subjects make bio prob much
more tractable!!!
Chapter 7 Authentication 35
Biometric issues Type of Error Biometric Examples
Fingerprints Hand Geometry Iris Scan
Biometric Error Rates Biometric Conclusions
Chapter 7 Authentication 36
Biometric Examples
Type of Error
Chapter 7 Authentication 37
Biometric Errors
Fraud rate 기만율 versus insult rate 모욕률
Fraud user A mis-authenticated as user B Insult user A not authenticate as user A
For any biometric, can decrease fraud or insult, but other will increase For example
99% voiceprint match low fraud, high insult 30% voiceprint match high fraud, low insult
Equal error rate: rate where fraud == insult The useful measure for comparing different
biometric system
Chapter 7 Authentication 38
Biometric Examples
Fingerprint
Chapter 7 Authentication 39
Fingerprint History - 1/2
Ancient China: as a form of signature Scientific Form
1798 J.C. Major suggest that Fingerprint might be unique
1823 Professor J. E. Purkinje discussed 9 fingerprint patterns
1856 Sir W. Hershel used fingerprint (in India) on contracts
1880 Dr. H. Faulds article in Nature about fingerprints for ID
1883 M.Twain’s Life on the Mississippi, a murderer ID’ed by fingerprint
Chapter 7 Authentication 40
Fingerprint History - 2/2
Widespread use of fingerprint 1892 Sir Francis Galton (cousin of
Darwin) developed classification system His system of “minutia” is still in use today Also verified that fingerprints do not change
Some countries require a number of points (i.e., minutia 지문특징 ) to match in criminal cases In Britain, 15 points In US, no fixed number of points required
Chapter 7 Authentication 41
Fingerprint Comparison
Examples of loops 제상문 , whorls 외상문 and arches 궁상문
Minutia extracted from these features
Chapter 7 Authentication
Loop (double) Whorl소용돌이꼴
Arch
42
Fingerprint Biometric - 1/2
1. Capture image of fingerprint2. Enhance image3. Identify minutia
Chapter 7 Authentication 43
Fingerprint Biometric - 2/2
Extracted minutia are compared with user’s minutia stored in a database Analogous to the manual analysis
Is it a statistical match?
Chapter 7 Authentication 44
Biometric Examples
Hand Geometry
Chapter 7 Authentication 45
Hand Geometry
Chapter 7 Authentication
Popular form of biometric Measures shape of hand
• Width of hand, fingers• Length of fingers, etc. (16)
Human hands not unique Hand geometry sufficient
for many situations Suitable for
authentication Not useful for ID problem
46
Hand Geometry
Advantages Quick 1 minute for enrollment 5 seconds for recognition Hands symmetric (use other hand
backwards) Disadvantages
Cannot use on very young or very old Relatively high equal error rate
Chapter 7 Authentication 47
Biometric Examples
Iris Scan
Chapter 7 Authentication 48
Iris Patterns
Iris: the colored part of the eye In theory, the best for authentication Iris pattern development is “chaotic” So, minor variations lead to large
differences Little or no genetic influence Different even for identical twins Pattern is stable through lifetime
Chapter 7 Authentication 49
Iris Recognition: History
The first idea of using the human iris for ID -1936 suggested by Frank Burch
Resurface - 1980s James Bond films
The first patent appeared - 1986 The best current approach to iris
scanning – 1994 patented by John Daugman Patent owned by Iridian Technologies
Chapter 7 Authentication 50
Automated Iris Scan
1. Scanner locates iris2. Take black/white photo
Use polar coordinates…3. The image is processed
using 2-D wavelet transform
4. Get 256(2048bits) byte iris code
Chapter 7 Authentication 51
Measuring Iris Similarity
Based on Hamming distance Define d(x,y) to be
(# of non match bits) / (# of bits compared) Example
d(0010,0101) = 3/4 and d(101111,101001) = 1/3
Compute d(x,y) on 2048-bit iris code Perfect match is d(x,y) = 0 For same iris, expected distance is 0.08 At random, expect distance of 0.50 Accept as match if distance less than 0.32
Chapter 7 Authentication 52
Iris Scan Error Rate
Chapter 7 Authentication
distance
0.29
1 in 1.31010
0.30
1 in 1.5109
0.31
1 in 1.8108
0.32
1 in 2.6107
0.33
1 in 4.0106
0.34
1 in 6.9105
0.35
1 in 1.3105
distance Fraud rate
: equal error rate
53
Attack on Iris Scan
Good photo of eye can be scanned And attacker can use photo of eye
Chapter 7 Authentication
Afghan woman was authenticated by iris scan of old photoStory is here
To prevent photo attack, scanner could use light to be sure it is a “live” iris
54
Biometric Error Rates
Chapter 7 Authentication 55
Equal Error Rate Comparison
Equal error rate (EER): fraud rate == insult rate
Fingerprint bio has EER of about 5% Hand geometry has EER of about 10-3
Iris scan has EER of about 10-6
But in practice, hard to achieve Enrollment phase must be extremely
accurate
Chapter 7 Authentication 56
Equal Error Rate Comparison
In practice, most biometrics much worse than fingerprint!
Biometrics useful for authentication… But ID biometrics are almost useless
today
Chapter 7 Authentication 57
Biometric Conclusions
Chapter 7 Authentication 58
Biometrics: The Bottom Line
Biometrics are hard to forge But attacker could
Steal Alice’s thumb Photocopy Bob’s fingerprint, eye, etc. Subvert software, database, “trusted path”, …
Also, how to revoke a “broken” biometric?
Biometrics are not foolproof! Biometric use is limited today That should change in the future…
Chapter 7 Authentication 59
Smart Card
Chapter 7 Authentication 60
Something You Have
Something in your possession Examples include
Car key Laptop computer
Or specific MAC address Password generator
We’ll look at this next ATM card, smartcard, etc.
Chapter 7 Authentication 61
Are
Know Have
Password Generator
Alice gets “challenge” R from Bob Alice enters R into password generator Alice sends “response” back to Bob Alice has pwd generator and knows PIN
Chapter 7 Authentication
Alice Bob
1. “I’m Alice”
2. R
5. F(R)
3. PIN, R
4. F(R)
Passwordgenerator
62
Other issues
Chapter 7 Authentication 63
2-factor Authentication
Requires 2 out of 3 of Something you know Something you have Something you are
Examples ATM: Card and PIN Credit card: Card and signature Password generator: Device and PIN Smartcard with password/PIN
Chapter 7 Authentication 64
Single Sign-on
A hassle to enter password(s) repeatedly Users want to authenticate only once “Credentials” stay with user wherever he goes Subsequent authentication is transparent to
user Single sign-on for the Internet?
Microsoft: Passport Everybody else: Liberty Alliance 자유동맹군
Based on Security Assertion Markup Language (SAML)
Chapter 7 Authentication 65
Recommended