CS363Week 2 - Wednesday

Last time

What did we talk about last time? Authentication Challenge-response Passwords

Questions?

Project 1

Brent Lefever Presents

Biometrics

Biometrics Biometrics means identifying humans by their

physical and biological characteristics This technology is often seen in spy and science

fiction movies It does exist, but it is far from perfect

Like passwords, the actual biometric scans are usually not stored Instead specific features are stored for later

comparison Biometrics pose unique privacy concerns

because the information collected can reveal health conditions

Fingerprints Historically, fingerprints are one of the most

heavily used forms of biometric identification Especially useful for solving crimes Even identical twins have different fingerprints Fun fact: Koalas have fingerprints so similar to human

beings that even experts are fooled Optical scanners are available Cheap, capacitive scanners are now even

available on many laptops The image of the fingerprint is usually not stored Instead, specific, differentiable features are

recorded

Voice recognition

Voice recognition systems must be trained on your voice

They can be defeated with recording devices

If you have a cold, it throws off the characteristics of your voice

As a consequence, they are particularly susceptible to both false positives and false negatives

Eye recognition As the technology matures and hardware becomes

cheaper, eye recognition is becoming more common Iris recognition looks at the patterns of light and dark

areas in your iris (the colored part of your eye) For simplicity, the image is converted to grayscale for

comparison Newer iris scanners can make successful identifications at 10

feet away or more, even correcting for glasses! Retina scans exist but are unpopular

The retina is the tissue lining the inside of your eye and requires pupil dilation to get an accurate picture, blinding you for several minutes

There are even systems for recognizing the patterns of discolorations on the whites of your eyes!

Face recognition The shape of your face, the distance between your

eyes and nose, and other facial features are relatively distinctive Although they can be nearly the same for identical twins

Computer vision techniques must be used to locate the face, deal with changes in haircut, glasses, etc.

Participants must have a neutral facial expression or results can be thrown off

The US Department of State uses facial recognition and fingerprinting to document foreigners entering the country Their database has over 75 million photographs

Other biometrics Hand geometry readers measure the

shape of your hand Keystroke dynamics are the patterns

that you use when typing Users are quite distinctive, but distractions

and injuries can vary patterns a lot Combinations of different biometrics

are sometimes used DNA sequencing is not (yet) fast

enough to be used for authentication Researchers are always coming up

with new biometrics to use

Problems with biometrics People assume that they are more secure than

they are Attacks:

Fingerprints can be lifted off a champagne glass Voices can be recorded Iris recognition can be faked with special contact lenses

Both false positives and false negatives are possible

It is possible to tamper with transmission from the biometric reader

Biometric characteristics can change Identical twins sometimes pose a problem

False positives and false negatives

Sensitivity is positive results among correct matches a / (a + c)

Specificity is negative results among people who are not sought d / (b + d)

Accuracy is how often the test is correct (a + d) / (a + c + b + d)

Prevalence is how common a condition is (a + c) / (a + c + b + d)

Is the Person Claimed

Is Not the Person Claimed

Test is Positive a b

Test is Negative c d

Tokens

Tokens Tokens are physical objects you possess

Keys Badges Cell phones RFIDs

Passive tokens take no action and do not change Example: photo ID

Active tokens change or interact with surroundings Examples: RFID or magnetic card

Static and dynamic tokens The value of a static token does

not change Examples: Keys, passports, RFIDS Static tokens are better for onsite

authentication and may be easy to forge for remote authentication

Dynamic tokens have values that change Examples: RSA SecurdID, Battle.net

Authenticator Every 60 seconds, it displays a different

code

Tokens used for one-time passwords RSA SecurIDs change the password every

30 or 60 seconds The user must be synchronized with the

system within a few seconds to keep this practical

Using a secure hash function, we start with a seed value k, then h(k) = k1, h(k1) = k2, …, h(kn-1) = kn

Then passwords are in reverse order p1 = kn, p2 = kn-1, … pn-1 = k2, pn = k1

Multifactor authentication More than one form of authentication may provide

increased security You may need to sign on with your password and with a

code generated by an RSA SecurID They sometimes need two forms of ID when you're

getting a driver's license Two-factor authentication is available for Gmail,

Facebook, Battle.net, Steam and many other platforms Often they only ask for the second form of authentication

if the computer has not logged on before Multifactor authentication is probably more secure,

but it adds complexity and possibly annoyance

Federated identity management It's annoying to sign on to lots of different services

with lots of different authentication mechanisms Federated identity management schemes

connect a variety of different services with one authentication method Example: free access to the OED because you're logged

on to E-town computers Single sign-on is similar, allowing you to log in

once, with services sharing authentication information Examples: logging onto Meetup.com with Facebook or

Google credentials

Access Control

Access control Subjects are human users or programs that are

executing on their behalf Objects are things that actions can be performed

on Files Database fields Directories Hardware devices

Access modes are the different ways that access can be done: read, write, modify, delete, etc.

Access control is the process of managing the access modes that subjects can have on objects

Access control goals

Check every access The user may no longer have rights to a

resource The user may have gained rights

Enforce least privilege Least privilege means you get the bare

minimum to get your job done Verify acceptable usage

Access to an object is not enough: Some actions might be legal and others illegal

Access control issues Many issues come up with access control Do the correct people have the correct rights?

Have statuses changed? Granularity is the how specifically you can

control rights Maybe you can only give complete rights to an object,

not read-only rights An audit log tracks who performed what kinds of

accesses Limited privilege tries to keep accesses from

doing big damage Example: sudo in Linux

sudo

It is possible to temporarily use another user’s permissions in Unix using the command sudo

Users can be given special access to files or commands they normally could not access

An administrator can run at a normal privilege level and only occasionally run commands using higher privileges

This strategy prevents the whole system from being corrupted if the administrator gets a virus

Directory based approaches Create a directory that lists all the objects a

given user can access and their associated rights: Examples: read, write, execute, own

The own write gives the user the ability to grant others rights to that object

Problems: Directories can become large How is access revoked? What if two files in different locations in the

system have the same name?

Access control lists

Listing all the objects a user can access can take up too much space

An alternative is to list all the users that have rights for a specific object

Most objects only have a few legal users

Wild cards can make the situation easier Read access can be granted to everyone

Access control matrices Both directories and access control lists are

equivalent Different implementations are used for different

kinds of efficiency We can also imagine a matrix that holds all

subjects and all objects Although it is far too inefficient for most systems

to be implemented this way, security researchers sometimes use this model for theoretical purposes Can you determine if some sequence of operations

could leak read access to your file? Nope, it’s impossible!

Access control matrix example

Objects

Subjects file 1 file 2 process 1 process 2

process 1 read, write, own read

read, write, execute,

ownwrite

process 2 append read, own readread, write,

execute, own

Rights

A few possible rights: Read Write Execute Own Anything else that is useful?

Some rights allow users to change the rights of others

Blackboard system

What would the access control matrix look like for the Canvas gradebook system?

Extended Unix example

Unix has users, groups, and processes

A user has a unique UID A group has a unique GID A process has a unique PID Each user can belong to many

groups Access is controlled on:

Files Directories

File permissions

Reading Writing Executing Ownership is also important

Directory permissions

Reading Execution allows moving through the

directory Writing and executing are needed to

create and delete files in a directory There is also a “sticky bit” for

directories If the sticky bit is set, only the directory

owner can rename, move, or delete files owned by other people

Permission example

drwxr-xr-x

First character: directory or not

Next three characters: owner permissions

Next three characters: group permissions

Next three characters: other permissions

chmod example

We can change permissions using the Linux command chmod

Examples: chmod a+r wombat.txt chmod g+rw combat.txt chmod 664 ramjet.txt

Whoa! 664? What’s that? Would it help if I pointed out that 664

can be written 110110100?

Role-based access control Role-based access control makes an

effort to abstract away from specific subjects

The idea is that you should have access based on your role

Examples: Secretaries have access to mailboxes Department heads have access to

performance reports Provosts have access to salaries

RBAC definitions

A role is a collection of job functions Each role is authorized to perform

one or more transactions The active role of a subject is the

role that s is currently performing The authorized roles of a subject

make up the set of roles that the subject is authorized to assume

Upcoming

Next time…

Finish access control Cryptography basics Minh Doan presents

Reminders Read Section 2.3 Work on Project 1 Class is canceled on Friday, March 11 The company EC Key is sponsoring a contest to

come up with novel uses for their BlueTooth door access technology Interested? Come to the meeting this Friday, 1/22 at

3:30pm in Hoover 110 Teams will be formed from CS, engineering, and business

students Ask me for more information!

Also, there's a field trip to Cargas Systems in Lancaster next Friday