Upload
susanna-webb
View
235
Download
0
Embed Size (px)
Citation preview
CS363Week 2 - Wednesday
Last time
What did we talk about last time? Authentication Challenge-response Passwords
Questions?
Project 1
Brent Lefever Presents
Biometrics
Biometrics Biometrics means identifying humans by their
physical and biological characteristics This technology is often seen in spy and science
fiction movies It does exist, but it is far from perfect
Like passwords, the actual biometric scans are usually not stored Instead specific features are stored for later
comparison Biometrics pose unique privacy concerns
because the information collected can reveal health conditions
Fingerprints Historically, fingerprints are one of the most
heavily used forms of biometric identification Especially useful for solving crimes Even identical twins have different fingerprints Fun fact: Koalas have fingerprints so similar to human
beings that even experts are fooled Optical scanners are available Cheap, capacitive scanners are now even
available on many laptops The image of the fingerprint is usually not stored Instead, specific, differentiable features are
recorded
Voice recognition
Voice recognition systems must be trained on your voice
They can be defeated with recording devices
If you have a cold, it throws off the characteristics of your voice
As a consequence, they are particularly susceptible to both false positives and false negatives
Eye recognition As the technology matures and hardware becomes
cheaper, eye recognition is becoming more common Iris recognition looks at the patterns of light and dark
areas in your iris (the colored part of your eye) For simplicity, the image is converted to grayscale for
comparison Newer iris scanners can make successful identifications at 10
feet away or more, even correcting for glasses! Retina scans exist but are unpopular
The retina is the tissue lining the inside of your eye and requires pupil dilation to get an accurate picture, blinding you for several minutes
There are even systems for recognizing the patterns of discolorations on the whites of your eyes!
Face recognition The shape of your face, the distance between your
eyes and nose, and other facial features are relatively distinctive Although they can be nearly the same for identical twins
Computer vision techniques must be used to locate the face, deal with changes in haircut, glasses, etc.
Participants must have a neutral facial expression or results can be thrown off
The US Department of State uses facial recognition and fingerprinting to document foreigners entering the country Their database has over 75 million photographs
Other biometrics Hand geometry readers measure the
shape of your hand Keystroke dynamics are the patterns
that you use when typing Users are quite distinctive, but distractions
and injuries can vary patterns a lot Combinations of different biometrics
are sometimes used DNA sequencing is not (yet) fast
enough to be used for authentication Researchers are always coming up
with new biometrics to use
Problems with biometrics People assume that they are more secure than
they are Attacks:
Fingerprints can be lifted off a champagne glass Voices can be recorded Iris recognition can be faked with special contact lenses
Both false positives and false negatives are possible
It is possible to tamper with transmission from the biometric reader
Biometric characteristics can change Identical twins sometimes pose a problem
False positives and false negatives
Sensitivity is positive results among correct matches a / (a + c)
Specificity is negative results among people who are not sought d / (b + d)
Accuracy is how often the test is correct (a + d) / (a + c + b + d)
Prevalence is how common a condition is (a + c) / (a + c + b + d)
Is the Person Claimed
Is Not the Person Claimed
Test is Positive a b
Test is Negative c d
Tokens
Tokens Tokens are physical objects you possess
Keys Badges Cell phones RFIDs
Passive tokens take no action and do not change Example: photo ID
Active tokens change or interact with surroundings Examples: RFID or magnetic card
Static and dynamic tokens The value of a static token does
not change Examples: Keys, passports, RFIDS Static tokens are better for onsite
authentication and may be easy to forge for remote authentication
Dynamic tokens have values that change Examples: RSA SecurdID, Battle.net
Authenticator Every 60 seconds, it displays a different
code
Tokens used for one-time passwords RSA SecurIDs change the password every
30 or 60 seconds The user must be synchronized with the
system within a few seconds to keep this practical
Using a secure hash function, we start with a seed value k, then h(k) = k1, h(k1) = k2, …, h(kn-1) = kn
Then passwords are in reverse order p1 = kn, p2 = kn-1, … pn-1 = k2, pn = k1
Multifactor authentication More than one form of authentication may provide
increased security You may need to sign on with your password and with a
code generated by an RSA SecurID They sometimes need two forms of ID when you're
getting a driver's license Two-factor authentication is available for Gmail,
Facebook, Battle.net, Steam and many other platforms Often they only ask for the second form of authentication
if the computer has not logged on before Multifactor authentication is probably more secure,
but it adds complexity and possibly annoyance
Federated identity management It's annoying to sign on to lots of different services
with lots of different authentication mechanisms Federated identity management schemes
connect a variety of different services with one authentication method Example: free access to the OED because you're logged
on to E-town computers Single sign-on is similar, allowing you to log in
once, with services sharing authentication information Examples: logging onto Meetup.com with Facebook or
Google credentials
Access Control
Access control Subjects are human users or programs that are
executing on their behalf Objects are things that actions can be performed
on Files Database fields Directories Hardware devices
Access modes are the different ways that access can be done: read, write, modify, delete, etc.
Access control is the process of managing the access modes that subjects can have on objects
Access control goals
Check every access The user may no longer have rights to a
resource The user may have gained rights
Enforce least privilege Least privilege means you get the bare
minimum to get your job done Verify acceptable usage
Access to an object is not enough: Some actions might be legal and others illegal
Access control issues Many issues come up with access control Do the correct people have the correct rights?
Have statuses changed? Granularity is the how specifically you can
control rights Maybe you can only give complete rights to an object,
not read-only rights An audit log tracks who performed what kinds of
accesses Limited privilege tries to keep accesses from
doing big damage Example: sudo in Linux
sudo
It is possible to temporarily use another user’s permissions in Unix using the command sudo
Users can be given special access to files or commands they normally could not access
An administrator can run at a normal privilege level and only occasionally run commands using higher privileges
This strategy prevents the whole system from being corrupted if the administrator gets a virus
Directory based approaches Create a directory that lists all the objects a
given user can access and their associated rights: Examples: read, write, execute, own
The own write gives the user the ability to grant others rights to that object
Problems: Directories can become large How is access revoked? What if two files in different locations in the
system have the same name?
Access control lists
Listing all the objects a user can access can take up too much space
An alternative is to list all the users that have rights for a specific object
Most objects only have a few legal users
Wild cards can make the situation easier Read access can be granted to everyone
Access control matrices Both directories and access control lists are
equivalent Different implementations are used for different
kinds of efficiency We can also imagine a matrix that holds all
subjects and all objects Although it is far too inefficient for most systems
to be implemented this way, security researchers sometimes use this model for theoretical purposes Can you determine if some sequence of operations
could leak read access to your file? Nope, it’s impossible!
Access control matrix example
Objects
Subjects file 1 file 2 process 1 process 2
process 1 read, write, own read
read, write, execute,
ownwrite
process 2 append read, own readread, write,
execute, own
Rights
A few possible rights: Read Write Execute Own Anything else that is useful?
Some rights allow users to change the rights of others
Blackboard system
What would the access control matrix look like for the Canvas gradebook system?
Extended Unix example
Unix has users, groups, and processes
A user has a unique UID A group has a unique GID A process has a unique PID Each user can belong to many
groups Access is controlled on:
Files Directories
File permissions
Reading Writing Executing Ownership is also important
Directory permissions
Reading Execution allows moving through the
directory Writing and executing are needed to
create and delete files in a directory There is also a “sticky bit” for
directories If the sticky bit is set, only the directory
owner can rename, move, or delete files owned by other people
Permission example
drwxr-xr-x
First character: directory or not
Next three characters: owner permissions
Next three characters: group permissions
Next three characters: other permissions
chmod example
We can change permissions using the Linux command chmod
Examples: chmod a+r wombat.txt chmod g+rw combat.txt chmod 664 ramjet.txt
Whoa! 664? What’s that? Would it help if I pointed out that 664
can be written 110110100?
Role-based access control Role-based access control makes an
effort to abstract away from specific subjects
The idea is that you should have access based on your role
Examples: Secretaries have access to mailboxes Department heads have access to
performance reports Provosts have access to salaries
RBAC definitions
A role is a collection of job functions Each role is authorized to perform
one or more transactions The active role of a subject is the
role that s is currently performing The authorized roles of a subject
make up the set of roles that the subject is authorized to assume
Upcoming
Next time…
Finish access control Cryptography basics Minh Doan presents
Reminders Read Section 2.3 Work on Project 1 Class is canceled on Friday, March 11 The company EC Key is sponsoring a contest to
come up with novel uses for their BlueTooth door access technology Interested? Come to the meeting this Friday, 1/22 at
3:30pm in Hoover 110 Teams will be formed from CS, engineering, and business
students Ask me for more information!
Also, there's a field trip to Cargas Systems in Lancaster next Friday