Authentication

csci5233 Computer Security 1

Bishop: Chapter 12

Authentication


Outline

• Introduction

• Passwords-based authentication

• Challenge-response

• Other methods:

– Biometrics-based authentication

– Location-based authentication

– Hybrid approach


Authentication

• Authentication: Binding of identity to the subject

– Entity knows something• Passwords, id numbers

– Entity has something• Badge, smart card

– Entity is something• Biometrics

– Entity is someplace• Source IP, restricted area terminal


Authentication• Five components in an authentication system (AS)

– A: set of authentication information• used by the entity to prove its identify• e.g., id/password

– C: set of complementary information• used by the AS to validate A• e.g., passwords

– F: set of complementation functions• f : A → C• Given a A, generate appropriate c C• e.g., Given id & password, the AS retrieves the stored

password.


Authentication• (Cont.)

– L: set of authentication functions• l: A C → { true, false }• verify the entity’s identity• e.g., Given the id/password provided by the entity,

and the retrieved password, the AS compares the two passwords to determine if the entity should be authenticated. l in this case is the equivalent( ) function.

– S: set of selection functions• Enables the entity to generate/alter A and/or C• e.g., mechanisms allowing a user to change its

password (such as passwd in UNIX)


Passwords-based Authentication

• A password is information associated with an entity that

confirms its identity.

• How can passwords be protected?

• A solution: one-way hashing

A user’s password is encrypted and then stored. The stored password

is never decrypted.

It should be difficult for an attacker to revert the stored password to the

plaintext password.

A user A may try to guess the password of another user, B, and thus

impersonate B. (next slide)



• Impersonating by guessing passwords

The goal: To find an a A such that, for f F, f(a) = c C,

and c is associated with an entity.

• General approaches

1. Hide enough information so that one of a, c, or f cannot

be found.

2. Prevent access to the authentication functions L.

3. Other approaches? The 3-tries “principle”


Passwords-based Authentication• A dictionary attack is the guessing of a password by

repeated trial and error.

• The dictionary may be a set of strings in random order, or a set of strings in decreasing order of probability of selection.

• Type one dictionary attack: Given c C and f F, the attack takes each guess g and computes f(g) for each f F. If f(g) corresponds to the c for the entity, then g authenticates the entity under f.

• Type 2 dictionary attack: Given l L, the attack takes a guess g. If l returns true, given g, then g is the correct password.


Passwords-based Authentication• Countering dictionary attack

– The goal: To maximize the time needed to guess the password

– Anderson’s Formula:

P: The probability that an attacker guesses a password in a

specified period of timeG: The number of guesses that can be tested in one time unitT: The number of time units during which guessing occursN: The number of possible passwords

A generalized form of the formula:

Examples: next slide

N

TG P

P

TG N


Passwords-based Authentication• An example:

– Let S be the length of the password.

– Let A be the number of characters in the alphabet from which the characters of the password are drawn.

Then N = AS.

– Let E be the number of characters exchanged when logging in.

– Let R be the number of bytes per minute that can be sent over a communication link.

– Let G be the number of guesses per minute. Then G = R / E.

– If the attack extends over M months, T = 30 x 24 x 60 x M.

– Let P be the probability that the attack would succeed.

Then N

TG P



• Analysis of the Anderson Formula: – The goal is to maximize the time needed for the attacker to guess the

password (T).

– That is, to decrease the chance that the attack may succeed (P).

• Approaches:– To increase N, the set of possible passwords

– To decrease the time allowed to guess the passwords, that is, to reduce T

– To decrease G

• Question: How can each of the approaches be implemented? See the 2nd example on page 313.

N

TG P



• Password Selection

– Random

– Pronounceable nonsense

– Use selection• Controls on allowable

– Password checking, aging


Outline

• IntroductionIntroduction

• Passwords-based authenticationPasswords-based authentication

• Challenge-response

• Other methods:



– Hybrid approach


Challenge-Response• The fundamental problem with passwords is that they are

reusable. That is, a valid password may be replayed by an attacker.

• Solution? To associate a password with only one session

• A challenge-response AS is one in which the system S sends a random message m (the challenge) to a user U, and U replies with r = f(m). f( ) is a secret function agreed upon by both S and U.

1. U request to connect S

2. S challenge (c) U

3. U response (r) S

// S validates r by determining whether r = f(c).


Challenge-Response

• A function f is called a pass algorithm, if f is the secret in a

challenge-response AS.

• A sample pass algorithm:

– Suppose f(c) = cc mod <the-current-year>.

– On November 12, 2004, when the AS sends c = 5 to U, U

should return 1121 in order to be authenticated.

Otherwise the authentication fails.


Challenge-Response

• One-Time Passwords

A one-time password is a password that is invalidated as soon

as it is used.

A form of challenge-response authentication.

The user and the AS agree on the mechanism of generating a

sequence of passwords.

Every time a password in the sequence is used, it is

invalidated. The next time the user logs in, the next

password in the sequence is used.


Challenge-Response• Hardware-supported C/R authentication

One or more hardware devices are used in the C/R validation procedure.

• Two forms1. Tokens: A token is a device that provides mechanisms for

hashing or enciphering information.a) AS c U b) U c token c) token r U d) U r AS

2. Time-based: A device, which is attached to a computer, displays a different number every 60 seconds. To log in, the user enters the number displayed on the device, followed by his/her password.

e.g., RSA SecurID Card


Challenge-Response• Advantages of hardware-supported authentication?

– Two-factor authentication

• Links:– RSA SecurID Card (SD200):

http://www.mocomsystems.com/rsa_securID_card.html– RSA SecurID® Card Studio:

http://www.rsasecurity.com/company/news/releases/pr.asp?doc_id=880

– Authentication using RSA SecurID Card: http://www.safestone.com/downloads/datasheets/rsa_securid.pdf

• More Information:– The Power Behind RSA SecurID® Two-factor User Authentication:

RSA ACE/Server® (an RSA white paper) http://www.rsasecurity.com/products/securid/whitepapers/AS51_SB_0203.pdf#xml=http://www.rsasecurity.com/programs/texis.exe/webinator/search/xml.txt?query=RSA+SecurID+Card+&pr=default&order=r&cq=&id=3fb204b72

http://www.mocomsystems.com/rsa_securID_card.html

http://www.rsasecurity.com/company/news/releases/pr.asp?doc_id=880

http://www.safestone.com/downloads/datasheets/rsa_securid.pdf

http://www.rsasecurity.com/products/securid/whitepapers/AS51_SB_0203.pdf#xml=http://www.rsasecurity.com/programs/texis.exe/webinator/search/xml.txt?query=RSA+SecurID+Card+&pr=default&order=r&cq=&id=3fb204b72

http://www.rsasecurity.com/products/securid/whitepapers/AS51_SB_0203.pdf#xml=http://www.rsasecurity.com/programs/texis.exe/webinator/search/xml.txt?query=RSA+SecurID+Card+&pr=default&order=r&cq=&id=3fb204b72


Challenge-Response

• Attacks on Challenge-Response Authentication– If the attacker have sufficient number of challenges (c)

and the respective responses (r), he can try to deduce the encryption algorithm.

– Example: the compromised Kerberos AS

– A solution: encrypted key challenge [Bellovin/Merritt, 1992]

• Use shared key to share session key

• Session key encrypts challenge

• Challenge thus indistinguishable from random data


Outline

• IntroductionIntroduction

• Passwords-based authenticationPasswords-based authentication

• Challenge-responseChallenge-response

• Other methods:



– Hybrid approach


Biometrics-Based Authentication• Automatic measurement of biological or behavioral

features that identify a person • Used for human subject identification• Based on physical characteristics that are tough to

copy– fingerprint– voice patterns– iris patterns / retina scans– face recognition– keystroke dynamics (interval, timing, pressure, duration,

location, etc.)– Combined approach


Location-Based Authentication• Location signature = unique location + unique

time– Describes the physical location of an entity

– Relies on GPS

• Location signature sensor (LSS)– A hardware device used by the user’s host to obtain a LS

for the user

– The LS is transmitted from the user site to the AS site for authentication.

• Attacks at location-based authentication• Stolen LSS: impersonation attacks ?

• Intercepted LS: replay attacks ?


Location-Based Authentication

• Strengths of LBA:

1. Hardware-based authentication

2. A stolen LSS is useless. (True?)

3. The authentication can be done continuously.

• Any weakness ?


Hybrid Authentication

• The principle of multiple factors

• Examples:

• LSS + id/password

• Challenge/response + smart card

• What you are + what you have (examples?)


Summary

• Passwords-based authentication

• Challenge/Response

• Other methods:



– Hybrid approach


Next

• Chapter 14: Identity

Authentication

Technology

Transcript of Authentication