Authentication
-
Upload
phanleson -
Category
Technology
-
view
2.092 -
download
5
Transcript of Authentication
csci5233 Computer Security 1
Bishop: Chapter 12
Authentication
csci5233 Computer Security 2
Outline
• Introduction
• Passwords-based authentication
• Challenge-response
• Other methods:
– Biometrics-based authentication
– Location-based authentication
– Hybrid approach
csci5233 Computer Security 3
Authentication
• Authentication: Binding of identity to the subject
– Entity knows something• Passwords, id numbers
– Entity has something• Badge, smart card
– Entity is something• Biometrics
– Entity is someplace• Source IP, restricted area terminal
csci5233 Computer Security 4
Authentication• Five components in an authentication system (AS)
– A: set of authentication information• used by the entity to prove its identify• e.g., id/password
– C: set of complementary information• used by the AS to validate A• e.g., passwords
– F: set of complementation functions• f : A → C• Given a A, generate appropriate c C• e.g., Given id & password, the AS retrieves the stored
password.
csci5233 Computer Security 5
Authentication• (Cont.)
– L: set of authentication functions• l: A C → { true, false }• verify the entity’s identity• e.g., Given the id/password provided by the entity,
and the retrieved password, the AS compares the two passwords to determine if the entity should be authenticated. l in this case is the equivalent( ) function.
– S: set of selection functions• Enables the entity to generate/alter A and/or C• e.g., mechanisms allowing a user to change its
password (such as passwd in UNIX)
csci5233 Computer Security 6
Passwords-based Authentication
• A password is information associated with an entity that
confirms its identity.
• How can passwords be protected?
• A solution: one-way hashing
A user’s password is encrypted and then stored. The stored password
is never decrypted.
It should be difficult for an attacker to revert the stored password to the
plaintext password.
A user A may try to guess the password of another user, B, and thus
impersonate B. (next slide)
csci5233 Computer Security 7
Passwords-based Authentication
• Impersonating by guessing passwords
The goal: To find an a A such that, for f F, f(a) = c C,
and c is associated with an entity.
• General approaches
1. Hide enough information so that one of a, c, or f cannot
be found.
2. Prevent access to the authentication functions L.
3. Other approaches? The 3-tries “principle”
csci5233 Computer Security 8
Passwords-based Authentication• A dictionary attack is the guessing of a password by
repeated trial and error.
• The dictionary may be a set of strings in random order, or a set of strings in decreasing order of probability of selection.
• Type one dictionary attack: Given c C and f F, the attack takes each guess g and computes f(g) for each f F. If f(g) corresponds to the c for the entity, then g authenticates the entity under f.
• Type 2 dictionary attack: Given l L, the attack takes a guess g. If l returns true, given g, then g is the correct password.
csci5233 Computer Security 9
Passwords-based Authentication• Countering dictionary attack
– The goal: To maximize the time needed to guess the password
– Anderson’s Formula:
P: The probability that an attacker guesses a password in a
specified period of timeG: The number of guesses that can be tested in one time unitT: The number of time units during which guessing occursN: The number of possible passwords
A generalized form of the formula:
Examples: next slide
N
TG P
P
TG N
csci5233 Computer Security 10
Passwords-based Authentication• An example:
– Let S be the length of the password.
– Let A be the number of characters in the alphabet from which the characters of the password are drawn.
Then N = AS.
– Let E be the number of characters exchanged when logging in.
– Let R be the number of bytes per minute that can be sent over a communication link.
– Let G be the number of guesses per minute. Then G = R / E.
– If the attack extends over M months, T = 30 x 24 x 60 x M.
– Let P be the probability that the attack would succeed.
Then N
TG P
csci5233 Computer Security 11
Passwords-based Authentication
• Analysis of the Anderson Formula: – The goal is to maximize the time needed for the attacker to guess the
password (T).
– That is, to decrease the chance that the attack may succeed (P).
• Approaches:– To increase N, the set of possible passwords
– To decrease the time allowed to guess the passwords, that is, to reduce T
– To decrease G
• Question: How can each of the approaches be implemented? See the 2nd example on page 313.
N
TG P
csci5233 Computer Security 12
Passwords-based Authentication
• Password Selection
– Random
– Pronounceable nonsense
– Use selection• Controls on allowable
– Password checking, aging
csci5233 Computer Security 13
Outline
• IntroductionIntroduction
• Passwords-based authenticationPasswords-based authentication
• Challenge-response
• Other methods:
– Biometrics-based authentication
– Location-based authentication
– Hybrid approach
csci5233 Computer Security 14
Challenge-Response• The fundamental problem with passwords is that they are
reusable. That is, a valid password may be replayed by an attacker.
• Solution? To associate a password with only one session
• A challenge-response AS is one in which the system S sends a random message m (the challenge) to a user U, and U replies with r = f(m). f( ) is a secret function agreed upon by both S and U.
1. U request to connect S
2. S challenge (c) U
3. U response (r) S
// S validates r by determining whether r = f(c).
csci5233 Computer Security 15
Challenge-Response
• A function f is called a pass algorithm, if f is the secret in a
challenge-response AS.
• A sample pass algorithm:
– Suppose f(c) = cc mod <the-current-year>.
– On November 12, 2004, when the AS sends c = 5 to U, U
should return 1121 in order to be authenticated.
Otherwise the authentication fails.
csci5233 Computer Security 16
Challenge-Response
• One-Time Passwords
A one-time password is a password that is invalidated as soon
as it is used.
A form of challenge-response authentication.
The user and the AS agree on the mechanism of generating a
sequence of passwords.
Every time a password in the sequence is used, it is
invalidated. The next time the user logs in, the next
password in the sequence is used.
csci5233 Computer Security 17
Challenge-Response• Hardware-supported C/R authentication
One or more hardware devices are used in the C/R validation procedure.
• Two forms1. Tokens: A token is a device that provides mechanisms for
hashing or enciphering information.a) AS c U b) U c token c) token r U d) U r AS
2. Time-based: A device, which is attached to a computer, displays a different number every 60 seconds. To log in, the user enters the number displayed on the device, followed by his/her password.
e.g., RSA SecurID Card
csci5233 Computer Security 18
Challenge-Response• Advantages of hardware-supported authentication?
– Two-factor authentication
• Links:– RSA SecurID Card (SD200):
http://www.mocomsystems.com/rsa_securID_card.html– RSA SecurID® Card Studio:
http://www.rsasecurity.com/company/news/releases/pr.asp?doc_id=880
– Authentication using RSA SecurID Card: http://www.safestone.com/downloads/datasheets/rsa_securid.pdf
• More Information:– The Power Behind RSA SecurID® Two-factor User Authentication:
RSA ACE/Server® (an RSA white paper) http://www.rsasecurity.com/products/securid/whitepapers/AS51_SB_0203.pdf#xml=http://www.rsasecurity.com/programs/texis.exe/webinator/search/xml.txt?query=RSA+SecurID+Card+&pr=default&order=r&cq=&id=3fb204b72
csci5233 Computer Security 19
Challenge-Response
• Attacks on Challenge-Response Authentication– If the attacker have sufficient number of challenges (c)
and the respective responses (r), he can try to deduce the encryption algorithm.
– Example: the compromised Kerberos AS
– A solution: encrypted key challenge [Bellovin/Merritt, 1992]
• Use shared key to share session key
• Session key encrypts challenge
• Challenge thus indistinguishable from random data
csci5233 Computer Security 20
Outline
• IntroductionIntroduction
• Passwords-based authenticationPasswords-based authentication
• Challenge-responseChallenge-response
• Other methods:
– Biometrics-based authentication
– Location-based authentication
– Hybrid approach
csci5233 Computer Security 21
Biometrics-Based Authentication• Automatic measurement of biological or behavioral
features that identify a person • Used for human subject identification• Based on physical characteristics that are tough to
copy– fingerprint– voice patterns– iris patterns / retina scans– face recognition– keystroke dynamics (interval, timing, pressure, duration,
location, etc.)– Combined approach
csci5233 Computer Security 22
Location-Based Authentication• Location signature = unique location + unique
time– Describes the physical location of an entity
– Relies on GPS
• Location signature sensor (LSS)– A hardware device used by the user’s host to obtain a LS
for the user
– The LS is transmitted from the user site to the AS site for authentication.
• Attacks at location-based authentication• Stolen LSS: impersonation attacks ?
• Intercepted LS: replay attacks ?
csci5233 Computer Security 23
Location-Based Authentication
• Strengths of LBA:
1. Hardware-based authentication
2. A stolen LSS is useless. (True?)
3. The authentication can be done continuously.
• Any weakness ?
csci5233 Computer Security 24
Hybrid Authentication
• The principle of multiple factors
• Examples:
• LSS + id/password
• Challenge/response + smart card
• What you are + what you have (examples?)
csci5233 Computer Security 25
Summary
• Passwords-based authentication
• Challenge/Response
• Other methods:
– Biometrics-based authentication
– Location-based authentication
– Hybrid approach
csci5233 Computer Security 26
Next
• Chapter 14: Identity