More about identity and authentication Tuomas Aura T-110.5241 Network security Aalto University,...
-
Upload
ami-harris -
Category
Documents
-
view
219 -
download
0
Transcript of More about identity and authentication Tuomas Aura T-110.5241 Network security Aalto University,...
More about identity and authentication
Tuomas AuraT-110.5241 Network security
Aalto University, Nov-Dec 2014
This lecture aims to show that authentication is a much more diverse field than it first seems
2
What is hard about authentication in a network?Protocol design?Knowing who you want to talk toEstablishing initial knowledge and trust
For authenticated key exchange, we usually need1. Identifiers2. Prior knowledge and trust in something
Examples:SSL: DNS name and CAKerberos: username, password and authentication centerCellular networks: IMSI and shared key on SIM
Identifiers
3
4
Endpoint namesAuthentication and integrity depend on names (identifiers)Each protocol layer has its own way of naming endpoints:
Ethernet (MAC) addresses in the link layer(e.g. 00-B0-D0-05-04-7E)NAI for network usersIP address in the network layer (e.g. 157.58.56.101)TCP port number + IP addressDNS or NetBIOS name in the higher layers (e.g. smtp.aalto.fi)URI in web pages and services(e.g. http://www.example.org/myservice)Email address for email users
5
Using identifiersHow are names and other identifiers allocated?
Authority, long-enough random numbers, ...
What is the scope of the identifiers and are they unique within the scope?How does one find the owner of a name?
Data delivery, routingResolving name in one protocol layer to the name space of the layer below
How to convince others that this is your name? Authentication, authorization, name ownership
Secure naming is a difficult problem and often leads to vulnerabilities
Prior knowledge and trust
6
7
Typical starting points for authentication
Prior knowledge of cryptographic keys:Known public keysShared master key, e.g. 128-bit shared keyShared weak secret, e.g. password (much harder to use)
Trusted third parties:Certification authorityOnline trusted third party, e.g. RADIUS or Kerberos server
8
What else could be trusted?Secure hardware
Secure cryptoprocessor, e.g. smart cardTrusted execution environment and attestation
Secure channelsSecure offline channel – authentic and/or secret channelMultiple independent channelsLocation-limited channels – attacker not thereHuman voice and video – hard to spoof
Attempts at avoiding trust and prior knowledge completely
Opportunistic security Self-certifying identifiers
Secure hardware
9
10
Secure cryptoprocessorSecure hardware can store cryptographic keys keys cannot be leaked by softwareExamples:
SIM cardFinnish identity card (eID)DESFire smart card, DESFire SAMIBM 4758 cryptographic coprocessorTrusted platform module (TPM)Trusted execution environment
11
Trusted execution environmentIsolated computing environment, typically built into the main CPU
Protects any computation from software attacks
Intel TXT, ARM TrustZone, Global Platform Example uses:
Mobile ticketingStoring cryptographic keys or login credentialsDRM
Remote attestation: can prove to a remote server that it is talking to an unmodified application
Possible to prove configuration even anonymously
Secure channels
12
13
Two-channel authenticationAuthentication over two independent channels attacker needs to compromise both Applications:
Text message to confirm online bank transactionTwo-factor authentication by Google, Microsoft, Facebook etc.
Two insecure channels is better than one – or are they?
Consider malware on a mobile phone
14
Secure offline channelThe channel may be authentic, secret, or bothTraditional offline channels:
User or system administrator configuring secret keysArmed courier, diplomatic mail etc.
Offline channels in device pairing: Touching, magic wandUser-verified key exchangeSound (hard to spoof without detection)User-transferred short secret or authentication codeSynchronous user inputSecret shared data from context sensing
15
Location-limited channelSome channels are relatively secure if the attacker is not in the room at the time of the key exchangeExamples of location-limited channels:
NFC, short-distance and directional radio, Bluetooth, camera, infrared, visible light, audio
Caveats:Audio bugs and cameras get ever smallerComputers and phones can be used for spyingInformation may leak further than you think(e.g. radio signals, displays, keyboards)
16
Human voice or video authenticationIt is still difficult to spoof humans
Remember the Turing test for artificial intelligence
Examples:Personal meetingCryptophone – human voice verification of the key exchange
Caveats:Computers are getting better at processing live voice and videoMeeting a person does not guarantee they are trustworthy
Authentication without trust or prior knowledge
17
18
Opportunistic security, leap of faithOpportunistic encryption: encrypt without authentication
Opportunistic IPsec (RFC 4322)STARTTLS with self-signed certificates
In leap of faith, the first key exchange is unauthenticated, then keys remembered
Secure Shell (SSH) – first introduced leap of faithHTTP strict transport security (HSTS) with self-signed certificates (self-signed not allowed in RFC 6797)
Idea: attacker is unlikely to be always on the line – but is this assumption safe nowadays?Dangers:
Leap of faith cannot be reused to recover from failure after the first authentication (e.g. changed SSH host key)Must be started by a human user, not triggered automatically by network traffic
Resurrecting ducking model for device pairingDevice associates to the first master it sees after reset
19
Self-certifying identifiersPublic key or its hash as entity identifierExamples:
Self-signed certificateCryptographically generated IPv6 addresses (CGA) HIP host identity (RFC 4423)
Hash of the data as object identifierExamples:
Self-certifying file systemBitTorrent and other P2P systems
20
ExercisesCan you design a secure key exchange protocol for connecting home computers to each other based on:
Trusted hub device e.g. the network gatewayUser-verified key exchangeLocation-limited audio channelLeap of faithSelf-certifying identifiers
What are the weaknesses in each solution?Learn about the Bluetooth pairing protocols Learn about the authentication of location updates in Mobile IPv6