Basic, Fundamental Problem
Client → Server
How do you prove that you are who you claim to be?
Users and servers prove themselves in different ways
- Different attack models
- Different assumptions about what they can feasibly do
Authentication
- Determination of identity, usually based on a combination of
- Something the person has (smart card, key)
- Something they know (password)
- Something they are (fingerprint, biometric)
Scenarios Requiring Authentication
- Scenarios
- Logging into local computer
- Log into computer remotely
- Websites
- Potential vulnerabilities to consider when client authenticating server
- Channel between client and server
- Server compromise
- Client compromise
- Social engineering
- Weak passwords
What you know
- Passwords
- Some knowledge
- Maiden name
- Have you lived?
User Authentication
- Attack model
- Attacker can eavesdrop
- Client → attacker → server
- Attacker can subsequently compromise server, gain access
- Attacker goal: learn targeted password
- Prove to server they are user
- Attacker goal: learn targeted password
Threats to Passwords
- Online guessing attempts
- Offline dictionary attacks
- Login spoofing
- Shoulder surfing
- Social engineering
- Pretexting
- Phishing, website forgery
- Eavesdropping
- Malware
- Keystroke logging
- Defense includes anti-malware, network monitoring, on screen soft keyboard, automic form filling
- Server side insider
- System admins
- Defense includes zero-knowledge authentication
Password Schemes
- What do we need passwords systems to do?
- Set password
- Login user
- recover/reset password
Storing Password Data
- We want certain properties when we store password data
- Correctness
- Security
- How should we store it?
Bad Practices
- Store in plaintext
- Server stores mapping of user to password
- Store passwords encrypted with server secret key
- Server generates a key and instead of storing, stores Enc_k(password) on system
Better but not perfect Practices – HASH
- Hash the password on server
- Not actual password, its the H(password)
Offline Dictionary Attack
- Passwords not chosen at random, passwords are part of small set
- Attacker can precompute large dictionary of common passwords
- Its a tuple of Common Password and Hash
- When a password database is stolen, compare
- Rainbow tables
Rainbow Tables
- Compromise between lookup table and memory usage
- Reduction function
- Has function maps plaintext into hashes
- Reduction function reduces the hashes to plaintexts
- Once rainbow table created the results can be stored, indexed, searched
Better but not perfect Practice – HASH + SALT
- Salt the has function
- Instead of storing H(password), store random salt S and H(S|password)
Online Dictionary Attack
- For each pair, discovered in password database, attacker must computer many common passwords
- Compare the resulted Hash + Salt
Better Practice
- Hash functions are very fast traditionally – so we want to slow it down. We iteratively hash and re-hash with the salt. By adding this delay it makes it take much longer to discover
- Many iterations of the hash function
- Instead of using a traditional fast hash, use slow hash
- Define iteration of Salt + Hash
- Store random salt and hash
Memory Hard Hash Functions
- Idea
- Start with an underlying has function
- Build a bigger has function
- Assume to compute it will take much longer time and memory resources
- Requires more computation power and time
- Scrypt, Argon2d/Argon2i
- Password hashing competition
- Put on by NIST
- Come up with hash functions
- Winners were functions Argon2d/Argon2i and Scrypt
Storing Passwords in Linux
Thought Experiment: Do we need good passwords?
- Is the attack:
- Online: attacker can only guess by login
- Offline: attacker has access to /etc/shadow
- Does the attack target:
- Single targeted user
- Any user: attacker wants a way to login
- Example: if passwords were 6 digit numbers, after 3 bad login attempts wait 24hrs, give attacker 10 years
- Attacker gets 3*365*10 = 10^4 attempts
- Passwords @ 6digit = 10^6 possibilities
- Chance of success 10^4 / 10^6 = 1%
Passwords and Computer Security
- 2012 76% of network intrusions exploited weak or stolen credentials
- First step after successful intrusion – install sniffer or keylogger and steal more passwords
- Second step – run cracking tools on password files
- Cracking needed because passwords are not stored in clear
Gary McKinnon (scottish)
- 2001 and 2002 – hacked 97 US military / NASA computers
- Looking for evidence of free energy suppression and UFO cover up
- Shutdown entire US army Military District of over 2000 computers for 24 hrs
- Rendered 300 computers inoperable at critical time, right after 9/11/2001
- Method:
- Perl script randomly looking for blank and default passwords to admin accounts
- 2012 US finally gave up extradition, he lives in London today
Old Passwords Surveys
- Klein (1990) and Spafford (1992)
- 2.7% guessed in 15 minutes, 21% in week
- Much more computing power now available
- Univ of Michigan 5% passwords were “goblue”
- Zviran and Haga (1999)
- Password usage at DoD site in California
- 80% passwords were 4-7 characters, 80% were alphabetic only, 80% users never changed password
- Low entropy on passwords…
Rockyou Hack (2009)
- Social gaming company
- Database with 32 million users passwords from social networks
- Passwords in clear
- December 2009 – entire db hacked using SQL injection and posted on Internet
Have I been Pwned?
- website
Password Managers
- Software / app for online management
- Can generate password
- Passwords are encrypted and locked
- 1Password, KeePass, LastPass
What you have
- Magnetic stripe cards
- Plastic card with magnetic stripe
- Stripe holds information of cardholder
- May track account number, expiration date, issuer, and other data
- Magnetic stripe cards – Vulnerabilities
- Its fairly easy to read and reproduce
- Stripe readers can be purchased at low cost
- Couple with stripe writer, can easily clone card
- So many banks / issuers require use of PIN or other information
Smart Cards
- Incorporates integrated circuit, optionally an onboard microprocessor – features reading and writing capabilities, allows data on card to be accessed and altered
- Smart card tech can provide secure auth mechanism that protect information of owner and extremely difficult to duplicate
- Commonly employed by large companies/means of strong auth using cryptography
- Smart cards may also be ‘electronic wallet’ containin funds that can be used for services
EMV and CHIP & PIN
- No battery, using inductive principals
- Contactless Smart Cards (tap, not insert)
SIM Cards
- Many mobile phones use SIM
- SiM card is issued by provider, maintains personal information and allows authentication to network or provider service
SIM Card Security
- SIM card contain several pieces of information, used for auth, identity other
- Each SIM corresponds to a record in database of subscribers by vendor
- SIM card features integrated circuit card ID (ICCID). 18 digit number used for hardware identification
- SIM contains a unique international mobile subscriber identity (IMSI). Identifies the owner’s country, network and identity
- SIM contains 128 bit security key
- SIM requires PIN before allowing access to information on card
GSM Challenge-Response Protocol
- When cellphone join network, it connects to local base station owned by provider and transmits IMSI
- If IMSI matches subscribers record in provider’s database, then base station transmits 128bit random number to cellphone
- This random number is then encoded by phone with subscriber’s secret key stored on the SIM, using proprietary encryption algorithm know as A3, results in ciphertext sent back to the base
- The base station then performs the same computation, using its stored secret key for subscriber. The two ciphertexts checked to math, which proves authentication to network and allows communication
RFIDS
- Radio Frequency Identification RFID – relies on small transponders to transmit id over radio waves
- RFID chips store information in a coiled antenna to transmit radio signals
- RFID tags must be used in conjunction with separate reader/writer
- While some RFID tags require battery, many are passive and do not
- Effective range of RFID varies – few centimeters to several meteres
- Used by many vendors for consumer tracking, Car Key Fobs, electronic toll transponder
Passports
- Modern passports have RFID chip
- Has information about owner and digital facial photograph
- Encrypted with a secret key
- The key could be the passport number, or holders DoB and expiration date
- All this information could be on a barcode
- Because the key is exposed, attacker could exploit and reconstruct
Tokens
- Either hardware or software which creates an auth code at fixed intervals using a built-in clock and the card’s factory encoded random key (known as seed)
- If seed is found then the token is exploited
- Must ensure seed cannot be extracted
- RSA tokens Exploited
- RSA generally hard to forge, tamper or reverse engineer
- Difficult to extract the seed
- However, RSA has been hacked with their customer Lockheed Martin in March 2011
- The hardware token was not cracked (seeds were intact)
- Attack was done on the server side
- Phishing attack on the system admins on RSA server side
- Malware injected, created backdoor, got seed database for all tokens
Lecture Notes – What you Are
What you are
- You are your identity
Biometrics
- Refers to any measure used by biological or physiological trait
- Some sort of sensor or scanner to read biometric information then compare with database for access
Requirements for Biometric Identification
- Universality – everyone should have this characteristic
- Distinctiveness – each person should have noticeable difference
- Permanence – characteris should not change
- Collectability – characteristic should have ability to be effectively determined and quantified
Biometric Identification Examples
- Fingerprints
- Retinal / iris scan
- DNS
- ‘Blue-ink’ signature
- Voice recognition
- Face recognition
- Gait recognition
What can go wrong?
- Phone unlocked using facial recognition of someone else’s face
- Potentially easy to forge
- Privacy concerns
- Hard to revoke
Lecture Notes – 2FA
Two Factor Authentication (2FA)
- Combination of what you know and something you have
Phishing Resistant Tokens
- SMS messages can be read and phished
- Can also be hijacked