Operating Systems. 22. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2015

Similar documents
NCSC conference, january 23, 2013 Marco Davids Technical Advisor. DANE, the next big thing (after DNSSEC)

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Public Key Infrastructure (PKI)

CS 392/681 - Computer Security

Global Chambersign Root 2003 Sep Sep SHA-1 Websites Code

1. a. Define the properties of a one-way hash function. (6 marks)

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

Key Management and Distribution

Websense Security Gateway Encryption

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

SBClient SSL. Ehab AbuShmais

SSL Protect your users, start with yourself

Two-Factor Authentication

SSL/TLS: The Ugly Truth

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Introduction to Computer Security

Security: Focus of Control. Authentication

Internet Banking Two-Factor Authentication using Smartphones

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Dashlane Security Whitepaper

Network Security 1. Module 4 Trust and Identity Technology. Ola Lundh ola.lundh@edu.falkenberg.se

Cryptographic Key Infrastructure

Authenticating Humans

Secure Web Access Solution

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Chapter 7: Network security

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Key Management and Distribution

RSA SecurID Software Token 1.0 for Android Administrator s Guide

Application Layer (1)

Implementing Secure Sockets Layer on iseries

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Using Foundstone CookieDigger to Analyze Web Session Management

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Introduction to Cryptography

Why SMS for 2FA? MessageMedia Industry Intelligence

RSA SecurID Software Token Security Best Practices Guide

Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict All rights reserved

Cybersecurity: Emerging (and Re-Emerging) Issues

Using etoken for SSL Web Authentication. SSL V3.0 Overview

WIRELESS LAN SECURITY FUNDAMENTALS

Authentication systems. Authentication methodologies. User authentication. Authentication systems (auth - april 2012)

Securing PostgreSQL From External Attack

Client Server Registration Protocol

Federated Identity and Single-Sign On

TELE 301 Network Management. Lecture 18: Network Security

Network Security. HIT Shimrit Tzur-David

How To Understand And Understand The Security Of A Key Infrastructure

True Identity solution

Digital Signatures on iqmis User Access Request Form

E- Encryption in Unix

Analyzing the Security Schemes of Various Cloud Storage Services

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

1. Lifecycle of a certificate

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

How To Secure An Rsa Authentication Agent

Instructions for Using Secure . (SMail) via Outlook Web Access. with an RSA Token

Cryptography and Network Security Chapter 14

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Web Security. Crypto (SSL) Client security Server security 2 / 40. Web Security. SSL Recent Changes in TLS. Protecting the Client.

What is network security?

Network Security 1 Module 4 Trust and Identity Technology

Introduction to Network Security Key Management and Distribution

Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory

Authentication Protocols

How To Use Kerberos

DRAFT Standard Statement Encryption

White Paper. Options for Two Factor Authentication. Authors: Andrew Kemshall Phil Underwood. Date: July 2007

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Research Article. Research of network payment system based on multi-factor authentication

SECURITY IN ELECTRONIC COMMERCE MULTIPLE-CHOICE QUESTIONS

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

SSL A discussion of the Secure Socket Layer

SECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS

Ciphermail S/MIME Setup Guide

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

SECURITY IN NETWORKS

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Lab 7. Answer. Figure 1

Introduction to Computer Security

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Network Security Protocols

Copyright MyPW LLC.

Secure distributed single sign-on with two-factor authentication

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Transcription:

Operating Systems 22. Authentication Paul Krzyzanowski Rutgers University Spring 2015 1

Authentication: PAP Password Authentication Protocol client login, password OK server name:password database Unencrypted, reusable passwords Insecure on an open network Also, password file must be protected from open access But administrators can still see everyone s passwords 2

PAP: Reusable passwords Problem: Open access to the password file What if the password file isn t sufficiently protected and an intruder gets hold of it? All passwords are now compromised! Even if a trusted admin sees your password, this might also be your password on other systems. Solution: Store a hash of the password in a file Given a file, you don t get the passwords Have to resort to a dictionary or brute-force attack Example, passwords hashed with SHA-512 hashes (SHA-2) 3

What is a dictionary attack? November 2013 Adobe security breach 152 million Adobe customer records with encrypted passwords Adobe encrypted passwords with a symmetric key algorithm and used the same key for every password! Top 26 Adobe Passwords Frequency Password 1 1,911,938 123456 2 446,162 123456789 3 345,834 password 4 211,659 adobe123 5 201,580 12345678 6 130,832 qwerty 7 124,253 1234567 8 113,884 111111 9 83,411 photoshop 10 82,694 123123 11 76,910 1234567890 12 76,186 000000 13 70,791 abc123 Frequency Password 14 61,453 1234 15 56,744 adobe1 16 54,651 macromedia 17 48,850 azerty 18 47,142 iloveyou 19 44,281 aaaaaa 20 43,670 654321 21 43,497 12345 22 37,407 666666 23 35,325 sunshine 24 34,963 123321 25 33,452 letmein 26 32,549 monkey 4

What is a dictionary attack? Suppose you got access to a list of hashed passwords Brute-force, exhaustive search: try every combination Letters (A-Z, a-z), numbers (0-9), symbols (!@#$%...) Assume 30 symbols + 52 letters + 10 digits = 92 characters Test all passwords up to length 8 Combinations = 92 8 + 92 7 + 92 6 + 92 5 + 92 4 + 92 3 + 92 2 + 92 1 = 5.189 10 15 If we test 1 billion passwords per second: 60 days But some passwords are more likely than others 1,991,938 Adobe customers used a password = 123456 345,834 users used a password = password Dictionary attack Test lists of common passwords, dictionary words, names Add common substitutions, prefixes, and suffixes 5

What is salt? How to speed up a dictionary attack Create a table of precomputed hashes Now we just search a table Example: SHA-512 hash of password = sqnzu7wktrgkqzf+0g1hi5ai3qmzvv0bxgc5thbqi7masdd4xll27asbrt 9fEyavWi6m0QP9B8lThf+rDKy8hg== Salt = random string (typically up to 16 characters) Concatenated with the password Stored with the password file (it s not secret) Even if you know the salt, you cannot use precomputed hashes to search for a password (because the salt is prefixed) Example: SHA-512 hash of am$7b22qlpassword, salt = am$7b22ql : ntixjdmnuemwig4dtwombaguucw6xv6chj+7ynrgvdoyffrvb/llqs01/pxs 8xZ+ur7zPO2yn88xcIiUPQj7xg== You will not have a precomputed hash of am$7b22qlpassword! 6

PAP: Reusable passwords Problem #2: Network sniffing Passwords can be stolen by observing a user s session in person or over a network: snoop on telnet, ftp, rlogin, rsh sessions Trojan horse social engineering brute-force or dictionary attacks Solutions: (1) Use one-time passwords (2) Use an encrypted communication channel 7

Authentication: CHAP Challenge-Handshake Authentication Protocol challenge = nonce client Has shared secret hash(challenge, secret) OK server Has shared secret The challenge is a nonce (random bits). We create a hash of the nonce and the secret. An intruder does not have the secret and cannot do this! 8

CHAP authentication Alice network host alice alice look up alice s key, K R = f(k,c) C R welcome generate random challenge number C R = f(k, C) R = R? an eavesdropper does not see K 9

One-Time Passwords: SecurID card Username: paul Password: 1234032848 PIN + passcode from card Something you know Passcode changes every 60 seconds Something you have 1. Enter PIN 2. Press 3. Card computes password 4. Read password & enter Password: 354982 10

One-Time Passwords: SecurID card Proprietary device from RSA SASL mechanism: RFC 2808 Two-factor authentication based on: Shared secret key (seed) stored on authentication card Shared personal ID PIN known by user 11

SecurID (SASL) authentication: server side Look up user s PIN and seed associated with the token Get the time of day Server stores relative accuracy of clock in that SecurID card historic pattern of drift adds or subtracts offset to determine what the clock chip on the SecurID card believes is its current time Passcode is a cryptographic hash of seed, PIN, and time server computes f(seed, PIN, time) Server compares results with data sent by client 12

SecurID An intruder (sniffing the network) does not have the information to generate the password for future logins Needs the seed number (in the card), the algorithm (in the card), and the PIN (from the user) An intruder who steals your card cannot log in Needs a PIN (the benefit of 2-factor authentication) An intruder who sees your PIN cannot log in Needs the card (the benefit of 2-factor authentication) 13

Man-in-the-Middle Attacks Password systems are vulnerable to man-in-the-middle attacks Attacker acts as application server Hi Bob, I m Alice Alice Mike Bob 14

Man-in-the-Middle Attacks Password systems are vulnerable to man-in-the-middle attacks Attacker acts as application server Hi Bob, I m Alice Hi Bob, I m Alice Alice Mike Bob 15

Man-in-the-Middle Attacks Password systems are vulnerable to man-in-the-middle attacks Attacker acts as application server What s your password? What s your password? Alice Mike Bob 16

Man-in-the-Middle Attacks Password systems are vulnerable to man-in-the-middle attacks Attacker acts as application server It s 123456 It s 123456 Alice Mike Bob 17

Man-in-the-Middle Attacks Password systems are vulnerable to man-in-the-middle attacks Attacker acts as application server So long, sucker! Welcome, Alice! Alice Mike Bob 18

Man-in-the-Middle Attacks Password systems are vulnerable to man-in-the-middle attacks Attacker acts as application server Huh? Download all files Alice Mike Bob 19

Guarding against man-in-the-middle Use a covert communication channel The intruder won t have the key Can t see the contents of any messages But you can t send the key over that channel! Use signed messages Both parties can reject unauthenticated messages The intruder cannot modify the messages Signatures will fail (need to encrypt the hash) 20

Public key authentication Demonstrate we can encrypt or decrypt a nonce Alice wants to authenticate herself to Bob: Bob: generates nonce, S Sends it to Alice A random bunch of bits Alice: encrypts S with her private key (signs it) Sends result to Bob 21

Public key authentication Bob: 1. Look up Alice s public key 2. Decrypt the message from Alice using Alice s public key 3. If the result is S, then Bob is convinced he s talking with Alice For mutual authentication, Alice has to present Bob with a nonce that Bob will encrypt with his private key and return 22

Public key authentication Public key authentication relies on binding identity to a public key How do you know it really is Alice s public key? One option: get keys from a trusted source Problem: requires always going to the source cannot pass keys around Another option: sign the public key Contents cannot be modified without detection digital certificate 23

X.509 Certificates ISO introduced a set of authentication protocols X.509: Structure for public key certificates: Issuer = Certification Authority (CA) Certificate data Signature version serial # algorithm Issuer Distinguished Name Validity (from-to) Signature Algorithm Distinguished name Subject Public key (algorithm & key) Signature Name, organization, locality, state, country, etc. X.509 v3 Digital Certificate 24

Reminder: What s a digital signature? Hash of a message encrypted with the signer s private key Alice H(P) Bob H(P) S=E a (H(P)) D A (S) =? 25

X.509 certificates When you get a certificate Verify its signature: hash contents of certificate data Decrypt CA s signature with CA s public key Obtain CA s public key (certificate) from trusted source Certification authorities are organized in a hierarchy A CA certificate may be signed by a CA above it Certificate chaining Certificates prevent someone from using a phony public key to masquerade as another person if you trust the CA 26

Built-in trusted root certificates in ios 8 AAA Certificate Services AC Raíz Certicámara S.A. Actalis Authentication Root CA AddTrust Class 1 CA Root AddTrust External CA Root AddTrust Public CA Root AddTrust Qualified CA Root Admin-Root-CA AdminCA-CD-T01 AffirmTrust Commercial AffirmTrust Networking AffirmTrust Premium AffirmTrust Premium ECC America Online Root Certification Authority 1 America Online Root Certification Authority 2 Apple Root CA Apple Root Certificate Authority ApplicationCA2 Root Autoridad de Certificacion Firmaprofesional Autoridad de Certificacion Raiz del Estado Venezolano Baltimore CyberTrust Root Belgium Root CA Buypass Class 2 Root CA Buypass Class 3 CA 1 Buypass Class 3 Root CA CA Disig CA Disig Root R1 CA Disig Root R2 CNNIC ROOT COMODO Certification Authority CRL1 CertiNomis Certigna Certinomis - Autorité Racine Certinomis - Root CA Certum CA Certum Trusted Network CA Certum Trusted Network CA 2 Chambers of Commerce Root Chambers of Commerce Root - 2008 China Internet Network Information Center EV Certificates Root Cisco Root CA 2048 Class 2 Primary CA ComSign CA Common Policy D-TRUST Root Class 3 CA 2 2009 DST ACES CA X6 DST Root CA X3 DST Root CA X4 Deutsche Telekom Root CA 2 Developer ID Certification Authority DigiCert Assured ID Root CA DigiCert Assured ID Root G2 DigiCert Assured ID Root G3 DigiCert Global Root CA DigiCert Global Root G2 DigiCert Global Root G3 DigiCert High Assurance EV Root CA DigiCert Trusted Root G4 DigiNotar Cyber CA DigiNotar Extended Validation CA DigiNotar PKIoverheid CA Organisatie - G2 DigiNotar PKIoverheid CA Overheid en Bedrijven DigiNotar Public CA 2025 DigiNotar Qualified CA DigiNotar Root CA DigiNotar Root CA G2 DigiNotar Services 1024 CA DigiNotar Services CA Digisign Server ID (Enrich) DoD CLASS 3 Root CA DoD Root CA 2 E-Tugra Certification Authority EASEE-gas CA EBG Elektronik Sertifika Hizmet Sağlayıcısı ECA Root CA EE Certification Centre Root CA Echoworx Root CA2 Entrust Certification Authority - L1C Partial list from 475 CAs in http://support.apple.com/kb/ht5012 27

The End 28

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information