Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
25/11/2018 1
Outline
1. Means of authentication
2. Password-based authentication
3. Token-based authentication
4. Biometric authentication
5. Remote user authentication
6. Security issues for authentication
25/11/2018 2
Access control
Two processes:
1. Confirming identity of entity accessing a logical
or physical area (authentication)
2. Determining which actions that entity can
perform in that physical or logical area
(authorization)
A successful access control approach—
whether intended to control physical access or
logical access—always consists of both
Authentication and Authorization (A&A)
25/11/2018 3
Means of Authentication
1. Something you know, 1. Can be used alone or
e.g., password PIN combined
2. All can provide user
2. Something you have, authentication
e.g. key, token,
smartcard 3. All have issues
25/11/2018 4
The Strongest Authentication
25/11/2018 5
Something You Know
Username
Password
PIN
Passphrase
Password Authentication
1. Widely used user authentication method
user provides name/login and password
system compares password with that saved for
specified login
2. Authenticates ID of user logging and
that the user is authorized to access system
determines the user’s privileges
is used in discretionary access control
25/11/2018 7
Password Vulnerabilities
1. Offline dictionary attack: A determined hacker may bypass
access controls and gain access to the system password file.
The attacker then compares the password hashes against
hashes of commonly used passwords.
2. Specific account attack: The attacker targets a specific
account and submits password guesses until the correct
password is discovered.
3. Popular password attack: The attacker chooses a popular
password and try it against a wide range of user IDs.
4. Password guessing against single user: The attacker
attempts to gain knowledge about the account holder and
system password policies and uses that knowledge to guess
the password. .
25/11/2018 8
Password Vulnerabilities
5. Workstation hijacking; The attacker waits until
a logged-in workstation is unattended.
6. Exploiting user mistakes: If the system assigns a
password, then the user is more likely to write it
down because it is difficult to remember.
7. Exploiting multiple password use. When
different network devices share the same or a
similar password for a given user.
8. Electronic monitoring: If a password is
communicated across a network to log on to a
remote system, it is vulnerable to eavesdropping.
25/11/2018 9
Countermeasures
1. Stop unauthorized access to password
file
2. Intrusion detection measures
3. Account lockout mechanisms
4. Policies against using common
passwords but rather hard to guess
passwords
5. Training & enforcement of policies
6. Automatic workstation logout
7. Encrypted network links
25/11/2018 10
Use of Hashed
Passwords
25/11/2018 11
Some Purposes of Using hashed passwords
1. Prevents duplicate passwords from being visible
in the password file
2. If two users choose the same password, those
password will be assigned different salt values.
3. Greatly increases the difficulty of offline
dictionary attacks.
4. For a salt of b bits, the number of possible
passwords is increased by a factor of 2b .
5. Becomes nearly impossible to find out whether a
person with passwords on two or more systems
has used the same password on all of them.
25/11/2018 12
Threats to hashed passwords
. First, a user can gain access on a machine using a
guest account or by some other means and then run
a password guessing program, called a password
cracker, on that machine.
In addition, if an opponent is able to obtain a copy
of the password file, then a cracker program can be
run on another machine at leisure. This enables the
opponent to run through millions of possible
passwords in a reasonable period.
25/11/2018 13
Using Better Passwords: four techniques
1. User education –
importance of using hard-to-guess passwords
guidelines for selecting strong passwords.
problematic when large user population or a lot of turnover,
users will simply ignore the guidelines.
2. Computer-generated passwords –
poor acceptance by users, if random in nature,
users will not remember them, if pronounceable,
the user may still be tempted to write it down.
3. Reactive password checking –
system periodically runs its password cracker to find guessable passwords.
system cancels passwords that are guessed and notifies users.
Can be costly in resources to implement.
4. Proactive password checking –
user selects own password, the system then checks to see if it is allowable
if it is not, the system rejects it.
must strike a balance between user acceptability and strength.
Likely the best solution.
25/11/2018 14
Proactive Password Checking
25/11/2018 15
Username and Reusable Passwords–Something You Know
Problems
Password data accessible to system users
Reusable passwords are easily captured and used by
intruders
25/11/2018 16
Password Guidelines
Use one-time passwords wherever possible
If you must use reusable passwords
o Avoid trivial and easily crackable passwords
o Protect password data against unauthorized access
o Educate all users regarding the critical importance of
protecting password confidentiality
Ensure that all accounts have passwords for all
systems and network components
Replace all vendor-supplied passwords for all
systems and network components
25/11/2018 17
Markov model
Quadruple [m,A,T,k]
m number of states in the model
A the state space
T the matrix of transition
probabilities
k the order of the model
For a k-th order model, the prob
(making a transition to a given
letter) depends on the previous k
letters that have been generated
First order model in fig3.2
25/11/2018 18
Second order Markov model
1. Build dictionary of guessable passwords
2. Build the transition matrix T
a. Determine matrix f
f(i,j,k) is the number of occurrences of the trigram
consisting of the ith, ijth, kth characters. Example, the
password parsnips the trigrams: par, ars, rsn, sni, nip,
ips.
b. For each bigram ij calculate f(i,j,∞) - the total number of
occurrences of the trigrams beginning with ij. Example,
f(i,j,∞) is the total number of trigrams of the form aba, abb,
abc, …
c. Compute the entries of T as follows
f i, j , k
Ti, j , k
f i, j ,
25/11/2018 19
Markov model
Model reflects word structure in dictionary
25/11/2018 20
Bloom Filter
Way of using hash transforms to determine set
membership
Is applied wherever fast set membership tests on
large data sets are required.
Examples: spell checking, differential file updating,
distributed network caches, and textual analysis.
It is a probabilistic method with a set error rate.
Errors can only occur on the side of inclusion :
a true member will never be reported as not belonging to
a set,
but some non-members may be reported as members.
25/11/2018 21
Bloom fillters use hash transforms to compute a
vector (the filter) that is representative of the data
set.
Membership is tested by comparing the results of
hashing on the potential members to the vector.
In its simplest form the vector is composed of N
elements, each a bit.
An element is set if and only if some hash
transform hashes to that location for some key.
25/11/2018 22
BLOOM FILTER
Filter with m = 4 hash
transforms and N = 8
bits.
25/11/2018 23
A bloom filter is based on an array of mbits (b1, b2, …,
bm) that are initially set to 0.
To set the bits to 1, k independent hash functions (h1,
h2, …, hk), each returning a value between 1 and m, are
used.
In order to “store” a given element into the bit array,
each hash function must be applied to it and, based on
the return value r of each function (r1, r2, …, rk), the bit
with the offset r is set to 1.
Since there are k hash functions, up to k bits in the bit
array are set to 1 (it might be less because several hash
functions might return the same value).
25/11/2018 24
How it works
25/11/2018 25
Bloom filter
Consider a set of n elements, A=(a1, a2,.., an)
Bloom filters describe membership information of A
using a bit vector V of length m.
For this, k hash functions, h1, h2,.., hk
with hi : X → {1,2,3,…m}
The k hash functions , are used as described below:
Bloom Filter
25/11/2018 27
Bloom filter: checking for membership
Testing for membership of an element elm is
equivalent to testing that all corresponding bits of V
are set:
Procedure MembershipTest (elm, filter, hash_functions)
returns yes/no
foreach hash function hj:
if filter[hj(elm)] != 1 return No
end foreach
return Yes
25/11/2018 28
Bloom filter applied to password checking
Password is presented to the checker
Its k hash values are calculated
If all the corresponding bits in the hash table are
equal to 1, then the password is rejected
All the password in the dictionary will be
rejected
Possibility of false positives
25/11/2018 29
Probability of false positive
assume the two passwords hulkhogan , and
undertaker are in the dictionary, but xG%#jj98 is
not.
Assume also that:
X H1(X) H2(X)
undertaker 25 998
hulkhogan 83 665
xG%#jj98 665 998
25/11/2018 30
Bloom Filter: Probability of false positive
k = number of hash functions
N= number of bits in hash table.
D= number of words in dictionary
R=N/D ratio of hash table size (bits) to dictionary
size(words)
P probability of false positive
P 1 e 1 e
kDN k k
R
k
k
or R
1
ln1 p
k
25/11/2018 31
Something You Have
This authentication
mechanism makes use of
something that user or
system possesses
1. Dumb card
2. Smart Card
3. Dongles
25/11/2018 32
Memory Card
Store but do not process data
Magnetic stripe card, e.g. bank card
Electronic memory card
Used alone for physical access
With password/PIN for computer use
Drawbacks of memory cards include:
need special reader
loss of token issues
user dissatisfaction
25/11/2018 33
Smartcard
credit-card like
Has own processor, memory, I/O ports
wired or wireless access by reader
may have crypto co-processor
ROM, EEPROM, RAM memory
Executes protocol to authenticate with reader/computer
Static protocol: user to token authentication, then token to computer
authentication
Dynamic password generator: passwords are generated periodically
(every minutes) requires synchronization of the token and the comupter
Challenge response: challenge can be encrypted with token public key.
25/11/2018 34
Access Control Tokens
25/11/2018 35
Something You Are
Face
Signature
Fingerprint
Retina
Iris
Palm geometry
Biometric Methods–
Something You Are
Physical Behavioral
Fingerprints Voice
Thumbprint The signature
Eye retina patterns Keyboard typing skills
Facial recognition
Iris
Hand geometry
Vein patterns
Downside of Biometrics
Inaccuracies in the verification process
Requires more powerful hardware
Possibly threatens user privacy
Something You Are
Only three human characteristics are usually
considered truly unique :
1. Fingerprints
2. Retina of the eye (blood vessel pattern)
3. Iris scan (random pattern of features found
in the eye including freckles, pits, coronas,
etc)
25/11/2018 39
Something You Do
This type of authentication makes use of
something the user performs or produces
Examples: technology related to:
1. signature recognition
2. and voice recognition
25/11/2018 40
Biometric Accuracy
never get identical templates
problems of false match / false non-match
25/11/2018 41
Biometrics effectiveness
Crossover rate:
1. Adjusting the device to one extreme creates a system
requires perfect matches- almost no false accept but
high rate of false reject
2. Adjusting the device to other extreme creates a
system with- almost no false reject but with high
false accept
3. The crossover error rate (CER), also called the
equal error rate is the point at which the rate of false
rejections equals the rate of false acceptances.
25/11/2018 42
Biometrics Accuracy
False reject rate: False accept rate:
the rate at which authentic the rate at which
users are denied or prevented fraudulent users or non-
access to authorized areas, as users are allowed access to
a result of a failure in the systems or areas, as a result
biometric device. of a failure in the biometric
device.
25/11/2018 43
Biometrics effectiveness
Crossover rate:
It is the optimal outcome for biometrics-based
systems.
CERs are used to compare various biometrics
and may vary by manufacturer.
A biometric device that provides a CER of 1%
is considered to be superior to one with a CER
of 5%, for example.
25/11/2018 44
Biometrics acceptabiliyty
25/11/2018 45
Biometrics Acceptability vs. Effectiveness
25/11/2018 46
Biometric Authentication
authenticate user based on one of their physical
characteristics
25/11/2018 47
Idealized biometric measurement operating characteristic curves
25/11/2018 48
Biometric Accuracy
Can plot the operating characteristic curve
pick threshold balancing error rates
25/11/2018 49
Remote user authentication: threats and solutions
Challenge-response protocols
User
authentication
Remote authentication
Local authentication (more complex)
(simple)
(security threats)
25/11/2018 50
Password protocol and
Token protocol
a. Password protocol
r random number
(nonce)
h, f specified by host
b. Token protocol
Either token stores a
static password or
generates a dynamic
one.
25/11/2018 51
Static and dynamic biometric
protocols
c. Static biometric
r random number
E encryption identifier
B’ user’s biometric
BT biometric template
D’ biometric device identifier
d. Dynamic biometric
Host provides random sequence x
and a random number
Random sequence x is vocalized,
typed or handwritten by client,
generates a biometric signal
BS’(x’)
BS’(x’) and r are encrypted and
sent to host
25/11/2018 52
Operation of a
Biometric System
25/11/2018 53
User Authentication Methods
Questions to ask
Quality of reliable identification?
Needs client-side hardware?
Needs client-side software?
Deployment costs?
Work with legacy systems?
Secret password is still most popular form
Why?
25/11/2018 54
Using Password Auditing Tools
Intruders acquire and use tools that enable them to
compromise systems
sophisticated tools make password auditing easy
if the prize is big enough, intruders are patient
25/11/2018 55
Summary: User Authentication
Access control devices based upon user identity
Relies upon unimpeachable identification
But it’s not unimpeachable, so improve it
Login and reusable passwords
Login and one-time passwords
Biometrics
25/11/2018 56
Remote User Authentication
1. authentication over network more complex
problems of eavesdropping, replay
2. generally use challenge-response
user sends identity
host responds with random number
user computes f(r,h(P)) and sends back
host compares value from user with own computed
value, if match user authenticated
3. protects against a number of attacks
25/11/2018 57
Iris biometric system
25/11/2018 58
Iris biometric system
25/11/2018 59
Iris biometric system
25/11/2018 60
Iris biometric system
25/11/2018 61
Practical Application:
Iris Biometric System
eavesdropping
adversary attempts to
learn the password by
some sort of attack that
involves the physical host attacks
denial-of-service proximity of user and
adversary directed at the user file
attempts to disable a at the host where
user authentication passwords, token
service by flooding the passcodes, or biometric
service with numerous templates are stored
authentication attempts
25/11/2018 64
Authentication Security Issues
4. Replay attacks
adversary repeating a previously captured user response.
The most common countermeasure to such attacks is the
challenge- response protocol.
5. In a Trojan horse attack,
an application or physical device masquerades as an
authentic application or device for the purpose of
capturing a user password, passcode, or biometric.
The adversary can then use the captured information to
masquerade as a legitimate user.
6. A denial-of-service attack
attempts to disable a user authentication service by
flooding the service with numerous authentication
attempts.
25/11/2018 65
Security problems with ATM systems
Vulnerability affects small to mid-size card issuers.
Cardholder:
An individual to whom a debit card is issued. Typically, this
individual is also responsible for payment of all charges made to that
card.
Issuer:
An institution that issues debit cards to cardholders. This institution
is responsible for the cardholder’s account and authorizes all
transactions. Banks and credit unions are typical issuers.
Processor:
An organization that provides services such as core data processing
(PIN recognition and account updating), electronic funds transfer
(EFT), and so on to issuers. EFT allows an issuer to access regional
and national networks that connect point of sale (POS) devices and
ATMs worldwide
25/11/2018 66
Security problems with ATM systems
Vulnerability affects small to mid-size card issuers.
Customers expect 24/7 service at ATM
stations.
For many small to mid-sized issuers, it is
more cost-effective for contract processors to
provide the required data processing and
EFT/ATM services.
Each service typically requires a dedicated
data connection between the issuer and the
processor, using a leased line or a virtual
leased line.
25/11/2018 67
Prior to about 2003, the typical configuration involving
issuer, processor, and ATM machines could be
characterized by Figure 3.12a.
The ATM units linked directly to the processor rather
than to the issuer that owned the ATM, via leased or
virtual leased line.
The use of a dedicated link made it difficult to
maliciously intercept transferred data.
To add to the security, the PIN portion of messages
transmitted from ATM to processor was encrypted
using DES (Data Encryption Standard).
Processors have connections to EFT (electronic funds
transfer) exchange networks to allow cardholders
access to accounts from any ATM.
25/11/2018 68
With the configuration of Figure 3.12a, a transaction
proceeds as follows.
A user swipes her card and enters her PIN.
The ATM encrypts the PIN and transmits it to the
processor as part of an authorization request.
The processor updates the customer’s information
and sends a reply.
25/11/2018 69
In the early 2000s, banks worldwide began the
process of migrating from an older generation of
ATMs using IBM’s OS/2 operating system to new
systems running Windows.
The mass migration to Windows has been spurred by
a number of factors,
including IBM’s decision to stop supporting OS/2 by
2006,
market pressure from creditors such as MasterCard
International and Visa International to introduce
stronger Triple DES,
and pressure from U.S. regulators to introduce new
features for disabled users.
25/11/2018 70
Many banks, included
a number of other enhancements at the same time as
the introduction of Windows
and triple DES, especially the use of TCP/IP as a
network transport.
Because issuers typically run their own Internet-
connected local area networks (LANs) and intranets
using TCP/IP, it was attractive to connect ATMs to
these issuer networks and maintain only a single
dedicated line to the processor, leading to the
configuration illustrated in Figure 3.12b.
25/11/2018 71
This configuration saves the issuer expensive monthly
circuit fees
and enables easier management of ATMs by the
issuer.
In this configuration, the information sent from the
ATM to the processor traverses the issuer’s network
before being sent to the processor.
It is during this time on the issuer’s network that the
customer information is vulnerable.
25/11/2018 72
The security problem was that with the upgrade to a
new ATM OS and a new communications
configuration, the only security enhancement was
the use of triple DES rather than DES to encrypt
the PIN.
The rest of the information in the ATM request
message is sent in the clear.
This includes the card number, expiration date,
account balances, and withdrawal amounts.
25/11/2018 73
A hacker tapping into the bank’s network, either from an internal
location or from across the Internet potentially would have
complete access to every single ATM transaction.
The situation just described leads to two principal vulnerabilities:
Confidentiality:
The card number, expiration date, and account balance can
be used for online purchases or to create a duplicate card for
signature-based transactions.
25/11/2018 74
Integrity:
There is no protection to prevent an attacker from injecting
or altering data in transit.
If an adversary is able to capture messages en route, the
adversary can masquerade as either the processor or the ATM.
Acting as the processor, the adversary may be able to direct the
ATM to dispense money without the processor ever knowing
that a transaction has occurred.
If an adversary captures a user’s account information and
encrypted PIN, the account is compromised until the ATM
encryption key is changed,
enabling the adversary to modify account balances or effect
transfers.
25/11/2018 75
Case Study:
ATM Security Problems
Summary
introduced user authentication
using passwords
using tokens
using biometrics
remote user authentication issues
25/11/2018 77