CSC 435 – Computer Security

User Authentication
Digital User Authentication
NIST SP 800-63-3 (Digital Authentication Guideline, October
2016) defines digital user authentication as:

“The process of establishing confidence in user identities that

are presented electronically to an information system.”
Identification & Authentication Security
Requirements
Table 3.1 Identification and(NIST SP 800-171)
Authentication Security Requirements ( SP 800-171)

Basic Security Requirements:

1 Identify information system users, processes acting on behalf of users, or devices.
2 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite
to allowing access to organizational information systems.

Derived Security Requirements:

3 Use multifactor authentication for local and network access to privileged accounts and for
network access to non-privileged accounts.
4 Employ replay-resistant authentication mechanisms for network access to privileged and
non-privileged accounts.
5 Prevent reuse of identifiers for a defined period.
6 Disable identifiers after a defined period of inactivity.
7 Enforce a minimum password complexity and change of characters when new passwords
are created.
8 Prohibit password reuse for a specified number of generations.
9 Allow temporary password use for system logons with an immediate change to a
permanent password.
10 Store and transmit only cryptographically-protected passwords.
11 Obscure feedback of authentication information.
NIST SP 800-63-3 E-Authentication
Architectural Model
Means of Authentication

The four means of authenticating

user identity are based on:

• Password, PIN,
answers to • Smartcard, • Fingerprint,
prearranged electronic retina, face
questions • Voice pattern,
keycard, handwriting,
physical key typing rhythm
Multifactor Authentication

Authentication
logic using Authentication
f rst factor logic using
second factor

ol on

ol on
oc t i

oc t i
ot ica

ot ica
pr ent

pr ent
th

th
Au

Au
Pass Pass

Fail Fail
Client Client

Figure 3.2 Multifactor Authentication

Risk Assessment for
User Authentication
 There are three
separate concepts:
Assurance
Level

Potential
impact

Areas of
risk
Assurance Level

More specifically Four levels of

Describes an is defined as: assurance
organization’s
degree of The degree of confidence
Level 1
in the vetting process •Little or no confidence in the
certainty that a used to establish the
asserted identity's validity

identity of the individual

user has to whom the credential Level 2

presented a was issued •Some confidence in the asserted

identity’s validity

credential that Level 3

refers to his or her The degree of confidence •High confidence in the asserted
identity's validity
that the individual who
identity uses the credential is the
individual to whom the Level 4
credential was issued •Very high confidence in the
asserted identity’s validity
Potential Impact
 FIPS 199 defines three levels of potential impact on
organizations or individuals should there be a breach
of security:
 Low:
An authentication error could be expected to have a limited adverse
effect on organizational operations, organizational assets, or individuals
 Moderate:
An authentication error could be expected to have a serious adverse
effect
 High:
An authentication error could be expected to have a severe or
catastrophic adverse effect
Areas of Risk

Maximum Potential Impacts for Each Assurance Level

Password-Based Authentication
 Widely used line of defense against intruders
 User provides name/login and password
 System compares password with the one stored for that specified
login
 The user ID:
 Determines that the user is authorized to access the system
 Determines the user’s privileges
 Is used in discretionary access control
Password Vulnerabilities (1)

Offline Password
guessing Workstation Electronic
dictionary against hijacking monitoring
attack single user

Exploiting
Specific Popular Exploiting
multiple
account password user
password
attack attack mistakes
use
Password Vulnerabilities (2)
 Offline dictionary attack:
 strong access controls protect password files
 hackers frequently bypass such controls and obtain system password file and compare
password hashes against hashes of commonly used passwords
 If match found  attacker gains access by that ID/password combination
 Countermeasures: prevent unauthorized access to password file, intrusion detection to
identify compromises, and rapid re-issuance of passwords

 Specific account attack:

 attacker targets a specific account and guesses until password is discovered
 Countermeasure: account lockout mechanism, i.e. locks out access to account after number
of failed login attempts [typically 5]

 Popular password attack:

 variation of preceding  using popular password and try to find user IDs
 Users tend to choose easily remembered password easy to guess password
 Countermeasures: policies to inhibit selection of common passwords and scanning the IP
addresses of authentication requests and client cookies for submission patterns.
Password Vulnerabilities (3)
 Password guessing against single user:
 gain knowledge about the account holder and system password policies and uses that
knowledge to guess the password
 Countermeasures: password policies that make passwords difficult to guess. Such policies
address secrecy, minimum length, character set, prohibition against using well-known user
identifiers, and length of time before password must be changed.

 Workstation hijacking:
 Unattended logged-in workstation
 Countermeasure: logging out after period of inactivity

 Exploiting user mistakes:

 potential to read written passwords
 share passwords to enable colleagues share files
 Social engineering tactics [trick users into revealing passwords]
 preconfigured passwords for system administrators
 Countermeasures: user training, intrusion detection, and simpler passwords combined with
another authentication mechanism
Password Vulnerabilities (4)
 Exploiting multiple password use:
 different network devices share same or similar passwords for a given
user
 Countermeasures: policy that forbids the same or similar password
on particular network devices.

 Electronic monitoring:
 passwords communicated across networks are vulnerable to
eavesdropping
 Simple encryption will not fix this  encrypted password can be
reused
 User ID Salt Hash code
Salt

Hashed Passwords – •

UNIX Password Scheme

slow hash Load •
function •

(a) Loading a new password

Password File
User id
User ID Salt Hash code

Salt
Password
Password File
Select Password
User ID Salt Hash code
Salt

•
slow hash Load •
function • slow hash
function

Hashed password
Compare
(a) Loading a new password
(b) Verifying a password

Password File
User id
User ID Salt Hash code
secure against
Figure 3.3 UNIX Password Scheme
many cryptanalytic
Salt
attacks
Select Password
Salt Benefits
The salt serves three purposes:
 It prevents duplicate passwords from being visible in
the password file. Even if two users choose the
same password, those passwords will be assigned
different salt values. Hence, the hashed passwords
of the two users will differ.
 It greatly increases the difficulty of offline dictionary
attacks. For a salt of length b bits, the number of
possible passwords is increased by a factor of 2b,
increasing the difficulty of guessing a password in a
dictionary attack.
 It becomes nearly impossible to find out whether a
person with passwords on two or more systems has
used the same password on all of them.
UNIX Implementation
Original scheme
• Up to eight printable characters in length
• 12-bit salt used to modify DES
encryption into a one-way hash function
• Zero value repeatedly encrypted 25 times
• Output translated to 11 character
sequence

Now regarded as
inadequate
• Still often required for compatibility with
existing account management software
or multivendor environments
Improved Implementations

OpenBSD uses Blowfish

block cipher based hash
algorithm called Bcrypt
•Most secure version of Unix
Much stronger hash/salt hash/salt scheme
schemes available for •Uses 128-bit salt to create
Unix 192-bit hash value

Recommended hash
function is based on
MD5
•Salt of up to 48-bits
•Password length is unlimited
•Produces 128-bit hash
•Uses an inner loop with 1000
iterations to achieve slowdown
Password Cracking
Dictionary attacks
•Develop a large dictionary
of possible passwords and
try each against the
password file
•Each password must be
hashed using each salt value
and then compared to
stored hash values
Password crackers
exploit the fact that
people choose easily
guessable passwords
•Shorter password lengths
are also easier to crack
Rainbow table attacks
•Pre-compute tables of hash
values for all salts
•A mammoth table of hash
values
•Can be countered by using
a sufficiently large salt value
and a sufficiently large hash
length
John the Ripper
•Open-source password
cracker first developed in
in 1996
•Uses a combination of
brute-force and dictionary
techniques
Modern Approaches
 Complex password policy
 Forcing users to pick stronger passwords
 However password-cracking techniques have also improved
 The processing capacity available for password cracking has increased
dramatically
 The use of sophisticated algorithms to generate potential passwords
 Studying examples and structures of actual passwords in use
Percentage of Passwords Guessed after
Number of Guesses

50%

40%
Percent guessed

30%

20%

10%

0%
104 107 1010 1013
Number of guesses

Figure 3.4 The Percentage of Passwords Guessed After

a Given Number of Guesses
Password File Access Control
Can block offline guessing attacks by denying access to
encrypted passwords

Make
available
only to
Vulnerabilities
privileged
users

Weakness Accident Users with

Sniff
in the OS with same Access from
passwords
Shadow that allows permissions password backup
in network
password access to the making it on other media
traffic
file file readable systems
Password Selection Strategies
User education
Users can be told the importance of using hard to guess passwords and can be provided with guidelines for selecting strong passwords

Computer generated passwords

Users have trouble remembering them

Reactive password checking

System periodically runs its own password cracker to find guessable passwords

Complex password policy

User is allowed to select their own password, however the system Goal is to eliminate guessable passwords while allowing the user
checks to see if the password is allowable, and if not, rejects it to select a password that is memorable
Proactive Password Checking
 Rule enforcement
 Specific rules that passwords must adhere to
 Password checker
 Compile a large dictionary of passwords not to use
 Bloom filter
 Used to build a table based on hash values
 Check desired password against this table
Token-Based Authentication
 Token-Based Authentication
 Tokens are objects that a user possesses for the
purpose of user authentication.
 Some types of cards that are used as Tokens are shown in
the table below
Card Type Defining Feature Example
Embossed Raised characters only, on Old credit card
front
Magnetic stripe Magnetic bar on back, characters on front Bank card
Memory Electronic memory inside Prepaid phone card
Smart Electronic memory and processor inside Biometric ID card
Contact Electrical contacts exposed on surface
Contactless Radio antenna embedded inside
Memory Cards
 Can store but do not process data
 The most common is the magnetic stripe card
 Can include an internal electronic memory
 Can be used alone for physical access
 Hotel room
 ATM
 Provides significantly greater security when combined
with a password or PIN
 Drawbacks of memory cards include:
 Requires a special reader
 Loss of token
 User dissatisfaction
Smart Tokens
Physical characteristics:
 Include an embedded microprocessor
 A smart token that looks like a bank card
 Can look like calculators, keys, small portable objects
User interface:
 Manual interfaces include a keypad and display for human/token interaction
Electronic interface:
 A smart card or other token requires an electronic interface to communicate
with a compatible reader/writer
 Contact and contactless interfaces
Authentication protocol:
 Classified into three categories:
 Static
 Dynamic password generator
 Challenge-response
Smart Cards
Most important category of smart token
 Has the appearance of a credit card
 Has an electronic interface
 May use any of the smart token protocols
Contain:
 An entire microprocessor
 Processor
 Memory
 I/O ports
Typically include three types of memory:
 Read-only memory (ROM)
 Stores data that does not change during the card’s life
 Electrically erasable programmable ROM (EEPROM)
 Holds application data and programs
 Random access memory (RAM)
 Holds temporary data generated when applications are executed
Smart Card/Reader Exchange
Electronic Identity Cards (eID)
Use of a smart card as a national
identity card for citizens
Can serve the same purposes as other
national ID cards, and similar cards such as a
driver’s license, for access to government and
commercial services
Can provide stronger proof of identity and
can be used in a wider variety of applications
In effect, is a smart card that has been
verified by the national government as valid
and authentic
Example is the German card
neuer Personalausweis
Has human-readable data printed on
its surface
• Personal data: ex: name, date of birth, and
address
• Document number: An alphanumerical nine-
character unique identifier
• Card access number (CAN): ): A six-digit
decimal random number printed on face of card
(used as password)
• Machine readable zone (MRZ): Three lines of
human- and machine-readable text on the back
of the card (used as password)
Electronic Functions and Data for
eID Cards

• CAN = card access number

• MRZ = machine readable zone
• PACE = password authenticated
connection establishment
• PIN = personal identification
number
User Authentication with eID –
a Web-based scenario

est
io n re q u
t
ntica
. A uthe
4 t ge
r e que s l e xchan eID
N oco
5. PI prot rect
ic at ion
f or redi server
nt sult
ut he n re
7. A at io
6. User enters PIN ntic
. Aut he
8

2. Se
rvic
e re q
1. User requests service 3. R uest
(e.g., via Web browser) edir
ect t
9. A o eID
uthe mes
ntica sage
tion
10. S resu
ervi lt fo
ce g r wa
rant rded
ed

Host/application
server

Figure 3.7 User Authentication with eID

Password Authenticated Connection
Establishment (PACE)

For offline applications,

either the MRZ
printed on the back of
For online applications, the card or the six-
access is established by digit card access
the user entering the number (CAN) printed
Ensures that the 6-digit PIN (which on the front is used
contactless RF chip in should only be known
the eID card cannot be to the holder of the
read without explicit card)
access control
Biometric Authentication
 Attempts to authenticate an individual based on unique
physical characteristics
 Based on pattern recognition
 Is technically complex and expensive when compared to
passwords and tokens
 Physical characteristics used include:
 Facial characteristics
 Fingerprints
 Hand geometry
 Retinal pattern
 Iris
 Signature
 Voice
Biometric Authentication –
Cost vs Accuracy
 A Generic Biometric System
Name (PIN)

Biometric Feature Name (PIN)

sensor extractor Biometric
database Biometric Feature
Name (PIN) sensor extractor Biometric
User interface Enrollment creates an database
Biometric Feature
sensor
(a) Enrollment extractor Biometric association between a user
User interfacedatabase
and the user’s biometric
(a) Enrollment
User interface characteristics.
Name (PIN)
(a) Enrollment
Biometric Feature
Name (PIN)
Depending on the application, sensor extractor Biometric
database
Biometric Feature
user
Nameauthentication
(PIN) either sensor extractor Biometric
Feature database
involves
User interfaceverifying that
Biometric a claimed
true/false Feature
matcher One template
sensor extractor Biometric
user is the actual user or
(b) Verification User interfacedatabase true/false
Feature
matcher One template
identifying an unknown user.
User interface Feature (b) Verification
true/false
matcher One template
(b) Verification
Biometric Feature
sensor extractor Biometric
database Biometric Feature
sensor extractor Biometric
User interface user's identity or Feature
Biometric Feature database
"user unidentified" matcher N templates
sensor extractor Biometric
(c) Identification User interfacedatabase user's identity or Feature
"user unidentified" matcher N templates

User interface
Figure 3.9 A user's identity
Generic or System.Feature
Biometric Enrollment creates (c) Identification
"user
an association unidentified"
between matcher
a user and the user's biometric N templates
characteristics. Depending on the application, user
Remote User Authentication
 Authentication over a network, the Internet, or a
communications link is more complex
 Additional security threats such as:
 Eavesdropping, capturing a password, replaying an
authentication sequence that has been observed
 Generally rely on some form of a challenge-response
protocol to counter threats
Remote User Authentication –
Basic Challenge-Response Protocol

Client Client
Host Host
U U
U, User U, User
r, random number r, random number
(r, h(), f()) h(), f(), functions (r, h(), f()) h(), f(), functions

P’ P’ W’
r’, return of r password to
f(r’, h(P’))
passcode via token
r’, return of r f(r’, h(W’))
if f(r’, h(P’)) =
f(r, h(P(U))) if f(r’, h(W’)) =
yes/no then yes else no f(r, h(W(U)))
yes/no then yes else no

(b) Protocol for a password

(b) Protocol for a token
 yes/no then yes else no

Remote User Authentication –

(b) Protocol for a password
(b) Protocol for a token

Basic Challenge-Response Protocol

Client Client
Host Host
U U
U, User U, User
r, random number r, random number
(r, E()) E(), function x, random sequence
challenge
(r, x, E())
B’ BT’ biometric E(), function
D‘ biometric device B’, x’ BS’(x’)
E(r’, D’, BT’) E(r’, BS’(x’))
r’, return of r r’, return of r
E–1E(r’, P’, BT’) = E–1E(r’, BS’(x’)) =
(r’, P’, BT’) (r’, BS’(x’))
if r’ = r AND D’ = D extract B’
AND BT’ = BT(U) from (r’, BS’(x’))
then yes else no if r’ = r AND x’ = x
yes/no
AND B’ = B(U)
yes/no then yes else no

(c) Protocol for static biometric (d) Protocol for dynamic biometric

Figure 3.13 Basic Challenge-Response Protocols for Remote User Authentication

Potential Attacks – Susceptible
Authenticators – Typical Defenses
Potential Attacks – Susceptible
Authenticators – Typical Defenses
 Eavesdropping
Adversary attempts to
learn the password by
some sort of attack that
Host Attacks
Denial-of-Service involves the physical
proximity of user and Directed at the user
Attempts to disable a adversary file at the host where
user authentication passwords, token
service by flooding the passcodes, or
service with numerous biometric templates
authentication are stored
attempts

Trojan Horse Replay

An application or
physical device Adversary repeats a
masquerades as an Client Attacks previously captured
authentic application Adversary attempts to user response
or device for the achieve user
purpose of capturing a authentication
user password, without access to the
passcode, or biometric remote host or the
intervening
communications path
Thank You