AUTHENTICATION

Eckhard Pfluegel
LEARNING OBJECTIVES
• Learning Objectives – Authentication Protocols and
Mechanisms
• Understand goals of authentication and know the different types of
digital authentication mechanisms
• Discuss password-based authentication mechanisms
• Present a range of password-based authentication protocols and
discuss their security weaknesses and strengths
• Classify password attacks on authentication protocols and
mechanisms
• Be able to discuss controls for password attacks
• Known common rules for strong passwords
• Design schemes to help with administering many passwords
MOTIVATION
Goals of Authentication
• Scenario: Set of authorised users of a system
• Pre-defined (static)
• Ad-hoc (dynamic)
• Goal: identify a specific user from this set, wishing to
connect to a server within a distributed system
• We need to implement an authentication protocol in a
client/server architecture
Authentication Mechanism
• How does identification work in real life?
• Digital Authentication mechanisms are based on:
• Type 1: Something the user knows – password, PIN number,
mother’s maiden name
• Type 2: Something the user has – identity badges, drivers licence,
smartcard
• Type 3: Something the user is – fingerprint, voice, face (biometrics)
• Type 4: Somewhere the user is – location based
• We can use single-factor, two-factor or even multi-factor
authentication.
Mini-Exercise: Authentication
Mechanisms
• What different authentication mechanism (single/multi)
have you come across in the past?
• In your opinion, how usable and how secure are they?
PASSWORD AUTHENTICATION
PROTOCOLS
Password-based Authentication
• This is (still) the most common authentication mechanism
• Advantages:
• Simple
• Efficient
• Good for client-side security
• Disadvantages:
• Server needs to be trusted
• Client needs to be trusted
• Relies on user to provide strong password
• Password could leak
Basic Authentication Protocol I
Client Server

Authentication Request

Challenge

Response:
h(pwd)
Protocol Weaknesses/Attacks
• This basic protocol has a number of problems
• The following attacks can be launched:
• A1 Password guessing attack
• A2 Pre-image attack on the hash function
• A3 Replay Attack on the protocol
• A4 Man-in-the-middle attack on the protocol
• Let us strengthen our basic authentication protocol
Basic Authentication Protocol II
Client Server

Authentication Request

Challenge

Response:
h(user || pwd)
Protocol with Server Nonce
Client Server

Authentication Request

Challenge, NS

Response:
h( h(user || pwd) || NS ), NS
Final Protocol - Client and Server Nonce
Client Server

Authentication Request

Challenge, NS

Response:
h( h(user || pwd || NC) || NS ), NC, NS
AUTHENTICATION PROTOCOLS
Password Attack Classification
• An online attack requires (typically significant) work of the
system under attack (including communication).
• An offline attack requires work from the attacker with no or
little communication with the attacked system (e.g. server)
• Password attacks might target passwords residing either
on server, client or in transit
Assets under Attack
• We will classify attacks on the password asset by their
access vector through the following containers:
• Client (user):
• Hardware – keyboard
• Software – client interface, e.g. browser
• People – password owner
• Server (administrators):
• Data – password file or database
• Protocol/Network:
• Software – authentication protocol
• Data – protocol messages
Client Attacks – Overview
• Target asset: user data (in particular, the password)
• Attack access route is via client (user)
• So how could you determine somebody’s username?
• How about someone’s password?
• In order of decreasing difficulty:
• Guessing it
• Stealing it
• Asking the user for it
Brute Force Attack (offline)
• Also called an exhaustive attack
• The method is fairly unsophisticated - try all possible
passwords
• Problem: size of search space but there are tools for
doing this!
• For example, a problem if there are short passwords –
there are only 18,278 passwords of length 3
• Other example: assume password consists of maximal 8
characters A – Z
• There are 261 + 262 + 263 + .. + 268 ~ 5*1012 possible passwords
• This seems rather a lot
• But: if we can do one search per microsecond, it only takes about
two months!
Dictionary Attacks (offline)
• Try to speed up search process of exhaustive attack by
restricting to more probable passwords
• This is more successful than you might think!
• Examples:
• Names, so called dictionary words – the dictionary of most common
English words has 80,000 entries
• Passwords likely for a user: name of a friend, a pet, a song, or a
place..
Phishing/Spoofing Attack (online)
• Attacker prepares fake login system or website which
looks like the genuine one
• This prompts the user for his username and password
and stores or forwards the stolen credentials
• It then reports login failure and directs to real login screen
• Can be very successful and difficult to spot
Vishing Attack (online)
• Principle is very simple: just ask for the password!
• Example: posing as system administrator on the phone,
pretending there was a problem with the e-mail account
• Exploits gullible or naive users
• Can be very effective
Other Client Online Attacks
• Shoulder Surfing
• Keyloggers
• Client-side malware
Server Attacks
• Password Server Attack (Offline)
• Target asset: user passwords stored on server
• System must have a password file, listing user IDs and
corresponding passwords
• Attacker might target this key asset
• Particular problem if passwords are stored in plain text
• Note: attacker might be an insider – this is a very realistic scenario
Protocol Attacks
• Eavesdropping password in transmission
• Subverting password-reset mechanism
Mini-Exercise: Password Authentication
Attacks
• For each of the presented attacks, can you determine the
exploited vulnerability type and the corresponding attack
vector (access)?
CONTROLS
Controls
• Brute-force, dictionary attack: strong password
• Phishing/Spoofing: user education, filtering/scanning
• Vishing: user education
• Password server attack:
• Access control of password file
• Store protected passwords (using a hash function)
• Make sure passwords are unique (add unique ID – “Salt”)
Securing the Authentication Process
• Design of the authentication interface and process
requires careful consideration
• Example:
• ENTER USERNAME: hacker
• INVALID USERNAME – USER UNKNOWN
• Information is given away – why?
• Controls:
• Log all attempts of logging in
• Disconnect user after small number of failed logins
• Disable account after successive password failures
• More sophisticated systems require repeated authentication during
user session
Mini-Exercise: Password-change
Mechanisms
• The ability to change a password is an essential feature of
any system
• Review mechanisms for changing the password that you
are aware of (from your own experience).
• Which ones, in your opinion, are the most secure and
which ones the must convenient ones? Justify your
answers.
PASSWORD SECURITY
Motivation
• Goal: mitigate the vulnerability “weak password”
• “For all the money we spend tackling security holes, one
of the most common can be fixed for free – easily
guessed passwords remain one of the most exploited
security holes out there”
• A. Wittmann, A. Dornan & D. Greenfield, ‘Practical Advice
on Passwords’, Network Magazine, 4th May 2004
Rules for Strong Passwords
• Choose long passwords (at least 8-10 characters)
• Use characters other than just A-Z, a-z (at least one
number or punctuation character)
• Avoid actual names or dictionary words (or combinations
of)
• Do not use common personal data (date of birth, family
member name etc)
• Don’t write it down and don’t tell anyone else
• Change the password from time to time, but don’t go
overboard
Mini-Exercise: Password Management
• Think about your passwords, and answer the following
questions:
• How many approximately do you have to remember?
• How do you manage to remember them?
• Do you write them down?
• Could you think of a system for remembering them easily?
How to Always Remember All Your
Passwords
• Group your passwords into categories (personal, work, etc.)
• Choose a pertinent catchphrase to remember each category –
you are required to remember these catchphrases without
having to write them down
• Then, decide on rules how to derive a code from the
catchphrase (Example: 2Brn2B, wnttbrkfr)
• Finally, devise a scheme to derive individual passwords from
the catchphrases, for each service/account
• Can use service/account name as additional input
• Or username information
• Examples:
• pwd = code || service name
• pwd = md5(code || service name) for the geeks!
Discussion
• strong passwords are important, but...
• ... perhaps they distract from other issues
• they are not a magic silver-bullet
• they do not help against online attacks
• it is difficult to administer many passwords