Copyright © 2011. Wiley Textbooks. All rights reserved.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
Copyright © 2011. Wiley Textbooks. All rights reserved.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
 4.2 BOOTSTRAPPING PASSWORD PROTECTION 51

examine the actual security of authentication by passwords. First, a password has to be

set for the user account; otherwise the attacker can enter unchecked. The attacker may

• intercept the password at the time a new user account is created,

• try to guess the password,
• get the password from the user through phishing or spoofing, or by keyloggers,
• get the password from the system by compromising the password file or by social
engineering.

When looking for defences, do not forget the user’s role in password protection.

4.2 B O O T S T R A P P I N G P A S S W O R D
PROTECTION
Passwords are meant to be secrets shared between the user and the system authenticating
the user. So, how do you bootstrap a system so that the password ends up in the right
places, but nowhere else? In an enterprise, users could be asked to come to an office and
collect their password personally. If this is not feasible, the password could be conveyed
by mail, email, or phone, or entered by the user on a web page. You now have to
consider who might intercept the message and, most importantly, who might actually
pick it up. For example, a letter containing the password for an online bank account
might be stolen or an impersonator may phone in asking for another user’s password.
How do you authenticate a remote user when the user has not got a password yet? To
address these issues:

• do not give the password to the caller but call back an authorized phone number from
your files, e.g. from an internal company address book;
• call back someone else, e.g. the caller’s manager or local security officer;

• send passwords that are valid only for a single login request so that the user has
to change immediately to a new password (intercepting the first password is thus of
limited value);
• send mail by courier with personal delivery;
Copyright © 2011. Wiley Textbooks. All rights reserved.

• request confirmation on a different channel to activate the user account, e.g. enter the
password on a web page and send confirmation by SMS (phone).

When setting up a new user account you might tolerate some delay in getting your pass-
word. When you are in the middle of an important task and just realize that you have
forgotten your password you need an instant remedy. The procedures for resetting a pass-
word are pretty much the same as those mentioned above, but now an organization has to
staff a hot desk at all times requests may come in. In global organizations such a hot desk
has to be available round the clock. Proper security training has to be given to personnel
at the hot desk. Thus, password support can become a non-negligible cost factor.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
Copyright © 2011. Wiley Textbooks. All rights reserved.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
 4.3 GUESSING PASSWORDS 53

How can the system further help to improve password security?

• Password checkers: as a system manager, you can use tools that check passwords
against some dictionary of ‘weak’ passwords and prevent users from choosing such
passwords. This imitates – and pre-empts – dictionary attacks against the system.
• Password generation: some operating systems include password generators producing
random but pronounceable passwords. Users are not allowed to pick their own
password but have to adopt a password proposed by the system.
• Password ageing: an expiry date for passwords is set, forcing users to change passwords
at regular intervals. There may be additional mechanisms to prevent users from
choosing previous passwords, e.g. a list of the last ten passwords used. Still, determined
users will be able to revert to their favourite password by making a sufficient number
of changes until their old password is accepted again.
• Limit login attempts: the system monitors unsuccessful login attempts and reacts by
locking the user account completely or at least for a certain period of time to prevent
or discourage further attempts. The time the account is locked could be increased in
proportion to the number of failed attempts.

Given what has just been said, it would seem that security is highest if users must
have long passwords, mixing upper and lower case characters and numerical symbols,
probably generated for them by the system, and changed repeatedly. Will this approach
really work? Will you get the desired security in practice?

Users are unlikely to memorize long and complicated passwords. Such passwords will be
written down on a piece of paper kept close to the computer, where it is most useful both
for the legitimate user and a potential intruder. It is a standard step in security reviews to
look out for passwords on notes posted on computer terminals. Similar considerations
apply when passwords are changed very frequently. Users finding it difficult to comply
with the rigour of such a password management scheme may be tempted to use passwords
that can be more easily memorized, and therefore more easily guessed. They may revert
quickly to their favourite password or make simple and predictable changes to this
password. If you have to change the password every month, just add the month (two
Copyright © 2011. Wiley Textbooks. All rights reserved.

digits, from 1 to 12, or three characters from JAN to DEC, the choice is yours) to your
chosen password and you have passwords that you can remember. Of course, an attacker
who has found one of those passwords gets a good idea what to expect next.

Experience shows that people are best at memorizing passwords they use regularly.
Hence, passwords work reasonably well in situations where they are entered quite
frequently, but not with systems used only occasionally. When changing your password,

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
Copyright © 2011. Wiley Textbooks. All rights reserved.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
 4.4 PHISHING, SPOOFING, AND SOCIAL ENGINEERING 55

user should press such a secure attention key when starting a session, even when the
logon screen is already displayed.
• Mutual authentication: if users require stronger guarantees about the identity of the
system they are communicating with, e.g. in a distributed system, the system could be
required to authenticate itself to the user.

Phishing attacks ask users for their password (or other sensitive data) under some false
pretence. For example, the message could claim to come from a service you are using, tell
you about an upgrade of the security procedures, and ask you to enter your username
and password at the new security site that will offer you stronger protection1 . Users
should take care to enter their passwords only at the ‘right’ site, but in practice it is not
always easy to recognize the right site.

The attacker may impersonate a user and trick a system operator into releasing the
password to the attacker. Such social engineering attacks are more successful when they
better understand the psyche of the target [172]. Is this a person that can be bullied? Is
this a person that is very supportive of struggling users?

4.4.1 Password Caching

Beyond spoofing attacks, an intruder may have other ways of ‘finding’ a password.
Our description of login has been quite abstract. The password travels directly from
the user to the password checking routine. In reality, it will be held temporarily
in intermediate storage locations such as buffers, caches, or even a web page. The
management of these storage locations is normally beyond the control of the user and a
password may be kept longer than the user expects.

This issue is illustrated nicely by a problem encountered by the developers of an early

web-based on-line banking service [12]. Web browsers cache information to enable users
to scroll back to pages they have recently visited. To use the on-line banking service,
you enter your password on a web page. You conduct your business, close the banking
application, but do not terminate the browser session. The next user on the terminal can
scroll back to the page with your password and log on as you.
Copyright © 2011. Wiley Textbooks. All rights reserved.

As a precaution, it was recommended to exit the browser after the banking transac-
tion. Note that users are now asked to participate in a memory management activity
they would otherwise not be involved in. This is another instance of object reuse
(Section 3.5).

1 In 2009, criminals succeeded with such an attack in getting access to the Emissions Trading Registry and trade

in emission rights.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
Copyright © 2011. Wiley Textbooks. All rights reserved.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
 4.5 PROTECTING THE PASSWORD FILE 57

The password file could now be left world-readable but for off-line dictionary attacks.
In a dictionary attack, the attacker hashes all words in a dictionary and compares the
results against the hashed entries in the password file. If a match is found, the attacker
knows that user’s password. One-way functions can be chosen to slow down dictionary
attacks. This consideration has governed the choice of the one-way function crypt(3) used
in Unix systems, which repeats a slightly modified DES encryption algorithm 25 times,
using the all-zero block as start value and the password as key [173]. Of course, there is a
slight performance penalty for legitimate users at login, but if you optimize the one-way
function for speed you also improve the performance of dictionary attacks.

Access control mechanisms in the operating system restrict access to files and other
resources to users holding the appropriate privileges. Only privileged users may have
write access to the password file. Otherwise, an attacker could get access to the data of
other users simply by changing their password, even if it is protected by cryptographic
means. If read access is restricted to privileged users, passwords in theory could be
stored unencrypted. If the password file contains information that is also required by
unprivileged users, then the password file must contain encrypted passwords. However,
such a file can still be used in dictionary attacks. A typical example is /etc/passwd in Unix.
Therefore, many versions of Unix store enciphered passwords in a file that is not publicly
accessible. Such files are called shadow password files.

A weak form of read protection is provided by proprietary storage formats. For

example, Windows NT did store encrypted passwords in a proprietary binary format.
An unsophisticated user will be defeated but a determined attacker will obtain or deduce
the information necessary to be able to detect the location of security-relevant data. On
its own ‘security by obscurity’ is not very strong, but it can add to other mechanisms
such as password encryption.

There is, however, the danger that a successful breach of such a peripheral defence may
be blown out of all proportion. In early 1997, there was a flurry of claims that Windows
NT password security had been broken. Sounds really serious, doesn’t it? The actual
fact behind these stories was the announcement of a program that converted encrypted
passwords from binary format to a more readable presentation. Not a big deal after all
Copyright © 2011. Wiley Textbooks. All rights reserved.

the excitement.

If you are worried about dictionary attacks but cannot hide the password file, you
may consider password salting. When a password is encrypted for storage additional
information, the salt, is appended to the password before encryption. The salt is then
stored with the encrypted password. If two users have the same password, they will
therefore have different entries in the file of encrypted passwords. Salting slows down
dictionary attacks as it is no longer possible to search for the passwords of several users
simultaneously.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
Copyright © 2011. Wiley Textbooks. All rights reserved.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
Copyright © 2011. Wiley Textbooks. All rights reserved.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
 60 4 IDENTIFICATION AND AUTHENTICATION

even the combination of mechanisms can totally prevent a fraudster from obtaining the
information necessary to impersonate a legitimate user, nor does it stop a user from
passing on that information voluntarily.

Who you are

Biometric schemes that use unique physical characteristics (traits, features) of a person
such as face, fingerprints, iris patterns [77], hand geometry, or possibly even DNA at
some time in the future, may seem to offer the ultimate solution for authenticating a
person. Biometric schemes are used for two purposes:

• identification – a 1:n comparison that tries to identify the user from a database of
n persons;
• verification – a 1:1 comparison that checks whether there is a match for a given user.

We will use fingerprints as an example to sketch how biometric authentication works.

The pattern of ridges in a fingerprint serves as the unique characteristic. First, samples of
the user’s fingerprint are collected. A sample is an analog or digital representation of a
biometric characteristic. Biometric features are then extracted from the samples and
stored as reference templates. The features used by a typical fingerprint recognition
system are so-called minutiae, i.e. positions where ridges end, positions where ridges
bifurcate, positions where ridges form a triangle, and the like.

For greater accuracy, several templates may be recorded, possibly for more than one
finger. These templates are stored in a secure database. This process is called enrolment.
The failure-to-enrol rate (FER) gives the frequency with which the system fails to enrol a
user, e.g. because the skin on the fingers is so worn down that no good quality templates
can be obtained.

When the user logs on, a new reading of the fingerprint is taken and compared against
the reference template. Authentication by password gives a clear reject or accept at
each authentication attempt. In contrast, with biometrics the stored reference template
will hardly ever match precisely the template derived from the current measurements.
A matching algorithm measures the similarity between reference template and current
Copyright © 2011. Wiley Textbooks. All rights reserved.

template. The user is accepted if the similarity is above a predefined threshold. Thus,
we have to face up to new problems, false positives and false negatives. Accepting the
wrong user (false positive) is clearly a security problem. Rejecting a legitimate user (false
negative) creates embarrassment and potential availability problems.

Technology analysis of a biometric scheme is based on (given) databases of biometric

samples. This analysis measures the performance of the algorithms extracting and
comparing biometric characteristics. By setting the threshold for the matching algorithm,

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
 4.7 ALTERNATIVE APPROACHES 61

we can trade off a lower false match rate (FMR),

number of successful false matches
FMR = ,
number of attempted false matches
against a higher false non-match rate (FNMR),
number of rejected genuine matches
FNMR = ,
number of attempted genuine matches
or vice versa (Figure 4.1). Designers of biometric authentication systems have to find
the right balance between those two errors. It depends very much on the application
where this balance will be found. The equal error rate (EER) is given by the threshold
value where FMR and FNMR are equal. Currently, the best state-of-the-art fingerprint
recognition schemes have an EER of about 1–2%. Iris pattern recognition has a
superior performance.

FMR FNMR
60%
50%
40%
30%
20%
10%
0%
0 threshold 1

Figure 4.1: Typical Values of FMR and FNMR as a Function of Matching Threshold

Scenario analysis records error rates in actual field trials. It also measures the performance
of the fingerprint reader (hardware and software) capturing templates at login time.
The failure-to-capture rate (FTC) gives the frequency of failing to capture a sample; the
failure-to-extract rate (FTX) gives the frequency of failing to extract a feature from a
sample. The failure-to-acquire rate (FTA) gives the frequency of failing to acquire
Copyright © 2011. Wiley Textbooks. All rights reserved.

a biometric feature:
FTA = FTC + FTX · (1 − FTC).

The false accept rate (FAR) for the entire biometric scheme is then
FAR = FMR · (1 − FTA),

the false reject rate (FRR),

FRR = FTA + FNMR · (1 − FTA),

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.
 62 4 IDENTIFICATION AND AUTHENTICATION

and the false positive identification rate (FPIR) for a database with n persons

FPIR = (1 − FTA) · (1 − (1 − FMR)n ).

Next, the problem of ‘forged’ fingers must be considered. Fingerprints, and biometric
traits in general, may be unique but they are not secrets. You leave your fingerprints
in many places and it has been demonstrated in the past that it is not too difficult to
construct rubber fingers that defeat most commercial fingerprint recognition systems
[226, 161]. If biometric authentication takes place in the presence of security personnel
this might be a minor issue. However, when authenticating remote users additional
precautions have to be taken to counteract this type of fraud.

Overall, the industry is just gaining experience with large-scale deployment of biometric
schemes. It remains to be seen whether results from experiments conducted in controlled
environments are a good indicator of practical performance.

There is a final issue. Will users accept such a mechanism? They may feel that they are
treated like criminals if their fingerprints are taken. They may not like the idea of a laser
beam scanning their retina.

What you do
People perform some mechanical tasks in a way that is both repeatable and specific
to the individual. Hand-written signatures have long been used in banking to confirm
the identity of users when signing cheques and credit card payment slips. Forgeries are
relatively easy to perpetrate for skilled criminals. For greater security, users could sign
on a special pad that measures attributes like writing speed and writing pressure. On a
keyboard, typing speed and intervals between key strokes are being used to authenticate
individual users. As before, the authentication system has to be set up so that false
positives and false negatives are reduced to levels acceptable for the intended application.

Where you are

When you log on, the system may also take into account where you are. Some operating
Copyright © 2011. Wiley Textbooks. All rights reserved.

systems already do so and grant access only if you log on from a certain terminal. For
example, a system manager may only log on from an operator console but not from an
arbitrary user terminal. Similarly, as a user you may be only allowed to log on from the
workstation in your office. Decisions of this kind will be even more frequent in mobile
and distributed computing. If the precise geographical location has to be established
during authentication, a system may use the services of the Global Positioning System
(GPS). Identifying the location of a user when a login request is made may also help to
resolve later disputes about the true identity of that user.

Gollmann, Dieter. Computer Security, Wiley Textbooks, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/londonww/detail.action?docID=819182.
Created from londonww on 2025-02-07 15:14:22.