MODULE II :User Authentication and Access Control

User Authentication: means of authentication - Password based Authentication - Password

attack strategies and countermeasures - hashed passwords - password cracking - user
password choices - password File access control - password selection.
Authentication Methods: Token based authentication -Biometric Authentication - physical
characteristics in biometric applications - operation – accuracy - Remote User Authentication -
security issues
Access control: Principles – Relationship among other security functions - access control
policies - access control requirements - basic elements of Access control: subject, object and
Access right - UNIX File Access Control

User authentication
The process of verifying an identity claimed by or for a system entity. An authentication
process consists of two steps
- Identification step–presenting an identifier to the security system.
- Verification step–presenting or generating authentication information that confirms
the binding between the entity and theidentifier.
A typical item of authentication information associated with this user ID is a
password,which is kept secret
Means of Authentication
There are four general means of authenticating a user’s identity, which canbe used alone or
in combination:
• Something the individual knows:Examples includes a password,a personal
identification number (PIN), or answers to a prearranged set of questions.
• Something the individual possesses:Examples include electronic key cards,smart
cards,and physical keys.This type of authenticator is referred to as a token.
• Something the individual is(static biometrics):Examples include recognition by
fingerprint, retina, and face.
• Something the individual does (dynamic biometrics): Examples include recognition by
voice pattern,hand writing characteristics,and typing rhythm.
Password Based Authentication
A widely used system in which the user should provide not only an ID butalso a password.
The system compares the password to a previously stored password for that userID,
maintained in a passwordfile.
The ID provides security in the following gways:
• The ID determines whether the user is authorized to gain access to asystem.
• The ID determines the privileges accorded to the user. A few users may have supervisory
or “superuser” status that enables them to read files andperform functions that are
especially protected by the operating system..
• The ID is used in what is referred to as discretionary access control. For example,by
listing the ID of other users,a user may grant permission to them to read files owned
bythat user.

Password attack strategies and countermeasures:

 - Offline dictionary attack–the attacker obtains the system password file and
compares the password against commonly used passwords.Countermeasures
include to prevent unauthorised access to password file, intrusion detection
measures, and rapid reissuanceof passwords
- Specific account attack – attacker targets a specific account and submits password
guesses until the correct password is discovered.Counter measure is an account
with lockout mechanism, which locks out access to the account after a number of
failed attempts.
- Popular password attacks–use popular password and try it against a wide range of
userids.A user’s tendency to use a password is easily remembered and it makes
easy to guess.Countermeasures include policies to cancel the selection of common
passwords
- Password guessing against single user – the attacker attempts togain knowledge
about account holder and system password policies to guess the password. Counter
measures include, improve password policies that makes guessing difficult.
- Workstationhijacking–attacker waits until a logged-in workstation is unattended.
A countermeasure is automatically log out the system after a period of inactivity.
- Exploiting user mistakes – like writing down the system generated password for
remembering, share the password with colleagues etc.Counter measures include user
training,intrusion detection
- Exploiting multiple password use – attacker become much more effective if
different devices share the same or similar passwords.Counter measures include
policy that against the usage of same or similar passwords on particular network
devices.
- Electronic monitoring – if a password is communicated through network, it is
vulnerable to eavesdropping. Simple encryption will not work here.

Hashed passwords
A widely used password security technique is the use of hashed passwords and a salt value.
 To load a new password into the system, the user selects or is assigned a
password.This password is combined with a fixed-length salt value.
 In older implementation this value is related to the time at which the password is
assigned to the user.Newer implementations use a pseudo random or random
number.
 The password and salt serve as inputs to a hashing algorithm to produce a fixed -
length hashcode
 The hashed password is then stored, together with a plaintext copy of the salt, in the
password file for the corresponding userID.
 The hashed password method has been shown to be secure agains ta variety of
cryptanalytic attacks.
 Salt value prevents duplicate passwords from being visible in the password file.Even
if two users choose the same password,those passwords will be assigned different
saltv alues.Hence ,the hashed passwords of the two users will differ.
 Password cracking
Traditionalapproaches:-
- Passwordguessing
Password guessing is the process of attempting to gain access to a system through the
systematic guessing of passwords
- Password cracking
• Password cracking
It is the process of using an application program to identify an unknown or forgotten password to a
computer or network resource. It can also be used to help an attacker to obtain unauthorized access to
resources.
-
Modernapproaches
 - SQLinjection-SQL injection is a web security vulnerability that allows an attacker to interfere
with the queries that an application makes to its database.
Solutions are
- Complexpasswordpolicy-A password policy is a set of rules designed to enhance computer
security by encouraging users to employ strong passwords and use them properly.
- Processingcapacityincreased
- Sophisticatedalgorithms togeneratepasswords

Password File AccessControl

One way to stop a password attack is to deny the opponent access to the password file.
Special attention is need to make the password file protected from unauthorized access.
Although password file protection is compulsory,there remain vulnerabilities:
• Many systems,including most UNIX systems,are susceptible to attacks.A hacker may
able to bypass the access control system to extract the password file. The hacker may find a
weakness in the file system or database management system that allows access to the file.
• An accident of protection might render the password file readable, thus compromising all
the accounts.
• Some of the users have accounts on other machines in other protection domains, and they
use the same password. Thus, if the passwords could beread by anyone on one machine, a
machine in another location might be compromised.
• A lack of or weakness in physical security may provide opportunities for ahacker.
Sometimes there is a backup to the password file on an emergency repair disk . Access to
this backup enables the attacker toread the password file.

Instead of accessing the system password file,another approach to collecting user IDs and
passwords is through sniffing network traffic. Thus,a password protection policy must
complement access control measures with techniques to force users to select passwords
that are difficult to guess.
Password Selection Strategies
Fourbasictechniquesareinuse:
• Usereducation
• Computer-generated passwords
• Reactive password checking
Complex password policy

1.User education
Users must be aware about the importance of using hard-to-guess passwords and can be
provided with guidelines for selecting strong passwords.
2.Computer-generated passwords also have problems. If the passwords are quite random
in nature, users will not be able to remember them. Even if the password is
pronounceable,the user may have difficulty remembering it and so be tempted to write it
down
3.reactive password checking strategy is one in which the system periodically runs its own
password cracker to find guessable passwords.The system cancels any passwords that are
guessed and notifies the user.
4.complex password policy, or proactive password checker.
It is an improvedpasswordsecurity checker. In this scheme, a user is allowed to select their
own password. However, at the time of selection, thesystem checks to see if the password is
allowable and, if not,rejects it. By sufficient guidance from thesystem, users can select
memorable passwords .
Token Based Authentication
Objectsthat a user possesses for the purpose of user authentication are called tokens.

1.MemoryCards
Memory cards can store but not process data.The most common such card is the bank card
with a magnetic stripe on the back. A magnetic stripe canstore only a simple security code,
which can be read by an inexpensive card reader.
For authentication, a user provides both the memory card and some form of password or
personal identification number (PIN). A typical application is an automatic teller machine
(ATM).
potentialdrawbacks arethe following
Requires special reader
Token loss
User dissatisfaction
2.SmartCards
• Physicalcharacteristics:Smart tokens include an embedded microprocessor. A smart
token that looks like a bank card is called a smartcard. Other smart tokens can look like
calculators, keys, or other small portable objects.
• Userinterface:Manual interfaces include a keypad and display for human/token
interaction.
• Electronic interface: A smart card or other token requires an electronic interface to
communicate with a compatible reader/writer. A card may haveoneorboth of the
followingtypes ofinterface:

— Contact: A contact smart card must be inserted into a smart cardreader with a
direct connection to a conductive contact plate on the surfaceof the card (typically gold
plated)..
—Contactless: A contactless card requires only close proximity to a reader.Both the
reader and the card have an antenna,and the two communicate using radio frequencies..
• Authentication protocol: The purpose of a smart token is to provide ameans for user
authentication. We can classify the authentication protocolsusedwith smarttokens
intothreecategories:
— Static: With a static protocol, the user authenticates himself or herself to the
token and then the token authenticates the user to the computer. The latter half of this
protocol is similar to the operation of amemorytoken.
— Dynamic password generator:In this case,the token generates a unique
password periodically (e.g., every minute). This password is thenentered into the computer
system for authentication, either manually by the user or electronically via the token.
 — Challenge-response: In this case, the computer system generates a challenge,
such as a random string of numbers. The smart token generates a response based on the
challenge. For example, public-key cryptographycould be used and the token could encrypt
the challenge string with thetoken’sprivatekey.
Biometric Authentication
A biometric authentication system attempts to authenticate an individualbased on the
physical characteristics. These include static characteristicslike fingerprints, hand geometry,
facial characteristics, and retinal and iris patterns;and dynamic characteristics like voice
printand signature.

Physical Characteristics Used in Biometric Applications

Facial characteristics:Facial characteristics are the most common means of human- to-
human identification,thus it is natural to consider them for identification by computer. The
most common approach is to definecharacteristics based on relative location and shape of
key facial features,such as eyes, eyebrows, nose, lips, and chin shape.
Fingerprints:. A fingerprint is thepattern of ridges and furrows on the surface of the
fingertip. Fingerprints are believed to be unique across the entire human population
Hand geometry: Hand geometry systems identify features of thehand,includingshape,
andlengths andwidthsof fingers.
• Retinal pattern: A retinal biometric system obtains a digital image of the retinal
pattern byprojecting a low-intensity beam of visual or infrared light into the eye.
• Iris:Another unique physical characteristic is the detailed structure of the iris.
• Signature: Each individual has a unique style of handwriting and this is reflected
especially in the signature, which is typically a frequently written sequence.
• Voice: voice patterns are more closely tied to the physical and anatomical
characteristics of the speaker.Nevertheless,there is still a variation from sample to sample
overtime from the same speaker,complicating the biometric recognition task.

Operation of a Biometric Authentication System

 Each individual who is to be included in the database of authorized users must first be
enrolled in the system
 For a biometric system, the user presents a name and,typically, some type of
password or PIN to the system. At the same time thesystem senses some biometric
characteristic of this user
 The system digitizes the input and then extracts a set offeatures that can be stored as
a number or set of numbers representing thisunique biometric characteristic; this set
of numbers is referred to as theuser’stemplate.
 Depending on application,user authentication on a biometric system involves either
verification or identification..For biometric verification, the user enters a PINand
also uses a biometric sensor. The system extracts the correspondingfeature and
compares that to the template stored for this user. If there is amatch,then the
systemauthenticates this user.
 For an identification system, the individual uses the biometric sensor butpresents no
additional information. The system then compares the presented template with these
to stored templates.If there is a match,then this user is identified.Otherwise,the user is
rejected.
BiometricAccuracy
When the user is to be authenticated,the system compares the stored template to the
presented template.Given the complexities of physical characteristics, we cannot expect that
there will be an exact match between the two templates.So,the system uses an algorithm to
generate a matching score (typically a single number) that quantifies the similarity between
the input and the stored template.
security issues of user authentication
The principal attacks on user authetication are :

 Client attack - adversary attempts to achieve user authentication and

rnasquerade as a legitimate user. In a password_based system, the
adversary may attempt to guess the likely user password.
 Host attack-They are directed al the user file in host where passwords,
or biometric templates are stored.
 Eavesdropping - adversary attempt to learn the password by observing
the
 Replay- Repeating a previously captued user response.
 Trojan horse attack - An application or physical device masquerades as
an authentic application or device for the purpose of capturing a user
password or biometric.
 Denial-of-service-This attack attempts to disable a user authentication
service by flooding the service with numerous authentication attempts.
 Access control: Principles – Relationship among other security
functions
Access control implements a security policy that specifies who or what may have access to each
specific system resource and the type of access that is permitted in each instance.

Authentication: Verification that the credentials of a user or other system entity are valid.

Authorization: The granting of a right or permission to a system entity to access a system

resource. This function determines who is trusted for a given purpose.

Audit: An independent review and examination of system records and activities to test for
detect problems in security, and to recommend any changes in control, policy and
procedures.

Access Control Policies

An access control policy explain what types of access are permitted, under what
circumstances, and by whom. Access control policies are generally grouped into the
following categories:
• Discretionary access control (DAC): Controls access based on the identity of the
requestor and on access rules (authorizations) stating what requestors are (or are not)
allowed to do.
• Mandatory access control (MAC):
System-controlled policy restricting access to resource objects (such as data files, devices,
systems, etc.)
• Role-based access control (RBAC): Controls access based on the roles that users have
 within the system and on rules stating what accesses are allowed to users in given roles.
• Attribute-based access control (ABAC): Controls access based on attributes of the user,
the resource to be accessed, and current environmental conditions.

Basic elements of access control

Subject – is an entity capable of accessing objects. The concept of subject equates with
that of process. Any user or application actually gains access to an object by means of a
process that represents that user or application. Basic access control systems typically
define three classes of subject, with different access rights for each class:
• Owner: This may be the creator of a resource, such as a file. For system
resources, ownership may belong to a system administrator. For project resources, a
project administrator or leader may be assigned ownership.
• Group: In addition to the privileges assigned to an owner, a named group of users
may also be granted access rights, such that membership in the group is sufficient to
exercise these access rights. In most schemes, a user may belong to multiple groups.
• World: The least amount of access is granted to users who are able to access the
system but are not included in the categories owner and group for this resource.

Object - is a resource to which access is controlled. In general, an object is an entity

used to contain and/or receive information. Examples include records, blocks, pages,
segments, files, portions of files, directories, mailboxes, messages, and programs.

Access right
Describes the way in which a subject may access an object. Access rights could include
the following:
• Read: User may view information in a system resource (e.g., a file, selected
records in a file, selected fields within a record, or some combination). Read access
includes the ability to copy or print.
• Write: User may add, modify, or delete data in system resource (e.g., files,
records, programs). Write access includes read access.
• Execute: User may execute specified programs.
• Delete: User may delete certain system resources, such as files or records.
• Create: User may create new files, records, or fields.
• Search: User may list the files in a directory or otherwise search the directory.

UNIX file Access Control

- All types of UNIX files are administered by the operating system by means of
inodes. An inode (index node) is a control structure that contains the key
information needed by the operating system for a particular file.
- Several file names may be associated with a single inode, but an active inode is
associated with exactly one file, and each file is controlled by exactly one inode.
- The attributes of the file as well as its permissions and other control information are
stored in the inode.
- On the disk, there is an inode table, or inode list, that contains the inodes of all the
files in the file system. When a file is opened, its inode is brought into main memory
and stored in a memory-resident inode table.
- Directories are structured in a hierarchical tree. Each directory can contain files
 and/or other directories. A directory that is inside another directory is referred to as
a subdirectory.
- A directory is simply a file that contains a list of file names plus pointers to
associated inodes. Thus, associated with each directory is its own inode.
- Associated with each file is a set of 12 protection bits
- Nine of the protection bits specify read, write, and execute permission for the owner
of the file, other members of the group to which this file belongs, and all other
users.
- The remaining three bits define special additional behaviour for files or directories.
- Two of these are the “set user ID” (SetUID) and “set group ID” (SetGID)
permissions.
- When a user executes the file, the system temporarily allocates the rights of the
user’s ID of the file creator, or the file’s group, respectively, to those of the user
executing the file.
- These are known as the “effective user ID” and “effective group ID” and are used in
addition to the “real user ID” and “real group ID” of the executing user when
making access control decisions for this program.
- The final permission bit is the “sticky” bit. When set on a file, this originally
indicated that the system should retain the file contents in memory following
execution.
- It specifies that only the owner of any file in the directory can rename, move, or
delete that file.
•