Chapter 3: Host Security

Authentication
• Authentication is the process of reliably verifying the identity of someone (or something).
• There are lots of examples of authentication in human interaction.
– we recognize each others' faces when we meet.
– we recognize each others' voices on the telephone.
– we are authenticated by the customs official who checks us against the picture on our
passport.
– A guard might authenticate you by comparing you with the picture on your badge.
– A mail order company might accept as authentication the fact that you know the
expiration date on your credit card.
 Creating a good quality password policy

• The security provided by a password system depends on the passwords being kept secret at all times.
Thus, a password is vulnerable to compromise whenever it is used, stored, or even known.
• In a password-based authentication mechanism implemented on a system, passwords are vulnerable to
compromise due to:
– A password must be initially assigned to a user when enrolled on the system.
– A user's password must be changed periodically.
– The system must maintain a “password database”.
– Users must remember their passwords.
– Users must enter their passwords into the system at authentication time.
– Employees may not disclose their passwords to anyone. This includes administrators and IT
managers.
 Creating a good quality password policy

• Password policies can be set depending on the needs of the organization.

– For example, it is possible to specify minimum password length, no
blank passwords, and maximum and minimum password age.
– It is also possible to prevent users from reusing passwords and ensure
that users use specific characters in their passwords making passwords
more difficult to crack.
 Authentication Identification

• Convince the system of your identity.

• Before it can act on your behalf.
• Sometimes also require that the computer verify its identity with the users, based on
three methods:
– what you know (eg., passwords)
– what you have (eg., keycards)
– what you are (eg., biometric information)
• Verification
– Validation of information supplied against a table of possible values based on users
claimed identity.
 Authentication of People
What you Know
• Passwords or Pass-phrases
– prompt user for a login name and password.
– verify identity by checking that password is correct.
– on some (older) systems, password was stored clear.
– either takes a fixed sized input (eg 8 chars).
– important that passwords are selected with care to reduce risk of exhaustive search.
 Authentication of People
• Weakness
– Traditional password scheme is vulnerable to eavesdropping over an insecure network.

• Solutions?
 One-time password (OTP)
– these are passwords used once only.
– future values cannot be predicted from older values.
 Password generation
– either generate a printed list, and keep matching list on system to be accessed.
– or use an algorithm based on a one-way function f.
 Authentication of People

What you Have

• Magnetic Card, Magnetic Key
– possess item with required code value encoded.
• Smart Card or Calculator
– may interact with system.
– may require information from user.
– could be used to actively calculate:
• a time dependent password.
• a one-shot password.
– a challenge-response verification.
 Authentication of People
What you Are
• Verify identity based on your physical characteristics, known as biometrics.
• Characteristics used include:
– Signature
– Fingerprint, hand geometry
– face or body profile
– Speech, retina pattern
• How authentication is done depends on capabilities of entity being authenticated. Two
most important capabilities:
– ability to store a high-quality key.
– ability to perform cryptographic operations.
 Authentication of People
High Quality
 Secret
 Chosen from large space
 Computationally infeasible to guess
Computer vs. Person
 Computer has both.
 Person has neither.
 Authentication of People

Who is Being Authenticated?

• Humans:
– Short, memorable key.

• Computers:
– (Long) high-quality secret
– Hidden key (encrypted by password)
 Types of Authentication

1. Password-based authentication
– Authenticating oneself by showing a secret password to the remote peer (and to the network).
– Always vulnerable to eavesdropping attack.
– Usually protection: limit frequency of incorrect password entries.
2. Address-based authentication
– Authenticating oneself by using a physically-secured terminal/computer.
– Conceptually similar to password-based authentication.
3. Cryptography-based authentication
– authenticating oneself by showing evidence of a secret key to the remote peer (and to the
network) but without exposing the secret to the peer (or to the network).
– Note: secret key can be obtained from a password.
 Password Based Authentication
Passwords
 an old idea.
 military uses.
 everybody knows password of day.
Password Based Authentication
 in password based authentication we have a secret quantity.
 you have to state it to prove you know it.
 has a number of problems.
Problems with Passwords
 Eavesdropping
 On-line guessing of password
 Off-line cracking
 Security of password file
 Problems with Passwords

1. Eavesdropping
• passwords must be uttered to be used.
• most people don't watch.
• but they are not the people you are worried about.
• wiretapping is a more sophisticated problem.
• if the password is sent from across a network then eavesdropping is possible.
• for example, a traditional telnet connection is unsecured – no cryptography. so
an attacker who can eavesdrop, eg., on the port in use, simply gets to see the
password.
 Problems with Passwords

2. Trojan Horses
• A Trojan horse is a useful, or apparently useful, program, which
also performs unwanted/harmful functions.
• If a user can be induced to run a trojan horse which mimics the
log in program then the Trojan can capture the user’s password.
• The password can then be sent to the author of the trojan.
 Problems with Passwords
3. On-Line Guessing
• I can impersonate you if I can guess your password.
• Some systems enforce easily guessable passwords (not really a good idea,
but some do it – would be better to disallow).
• Some people use easily guessable passwords.
• With enough guesses even obscure passwords can be guessed.
• Executing users who get their password wrong would probably be
unacceptable.
• Can make sure that guesses have to be typed.
 Problems with Passwords

4. Locking Accounts
• can lock accounts after too many failed attempts.
• but then easy for someone to deny access.
• can cut-off connection after a number of failed attempts and
require it to be reestablished.
• can have system response be very slow.
 Problems with Passwords
5. Off Line Password Guessing
• passwords more vulnerable if off-line guessing possible.
• off line attack - an intruder captures a quantity that is derived from password.
• attacker then takes their time trying to compute password.

Problems
• humans usually are not willing to remember 64 bits.
 Problems with Passwords
Memorable Passwords
• if the password was pronounceable, rather then fully random.
• can get enough randomness in 16 characters.
• humans won't remember those either.
User Chosen
• humans choose poor passwords.
• to be proof against off-line attacks passwords need to be ~32 characters
long.
• humans certainly won't remember those.
Conclusion
• passwords will be vulnerable to off-line guessing.
 Password Based Authentication
Alternatives
• One-time passwords.
• But then occasionally need new list.
• A set of passwords.
• Use only some at each login, on a challenge-response basis.
• Eavesdropper has to listen many times.
Password Files
• If password file disclosed all passwords vulnerable.
• Attacker usually wants any password, not a particular one.
• Can use dictionary to attempt to crack some passwords.
• Password files must be at least as well protected as anything else.
 Password Based Authentication

Other Problems with Passwords

• users will give passwords to others.
• will write them down.
• put them in programs.
• will forget them.

Multiple Uses
• users may have multiple accounts.
• may use same passwords for all.
• easier to remember.
• break one, break into all.
 Password Based Authentication
In Person
• Turn up to administrator's terminal.
• Authenticate using documents.
• Type in password.
• Inconvenient.
• Gives access to sensitive terminal.
Administrator Chosen
• Administrator chooses good password
• Gives it to user
• Instructs them to change it immediately
Pre-Expired
• As before, but password already expired.
• Must be changed immediately.
 Password Based Authentication
Storing User Passwords
• How does a server know Alice‘s password?
– Alice's authentication information is individually configured into every server.
– One location stores Alice's information and servers retrieve it when needed.
– One location stores Alice's information and servers which want to authenticate Alice send Alice's
information to the location which replies yes or no.
• For the last two the server must be certain of the identity of the node which stores the authentication
information.
Authentication Database
• such a database must be secure.
• can encrypt passwords.
• or hashes of the passwords.
• if the key for that node is broken, the whole database will be vulnerable.
 Authentication
Why Use Passwords?
• Given that cryptographic authentication is more secure, why use password based
authentication at all?.
• Having dumb terminals.
• Using a protocol designed without cryptography.
• Perhaps protocol would be too expensive if cryptography used.
 Password Based Authentication
Example
• Early cellular phones transmitted the telephone number of the
phone and a password when making a call.
• If the password corresponds to the telephone number, call is
allowed.
• Very easy to eavesdrop and clone phone.
• A challenge response protocol would have been better.
 Address-Based Authentication

• Does not rely on sending passwords.

• Assumes identity of source can be determined from network address at
which packets originate.
• Each node notes which accounts on other nodes should have access to its
resources.
Implementation
• Node B holds a list of network addresses of equivalent machine.
• If node A is listed, then any account on A is equivalent to the same account
name on B (or)
• Node B might instead have a list address, remote account name, local
account name.
• Request from remote account on remote machine is equivalent to same
request coming from local account.
 Security Considerations

Security Considerations
• If someone subverts a node, can access resources on other machines open to
accounts on the subverted node.
• Of course, attacker needs to know what possibilities exist.
• However, access is usually complementary, so only needs to examine database
on subverted node.
• If attacker may be able to forge messages so that they appear to be from other
nodes.
• Attacker can then access resources reserved for users from those nodes.
 Authentication Tokens

Authentication Tokens
• What you have.
• Subject to theft.
• Generally used either with passwords or biometric checks.
Examples
• keys (car, house).
• credit cards.
Magnetic Strips
• Hold information.
• Not trivial to counterfeit.
 Biometric
Disadvantages
• Requires custom hardware.
• Can be lost, stolen, damaged or destroyed.
• Require override when card misplaced.
• As vulnerable as password to eavesdropping.
Smart Card
• Same size as credit card.
• Embedded CPU and memory.
• Insert in smart card reader.
• Reader and card carry on conversation.

• With magnetic strip simply dump information.

 Biometric
PIN Protected Memory Card
• Information in memory of card.
• Only read after PIN input.
• Card locks after some number of wrong guesses.
• More secure then magnetic strip.
Cryptographic Challenge/Response Card
• Cryptographic key held in card memory.
• Card will encrypt or decrypt using key.
• Will not reveal key, even after PIN entered.
Challenge/Response
• Computer that knows key can authenticate.
• Picks random.
• Challenges card to encrypt or decrypt.
• Cards unreadable for most practical purposes.
• Offer protection against eavesdropping.
 Biometric
Problems
• Need special devices.
• Cards can be lost or stolen.
Cryptographic Calculator
• Also called reader less smart card.
• Performs cryptographic calculations.
• Uses a key it will not disclose.
• Needs no reader.
• Has a display and keyboard.
• All interaction through user.
• Popular for remote access to networks.
 Biometric
Physical Access
• Provide authentication via human guards.
• System authentication distinguishes legitimate users. eg., bank tellers.
• Location can be part of authentication process.
• Rights granted depend on location.

Biometrics
• what you are.
• measure physical characteristics.
• hard to loan or steal.
 Biometric
Examples
• retinal scanner
• fingerprint scanner
• handprint reader
• Voiceprints
• keystroke timing
• Signatures
Problems
• Hard to keep biometric quantities secret.
• Reader needs tamper-resistant secret.
Thank You