CS 513 - System Security
Lecture 14

Lecturer: Professor Fred B. Schneider
Notes by: Vicky Weissman
Lecture Date: 3/14/00

Today's Topics

Human Authentication

Definitions:
Authentication is the process of identifying a principal.
Human authentication is the process of identifying a person.

Challenges:
Human authentication is complicated by a person's inability to remember or calculate with the speed or reliability of most machines.

Approaches:
Authenticating a person is typically based on something that the person knows (ex. password), has (ex. credit card), or is (ex. fingerprint).

Passwords

Password-based authentication is commonly used in today's computer systems. Under this protocol, an intruder can impersonate any user by supplying that user's password. Therefore, the security of the system relies on the secrecy of the passwords.

Ways to Discover Passwords:
  • eavesdropping
    • ex. watch the password being typed by a legitimate user
  • snooping
    • ex: find where the password has been written down
  • guessing
    • There are 2 main types of guessing attacks, on-line and off-line.
    • On-line attacks use the targeted system to verify guesses.
      • General Defense: make guessing expensive
      • Specific Defenses:
        • require that passwords are entered at the keyboard, rather than over the network.
        • lock-out after 3 wrong guesses. This approach exposes the system to a denial of service attack in which the attacker blocks a user by claiming to be that user and then giving a wrong password 3 times.
    • Off-line attacks do not use the targeted system to verify guesses.
      Attack strategies and corresponding defenses are given below.
      • Defense 0: system maintains a password file that contains user-password pairs in plaintext.
      • Attack 1: gain access to the password file (or to a back-up of the file)
      • Defense 1: instead of storing passwords, store a hash of each password
      • Attack 2 (aka Dictionary Attack):
        • gain access to the password file
        • hash common passwords (such as every word in the dictionary)
        • compare the result with the entries in the password file
      • Defense 2:
        • associate with each user a bit sequence (called salt) that is kept in plaintext in the password file.
        • combine the user's password and salt.
        • store the hash of the combination.
          This defense doesn't affect an attacker trying to gain access to a particular password, since the attacker will simply hash every word in the dictionary with the particular user's salt. The defense will, however, deter an attacker from launching a program that carries a hashed dictionary from machine to machine looking for anyone's password to gain access to the system.
        • additionally, the system can require that passwords are not easily guessed (ex. passwords cannot be in the dictionary.)
      • Attack 3: do a dictionary attack in which the password is guessed, combined with every possible salt, hashed, and then compared to the entries in the password file. This attack requires more computations than attack 2, but is becoming more viable as technology improves.
  • impersonating system
    • General Strategy: trick user into authenticating himself to the attacker
    • Example: attacker creates a program that displays a login screen, asking for username and password. If the user enters his password, then the program emails the password to the attacker and sends the information to the real security program to start the user's session.
    • Defense: Build a trusted path between the keyboard and the security kernel. For the example above, the system could set aside a key or a key sequence that, when pressed, causes an interrupt to occur. The interrupt will invoke the system's security. This defense assumes the operating system has not been compromised.

    To choose a password-based authentication scheme, compromises must be made between what is convenient for the user and what is difficult to attack. Users prefer to learn a single password, but frequent password changes limit the damage from a successful attack. The length of passwords is also a compromise, because short passwords are vulnerable to random guessing and long passwords are likely to be written down and are therefore vulnerable to snooping. Passwords that are hard to guess, are typically hard to remember.

    Note: Guessing a random password with today's machines is intractable for passwords of approx. 20 characters. If, however, the characters are similar to English text rather than being random, approx. 50 characters are needed.