CS-630: Cyyyber and Network Security Lecture # 6: Digital Signatures and Authentication PPfDrof. Dr. SSfiufian HHdameed Department of Computer Science FAST-NUCES FAST-NUCES Authentication FAST-NUCES Overview y Authentication y Passwords y Secure ID y Google 2 -step Authentication y Access Control FAST-NUCES Authentication y Authentication = binding of an identity to a subject y Confirmation of identity by ... y Knowledge factors = what the entity knows y Ownership factors = what the entity has y Human factors = what the entity is y Location factors = where the entity is FAST-NUCES Example y LLoginogin to a cocomputermputer y Authentication by knowledge (password) y Online debit cards y AthtitiAuthentication by b ownership (car d) an d knowledge (PIN) y Offline debit cards y Authentication by ownership (card) and human factor (signature) FAST-NUCES Multi-Factor Authentication y Authentication using multiple factors y Example: Scene from the movie “Mission Impossible” Ethan Hunt needs to 1. use a sto len chi p card ( ownershi p f act or) 2. forge a fingerprint (human factor) 3. enter the terminal room (location factor) 4. enter a password (knowledge factor) FAST-NUCES Passwords y Password = information confirming the identity of an entity y Knowledge of a secret word , phrase or number y Often combination with (a)symmetric cryptography y e.g. password is mapped to key of symmetric cipher y e.g. passwordttitkfblid protects private key of public-klithkey algorithm y Passwords are just great. Wait, it’s not that easy FAST-NUCES Problems with Passwords y Password snooping y Eavesdropping of passwords in network traffic y Retrieval of passwords from hosts (e.g. via malware) y Password guessing (online) or cracking (offline) y Dictionary attacks = guessing using dictionary of words y Brute-force attacks = guessing using all possible strings y Human deficiencies y Weak and often re-used passwords FAST-NUCES Passwords Storage y Passwords should never be stored in clear y Application of cryptographic one -way functions y Only encoded (hashed) passwords are stored y Sony data breach revealed clear text password. y Why twitter auto-reset the passwords recently ? y Example: $ stored_ pw = hash($password); y Simple to validate: hash($input) == $stored_pw? y Hard to deduce password from strong hash functions y Efficient cracking of stored passwords still possible y Brute-force or dictionary attack using hashed strings FAST-NUCES Salted Passwords y Encoding of password with random string (salt) y Example: $ storedstored_pw pw = hash($password+$salt); y Salt value stored along with hashed password y Cracking of stored passwords more expensive y Same pppassword maps to different hash values y Without salt: cracking depends on # words y With salt: cracking depends on (# words × # salts) y Security depends on quality of password, hash and salt FAST-NUCES Example: Unix Password y User credentials stored in two separate databases y /etc/passwd Basic user information (publicly readable) y /etc/shadow Salt and hashed passwords (protected) FAST-NUCES Good Password? y Testing for insecure passwords is very easy y A normal core i3 laptop can test 21 million MD5 hashs per hour y Passwords should be very hard to guess y No dictionary words, names, dates and patterns y Simpp(gg)le transformations (e.g. reversing) not sufficient y Minimum length and diversity of passwords y Study by Klein from 1989 y 21% of 13,797 passwords cracked within one week FAST-NUCES Selection of Passwords y What about these? Hmh40hcr. and DB:L,I4yF! y Trick: first letters of memorable phrase y “He made him an offer he can't refuse .” = Hmh40hcr. y “Darth Vader: Luke, I am your father!” = DB:L,I4yF! y Trick: interweave words of memorable phrase y “My kingdo m f or a h or se!” = KiHoo;NgSer;NgSe y Avoidance of too common phrases y 2bon2b found in 4 out of 30 million passwords FAST-NUCES One-time Passwords y Security of passwords “weakens” over time y Password aging = enforced changing of passwords y One-time passwords = passwords used exactly once y Example: S/Key Algorithm y User chooses initial key K1 y Recursive hashing: H(K1) = K2, H(K2) = K3,... H(Kn-1) = Kn y One-time passwords: P1 = Kn, P2 = Kn-1, ... Pn = K1 y Hard to deduce next password Pi from previous Pi-1 FAST-NUCES Example: RSA SecureID y Security system using two-factor authentication y Factors: knowledge (password) and ownership (device) y Device generates authentication code every 60 seconds y Auth en ticat io n us ing password and cu rrent code y Code Generation y Device initialized for each user with seed (random number) y Code computed from seed and current time (~one-time password) FAST-NUCES Examppgle: Google 2-Step Verification y Security system by Google similar to SecurID y Factors: knowledge (password) and ownership (phone) y Authentication code computed on mobile phone y Login at Google requires password and current code https://blog.duosecurity .com/2013/02/bypassing -googles-two-factor-authentication/ FAST-NUCES Challenge-Reponse y Generic protocol scheme for authentication y System and user share a secret function F y Advantages over naive authentication methods y Secret, e.g. password, is never transmitted in cleartext y Replay attacks against authentication not possible FAST-NUCES Challenge-Respp(onse (con’t) y Secret function often parameterized by password y F = H(M + P) hash function H and password P y F = EP(M) encryption function E and password P y Hard to deduce P if F is c ryptog r aphi cally st ro ng y Several methods related to challenge-response scheme y One-time passwords y = challenge (index of password); response (password) y SecurID / Google 2-step y = challenge (current time); response (authentication code) FAST-NUCES Example: WPA2 (A Short Excursion) FAST-NUCES Wireless Networks y IhInheren t secur ity pro blems w ithiith wire less net work s y Communication over shared medium (air) y No physical access control and protection y Need for additional security measures (WEP, WPA, ...) FAST-NUCES A Closer Look at Attacks y Common attacks types Countermeasures y Masquerading and spoofing չ Au thentication y Eavesdropping of communication չ Encryption y Tampering of messages չ Integrity checks FAST-NUCES A Closer Look at Attacks y Common attacks types Countermeasures y Masquerading and spoofing չ Au thentication y Eavesdropping of communication չ Encryption y Tampering of messages չ Integrity checks FAST-NUCES A Closer Look at Attacks y Common attacks types Countermeasures y Masquerading and spoofing չ Au thentication y Eavesdropping of communication չ Encryption y Tampering of messages չ Integrity checks FAST-NUCES A Closer Look at Attacks y Common attacks types Countermeasures y Masquerading and spoofing չ Au thentication y Eavesdropping of communication չ Encryption y Tampering of messages չ Integrity checks FAST-NUCES 802.11 and Security TKIP = Temporal Key Integrity Protocol AES-CCMP = Counter Cippggher Mode with Block Chaining Message Authentication Code Protocol FAST-NUCES WPA2 Authentication y Two different modes for authentication in WPA2 1. Personal:Pre: Pre-shared keys (PSK) (aka “passwords”) 2. Enterprise: 802.1x with Extensible Authentication Protocol FAST-NUCES WPA2 Authentication y Two different modes for authentication in WPA2 1. Personal:Pre: Pre-shared keys (PSK) (aka “passwords”) 2. Enterprise: 802.1x with Extensible Authentication Protocol FAST-NUCES WPA2 Authentication y Two different modes for authentication in WPA2 1. Personal:Pre: Pre-shared keys (PSK) (aka “passwords”) 2. Enterprise: 802.1x with Extensible Authentication Protocol FAST-NUCES WPA2 Encryption y Partitioning of each message in blocks y Encryption of each message block in counter mode y Advanced Encryption Standard (AES) using key KE FAST-NUCES WPA2 Integgyrity Check y Chaining of cipher blocks to a keyed hash value y Message Integrity Code (MIC) using key KI y MIC appended to message prior to encryption FAST-NUCES How secure is WPA2? y Attacks against WPA2 y (Almost) no attacks against cryptographic protocol y Best attack strategy so far: brute-force attacks y Target fo r pote n tia l attac ks: Co mp le xity o f p rotoco l y WPA2 security in practice y Strength of passphrase in personal mode y Strenggppth of authentication protocol in enterprise mode FAST-NUCES Access Control FAST-NUCES Access Control y Authorization and access control y Control of what a subject is allowed to do y Management of permissions and capabilities y Often tight coupling with authentication y Examples y Execution of programs, reading of files, ... FAST-NUCES Access Control Matrix y Classic and simple representation for access control y Mapping from subjects and objects to permissions FAST-NUCES Access Control Models y Access control non-trivial in practice y Complex systems ֧ complex access control models y Some characteristics of access control models y Definition of objects and subjects E.g. subjects can be users, processes or hosts y Representation of permissions E.gg(. columns (access control lists) )(p), rows (capabilities) y Management of permissions E.g. discretionary, mandatory or role-based access control FAST-NUCES Representation: Access Control Lists y Access control lists (ACL) y Attachment of permissions to objects (columns) y ْ Efficient and decentral organization of permissions y ٓ Listinggjp of subject permissions ver y involved y Example: OpenBSD packet filter y Deny access to the SSH service from any host y → block in qqpuick proto tcp ffyyprom any to any port ssh FAST-NUCES Repppresentation: Capabilities