2020-01-30 Windows Security • Windows XP evolved from Windows 2000 (Datasäkerhet) EITA25 Computer Security • Windows 10, 8, 7 and Vista evolved from XP Windows Security • Similar security solution PAUL STANKOVSKI WAGNER, EIT, 2020-01-30 – Things have been added, but ideas are the same • Standalone computers administered locally Rich support for • Domains used for centralized administration managing security – Domain controller (DC) has information about users » Acts as a trusted third party Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 2 Design Motivation Networked Computers, Domains and Workgroups • Security was designed to meet requirements for C2 rating in Orange Book Workgroup – Secure logon – users must be uniquely identified • All accounts are local – Discretionary access control – Owner determines access • Resources can be shared but are managed locally • Peer-to-peer – Auditing – Record security related events in a logfile • No computer in charge – Object reuse protection – Initialize all objects before giving access to users • Typically at most 20 computers – Trusted path – Functionality to detect spoofing attacks at authentication time (called SAS in Windows) – Trusted facility management – Separate accounts for users and administrators Domain Active Directory Domain Controller • Windows NT 3.5 SP3 was the first Windows version to earn C2 rating (1995) • Both local and domain accounts – Windows NT 4 SP6a earned C2 rating in 1999 • Login to domain account from any computer • Centralized administration • Can be thousands of computers Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 3 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 4 1 2020-01-30 Windows Logon (somewhat simplified) Security Accounts Manager (SAM) • Winlogon.exe handles logon and responds to the Secure Attention Sequence (SAS) • Stores user account information – CTRL+ALT+DEL – Username • Winlogon uses libraries that authenticate the user – Full name – Can be libraries for passwords, smartcards, biometric data, etc. – Expiration date • Local Security Authority (LSA) creates an access token – Password dates (date of last change, expiry, when it can be changed next time, if – LSA is responsible for the local security policy (who can log in, password policies, privileges, what should be audited, etc.) it can be changed) – Logon hours and workstations (thrown out a certain time or continue) • Password hashes are stored in SAM Client Server – Security Accounts Manager Winlogon LSA AD – Profile path and logon script name NTLM NTLM/Kerberos – Home directory Library SAM – Groups Local logon • Locked while machine is running Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 5 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 6 Local Accounts vs. Domain Accounts NTLM Hash and Protocol Can you find problems here? • Local accounts • Challenge response • Server sends 8 byte random challenge – NTLM used as authentication protocol • Response calculated as: – MD4(password) gives 16 byte result (NTLM hash stored in SAM database) • Domain accounts – Pad with 5 zero bytes → 21 bytes – Kerberos V5 used as authentication protocol – Split into 3 DES keys and encrypt challenge with each key NTLM hash – 24 byte response »Mutual authentication password MD4 920a3bdfe12e5fa537d7e8b8c6a064fe »This will be covered in detail later in the course 920a3bdfe12e5f DES – NTLM used in some cases challenge a5ef3810bf7aced4 a537d7e8b8c6a0 DES 910af3418cd8e9af response »Unilateral authentication challenge 64fe0000000000 DES challenge 72ad34ev019baf2d Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 7 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 8 2 2020-01-30 NTLM Hash, Problems LM Hash Can you find problems here? • Problem 1: MD4 is a very fast hash function • If wanted, both NTLM and LM response are used – This was default before Windows Vista • LM hash calculated as • Problem 2: No salt is used so time-memory tradeoff attacks (rainbow – Convert password to uppercase and pad to 14 bytes tables) can be used – Split into two parts of 7 byte each → two DES keys – Encrypt ”KGS!@#$%” with the two keys to get 16 bytes LM hash stored in the SAM database • LM response calculated same way as NTLM response 53454352455457 DES KGS!@#$% 82745f14a56579af SecreTWoRd SECRETWORD LM hash 4f524400000000 DES fe52438160a64e6c KGS!@#$% Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 9 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 10 LM Hash, Problems Access Control • Problem 1: DES is a fast block cipher • Security Reference Monitor (SRM) responsible for access control • Three parameters are considered • Problem 2: No salt here either… – Identity of subject (SID) – Type of access – Object security settings (Security Descriptor) • Problem 3: Passwords up to 14 characters are never better than passwords of 7 characters SID Access type Yes/No SRM • Problem 4: No lowercase characters in the effective character set Security Descriptor Generate Audit Message Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 11 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 12 3 2020-01-30 SID Known SIDs • SID = Security Identifier • Generic groups and users • Unique for each user or group • S-1-1-0 Everyone, a group that includes all users • Format: • S-1-5-20 Network Service S-R-I-SA-SA-SA-N • S-1-5-18 SYSTEM, local operating system • S: The letter S (just means that the string is a SID) • S-1-5-SA-SA-SA-500 Administrator • R: revision number (1) • S-1-5-SA-SA-SA-501 Guest account (no password required) • I: Identifier authority (5 for user accounts) • S-1-5-SA-SA-SA-512 Domain Admins (global group) • SA: subauthority (specifies domain or computer) – Can be up to 14 groups, but 3 is typical • N: relative identifier, incremented for each new principal Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 13 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 14 Access Token Privileges • After successful authentication LSA builds an access token • The right to perform system related operations • Processes which run as the user has a copy of the token – Shutting down – Change system time • When a process interacts with a securable object, token determines authorization level – Backup files – Generate audit • Applies only to local computer. A user can have different privileges on different machines in a domain. • Privileges can be assigned to both users and groups • Access token is checked when user tries to perform privileged operation • Differs from access rights – Access to resources and tasks, not objects – Stored with subject – Admin assigns privileges e.g., restricting SIDs • Stored in access token produced at logon Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 15 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 16 4 2020-01-30 Two Kinds of Access Tokens Objects • Token is either a • All resources are objects – primary access token or an – Files, folders, printers, registry keys, processes, threads, access tokens, etc.. – impersonation access token • Containers can hold other objects, e.g., folders • Primary access token – access token of the user account associated with the process. • Non-containers can not hold other objects, e.g., files – Every process has this • Impersonation access token – allows a thread to execute in a different security context than • Securable object – Any object that can be shared the process owner. primary primary • All securable objects can have a security descriptor – A thread may additionally have an impersonation access token Token Token – But it is not necessary • Example: File server runs with high privileges and can access any files Object – Threads handle concurrent user requests Service – Thread gets token of user → access based on user’s token • Ability to create access token is a privilege impersonation Token Security Descriptor – SeImpersonatePrivilege Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 17 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 18 Security Descriptor DACL • Contains security information associated with an object • Identifies who is allowed or denied access to an object Owner SID Object • If an object has no DACL, everyone has full control Primary group SID • SID for the owner • An empty DACL results in everyone is denied access DACL • A SID can be allowed or denied access. SACL • SID for the primary group Security Descriptor • All ”deny” entries are stored in the beginning of the DACL Security descriptor Owner SID • Contains a list of access control entries (ACEs) • DACL (Discretionary Access Control List) specifying access rights Primary group SID User SID: Alice ACE 1 Deny: write • SACL (System Access Control List) DACL User SID: Alice specifying types of events that should ACE 2 Allow: read, write generate audit records SACL Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 19 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 20 5 2020-01-30 Searching the DACL Example: Accessing Object • Rule: • Two processes (subjects) wants read access to an object – Go through list of ACEs until all access requests are allowed or any request is denied Process 1 Object – Otherwise deny access • Consequences Access Token Security Descriptor User SID: Alice – Deny has higher precedence than allow Group SIDs: G1, G2 Owner SID: Charlie Privileges: Access allowed – If user SID has read only access and user is member of group which SID has read + Other info: Primary Group SID: G3 write, then