authentication
DESCRIPTION
CS 99j. Authentication. John C. Mitchell Stanford University. Computer security. Computer security is concerned with the detection and prevention of unauthorized actions by users of a computer system. Authentication. Verify identity Only allow authorized access - PowerPoint PPT PresentationTRANSCRIPT
Computer security
Computer security is concerned with the detection and prevention of unauthorized actions by users of a computer system.
Authentication
Verify identity• Only allow authorized access
Message authentication (different concept)• Confirm source and integrity of message• Message received is the same as message
sent
Fundamental limitation
I am talking to Joe
I am talking to someone who has Joe’s• Password• Private key• Thumbprint
Outline
Password authentication• Unix password scheme• Dictionary attack
Challenge-response mechanisms Authentication protocols Protocol analysis methods
Password authentication
Basic idea• User has a secret password• System checks password to authenticate user
Issues• How is password stored?• How does system check password?• How easy is it to guess a password?
Basic password scheme
Hash function h : strings strings• Given h(password), hard to find password• No known algorithm better than trial and error
User password stored as h(password) When user enters password
• System computes h(password)• Compares with entry in password file
No passwords stored on disk
Unix password system
Hash function is 25xDES• Number 25 was meant to make search slow
Password file is publicly readable• Other information in password file …
Any user can try “dictionary attack”• User looks at password file• Computes hash(word) for every word in dictionary
“Salt” makes dictionary attack harder• Otherwise, compare hash(word) to all passwords
Salt [Belgers]
Password lineaccount:crypted-passwd:uid:gid:user-name:homedir:shellwalt:fURfuu4.4hY0U:129:129:Belgers:/home/walt:/bin/csh
Checking with salt
Another password vulnerability
void check_passwd(char *name, passwd) {
char buffer1[2];
char buffer2[2];
/* place password for name in buffer 1 */
strcpy(buffer2,passwd)
if (buffer1[1]==buffer2[1] &&
buffer1[1]==buffer2[1]) {
/* allow login */
};
else { /* disallow login */
};
}
Extra Reading
Find Phrack archives.oO Phrack 49 Oo.
Volume Seven, Issue Forty-Nine
Look for this articleXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Smashing The Stack For Fun And Profit
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
by Aleph One
Challenge-response authentication
Challenge• System presents user with some string
Response• User computes f(key,string)
Authentication• Check property of f(key,string)• Secret data can stay secret: no password is sent
What kind of function will work?
Authentication protocols
Many protocols to confirm identity• Clark-Jacob survey of 50 protocols
Common use• Client and server confirm identity and agree
on secret encryption key
Network connection
TCP syncronize/acknowledgement
Client Server
SYN
SYN-ACK
ACK
sequence numbers omitted ...
Needham-Schroeder Key Exchange
{ A, Na } Kb
{ Na, Nb } Ka
{ Nb} Kb
Result: A and B share two private numbers not known to any observer without Ka
-1, Kb
-1
A B
Anomaly in Needham-Schroeder
A E
B
{ A, Na }
{ A, Na }{ Na, Nb }
{ Na, Nb }
{ Nb }
Ke
KbKa
Ka
Ke
Evil agent E trickshonest A into revealingprivate key Nb from B.
Evil E can then fool B.
[Lowe]
Repaired Needham-Schroeder Protocol
{ A, Na } Kb
{ Na, B, Nb } Ka
{ Nb} Kb
Result: A and B share two private numbers not known to any observer without Ka
-1, Kb
-1
A B
How do we know this is correct?
Think a lot Ask smart people Systematic methods
• Protocol logics– BAN, GNY, SvO, …
• Model checking– Exhaustive testing of finite systems
• Mathematical proof– Prove an abstract form of protocol is correct– Even with simplifications, requires computer
assistance