authentication (ch 9~12) it443 – network security administration 1
TRANSCRIPT
![Page 1: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/1.jpg)
1
Authentication (ch 9~12)
IT443 – Network Security Administration
![Page 2: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/2.jpg)
2
Outline
• Authentication Mechanisms• Key Distribution Center and Certificate
Authorities• Session Key
![Page 3: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/3.jpg)
3
Authentication
• Authentication is the process of reliably verifying certain information.
• Examples– User authentication
• Allow a user to prove his/her identity to another entity (e.g., a system, a device).
– Message authentication• Verify that a message has not been altered without
proper authorization.
![Page 4: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/4.jpg)
4
Authentication Mechanisms
• Password-based authentication– Use a secret quantity (the password) that the
prover states to prove he/she knows it.– Threat
• Eavesdropping• Password guessing/dictionary attack
Alice ComputerSystem
I’m Alice, the password is fiddlesticks
![Page 5: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/5.jpg)
5
Authentication Mechanisms• Address-based authentication
– Assume the identity of the source can be inferred based on the network address from which packets arrive.
– Adopted early in UNIX and VMS
• Berkeley rtools (rsh, rlogin, etc)– /etc/hosts.equiv file : List of computers– Per user .rhosts file : List of <computer, account>
– Ubuntu: /etc/host.allow, /etc/host.deny, man hosts_access
• Threat– Breaking into an account on one machine leads to breaking into
other machines accounts– Spoof of network address
![Page 6: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/6.jpg)
6
Authentication Mechanisms
• Cryptographic authentication protocols– Basic idea:
• A prover proves some information by performing a cryptographic operation on a quantity that the verifier supplies.
– Usually reduced to the knowledge of a secret value
• A symmetric key• The private key of a public/private key pair
![Page 7: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/7.jpg)
7
Passwords as Crypto Keys
• Symmetric key systems:– Hash the password to derive a 64/128 bits key
• Public key systems:– Difficult to generate an RSA private key from a
password – Usual solution:
• Encrypt the private key with the users password and store the encrypted result (e.g., using a directory service)
![Page 8: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/8.jpg)
8
Eavesdropping & Server Database Reading
• If public key crypto is not available, protection against both eavesdropping and server database reading is difficult:– Hash => subject to eavesdropping– Challenge requires Bob to store Alice’s secret in a database
Alice BobI’m Alice
A challenge R
H(KAlice-Bob, R)
Alice BobI’m Alice, H(KAlice-Bob)
![Page 9: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/9.jpg)
9
Outline
• Authentication Mechanisms• Key Distribution Center and Certificate
Authorities• Session Key
![Page 10: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/10.jpg)
10
Key Distribution Center• New nodes are configured with a key to the KDC
– e.g., KA for node A
• If node A wants to communicate with node B– A sends a request to the KDC– The KDC securely sends to A: EKA(RAB) and EKB(RAB, A)
• Advantage:– Single location for updates, single key to be remembered
• Drawbacks:– If the KDC is compromised! – Single point of failure/performance bottleneck => multiple KDC?
![Page 11: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/11.jpg)
11
Certification Authorities• How do you know the public key of a node?• Typical solution:
– Use a trusted node as a certification authority (CA)• E.g., VeriSign, GoDaddy
– Everybody needs to know the CA public key– The CA generates certificates: Signed(A, public-key, validity information)– Certificates can be stored in a directory service or exchanged during the
authentication process
• Advantages (over KDC):– The CA doesn’t have to be online => more physical protection– Not a performance bottleneck, not a single point of failure– Certificates are not security sensitive: only threat is DoS– A compromised CA cannot decrypt conversation but can lead to
impersonation
![Page 12: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/12.jpg)
12
Certificate Revocation
• What if:– Employer left/fired– Private key is compromised
• Solution: similar to credit cards– Validity time interval (‘not before’, ‘not after’)– Use a Certificate Revocation List (CRL):
X.509• E.g., lists all revoked and unexpired certificates
![Page 13: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/13.jpg)
13
Outline
• Authentication Mechanisms• Key Distribution Center and Certificate
Authorities• Session Key
![Page 14: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/14.jpg)
14
Session Key Establishment• Authentication is not everything
– What could happen after authentication?• E.g., connection hijacking, message modification, replay, etc.
– Solution use crypto => need a share key between communicating entities because public encryption/decryption is expensive
– Practically authentication leads to the establishment of a shared key for the session
• A new key for each session: – The more data an attacker has on a key the easier to break– Replay between sessions– Give a relatively “untrusted” software the session key but not the long-
term key– Good authentication protocol can establish session keys that provide
forward secrecy
![Page 15: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/15.jpg)
15
Password-Based User Authentication
• User demonstrates knowledge of a secret value to authenticate– most common method of user authentication
• Threats to password-based authentication?
challenge
response
![Page 16: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/16.jpg)
16
Some Issues for Password Systems
• A password should be easy to remember but hard to guess– that’s difficult to achieve!
• Some questions– what makes a good password?– where is the password stored, and in what
form?– how is knowledge of the password verified?
![Page 17: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/17.jpg)
17
Password Guessing
• Online– Try passwords until accepted
• Limit number of trials and lock account: e.g., ATM machine
– DoS problem: lock all accounts• Increase minimum time between trials• Prevent automated trials: Turing tests• Long passwords: pass phrases, initials of
sentences, reject easy passwords
• What is the protection used by Yahoo? Hotmail? Gmail? Facebook? Your banks?
![Page 18: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/18.jpg)
18
Password Guessing
• Offline– Attacker captures X = f(password)
• Dictionary attack: try to guess the password value offline
• The secret space should be large• Strong password
![Page 19: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/19.jpg)
19
Password Length• Online attacks:
– Can 4/6 digits be sufficient if a user is given only three trials?
• Offline attacks:– Need at least: 64 random bits = 20 digits
• Too long to remember by a human!– Or 11 characters from a-z, A-Z, 0-9, and punctuation marks
• Too long to remember by a human– Or 16 characters pronounceable password (a vowel every two
characters)– Conclusion:
A secret a person is willing to remember and type will not be as good as a 64-bit random number
![Page 20: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/20.jpg)
20
Attacks on Passwords
• Suppose passwords could be up to 9 characters long
• This would produce 1018 possible passwords; 320,000 years to try them all at 10 million a second!
• Unfortunately, not all passwords are equally likely to be used
![Page 21: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/21.jpg)
21
Example
• In a sample of over 3000 passwords:– 500 were easily guessed versions of
dictionary words or first name / last name– 86% of passwords were easily guessed
Length in characters
1 2 3 4 5 6
Number of passwords
15 72 464 477 706 605 (lower
case only)
![Page 22: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/22.jpg)
22
Example
• Another report– http://www.imperva.com/news/press/
2010/01_21_Imperva_Releases_Detailed_Analysis_of_32_Million_Passwords.html
![Page 23: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/23.jpg)
23
Example• http://splashdata.com/press/PR121023.htm
# Password Change from 2011 1 password Unchanged2 123456 Unchanged3 12345678 Unchanged4 abc123 Up 15 qwerty Down 16 monkey Unchanged7 letmein Up 18 dragon Up 29 111111 Up 310 baseball Up 111 iloveyou Up 212 trustno1 Down 313 1234567 Down 614 sunshine Up 115 master Down 116 123123 Up 417 welcome New18 shadow Up 119 ashley Down 320 football Up 521 jesus New22 michael Up 223 ninja New24 mustang New25 password1 New
![Page 24: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/24.jpg)
24
Dictionary Attacks• Attack 1 (online):
– Create a dictionary of common words and names and their simple transformations
– Use these to guess the password
EagleWineRose…
Dictionary
Eagle
Yes!
![Page 25: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/25.jpg)
25
Dictionary Attacks• Attack 2 (offline):
– Usually F is public and so is the password file• In Unix, F is crypt, and the password file is /etc/passwd.
– Compute F(word) for each word in the dictionary– A match gives the password
EagleWineRose…
Dictionary
TdWx%XkPTKYEN …
Password file
F(Eagle)=XkPT
![Page 26: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/26.jpg)
26
Dictionary Attacks• Attack 3 (offline):
– To speed up search, pre-compute F(dictionary)– A simple look up gives the password
EagleWineRose…
Dictionary
TdWx%XkPTKYEN …
Password file
XkPT%$DVC #AED!…
Pre-computedDictionary
F Look up
![Page 27: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/27.jpg)
27
Electronic Code Book (ECB)
E E E EKey
128
M1 M2 M3 M4
128 46 + padding
128
Plaintext
C1 C2 C3 C4
128 128 128128
Ciphertext
![Page 28: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/28.jpg)
28
Cipher Block Chaining (CBC)
InitializationVector
E E E EKey
C1 C2 C3 C4
128 128 128128
M1 M2 M3 M4
128 128 46 + padding
128
![Page 29: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/29.jpg)
29
Password Salt• To make the dictionary attack a bit more difficult• Salt is a n-bit number between 0 and 2n
• Derived from, for example, the system clock and the process identifier
H
Password + Salt
H(Password + Salt)
Username, Salt, H(Password + Salt)Password file
![Page 30: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/30.jpg)
30
Password Guidelines
1. Initial passwords are system-generated, have to be changed by user on first login
2. User must change passwords periodically
3. Passwords vulnerable to a dictionary attack are rejected
4. User should not use same password on multiple sites
5. etc. etc.
![Page 31: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/31.jpg)
31
Outline
• Login authentication protocol• Mutual authentication protocol
![Page 32: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/32.jpg)
32
Authentication with Shared Secret
• Weaknesses– Authentication is not mutual; Trudy can convince Alice that she is
Bob– Trudy can hijack the conversation after the initial exchange– If the shared key is derived from a password, Trudy can mount
an off-line password guessing attack– Trudy may compromise Bob’s database and later impersonate
Alice
Alice BobI’m Alice
A challenge R
f(KAlice-Bob, R)
![Page 33: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/33.jpg)
33
Authentication with Shared Secret
• A variation– Requires reversible cryptography– R must be limited lifetime
• Weaknesses– All the previous weaknesses remain– Trudy doesn’t have to see R to mount off-line password
guessing if R has certain patterns (e.g., the timestamp)• Trudy sends a message to Bob, pretending to be Alice
Alice BobI’m Alice
R
KAlice-Bob{R}
![Page 34: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/34.jpg)
34
Authentication with Public Key
• Bob’s database is less risky• Weaknesses
– Trudy can trick Alice into signing something• Use different private key for authentication
Alice BobI’m Alice
R
SigAlice{R}
![Page 35: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/35.jpg)
35
Outline
• Login authentication protocol• Mutual authentication protocol
![Page 36: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/36.jpg)
36
Mutual Authentication
Alice BobI’m Alice
R1
f(KAlice-Bob, R1)
R2
f(KAlice-Bob, R2)
Alice BobI’m Alice, R2
R1, f(KAlice-Bob, R2)
f(KAlice-Bob, R1)
Optimize
![Page 37: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/37.jpg)
37
Mutual Authentication
• Reflection Attack
Trudy BobI’m Alice, R2
R1, f(KAlice-Bob, R2)
f(KAlice-Bob, R1)
Trudy BobI’m Alice, R1
R3, f(KAlice-Bob, R1)
![Page 38: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/38.jpg)
38
Reflection Attack
• Lesson: Don’t have Alice and Bob do exactly the same thing– Different keys
• Totally different keys
• KAlice-Bob = KBob-Alice + 1
– Different Challenges– The initiator should be the first to prove its identity
• Assumption: initiator is more likely to be the bad guy
![Page 39: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/39.jpg)
39
Mutual Authentication
• Reflection Attack
Alice BobI’m Alice, R2
R1, f(KAlice-Bob, R2)
f(KAlice-Bob, R1)
Alice BobI’m Alice
R1
f(KAlice-Bob, R1), R2
f(KAlice-Bob, R2)
Countermeasure
![Page 40: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/40.jpg)
40
Mutual Authentication
• Public keys– Authentication of public keys is a critical issue
Alice BobI’m Alice, {R2}Bob
R2, {R1}Alice
R1
![Page 41: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/41.jpg)
41
Mutual Authentication
• Mutual authentication with timestamps– Require synchronized clocks– Alice and Bob have to encrypt different
timestamps
Alice BobI’m Alice, f(KAlice-Bob, timestamp)
f(KAlice-Bob, timestamp+1)
![Page 42: Authentication (ch 9~12) IT443 – Network Security Administration 1](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ecd5503460f94bda4c4/html5/thumbnails/42.jpg)
42
Lab 3
• Certificate Authorities
CACA+ / CA-
B
A
CA+
CA+
A+ / A-
A+
{A+}CA-
{A+}CA-
{CA+}CA-