cit 480: securing computer systemswaldenj/classes/2014/fall/... · 2019. 8. 25. · cit 480:...

CIT 480: Securing Computer Systems Slide #1

CIT 480: Securing Computer Systems

Authentication


Topics

1. Identity 2. Groups and Roles 3. Network Identities 4. Authentication 5. Biometrics 6. UNIX Authentication

Slide #2

Authentication Identity is computer’s representation of an entity

– Entities can be subjects or objects.

Authentication is a security control that binds a principal to an identity, so that the system can enforce access control and audit user actions.

Example: – username expresses your identity. – password binds the person typing to that particular

identity (username).



Purpose of Identity

Access Control – Most systems base access rights on identity of

principal executing the process.

Accountability – Logging and auditing functions. – Need to track identity across account/role

changes (e.g., su, sudo).

Slide #4

Groups and Roles An “entity” may be a set of entities referred to by a single identifier. Principals often need to share access to files, and thus are taken as groups.

– static: alias for a group of principles. – dynamic: principal changes from one group to another

as different privileges are needed.

role: a group that ties membership to function



Network Identity Ethernet (MAC) Address

– 48-bit data link level identifier – example: 00:0B:DB:78:39:8A

IP Address – 32-bit network level identifier – ex: 10.17.0.101

IPv6 Address – 128-bit network level identifier – ex: fe80::2a0:c9ff:fe97:153d/64

Hostname (DNS name) – string application level identifier – ex: www.nku.edu

Slide #6

Authentication Types

Authentication can be based on 1. What the entity knows (e.g., passwords) 2. What the entity has (e.g., access card) 3. What the entity is (e.g., fingerprints) 4. Where the entity is (e.g., local terminal)

Or a combination of two or more of 1..4, which is known as Multi Factor Authentication (MFA).



What You Know

• Passwords • Pass Phrases • PINs

Slide #8


What You Have

• Smart Cards • USB Token • RFID

RFID used for toll collection

Slide #9


USB Tokens and Smart Cards

Small device with storage and processor. – USB tokens tend to focus on storage. – Smart cards on processor + small storage. – Differences are growing smaller.

Methods of use – By Hand (read card and type one-time

password) – USB – Wireless

Slide #10


RFID Radio Frequency Identification Types of Tags

– Passive: use power from reader signal – Active: internal power source

Applications – Product tracking (EPC barcode replacement) – Transportation payment – Automotive (embedded in car keys) – Passports – Human implants

EPC RFID Tag

Slide #11


Authentication System A: set of authentication information

– information used by entities to prove identity C: set of complementary information

– information stored by system to validate A F: set of complementation functions f : A → C

– generate C from A L: set of authentication functions l: A × C→{T,F}

– verify identity S: set of selection functions

– enable entity to create or alter A or C


Password System Example Authenticate with 8-character alphanumeric password. System compares against stored MD5 hash. A = [A-Za-z0-9]{8} C = 22-char Base64 strings F = { MD5 } L = { MD5(A)==C }


What You Are: Biometrics

Identification by human characteristics: 1. Physiological 2. Behavioral

A biometric characteristic should be: 1. universal: everyone should have it 2. unique: no two people should share it 3. permanent: it should not change with time 4. quantifiable: it must be practically measurable

Slide #14


Biometric System Example User authenticates with fingerprint. System compares w/ digital fingerprint template. A = { user fingerprints } C = { digital fingerprint templates } F = { fingerprint reader + analog->digital } L = { tunable similarity function }


How Biometrics Work 1. User submits sample. 2. Software turns

sample into digital template.

3. Software compares template against stored reference template.

4. Authentication based on how closely templates match.

Slide #16


Biometric Measurement

Possible Outcomes:

1. Correct person accepted 2. Imposter rejected 3. Correct person rejected (False Rejection) 4. Imposter accepted (False Acceptance)

Slide #17


False Positives and Negatives

Tradeoff between False Accept Rate False Reject Rate

Slide #18


Fingerprints Capacitive measurement, using differences in

electrical charges of whorls on finger to detect those parts touching chip and those raised.

Slide #19


Brandon Mayfield

• Fingerprints found in 2004 Madrid bombing. • Brandon arrested May 6, 2004. • FBI claimed “100 percent positive” match.

– Held under a false name. – Then transferred to unidentified location.

• Spanish police identify fingerprint as belonging to an Algerian man May 21, 2004.

• Brandon released May 25, 2004.

Slide #20


Eye Biometrics Iris Scan

– Lowest false accept/reject rates of any biometric.

– Person must hold head still and look into camera.

Retinal Scan – Cataracts and pregnancy

change retina pattern. – Lower false accept/reject

rates than fingerprints. – Intrusive and slow.

Slide #21


Other Types of Biometrics

Physiological

• DNA • Face recognition • Hand geometric • Scent detection • Voice recognition

Behavioral

• Gait recognition • Keyboard dynamics • Mouse dynamics • Signatures

Slide #22


Biometrics are not infallible

What are False Accept and Reject Rates? Do the characteristics change over time?

– Retina changes during pregnancy. – Fingerprint damage due to work/pipe smoking. – Young and old people have fainter fingerprints.

Is it accurate in the installed environment? – Is someone observing fingerprint or voiceprint

checks? – i.e., did you collect biometric from the person?

Slide #23


Biometrics can be compromised. Unique identifiers, not secrets.

– You can change a password. – You can’t change your iris scan.

Examples: – You leave your fingerprints every place. – It’s easy to take a picture of your face.

Other compromises. – Use faux ATM-style devices to collect biometrics. – Obtain all biometric templates from server.

Slide #24


Use and Misuse of Biometrics Employee identification.

– Employee enters login name. – System uses fingerprint to verify employee is who he

claims to be. – Problem: Does biometric match the employee?

Criminal search (Superbowl 2001) – System uses face recognition to search for criminals in

public places. – Problem: Does any biometric in database match anyone

in a crowd of people? – Assume system is 99.99% accurate and 1 in 10million

people is a terrorist. Result: 1000 false positives for each terrorist.

Slide #25


Location Classic: only allow access from a particular

terminal or a particular set of remote hosts.

Modern: GPS-based – Location Signature Sensor (LSS) for host and user. – Access rules permit user only to access host with

specific LSS values. – Cell-phones track location, and some states use

them to track drivers’ speed and locations.

Slide #26


UNIX Authentication

UNIX identifies user with a UID – Username is for humans, UID for computers. – 15-bit to 32-bit unsigned integer. – UID=0 is the superuser, root.

Identity and authentication data stored in – /etc/passwd

– /etc/shadow

– /etc/group

Slide #27


/etc/{passwd,shadow}

/etc/passwd – Username – UID – Default GID – GCOS – Home directory – Login shell

/etc/shadow – Username – Encrypted password – Date of last pw change. – Days ‘til change allowed. – Days `til change required. – Expiration warning time. – Expiration date.

Central file(s) describing UNIX user accounts.

student:x:1000:1000:Example User,,555-1212,:/home/student:/bin/bash student:$1$w/UuKtLF$otSSvXtSN/xJzUOGFElNz0:13226:0:99999:7:::

Slide #28


Groups and GIDs

GIDs are 32-bit non-negative integers. Each user has a default GID.

– File group ownership set to default GID. – Temporarily change default GID: newgrp.

Groups are described in /etc/group – Users may belong to multiple groups. – Format: group name, pw, GID, user list. – wheel:x:10:root,waldenj,bergs

Slide #29


Superuser Powers

Superuser can • Read any file. • Modify any file. • Add / remove users. • Become any user. • Kill any process. • Reprioritize processes. • Configure network. • Set date/time. • Shutdown / reboot.

Superuser can’t • Change read-only

filesystem. • Decrypt hashed

passwords. • Modify NFS-mounted

filesystems. • Read or modify SELinux

protected files.

Slide #30


Switching Users The su command allows you to switch users.

> id uid=102(wj) gid=102(wj) groups=102(wj) > su Password: # id uid=0(root) gid=0(root)

groups=0(root),1(bin),2(daemon),3(sys),4(adm), 6(disk),10(wheel)

# su john john$ id uid=1995(john) gid=1995(john) groups=1995(john) john$ exit # exit > id uid=102(wj) gid=102(wj) groups=102(wj)

Slide #31


Real and Effective UIDs

Real UID – The UID matching the username you logged in as.

Effective UID – The UID that is checked for access control. – The su command changes your EUID.

SUID programs – A SUID program executes with an EUID of the

owner of the program instead of yours. – /usr/bin/passwd is SUID root. Why?

Slide #32


Key Points 1. Access control is based on identity. 2. Authentication consists of an entity, the user,

attempting to convince another entity, the verifier, of the user’s identity

1. something you know 2. something you have 3. something you are 4. somewhere you are

3. Authentication Types 1. Passwords 2. Security Tokens 3. Biometrics

Slide #33


References 1. Phil Agre. “Your Face is not a Bar Code,” http://polaris.gseis.ucla.edu/pagre/bar-

code.html, 2003. 2. Ross Anderson, Security Engineering, 2nd edition, Wiley, 2008. 3. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. 4. DigitalPersona, http://www.digitalpersona.com/company/news/pressKit.php, 2006. 5. Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and Internet

Security, 3/e O’Reilly, 2003. 6. Ben Mook, “Md. pilot program tracks drivers’ speed, location via cell phones,” The Daily

Record, October 21, 2005, http://www.mddailyrecord.com/pub/5_398_friday/businessnews/172883-1.html

7. Bruce Schneier, “Biometrics: Truths and Fictions,” Cryptogram, http://www.schneier.com/crypto-gram-9808.html#biometrics, 1998.

8. Bruce Schneier, “The Curse of the Secret Question,” http://www.schneier.com/essay-081.html, 2005.

9. Orville Wilson, “Privacy & Identity - Security and Usability: The viability of Passwords & Biometrics,” http://facweb.cs.depaul.edu/research/vc/CIPLIT2004/ppt/Orville_Wilson.ppt, 2004.

10. “Simple Anatomy of the Retina,” http://webvision.med.utah.edu/sretina.html, 2006.

Slide #34

http://polaris.gseis.ucla.edu/pagre/bar-code.htmlhttp://polaris.gseis.ucla.edu/pagre/bar-code.htmlhttp://www.digitalpersona.com/company/news/pressKit.phphttp://www.schneier.com/crypto-gram-9808.html%23biometricshttp://www.schneier.com/essay-081.htmlhttp://www.schneier.com/essay-081.htmlhttp://facweb.cs.depaul.edu/research/vc/CIPLIT2004/ppt/Orville_Wilson.ppthttp://webvision.med.utah.edu/sretina.html

CIT 480: Securing Computer SystemsTopicsAuthenticationPurpose of IdentityGroups and RolesNetwork IdentityAuthentication TypesWhat You KnowWhat You HaveUSB Tokens and Smart CardsRFIDAuthentication SystemPassword System ExampleWhat You Are: BiometricsBiometric System ExampleHow Biometrics WorkBiometric MeasurementFalse Positives and NegativesFingerprintsBrandon MayfieldEye BiometricsOther Types of BiometricsBiometrics are not infallibleBiometrics can be compromised.Use and Misuse of Biometrics LocationUNIX Authentication/etc/{passwd,shadow}Groups and GIDsSuperuser PowersSwitching UsersReal and Effective UIDsKey PointsReferences

cit 480: securing computer systemswaldenj/classes/2014/fall/... · 2019. 8. 25. · cit 480:...

Documents