![Page 1: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/1.jpg)
1
Authentication (ch 9~12)
IT443 – Network Security AdministrationInstructor: Bo Sheng
![Page 2: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/2.jpg)
2
Outline
• Authentication Mechanisms• Key Distribution Center and Certificate
Authorities• Session Key
![Page 3: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/3.jpg)
3
Authentication
• Authentication is the process of reliably verifying certain information.
• Examples– User authentication
• Allow a user to prove his/her identity to another entity (e.g., a system, a device).
– Message authentication• Verify that a message has not been altered without
proper authorization.
![Page 4: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/4.jpg)
4
Authentication Mechanisms
• Password-based authentication– Use a secret quantity (the password) that the
prover states to prove he/she knows it.– Threat
• Eavesdropping• Password guessing/dictionary attack
Alice ComputerSystem
I’m Alice, the password is fiddlesticks
![Page 5: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/5.jpg)
5
Authentication Mechanisms• Address-based authentication
– Assume the identity of the source can be inferred based on the network address from which packets arrive.
– Adopted early in UNIX and VMS
• Berkeley rtools (rsh, rlogin, etc)– /etc/hosts.equiv file : List of computers– Per user .rhosts file : List of <computer, account>
– Ubuntu: /etc/host.allow, /etc/host.deny, man hosts_access
• Threat– Breaking into an account on one machine leads to breaking into
other machines accounts– Spoof of network address
![Page 6: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/6.jpg)
6
Authentication Mechanisms
• Cryptographic authentication protocols– Basic idea:
• A prover proves some information by performing a cryptographic operation on a quantity that the verifier supplies.
– Usually reduced to the knowledge of a secret value
• A symmetric key• The private key of a public/private key pair
![Page 7: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/7.jpg)
7
Passwords as Crypto Keys
• Symmetric key systems:– Hash the password to derive a 64/128 bits key
• Public key systems:– Difficult to generate an RSA private key from a
password – Usual solution:
• Encrypt the private key with the users password and store the encrypted result (e.g., using a directory service)
![Page 8: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/8.jpg)
8
Eavesdropping & Server Database Reading
• If public key crypto is not available, protection against both eavesdropping and server database reading is difficult:– Hash => subject to eavesdropping– Challenge requires Bob to store Alice’s secret in a database
Alice BobI’m Alice
A challenge R
H(KAlice-Bob, R)
Alice BobI’m Alice, H(KAlice-Bob)
![Page 9: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/9.jpg)
9
Eavesdropping & Server Database Reading
• Example of basic authentication using public keys:– Bob challenges Alice to decrypt a message with her public key
Alice BobI’m Alice
R
SigAlice{R}
![Page 10: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/10.jpg)
10
Outline
• Authentication Mechanisms• Key Distribution Center and Certificate
Authorities• Session Key
![Page 11: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/11.jpg)
11
Key Distribution Center• New nodes are configured with a key to the KDC
– e.g., KA for node A
• If node A wants to communicate with node B– A sends a request to the KDC– The KDC securely sends to A: EKA(RAB) and EKB(RAB, A)
• Advantage:– Single location for updates, single key to be remembered
• Drawbacks:– If the KDC is compromised! – Single point of failure/performance bottleneck => multiple KDC?
![Page 12: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/12.jpg)
12
Certification Authorities• How do you know the public key of a node?• Typical solution:
– Use a trusted node as a certification authority (CA)• E.g., VeriSign, GoDaddy
– Everybody needs to know the CA public key– The CA generates certificates: Signed(A, public-key, validity information)– Certificates can be stored in a directory service or exchanged during the
authentication process
• Advantages (over KDC):– The CA doesn’t have to be online => more physical protection– Not a performance bottleneck, not a single point of failure– Certificates are not security sensitive: only threat is DoS– A compromised CA cannot decrypt conversation but can lead to
impersonation
![Page 13: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/13.jpg)
13
Certificate Revocation
• What if:– Employer left/fired– Private key is compromised
• Solution: similar to credit cards– Validity time interval (‘not before’, ‘not after’)– Use a Certificate Revocation List (CRL):
X.509• E.g., lists all revoked and unexpired certificates
![Page 14: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/14.jpg)
14
Outline
• Authentication Mechanisms• Key Distribution Center and Certificate
Authorities• Session Key
![Page 15: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/15.jpg)
15
Session Key Establishment• Authentication is not everything
– What could happen after authentication?• E.g., connection hijacking, message modification, replay, etc.
– Solution use crypto => need a share key between communicating entities because public encryption/decryption is expensive
– Practically authentication leads to the establishment of a shared key for the session
• A new key for each session: – The more data an attacker has on a key the easier to break– Replay between sessions– Give a relatively “untrusted” software the session key but not the long-
term key– Good authentication protocol can establish session keys that provide
forward secrecy
![Page 16: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/16.jpg)
16
Password-Based User Authentication
• User demonstrates knowledge of a secret value to authenticate– most common method of user authentication
• Threats to password-based authentication?
challenge
response
![Page 17: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/17.jpg)
17
Some Issues for Password Systems
• A password should be easy to remember but hard to guess– that’s difficult to achieve!
• Some questions– what makes a good password?– where is the password stored, and in what
form?– how is knowledge of the password verified?
![Page 18: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/18.jpg)
18
Password Guessing
• Online– Try passwords until accepted
• Limit number of trials and lock account: e.g., ATM machine
– DoS problem: lock all accounts• Increase minimum time between trials• Prevent automated trials: Turing tests• Long passwords: pass phrases, initials of
sentences, reject easy passwords
• What is the protection used by Yahoo? Hotmail? Gmail? Facebook? Your banks?
![Page 19: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/19.jpg)
19
Password Guessing
• Offline– Attacker captures X = f(password)
• Dictionary attack: try to guess the password value offline
• The secret space should be large• Strong password
![Page 20: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/20.jpg)
20
Password Length• Online attacks:
– Can 4/6 digits be sufficient if a user is given only three trials?
• Offline attacks:– Need at least: 64 random bits = 20 digits
• Too long to remember by a human!– Or 11 characters from a-z, A-Z, 0-9, and punctuation marks
• Too long to remember by a human– Or 16 characters pronounceable password (a vowel every two
characters)– Conclusion:
A secret a person is willing to remember and type will not be as good as a 64-bit random number
![Page 21: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/21.jpg)
21
Attacks on Passwords
• Suppose passwords could be up to 9 characters long
• This would produce 1018 possible passwords; 320,000 years to try them all at 10 million a second!
• Unfortunately, not all passwords are equally likely to be used
![Page 22: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/22.jpg)
22
Example
• In a sample of over 3000 passwords:– 500 were easily guessed versions of
dictionary words or first name / last name– 86% of passwords were easily guessed
Length in characters
1 2 3 4 5 6
Number of passwords
15 72 464 477 706 605 (lower
case only)
![Page 23: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/23.jpg)
23
Example
• Another report– http://splashdata.com/press/worst-passwords-of-2014.htm
![Page 24: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/24.jpg)
24
Dictionary Attacks• Attack 1 (online):
– Create a dictionary of common words and names and their simple transformations
– Use these to guess the password
EagleWineRose…
Dictionary
Eagle
Yes!
![Page 25: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/25.jpg)
25
Dictionary Attacks• Attack 2 (offline):
– Usually F is public and so is the password file• In Unix, F is crypt, and the password file is /etc/passwd.
– Compute F(word) for each word in the dictionary– A match gives the password
EagleWineRose…
Dictionary
TdWx%XkPTKYEN …
Password file
F(Eagle)=XkPT
![Page 26: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/26.jpg)
26
Dictionary Attacks• Attack 3 (offline):
– To speed up search, pre-compute F(dictionary)– A simple look up gives the password
EagleWineRose…
Dictionary
TdWx%XkPTKYEN …
Password file
XkPT%$DVC #AED!…
Pre-computedDictionary
F Look up
![Page 27: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/27.jpg)
27
Password Salt• To make the dictionary attack a bit more difficult• Salt is a n-bit number between 0 and 2n
• Derived from, for example, the system clock and the process identifier
H
Password + Salt
H(Password + Salt)
Username, Salt, H(Password + Salt)Password file
![Page 28: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/28.jpg)
28
Password Guidelines
1. Initial passwords are system-generated, have to be changed by user on first login
2. User must change passwords periodically
3. Passwords vulnerable to a dictionary attack are rejected
4. User should not use same password on multiple sites
5. etc. etc.
![Page 29: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/29.jpg)
29
Lab 1
Question 1
Type in the following command and answer the questions
$tracert -d yahoo.com– How many hops is your machine away from yahoo.com? (Attach
the output in the lab report)
– Execute the same command again. Is the output the same as
the first time? (Hint: no) Which hops are changed? Observe and compare the difference, and explain the reason.
![Page 30: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/30.jpg)
30
Lab 1Question 2• Use your CS account to log in linux1.cs.umb.edu and compare the
following two commands in the shell and explain the difference between the outputs.
• What is the IP address of cs.umb.edu? Assume CS department’s network
uses a 23-bit IP prefix, how many IP addresses the department can support?
158.121.104.2 : 158.121.01101000.00000010
• Write a script to find all the IP addresses assigned in CS department that have globally recognized domain names. (Consider the same assumption of 23-bit prefix)
158.121.104.0~158.121.104.255, 158.121.105.0~158.121.105.255
![Page 31: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/31.jpg)
31
Lab 1
Question 3• The encryption algorithm aes-128-ecb is a 128-
bit block cipher. Design an experiment to verify it.
• How much information can you recover? Please explain why.
![Page 32: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/32.jpg)
32
Outline
• Login authentication protocol• Mutual authentication protocol
![Page 33: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/33.jpg)
33
Authentication with Shared Secret
• Weaknesses– Authentication is not mutual; Trudy can convince Alice that she is
Bob– Trudy can hijack the conversation after the initial exchange– If the shared key is derived from a password, Trudy can mount
an off-line password guessing attack– Trudy may compromise Bob’s database and later impersonate
Alice
Alice BobI’m Alice
A challenge R
f(KAlice-Bob, R)
![Page 34: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/34.jpg)
34
Authentication with Shared Secret
• A variation– Requires reversible cryptography– R must be limited lifetime
• Weaknesses– All the previous weaknesses remain– Trudy doesn’t have to see R to mount off-line password
guessing if R has certain patterns (e.g., the timestamp)• Trudy sends a message to Bob, pretending to be Alice
Alice BobI’m Alice
R
KAlice-Bob{R}
![Page 35: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/35.jpg)
35
Authentication with Public Key
• Bob’s database is less risky• Weaknesses
– Trudy can trick Alice into signing something• Use different private key for authentication
Alice BobI’m Alice
R
SigAlice{R}
![Page 36: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/36.jpg)
36
Outline
• Login authentication protocol• Mutual authentication protocol
![Page 37: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/37.jpg)
37
Mutual Authentication
Alice BobI’m Alice
R1
f(KAlice-Bob, R1)
R2
f(KAlice-Bob, R2)
Alice BobI’m Alice, R2
R1, f(KAlice-Bob, R2)
f(KAlice-Bob, R1)
Optimize
![Page 38: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/38.jpg)
38
Mutual Authentication
• Reflection Attack
Trudy BobI’m Alice, R2
R1, f(KAlice-Bob, R2)
f(KAlice-Bob, R1)
Trudy BobI’m Alice, R1
R3, f(KAlice-Bob, R1)
![Page 39: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/39.jpg)
39
Reflection Attack
• Lesson: Don’t have Alice and Bob do exactly the same thing– Different keys
• Totally different keys
• KAlice-Bob = KBob-Alice + 1
– Different Challenges– The initiator should be the first to prove its identity
• Assumption: initiator is more likely to be the bad guy
![Page 40: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/40.jpg)
40
Mutual Authentication
• Reflection Attack
Alice BobI’m Alice, R2
R1, f(KAlice-Bob, R2)
f(KAlice-Bob, R1)
Alice BobI’m Alice
R1
f(KAlice-Bob, R1), R2
f(KAlice-Bob, R2)
Countermeasure
![Page 41: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/41.jpg)
41
Mutual Authentication
• Public keys– Authentication of public keys is a critical issue
Alice BobI’m Alice, {R2}Bob
R2, {R1}Alice
R1
![Page 42: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/42.jpg)
42
Mutual Authentication
• Mutual authentication with timestamps– Require synchronized clocks– Alice and Bob have to encrypt different
timestamps
Alice BobI’m Alice, f(KAlice-Bob, timestamp)
f(KAlice-Bob, timestamp+1)
![Page 43: Authentication (ch 9~12) IT443 – Network Security Administration Instructor: Bo Sheng 1](https://reader036.vdocument.in/reader036/viewer/2022062320/56649c745503460f94927f8c/html5/thumbnails/43.jpg)
43
Lab 2
• Certificate Authorities
CACA+ / CA-
B
A
CA+
CA+
A+ / A-
A+
{A+}CA-
{A+}CA-
{CA+}CA-
Client
Https Server