lecture outline - icirlecture outline •review of diffie-hellman key exchange •looking at...
TRANSCRIPT
![Page 1: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/1.jpg)
Lecture Outline
• Review of Diffie-Hellman key exchange
• Looking at Authentication from a number of perspectives– Today: authenticating users, services
![Page 2: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/2.jpg)
Agreeing on Secret KeysWithout Prior Arrangement
![Page 3: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/3.jpg)
Diffie-Hellman Key Exchange• While we have powerful symmetric-key technology, it
requires Alice & Bob to agree on a secret key ahead of time• What if instead they can somehow generate such a key
when needed?• Seems impossible in the presence of Eve observing all of
their communication …– How can they exchange a key without her learning it?
• But: actually is possible using public-key technology– Requires that Alice & Bob know that their messages will reach
one another without any meddling– So works for Eve-the-eavesdropper, but not Mallory-the-MITM– Protocol: Diffie-Hellman Key Exchange (DHE)
![Page 4: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/4.jpg)
Alice Bob
Eve
1. Everyone agrees in advance on a well-known (large) prime p and a corresponding g: 1 < g < p-1
p, g
p, g
p, g
Diffie-Hellman Key Exchange
![Page 5: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/5.jpg)
Alice Bob
Eve
2. Alice picks random secret ‘a’: 1 < a < p-1
3. Bob picks random secret ‘b’: 1 < b < p-1
p, g
p, g
p, g
a b
a? b?Diffie-Hellman Key Exchange
![Page 6: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/6.jpg)
Alice Bob
Eve
4. Alice sends A = ga mod p to Bob
5. Bob sends B = gb mod p to Alice
Eve sees these
p, g
p, g
p, g
a b
a? b?
A = ga mod pA
A
gb mod p = BB
B
Diffie-Hellman Key Exchange
![Page 7: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/7.jpg)
Alice Bob
Eve
6. Alice knows {a, A, B}, computes K = Ba mod p = (gb)a = gba mod p
7. Bob knows {b, A, B}, computes K = Ab mod p = (ga)b = gab mod p
8. K is now the shared secret key.
p, g
p, g
p, g
a b
a? b?
A = ga mod pA
A
gb mod p = BB
B
AB
K K
Diffie-Hellman Key Exchange
![Page 8: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/8.jpg)
Alice Bob
Eve
While Eve knows {p, g, ga mod p, gb mod p}, believed to be computationally infeasible for her to then deduce K = gab mod p.
She can easily construct A·B = ga·gb mod p = ga+b mod p. But computing gab requires ability to take discrete logarithms mod p.
p, g
p, g
p, g
a b
a? b?
A = ga mod pA
A
gb mod p = BB
B
AB
K K
K?
Diffie-Hellman Key Exchange
![Page 9: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/9.jpg)
Alice Bob
What happens if instead of Eve watching, Alice & Bob face the threat of a hidden Mallory (MITM)?
p, g
p, g
p, gMallory
Attack on DHE
![Page 10: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/10.jpg)
Alice Bob
p, g
p, g
p, gMallory
What happens if instead of Eve watching, Alice & Bob face the threat of a hidden Mallory (MITM)?
Attack on DHE
![Page 11: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/11.jpg)
Alice Bob
p, g
p, g
p, gMallory
2. Alice picks random secret ‘a’: 1 < a < p-1
3. Bob picks random secret ‘b’: 1 < b < p-1
a b
a? b?Attack on DHE
![Page 12: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/12.jpg)
Alice Bob
p, g
p, g
p, gMallory
a b
a? b?
4. Alice sends A = ga mod p to Bob
5. Mallory prevents Bob from receiving A
A = ga mod pA
AAttack on DHE
![Page 13: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/13.jpg)
Alice Bob
p, g
p, g
p, gMallory
a b
a? b?
6. Mallory generates her own a', b'
7. Mallory sends A' = ga' mod p to Bob
A = ga mod pA
A, A'a', b'
A' = ga' mod pA'
Attack on DHE
![Page 14: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/14.jpg)
Alice Bob
p, g
p, g
p, gMallory
a b
a? b?
8. The same happens for Bob and B/B'
A = ga mod pA
A, A'a', b'
A' = ga' mod pA'
gb mod p = BA'B
Attack on DHE
![Page 15: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/15.jpg)
Alice Bob
p, g
p, g
p, gMallory
a b
a? b?
8. The same happens for Bob and B/B'
A = ga mod pA
A, B, A', B'a', b'
A' = ga' mod pA'
gb mod p = BA'B
B’ = gb' mod pB'
Attack on DHE
![Page 16: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/16.jpg)
Alice Bob
p, g
p, g
p, gMallory
a b
a? b?
9. Alice and Bob now compute keys they share with … Mallory!
10. Mallory can relay encrypted traffic between the two ...
10'. Modifying it or making stuff up however she wishes
A = ga mod pA
A, B, A', B'a', b'
A' = ga' mod pA'
gb mod p = BA'B
B' = gb' mod pB'
K'1 = (B')a mod p= (gb')a = gb'a mod p
K'2 = (A')b mod p= (ga')b = ga'b mod p
K'1 = Ab' mod p = gab' mod pK'2 = Ba' mod p = gba' mod p
Attack on DHE
![Page 17: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/17.jpg)
Questions?
![Page 18: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/18.jpg)
Thinking about Authentication
• Fundamental issue for networking:– Parties only connected by untrustworthy medium
• Broad & evolving topic• Goal: develop a sense for authentication
paradigms & issues– Including weaker forms
• Will include some review• Will skip some (much) state-of-the-art
![Page 19: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/19.jpg)
Thinking about Authentication, con’t
• Spectrum:– Which user (human) am I dealing with?– Which server (institution) am I dealing with?– What attributes does this party have?
• Affiliation, human-or-program, country, …– Is this the same entity as before?
• A springboard for discussion: Let’s start with very basic circa 1990s web authentication …
![Page 20: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/20.jpg)
C → S: GET http://mybank.com/S → C: page, including a login formC → S: POST http://mybank.com/login?
u=USER&p=PASSWD[server marks this session as authenticated]
S → C: Set-Cookie: sessionid=NONCE(Cookie is an “authenticator” for session)
C → S: GET http://mybank.com/moneyxfer.cgiCookie: sessionid=NONCE
![Page 21: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/21.jpg)
Threats?
• No encryption: can know password, username, cookie
• MITM can manipulate cookies, migrate user associated with activity
• Weak passwords• Reused passwords
![Page 22: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/22.jpg)
Threats?
• Sniffing, MITM (network; app-level relay)⇒ Theft of password and/or authenticator
• 3rd-party manipulation of automation– E.g. CSRF (browser fetching of images)– E.g. XSS (browser execution of JS replies)
• Password security– Blind guessing / bruteforcing– Reuse (breaches)– Phishing
• Compromised client: hijacking
![Page 23: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/23.jpg)
Passwords
• Issues?• Ways to make them better?
![Page 24: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/24.jpg)
SoK = Systemization of Knowledge
![Page 25: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/25.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
![Page 26: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/26.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
User doesn’t have to memorize anything (weaker: just 1 secret)
![Page 27: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/27.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Cognitively practical for user having many accounts
![Page 28: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/28.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
No physical object (weaker: you carry it anyway)
![Page 29: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/29.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
No user action required (weaker: user speaks)
![Page 30: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/30.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
(E.g.: not a do-crypto-in-your-head scheme)
![Page 31: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/31.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Doesn’t require much user time; new associations aren’t burdensome
![Page 32: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/32.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Won’t frustrate legit users
![Page 33: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/33.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Recovery is quick, low-hassle, assured
![Page 34: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/34.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Works for users w/ physical disabilities/conditions
![Page 35: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/35.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
E.g.: plausible for startups to use
![Page 36: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/36.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Can look like “incumbent” to servers
![Page 37: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/37.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Just requires HTML5/JS; weaker: very common plugins
![Page 38: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/38.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Not just a research prototype/toy
![Page 39: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/39.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
No licensing/$ required
![Page 40: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/40.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Requires a bunch (> 10-20) of sessions for local attacker to subvert (even using sneaky techniques)
![Page 41: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/41.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Possessing personal knowledge doesn’t help attacker;weaker: user must exercise discipline in choices
![Page 42: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/42.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
It takes a lot of guesses
![Page 43: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/43.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
It’s infeasible to guess (e.g. requires 264 tries)
![Page 44: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/44.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Resists attacker who has client-side malware or has broken TLS
![Page 45: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/45.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
A problem at one site doesn’t endanger other sites
![Page 46: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/46.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Resists off-line phishing
![Page 47: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/47.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Attacker can’t benefit by stealing physical object;weaker: it’s protected (e.g., PIN)
![Page 48: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/48.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Trust localized to user/service
![Page 49: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/49.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
User has to (knowingly) consent to authentication occurring
![Page 50: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/50.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
Two verifiers who collude can’t link user across them based on authenticaticator alone
![Page 51: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/51.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
![Page 52: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/52.jpg)
Issues w/ Biometrics?
• Theft of artifact– High-res cameras + gummi bears
• Theft of digitization (replay)– Need challenge/response protocol
• Impairment– (Face recognition based on skull geometry)
• Irrevocable– More like a username than a password
![Page 53: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/53.jpg)
Issues w/ Biometrics?
• Theft of artifact– High-res cameras + gummi bears
• Theft of digitization (replay)– Need challenge/response protocol
• Impairment– (Face recognition based on skull geometry)
• Irrevocable?– What if sites could implant a biometric?
![Page 54: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/54.jpg)
Implantable Biometrics• Threat model: “rubber hose cryptography”
– Any defenses?• Consider scenario where authentication highly
important– Can afford lengthy setup, validation sequences
• Abstract idea:– In setup phase, implant biometric password in muscle
memory– Validation: probe muscle-memory response
• If user threatened, they don’t consciously know their password ⇒ can’t reveal it
![Page 55: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/55.jpg)
Authentication based on a game similar to Guitar Hero.User presses a key corresponding to falling circles.Game rachets up speed until user has a ~30% failure rate.Embeds password in 80% of game instances.
![Page 56: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/56.jpg)
30-45 minutes training: ~38 bits of entropy
![Page 57: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/57.jpg)
Authentication: make user play game, some instances of which require muscle memory to succeed at.Takes ~5 minutes to authenticate.Memory persists for at least weeks.
![Page 58: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/58.jpg)
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf
![Page 59: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/59.jpg)
Issues w/ Recovery?
• Knowledge-based recovery is vulnerable to targeting attacker
• Opens up phishing opportunities• May compound mental burden• Overall security = min(orig. sec., rec. sec.)
![Page 60: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/60.jpg)
Issues w/ Recovery?
• Can reduce security to that of simpler mode– E.g. iOS fingerprint/faceprint reduced to PIN
• Gets especially iffy when recovery relies onemail and uses varying, non-robust second factors– Real-life example from 2012 …
![Page 61: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/61.jpg)
(1) Get victim’s email & home (billing) address(2) Call Amazon, say you’re the victim & want to
add a credit card #(2') Add bogus card(3) Call Amazon: “I’ve lost access to my email account”
Provide name, billing addr, new credit card #(3') Add new email account(4) Go to Amazon web site, send password reset to new acct(5) This provides access to last four digits of account CCs(6) Go to Apple. Provide billing addr. & last 4 digits ...(6') ... receive temporary iCloud password(7) Go to N services: password resets emailed to iCloud acct.(8) Brick victim’s devices & PROFIT
![Page 62: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/62.jpg)
Thinking about Authentication, con’t
• Spectrum:– Which user (human) am I dealing with?– Which server (institution) am I dealing with?– What attributes does this party have?
• Affiliation, human-or-program, country, …– Is this the same entity as before?
![Page 63: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/63.jpg)
Phishing
• Involves two key fake-outs:– Fool user into thinking attacker is
really desired site– Fool site into thinking attacker is
really desired user
• Can we rely on user to judge whether a site is genuine?
![Page 64: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/64.jpg)
![Page 65: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/65.jpg)
![Page 66: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/66.jpg)
![Page 67: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/67.jpg)
![Page 68: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/68.jpg)
![Page 69: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/69.jpg)
![Page 70: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/70.jpg)
![Page 71: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/71.jpg)
Check for “green glow” in address bar?
![Page 72: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/72.jpg)
Check for Everything?
![Page 73: Lecture Outline - ICIRLecture Outline •Review of Diffie-Hellman key exchange •Looking at Authentication from a number of perspectives –Today: authenticating users, services](https://reader034.vdocument.in/reader034/viewer/2022050400/5f7e0b86a3372d035027cd85/html5/thumbnails/73.jpg)
“Browser in Browser”
Apparent browser is just a fully interactive imagegenerated by Javascript running in real browser!