user authentication and password management john mitchell cs 142 winter 2009
Post on 18-Dec-2015
222 views
TRANSCRIPT
![Page 1: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/1.jpg)
User Authentication and Password Management
John Mitchell
CS 142 Winter 2009
![Page 2: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/2.jpg)
Outline
Basic password concepts Hashing, salt, online/offiline dictionary attacks
Phishing and online ID Theft Phishing pages, server auth, transaction generators,
secure attention sequence
Two-factor authentication Biometrics, one-time pwd tokens
Server-side password functions Ruby-on-Rails, pwd registration, email confirmation,
OpenID
Security questions and the story of Sarah Palin
![Page 3: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/3.jpg)
Password authentication
Basic idea User has a secret password System checks password to authenticate
user
Issues How is password stored? How does system check password? How easy is it to guess a password?
Difficult to keep password file secret, so best if it is hard to guess password even if you have the password file
![Page 4: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/4.jpg)
Basic password scheme
Password fileUser
exrygbzyf kgnosfix ggjoklbsz … …
frunobulax
hash function
![Page 5: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/5.jpg)
Basic password scheme
Hash function h : strings strings Given h(password), hard to find password No known algorithm better than trial and
error
User password stored as h(password)When user enters password System computes h(password) Compares with entry in password file
No passwords stored on disk
![Page 6: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/6.jpg)
Unix password system
Hash function is 25xDES Number 25 was meant to make search slow
Password file is publicly readable Other information in password file …
Any user can try “offline dictionary attack” User looks at password file Computes hash(word) for every word in
dictionary
“Salt” makes dictionary attack harderR.H. Morris and K. Thompson, Password security: a case history, Communications of the ACM, November 1979
![Page 7: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/7.jpg)
Dictionary Attack – some numbers
Typical password dictionary 1,000,000 entries of common passwords
people's names, common pet names, and ordinary words. Suppose you generate and analyze 10 guesses per second
This may be reasonable for a web site; offline is much faster
Dictionary attack in at most 100,000 seconds = 28 hours, or 14 hours on average
If passwords were random Assume six-character password
Upper- and lowercase letters, digits, 32 punctuation characters
689,869,781,056 password combinations. Exhaustive search requires 1,093 years on average
Dictionary attack vs exhaustive search: 14 hours vs. 1000 years
![Page 8: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/8.jpg)
Salt
Password linewalt:fURfuu4.4hY0U:129:129:Belgers:/home/walt:/bin/csh
25x DES
InputSalt
KeyConstant
Plaintext
Ciphertext
Compare
When password is set, salt is chosen randomly;12-bit salt slows dictionary attack by factor of 212
![Page 9: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/9.jpg)
Advantages of salt
Without salt Same hash functions on all machines
Compute hash of all common strings once Compare hash file with all known password files
With salt One password hashed 212 different ways
Precompute hash file? Need much larger file to cover all common strings
Dictionary attack on known password file For each salt found in file, try all common strings
![Page 10: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/10.jpg)
Password-authenticated key exchange
Main idea Do not sent password on network Compute and send values that
depend on the password but do not provide usable information about it.
![Page 11: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/11.jpg)
Diffie-Hellman key exhange
ga mod p
gb mod p
Result: A and B share secret gab mod p
A B
Assumes public prime p and generator g
![Page 12: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/12.jpg)
Example: SPEKE Assumes public prime p and secret password Compute g = hash()2 mod p
ga mod p
gb mod p
Result: A and B share secret gab mod p
A B
Squaring makes g a generator of prime order subgroup ...
![Page 13: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/13.jpg)
Outline
Basic password concepts Hashing, salt, online/offiline dictionary attacks
Phishing and online ID Theft Phishing pages, server auth, transaction generators,
secure attention sequence
Two-factor authentication Biometrics, one-time pwd tokens
Server-side password functions Ruby-on-Rails, pwd registration, email confirmation,
pwd reset, single sign-on
Security questions and the story of Sarah Palin
![Page 14: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/14.jpg)
Phishing Attack
password?
Sends email: “There is a problem with your eBuy account”
User clicks on email link to www.ebuj.com.
User thinks it is ebuy.com, enters eBuy username and password.
Password sent to bad guy
![Page 15: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/15.jpg)
15
Typical properties of spoof sites
Show logos found on the honest site Copied jpg/gif file, or link to honest site
Have suspicious URLs Ask for user input
Some ask for CCN, SSN, mother’s maiden name, …
HTML copied from honest site May contain links to the honest site May contain revealing mistakes
Short lived Cannot effectively blacklist spoof sites
HTTPS uncommon
![Page 16: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/16.jpg)
16
SpoofGuard browser extension
SpoofGuard is added to IE tool bar User configuration Pop-up notification as method of last resort
![Page 17: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/17.jpg)
Browser anti-phishing filters
Major browsers use antiphishing measures Microsoft antiphishing and anti-malware tool for
IE Firefox – combination of tools, including Google Opera uses Haute Secure to provide bogus site
warnings to end users Google – own antiphishing technology in Chrome Apple added antiphishing to Safari 3.2 (Nov ‘08)
![Page 18: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/18.jpg)
![Page 19: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/19.jpg)
Berkeley: Dynamic Security Skins
Automatically customize secure windows Visual hashes
Random Art - visual hash algorithm Generate unique abstract image for each
authentication Use the image to “skin” windows or web content Browser generated or server generated
![Page 20: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/20.jpg)
20
Password Phishing Problem
User cannot reliably identify fake sitesCaptured password can be used at target site
Bank A
Fake Site
pwdApwdA
![Page 21: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/21.jpg)
21
Common Password Problem
Phishing attack or break-in at site B reveals pwd at A
Server-side solutions will not keep pwd safe Solution: Strengthen with client-side support
Bank A
low security site
high security site
pwdA
pwdB
= pwdA
Site B
![Page 22: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/22.jpg)
Stanford PwdHash
Lightweight browser extension
Impedes password theft Invisible to server Compute site-specific password that
appears “ordinary” to server that received is
Invisible to user User indicates password to be hashed by
alert sequence (@@) at beginning of pwd
![Page 23: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/23.jpg)
Password Hashing
Generate a unique password per site HMACfido:123(banka.com) Q7a+0ekEXb HMACfido:123(siteb.com) OzX2+ICiqc
Hashed password is not usable at any other site Protects against password phishing Protects against common password problem
Bank A
hash(pwdB, SiteB)
hash(pwdA, BankA)
Site B
pwdA
pwdB
=
![Page 24: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/24.jpg)
Many tricky issues
Malicious javascript in browser Implement keystroke logger, keep
scripts from reading user password entry
Password reset problem Internet caféDictionary attacks (defense: added salt)
![Page 25: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/25.jpg)
Anti-Phishing Features in IE7
![Page 26: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/26.jpg)
Picture-in-Picture Attack
![Page 27: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/27.jpg)
Results: Is this site legitimate?
![Page 28: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/28.jpg)
Web timing attacks
Most sites have “Forgot my password” pages
These pages may leak whether an email is valid at that site• Identified through outreach
to financial infrastructure company
• Vulnerability found on virtually every site we tested
• Communicated results, repair adopted
![Page 29: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/29.jpg)
Biometrics
Use a person’s physical characteristics fingerprint, voice, face, keyboard timing, …
Advantages Cannot be disclosed, lost, forgotten
Disadvantages Cost, installation, maintenance Reliability of comparison algorithms
False positive: Allow access to unauthorized person
False negative: Disallow access to authorized person
Privacy? If forged, how do you revoke?
![Page 30: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/30.jpg)
Token-based authentication
Several configurations and modes of use Device produces password, user types into
system User unlocks device using PIN User unlocks device, enters challenge
Example: S/Key User enters string, devices computes sequence
p0 = hash(string|rand); pi+1 = hash(pi) pn placed on server; set counter k = n
Device can be used n times before reinitializing Send pk-1 = to server, set k = k-1 Sever checks hash(pk-1) = pk , stores pk-1
![Page 31: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/31.jpg)
Other methods (several vendors)
Some complications Initial data shared with server
Need to set this up securely Shared database for many sites
Clock skew
ChallengeTime
function
Time
Initial data
![Page 32: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/32.jpg)
32
CMU Phoolproof prevention
Eliminates reliance on perfect user behaviorProtects against keyloggers, spyware. Uses a trusted mobile device to perform mutual authentication with the server
password?
![Page 33: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/33.jpg)
Outline
Basic password concepts Hashing, salt, online/offiline dictionary attacks
Phishing and online ID Theft Phishing pages, server auth, transaction generators,
secure attention sequence
Two-factor authentication Biometrics, one-time pwd tokens
Server-side password functions Ruby-on-Rails, pwd registration, email confirmation,
pwd reset, single sign-on
Security questions and the story of Sarah Palin
![Page 34: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/34.jpg)
Ruby-on-Rails
No built-in authentication framework restful-authentication, Authlogic, Clearance
Basic features Registration of new users; validation by email address
(optional) Login – session creation Logout – session destruction Password recovery or reset
Additional considerations Hashing and/or encryption of user passwords One-time or persistent tokens for cookies and validation emails Multiple session support Administrative controls IP & login logging and other miscellaneous record keeping Support for authentication platforms such as OpenID
http://wiki.rubyonrails.org/howtos/authentication-authorization
![Page 35: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/35.jpg)
Restful Authentication
Basic features Login and logout Secure password handling Account activation by validating email Account approval and disabling by email Rudimentary hooks for authorization and
access control
Implementation Uses Salt and SHA1 hash function
http://railsforum.com/viewtopic.php?id=14216
Ruby on Rails
![Page 36: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/36.jpg)
AuthLogic
May have some advantages AuthLogic may do a better job of
expiring sessions on the server side if the user's password changes or a time span elapses
Limits consequences of so an XSS exploit, other attacks
http://github.com/binarylogic/authlogic/tree/master
Ruby on Rails
![Page 37: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/37.jpg)
OpenID
http://www.windley.com/archives/2006/04/how_does_openid.shtml
![Page 38: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/38.jpg)
OpenID Steps1.User is presented with OpenID login form by the Consumer 2.User responds with the URL that represents their OpenID 3.Consumer canonicalizes the OpenID URL and uses the canonical version to request
(GET) a document from the Identity Server. 4.Identity Server returns the HTML document named by the OpenID URL 5.Consumer inspects the HTML document header for <link/> tags with the attribute rel set
to openid.server and, optionally, openid.delegate. The Consumer uses the values in these tags to construct a URL with mode checkid_setup for the Identity Server and redirects the User Agent. This checkid_setup URL encodes, among other things, a URL to return to in case of success and one to return to in the case of failure or cancellation of the request
6.The OpenID Server returns a login screen. 7.User sends (POST) a login ID and password to OpenID Server. 8.OpenID Server returns a trust form asking the User if they want to trust Consumer
(identified by URL) with their Identity 9.User POSTs response to OpenID Server. 10.User is redirected to either the success URL or the failure URL returned in (5) depending
on the User response 11.Consumer returns appropriate page to User depending on the action encoded in the
URL in (10)
![Page 39: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/39.jpg)
Common pwd registration procedure
Web site
Email provider
User
visit web site
Send link in email
AuthenticateReceive email
1
2
3
Complete registration
5
4
![Page 40: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/40.jpg)
September 16, September 16, 20082008Compromise of [email protected] using password-reset functionality of Yahoo Mail.
• No secondary mail needed
• Date of Birth - Wikipedia
• Zipcode – Wasilla has two
• Where did you meet your spouse?
- Biographies
- Wikipedia, again…
•Successfully changed password to “popcorn”
Slides: Gustav Rydstedt
![Page 41: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/41.jpg)
Data Data MiningMining
• Make of your first car?
- Until 1998, Ford had >25% of market
• First name of your best friend?
- 10% of males: James/Jim, John, Robert/Bob/Rob
• Name of your first / favorite pet
- Max, Jake, Buddy, Bear… etc.
- Top 500 (covers 65% of names) is available online• Mother’s Maiden Name, Social Security Number
- “Messin’ with Texas” [Griffith & Jakobsson, 2005]
![Page 42: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/42.jpg)
People People ForgetForget
• Name of the street etc?
- More than one…
•Name of best friend?
- Friends change
• City you were born?
- NYC? New York? Manhattan?
New York City? Big Apple?
• People lie to increase security… then forget.
![Page 43: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/43.jpg)
Inapplicable What high school did your spouse attend?
Not memorable Name of teacher in kindergarten?
Ambiguous Name of college you applied to but did not attend?
Guessable Age when you married? Favorite color?
Attackable/automatically attackable Public records.
![Page 44: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/44.jpg)
Anticipating Anticipating TrendsTrends
More sites … More passwords … More forgetting …
More repeated credentials…
Increased exposure to hacking and cloning
Note: Underground markets sell reset
password questions for 10x the price of passwords.
![Page 45: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/45.jpg)
blue-moon-authentication.comblue-moon-authentication.com
• Avoid memory, use preferences Do not have to be remembered:
forgetting curve does not apply!
• Preferences are stable [Kuder, 1939]
• Rarely documented especially dislikes
![Page 46: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/46.jpg)
The The Experiments Experiments - Correlations- CorrelationsAverage correlation very low.
Obvious relationships such as
“Political Events” and “Politics”
had strong correlation.
Negative correlations were
especially weak.
Only pair wise correlations
tested.
![Page 47: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/47.jpg)
The The Experiments Experiments - Correlations- Correlations
Someone who likes Someone who likes Visiting Flea MarketsVisiting Flea Markets
is the least likely to enjoy?is the least likely to enjoy?
Punk Music
Indian Food
Watching Tennis
Visiting Bookstores
Cats
![Page 48: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/48.jpg)
The The Experiments Experiments - Correlations- Correlations
Someone who likes Someone who likes Visiting Flea MarketsVisiting Flea Markets
is the least likely to enjoy?is the least likely to enjoy?
Punk Music
Indian Food
Watching TennisWatching TennisVisiting Bookstores
Cats
![Page 49: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/49.jpg)
Who is the Who is the Enemy?Enemy?
1. Faceless enemy on the weba. Naïve - 0% successb. Strategic - 0.5% successc. The Super hacker - ?
2. Acquaintance / friend / family member
3. Your ex-girlfriend/boyfriend4. The website-cloning attacker5. The IM Manipulator
![Page 50: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/50.jpg)
Outline
Basic password concepts Hashing, salt, online/offiline dictionary attacks
Phishing and online ID Theft Phishing pages, server auth, transaction generators,
secure attention sequence
Two-factor authentication Biometrics, one-time pwd tokens
Server-side password functions Ruby-on-Rails, pwd registration, email confirmation,
pwd reset, single sign-on
Security questions and the story of Sarah Palin
![Page 51: User Authentication and Password Management John Mitchell CS 142 Winter 2009](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d255503460f949fb605/html5/thumbnails/51.jpg)