CS代写 CSE 127: Introduction to Security

CSE 127: Introduction to Security
Lecture 16: Authentication and passwords

UCSD Spring 2022

Copyright By PowCoder代写 加微信 powcoder

Slides from and

• Commontechniquesforauthenticatingusers,locally and remotely
• Securitychallengesassociatedwithdifferent authentication methods
• Mitigationsdesignedtoaddresssomeoftheabove security challenges

Authentication
• Usingcryptography,AliceandBobcanauthenticate each other by proving they know respective secret keys
• Challenge-response authentication: Alice sends a random challenge to Bob. Bob signs (or MACs) the challenge.
• Switch roles, repeat.
• Whatexactlydidweauthenticate?
• Have Alice and Bob really committed their secret keys to memory?
• Did they manually perform cryptographic signing operations?

Authentication
• Usingcryptography,AliceandBobcanauthenticate each other by proving they know respective secret keys
• Challenge-response authentication: Alice sends a random challenge to Bob. Bob signs (or MACs) the challenge.
• Switch roles, repeat.
• Whatexactlydidweauthenticate?
• Have Alice and Bob really committed their secret keys to memory?
• Did they manually perform cryptographic signing operations?
• Theyauthenticatedeachother’scomputers.

Authentication
• Howdoweauthenticateahumanusertoasystem?
• Systemisoftenremoteserver
• Authenticate:ascertainwhoisinteractingwiththe system
• Necessary to apply appropriate security policy
• Only the intended subject should be able to authenticate
to the system as that subject

Authentication
How do we authenticate a human user to a machine?
• Provideidentityandproofofidentity • Identityexamples:
• Name, username, student ID, others?

Authentication
How can Alice prove that she’s really Alice? • Threetypesofauthenticationfactors
• Password: Something you know
• Token: Something you have
• Biometrics: Something you are
• Eachfactorcanbeusedindependently,orcombinedfor multi-factor authentication.
• Typically two-factor

@swiftonsecurity

Something you know
https://wallpaperaccess.com/blue-desktop
– https://creativecommons.org/licenses/by-nc-nd/4.0/

Something you know
• AsecretthatonlytherealAliceshouldknow
• A secret passcode.
• Examples: PIN, password
• PIN: Personal Identification Number (misnomer. Usually
used for authentication, not identification.)
• A secret about Alice
• Examples: mother’s maiden name, first pet, mortgage payment
• Technically,onlyprovesknowledgeofsecret,notthat it’s really Alice
• Secrets leak, can be shared, guessed.

https://xkcd.com/1121/

How does Alice prove she knows the password?
• Simplest:Aliceprovidesthepasswordtothesystem. • Problems?
• Passive adversary may observe password in transit
• Need secure channel to protect confidentiality
• Active adversary may impersonate the system
• Alice needs a way of authenticating the system

Alice uses a keyboard to type her password into client software that sends it on to the remote system for authentication.
Which points can Eve attack?

Attacking Passwords
• GetitfromAlice
• Interceptit
• Getitfromthesystem

Attacking Passwords
• IsAliceinvestedinkeepingitasecret?
• Debit card PIN number?
• Personal email password?
• Netflix password?
• Corporate network password?
• Isitwrittendownsomewhere?
• Good against remote attackers
• Not good against targeted local attacks (co-workers,
family, abusers)
• Know your threat model!
• Canitbeguessedbasedonavailableknowledgeabout Alice (birthday, names of pets/kids/spouses, etc)?

https://xkcd.com/538/

Strong passwords
• Challenge:comeupwithpasswords that are hard to guess, but easy to remember.
• Commonpasswordrules:
• Composition: Letters and numbers, mixed case, symbols, banned dictionary
• Length (char size)
• Lifetime (monthly, quarterly,
yearly, etc)
• Unintendedconsequences
• Required letters/symbols → ?
• Monthly change requirement → ?
https://en.wikipedia.org/ wiki/List_of_the_most_ common_passwords

Attacking Passwords
• CanEvetrickAliceintorevealingherpassword?
• HowdoesAliceknowsheisloggingintotherealsystem?
• Phishing!
• Tricking Alice into revealing her password by impersonating the system she is trying to access
• Alicehastobeabletoauthenticatethesystembefore providing her password

How can Alice authenticate the system?
HTTPS certificates validate the domain name in the URL.
What does it really tell you?
• Thatyouarecommunicatingwithaserverownedby UCSD?
• No.Onlythatyouarecommunicatingtowww.ucsd.edu and your connection is secure (confidentiality and integrity are protected) against passive and active attackers on the link.

• Howdoyouknowwww.ucsd.eduisalegitimateUCSD web site?
• Whatabout:
• www.cse.ucsd.edu • www.ucsd.cse.edu • www.cse-ucsd.edu

• Howdoyouknowwww.ucsd.eduisalegitimateUCSD web site?
• Auserisexpectedtoknowwhichdomainsare associated with the entity they are trying to interact with.
• AndhowtoproperlyparsetheURL
• Somebrowsersnowhighlightthedomainportion

What if the user knows which domain is real?
• Homoglyphs: symbols that appear identical or very similar
• Attack: Register domain names that look just like the victim domain, but using a different character set.

• https: //www.irongeek.com/homoglyph-attack-generator.php
• https://www.xudongz.com/blog/2017/idn-phishing/ •

• Related:Whenloggingintoamachinelocally,howdoes Alice know that she is entering the password into the real login program?
• Trusted path: Mechanism that guarantees user is interacting with intended component
• CTRL+ALT+DEL on Windows

Attacking Passwords
• Shouldersurf
• Sidechannels
• Hardwarekeyloggers
Shoulder surf
Side channels
Hardware keyloggers

Attacking Passwords • Softwarekeyloggers
• Passwordsinmemory • Internal buffers
• Clipboard
• Storedpasswords
• Cached passwords (e.g. browsers)
• Password managers (e.g Bitwarden, LastPass, etc)
• Good ones are well protected by master passwords • AlicePasswords.txt

Attacking Passwords
• Monitoringthetransmissionchannel
• Channel should be encrypted to protect password confidentiality
• Examples: TLS/SSH/HTTPS

Attacking Passwords
• Usesystemasanoracle:trytologinwithdifferent passwords
• Defense: Minimize error information
• Defense: Limit number of login attempts per user
• Attack: Try different users for common passwords
• Compromisepassworddatabase
• Huge yield compared to user-side attacks
• https://haveibeenpwned.com/
• Password reuse issues

Protecting Passwords
• HowcanthesystemverifythatthepasswordAlice entered is correct?
• Naivesolution:
• Store a copy of the password and compare provided
copy to the stored one • Problem?
• Ifsystemiscompromised,passwordsarerevealed • Same passwords may be used on other systems

Protecting Passwords • Othersolutions?

Protecting Passwords • Othersolutions?
• Hint:Systemdoesnotneedtoknowthepassword,only be able to verify it is correct.
• Whatifthesystemstoresacryptographichashofthe password?
• H(password)
• Hash must be pre-image resistant (hard to invert)
• Better…butstillproblematic.

Protecting Passwords
• Givenahashofapassword,Evecanuseittovalidate guesses
• Also, obvious which users have identical passwords
• Dictionaryattacks
• Dictionary: collection of possible, or likely, password strings
• Try every string in the dictionary until the correct entry is found.
• Pre-compute hashes of all strings in the dictionary, then perform reverse look-ups by hash to find corresponding password.

https://xkcd.com/1286/

Protecting Passwords Dictionary attack cost example:
• Assumepasswordsarecomposedofupperorlower case letters or digits
• 26 + 26 + 10 = 62 ≈ 64 possible values per character
• 64n = 26n possible passwords of length n
• Forn=6,236possiblepasswordstrings
• ≈ 10 TB to store all possible 6-character passwords and respective SHA-1 hashes
Can be reduced using techniques like rainbow tables.

Protecting Passwords
• Howdowemakedictionaryattacksharder?
• Note,theattackeronlyhadtocomputeonedictionary of hashes that could then be used for any user’s password hash from any system.
• Wecanparameterize,or“salt”,passwordhasheswith unique random numbers
• Instead of storing H(p), store (r , H(r||p)), where r is random salt
• Precomputation is no longer possible. Attacker must compute unique hashes for every target
• Better…butstillproblematic.

Specialized Password-Cracking Hardware
• 2012:Gosney25GPUpasswordcracking cluster
• 350B NTLM hashes (used by Windows) per sec
• 180B MD5 hashes/sec, 63B SHA-1 hashes/sec
• Stateactorscanbuildcustomhardware
https://arstechnica.com/information-technology/2012/12/25-gpu-cluster-cracks-every- standard-windows-password-in-6-hours/

Protecting Passwords
• Howdowemakedictionaryattacksevenharder?

Protecting Passwords
• Howdowemakedictionaryattacksevenharder?
• Hint:Thecomputationtoverifyapasswordforagiven user on a legitimate system happens relatively infrequently, but an attacker attempting to crack a password hash must perform many, many attempts

Protecting Passwords
• Howdowemakedictionaryattacksevenharder?
• Hint:Thecomputationtoverifyapasswordforagiven user on a legitimate system happens relatively infrequently, but an attacker attempting to crack a password hash must perform many, many attempts
• Conclusion:Useadeliberatelyslowand resource-consuming hashing function
• PBKDF2,bcrypt,scrypt

Protecting Passwords
• Buildingblocksforpasswordprotection
• Slow down
• ForSlowdown,useoneof:
• PBKDF2 • bcrypt

Open-ended question
What is your password hygiene?
Mine: Use strong passwords, don’t reuse passwords, never share passwords, etc.
Go to www.menti.com and use the code 1044 1273

Something you have
https://wallpaperaccess.com/blue-desktop
– https://creativecommons.org/licenses/by-nc-nd/4.0/

Something You Have
• SomethingonlyAliceshouldhave
• Examples: key, smartcard, RFID badge, SecurID token
• Frequentlyusedasasecondfactor(incombinationwith a passcode)
• 2FA token
• Technically,onlyprovespossessionofthetoken,not
that it’s really Alice
• Tokens get shared, lost, stolen, duplicated

Smartcards
• Idea:PutasecretkeyintoatinycomputerthatAlicecan carry with her
• Plastic card with an embedded integrated circuit
• Provisioned with secret keys
• Interacts with readers through contact pads or short
range wireless (NFC)
• Manyusesbeyonduser authentication
• Stored value payment and transit
• SIM cards
• Satellite TV
• Sample authentication protocol:
https://en.wikipedia.org/wiki/EMV
1. Interrogate with a random challenge 2. Verify signed response
Use protected sleeves
NFC hacking

One Time Passcode Tokens
• Samebasicideaasasmartcard:atinycomputerwitha secret
• Typically without a direct computer interface • Howtoprovidechallengeandgetresponse?
• Responseisdisplayedontokenscreen,usertypesit into the authentication system.
• Typically using current time instead of a challenge (requires time sync)
• Some variants have keypads to allow the user to type in a challenge as well
https://www.rsa.com/en-us/resources/rsa-securid-hardware-tokens

One Time Passcode Tokens
• Typicalprotocol:
• Based on symmetric cryptography (shared secret
between token and authenticating server)
• Periodically (e.g. once a minute) token generates a new
single-use code by MACing current time
• To authenticate, Alice types in her password and current
code (two-factor)
• Strengths:
• Knowing the password is not enough to impersonate
• Each code is single-use. Eavesdropping
(shoulder-surfing, keylogging, etc.) does not enable Eve
to impersonate Alice in the future.
• Observing any number of codes does not help in
predicting future ones.

One Time Passcode Tokens • Weaknesses:
• Vulnerable to man-in-the-middle and phishing attacks.
• Server needs to know the secret key to validate token
codes. Single point of failure.
• Does not scale well to multiple accounts.

RSA acquires PassBan, to provide Multifactor Authentication

One-Time Passcode without Tokens
• Virtualedition
• Everybody (in some parts of the world) already carries a tiny computer. Let’s just use that.
• Strength: better scaling, support multiple keys with the same physical device.
• Weakness: the two authentication factors are not as isolated anymore.
https://vip.symantec.com/

One-time Passcode without Tokens
• Extendingtheideaofusing(possessionof)yourphone
as an authentication factor.
• AuthenticatingservercansendAliceaone-timecode via SMS.
• Alice logs in with her password and received code.
• Oftenusedforstep-upauthenticationoraccount recovery.
• Step-up authentication: secondary (stronger) authentication mechanism invoked based on risk level
• Examples: When attempting to access more sensitive resources, or when behavior patterns do not match routine.
• Similar solutions use email instead of SMS.
• Proof that Alice has access to the email account she
registered with.
• Widespreaduse,butweakeragainstrangeofthreat models (SMS not very secure)

Something you are
https://wallpaperaccess.com/blue-desktop
– https://creativecommons.org/licenses/by-nc-nd/4.0/

Something You Are
• SomeuniqueidentifyingcharacteristicthatonlyAlice has (biometrics)
• Physical feature: fingerprint, iris print
• Behavioral characteristic: handwriting, typing
• Combination thereof: voice, gait
• HowdoyouknowthatIamthesamepersonthatwas here last week?
• Did I provide a password?
• Did I provide a badge?
• Prettymuchalltrustboilsdowntobiometric authentication of one human by another.

Biometrics
• Theonlyauthenticationfactorthatisnotdesignedtobe transferable
• Clear separation of authentication and authorization • Nothingtoremember,nothingtocarryaround
• Canbeverystrongdifferentiator • Unique-ish

Biometrics
• Fingerprint • Handprint • Retina
• Facerecognition • Vein
• Vascular pattern in back of hand
• Voiceprint
• Signature
• Timing between
character sequences
• Gaitrecognition • Heartbeat

Biometrics
• Generalapproach:
• Scan an analog sample
• Convert to set of digital features
• On enrollment save template of identifiable features
https://en.wikipedia.org/wiki/
Simplified flow

Biometrics
• Whathappensinaremoteauthenticationsetting? • Whatdoestheauthenticatingsystemactuallyget?

Biometrics
• ScenarioA:Onlythesensorislocaltouser.
• Featureextractionandmatchinghappenon authenticating system.
• AuthenticatingsystemhastotrustAlice’scomputerto provide sensor data.
• Allbiometricfeaturesandtemplatedataareona central server.

Biometrics
• ScenarioB:Sensingandfeatureextractionarelocalto user.
• Matchinghappensonauthenticatingsystem.
• AuthenticatingsystemhastotrustAlice’scomputerto
provide authentic, fresh, unspoofed data.
• Allbiometricfeaturesandtemplatedataarestillona central server.

Biometrics
• ScenarioC:Sensing,featureextraction,andmatching are local to user.
• Onlytheresultiscommunicatedtotheauthenticating system.
• AuthenticatingsystemhastotrustAlice’scomputerto perform authentication.
• Allbiometricfeaturesandtemplatedataareisolatedon end users’ devices.

Biometrics
• Use in distributed systems requires biometric scanner to be trusted and to have secure channel (authenticity, privacy, integrity, no replay) to the server.
• Challenges
• Accuracy
• Ease of use (particularly enrollment)
• User acceptance
• Feature stability

Enrollment Issues
• Unlikepasswords,hardtopre-enrolluser
• Usersmustbeenrolledinteractively
• Formanybiometrics,gettinggoodaccuracyrequires multiple readings
• Build templates and test against registration
• Some templates simply tough (e.g. smooth fingerprint)
• “Goats”: Subjects who have consistently low match
scores against themselves.

How strong is a biometric?
• Non-adversarial
• False accept rate
• False reject rate • Adversarial
• Intercept • Spoofing

Non-adversarial testing • Falseacceptrate
• How many random trials before expectation of false accept > 0.5 • Falserejectrate
• How many random trials before expectation of false reject > 0.5
• LowerFAR=lesstolerantofclosematches
• Harder to attack
• Necessarily increases FRR
• LowerFRR=moretolerantofclosematches
• Easier to use
• Necessarily increases FAR
• Sincematchisapproximatecanalmostalwaystunefor
one or other
• EqualerrorratepointwhereFAR=FRR
• Note,hugedifferencebetweenasinglefalseacceptand system-wide false accept (more templates means more things you can accept against)

Biometrics Spoofing
• Biometricsareprivate,butnotsecret
• Usersexposebiometricinstanceseverywhere
• Fingerprints, hand geometry, face, handwriting, iris,
gate, etc.
• Allowsattackertocreatebiometricforgery
• Spoofing
• Spoofing Mitigations • Replayprevention
• Save previous image and reject if identical
• Tricky: can pick up and rotate to fool
• Improvedvalidationprevision
• Verifier should have higher precision than forger
• Examples: pore detection, perspiration detection
• “Liveness”detection
• Examples: temperature, pulse, blood flow

Biometric Spoofing Mitigations
• Multi-modal
• Multiple biometric factors
• Multi-factor
• Biometric plus password
• Biometric plus token

Privacy issues
• Biometricidentifierscantrackyourphysicalactivitiesas well as your virtual activities
• Some with crisp legal standing (fingerprint, DNA) • Easytomatch(evenifcan’tspoof)
• Veryhardtoobscure

• Threetypesofauthenticationfactors
• Password: Something you know
• Token: Something you have
• Biometrics: Something you are
• Eachfactorcanbeusedindependently,orcombinedfor multi-factor authentication
• Typically 2-factor
• Useaslowsaltedhashtostorepasswords
• PBKDF2, bcrypt, or scrypt
• Don’t make up your own!

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com