Dr.
Panagiotis Rizomiliotis
Identification is not enough
You have to prove your identity!
(What is an identity?????)
Prove continuity in relationship
Basis of trust
�1.
Something that you know
Password
Answer
2.
Password: snoopy1
Mothers maiden name: jones
Pets name: snoopy
Something that you have
Tokens
Smart Card
3.
Something that you are (or where you are)
biometrics
Impersonation
Malicious insiders
Eavesdropping
Keyboard sniffers
Network sniffers
Trojan horses
Authentication often needed in both
directions
Server trusting user is not only concern
User must trust server
Ex. User accessing online bank account
�Alice
Im Alice
challenge R
Z=f(K,R)
response Z
Bob
K = shared key
Z=?f(K,R)
f() can be:
encryption function Bob just decrypts and verifies time in within
allowed skew
hash Bob needs to hash all times in allowable interval or Alice sends
time
�Problems?
Authentication not mutual
Connection hijacking after authentication attacker spoofs Alice
or Bobs source address and send packets if conversation not
encrypted
Off-line password/key attack depends on length of K
Compromise of database/disk if K is stored, or temporary memory
access
�Alice
Im Alice, f(K,timestamp)
Bob
Problems?
Impersonate Alice if intercept and send message race condition
If use same K with multiple servers, could send message to
another server and impersonate Alice
Clock skew/synchronization
10
�Alice
Bob
Im Alice
Bob decrypts with Alices
public key and verifies R
was returned.
R
[R]Apriv
Alice
Alice proves to Bob
she has her private
key by returning R
Im Alice
Bob
[R]Apub
R
[R]Ax = R signed with
Alices x key, where x is
private (priv) or public
11
(pub) key
First case:
Can send anything to Alice as R and get Alice to
sign it
Second case:
Intercepted an encrypted message for Alice, send it
and get Alice to decrypt it
12
�13
�Alice
Im Alice
Bob
R1
f(K,R1)
R2
f(K,R2)
14
�More efficient version:
Alice
Im Alice, R2
Bob
R1, f(K,R2)
f(K,R1)
15
�Reflection attack:
Trudy
Doesnt
know K so
cant send
f(K,R1)
Im Alice, R2
Bob
R1, f(K,R2)
Trudy
Now use
f(K,R1) in
above attempt
Im Alice, R1
Bob
R3, f(K,R1)
16
Solutions:
Separate keys for each direction
Requirements on R values: odd in one direction, even in the other,
concatenate with senders name
17
Also note, Trudy can get Bob to encrypt a value (or
a several of values) and then try an offline attack to
guess K
Have Bob return R1 value for Alice to encrypt
Alice
Im Alice
Bob
R1
R2, f(K,R1)
f(K,R2)
Now Bob would have to reuse R1 in order for
Trudy, who eavesdrops, to be able to use
f(K,R1)
18
�Alice
Im Alice, f(K,timestamp)
Bob
f(K,timestamp+1)
Same issues as before plus clock skew
Any modification to timestamp will work
19
�Alice
Im Alice, [R2]Bpub
Bob
[R1]Apub, R2
R1
Always the same issue!
how to obtain/store/validate Bobs public key
20
�21
Something that you know
Something that you have
Something that you are
22
�PassWords
23
Passwords are cheap to deploy, but also act as
the first line of defense in a security arsenal.
They are also often the weakest link.
Examples of what they protect:
ATMs and bank accounts
Nuclear power and other critical infrastructure systems
Company proprietary information and systems
Email accounts (Gmail, Hotmail, Yahoo, AOL, etc.)
Student information (e.g. MyUalbany & WebCT)
24
Passwords have been used for centuries, e.g.
guards and sentries
Passwords = secret authentication code used for
access.
= real or genuine, from 'authentes' =
author
Answers the question: How do you prove to
someone that you are who you claim to be?
25
�Filing System
Clear text
Dedicated Authentication Server
Clear text
Encrypted
Password + Encryption = bf4ee8HjaQkbw
Hashed
Password + Hash function =
aad3b435b51404eeaad3b435b51404ee
Salted Hash
(Username + Salt + Password) + Hash function =
e3ed2cb1f5e0162199be16b12419c012
26
Usually stored as hashes (not plain text)
Plain-text is converted into a message digest
through use of a hashing algorithm (i.e. MD5,
SHA1)
27
� Hash function H must have some properties:
One-way: given H(password), hard to find password
No known algorithm better than trial and error
Collision-resistant: given H(password1), hard to find password2 such
that: H(password1) = H(password2)
It should even be hard to find any pair p1,p2 s.t.
H(p1)=H(p2)
28
In past UNIX systems, password used
modified DES (encryption algorithm) as if it
were a hash function
Encrypts NULL string using password as the key (truncates
passwords to 8 characters!)
Caused artificial slowdown: ran DES 25 times
Also stored password file in directory:
/etc/passwd/
World-readable (anyone who accessed the machine would
be able to copy the password file to crack at their leisure)
Contained userIDs/groupIDs used by many system
programs
Can instruct modern UNIXes to use MD5 hash function
29
�System administrator at MIT was editing the
password file and another was editing the daily
message (appeared on everyones login
terminal). Due to a software error, the editor
files were switched and the password file was
printed every time someone logged in.
- Robert Morris & Ken Thompson (April 3,
1978)
30
Password hashes stored in /etc/shadow directory
(or similar)
only readable by system administrator (root)
Less sensitive information still in /etc/password
Added expiration dates for passwords
31
Disclosure
Voluntary disclosure of information
Inadequate guarding of system passwords
Inference
Known pattern to creation of passwords
Use of generated passwords with predictable algorithm
Exposure
Accidental release of password
Loss
Forgetting to remember passwords
Can lead to creation of easy passwords
32
Snooping/Eavesdropping
Guessing
Keyloggers
Network sniffing (intercepting of network
communication where a password is submitted)
Limited amount of choices which can be figured
out through process of elimination
Use of blank/common passwords, passwords
which can be figured out by knowing name of
relatives, pets, etc.
Cracking
Automated guessing
33
Passwords are NOT truly random
52 upper/lowercase letters, 10 digits, and 32
punctuation symbols equals 6 quadrillion
possible 8-character passwords
People like to use dictionary words, relative and pet
names equaling 1 million common passwords
On average, each person has 8-12 passwords:
Different systems impose different password
requirements.
Passwords need to be changed often.
Some passwords are only used occasionally.
34
Dictionary Attack
Hybrid Attack
Brute Force Attack
Quick technique that tries every word in a specific
dictionary
Adds numbers or symbols to the end of a word
Tries all combinations of letters, numbers & symbols
35
�Passwords
Cracking Protection - Salting
Salting requires adding a random piece of data and to the password
before hashing it.
This means that the same string will hash to different values at different
times
Users with same password have different entries in the password file
Salt is stored with the other data as a complete hash
Hacker has to get the salt add it to each possible word and then
rehash the data prior to comparing with the stored password.
36
� The
same password can be rehashed many times
over to make it more difficult for the hacker to crack
the password.
This means that the precompiled dictionary hashes
are not useful since the iteration count is different
for different systems
Dictionary attack is still possible!
37
Single sign-on
User only has to remember one password at a time and yet
can access all/most of their resources
Centralized password storage management
Online sites accessible through one password which contain
all other passwords
38
Password complexity
Case-sensitivity
Use of special characters, numbers, and both upper and
lower-case letters
Minimum length requirements
Security questions
Ask personal questions which need to be verified
Some questions are very easy to discover answers
Virtual keyboard
Person clicks on-screen keyboard to enter
password (prevents keylogging)
39
Graphical passwords
Goal: increase the size of memorable password space
Rely on the difficulty of computer vision
Face recognition is easy for humans, harder for machines
Present user with a sequence of faces, he must pick the right
face several times in a row to log in
40
Other examples
Click on a series of pictures in order
Drawing a picture
Clicking four correct points on a picture
Reading graphical text (captcha)
Requires user to input text based on what is seen in the
graphic. Attempts to curb automated password crackers
due to difficulty in distinguishing letters/numbers
Scheme where users had to input text based on graphics
shown to undress a picture
41
�1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Leaving passwords blank or unchanged from default
value.
Using the letters p-a-s-s-w-o-r-d as the password.
Using a favorite movie star name as the password.
Using a spouses name as the password.
Using the same password for everything.
Writing passwords on post-it notes.
Pasting a list of passwords under the keyboard.
Storing all passwords in an Excel spreadsheet on a
PDA or inserting passwords into a rolodex.
Writing all passwords in a personal diary/notebook.
Giving the password to someone who claims to be the
system administrator.
42
�43
Tokens
Smart cards
RFID
44
Examples
Use a block cipher
Some work in both directions
RSA
VASCO Digipass
Repeatedly encrypt
Continuously update every x seconds
Update each time user presses button
Customer enters OTP
Server returns OTP, customer (manually)
compares it to value on token
45
Help desk required
Cost
Synchronization not perfect
Premature battery death
$15-$25
banks with million customers
User still needs pin (something you know +
something you have)
Necklace of Tokens issue
Non-standard algorithms
Only recently integrated with cell phones
Still rare to have multiple tokens on single device
OATH effort
46
Tokens, smart cards use crypto
Use a password (or key) in a cryptographic
protocol
Prove possession of key
Mutual authentication
Usually coupled with encryption of data after
authentication
Certificates
PKI covered in another lecture
47
Visual identity application
Plain plastic card is enough
Magnetic strip (e.g. credit cards)
Visual data also available in machine readable
form
No security of data
Electronic memory cards
Machine readable data
Some security (vendor specific)
48
�A smart card:
can store data (e.g. profiles, balances,
personal data)
provides cryptographic services (e.g.
authentication, confidentiality, integrity)
is a microcomputer
is small and personal
Anne Doe
is a secure device
1234 5678 8910
49
Communication
Entertainment
Retail
Transportation
Health care
Government
E-commerce
E-banking
Education
Office
50
Retail
Sale of goods
Communication
using Electronic Purses, Credit / Debit
GSM
Vending machines
Payphones
Loyalty programs
Tags & smart labels
Entertainment
Transportation
Public Traffic
Parking
Road Regulation (ERP)
Car Protection
Pay-TV
Public event access
control
51
Healthcare
Insurance data
Personal data
Personal file
sale of information
sale of products
sale of tickets,
reservations
Government
Identification
Passport
Driving license
E-commerce
E-banking
access to accounts
to do transactions
shares
52
Educational facilities
Office
Physical access
Network access
Personal data (results)
Copiers, vending machines, restaurants, ...
Physical access
Network access
Time registration
Secure e-mail & Web
applications
53
�CPU
Central Processing
Unit:
heart of the chip
54
�security logic:
CPU
security
logic
detecting abnormal
conditions,
e.g. low voltage
55
�CPU
serial i/o
interface:
contact to the outside world
security
logic
serial i/o
interface
56
�CPU
test
logic
test logic:
self-test procedures
security
logic
serial i/o
interface
57
�CPU
test
logic
ROM
security
logic
ROM:
card operating system
self-test procedures
typically 16 kbytes
future 32/64 kbytes
serial i/o
interface
58
�CPU
security
logic
test
logic
RAM:
ROM
scratch pad of the
processor
RAM
typically 512 bytes
future 1 kbyte
serial i/o
interface
59
�CPU
test
logic
ROM
security
logic
serial i/o
interface
RAM
EEPROM
EEPROM:
cryptographic keys
PIN code
biometric template
balance
application code
typically 8 kbytes
future 32 kbytes
60
�databus
CPU
test
logic
ROM
security
logic
serial i/o
interface
RAM
databus:
connection between elements
of the chip
8 or 16 bits wide
EEPROM
61
�CLK
RFU
RST
Vcc
GND
RFU
Vpp
I/O
62
Computer based readers
Connect through USB or
COM (Serial) ports
Dedicated terminals
Usually with a small screen,
keypad, printer, often also
have biometric devices such
as thumb print scanner.
63
Password
Card holders protection
Cryptographic challenge Response
Entity authentication
Biometric information
Persons identification
A combination of one or more
64
�Biometrics
65
Simple:
Verification Is this who he claims to be?
Identification who is this?
Advanced:
Detecting multiple identities
Patrolling public spaces
66
Convenient
Passwords are not user-friendly
Perceived as more secure
May actually be more secure
May be useful as a deterrent
Passive identification
However:
Strict regulatory frame (thats good!!!)
False positive
The key doesnt change!!!!!!!!!!
67
�68
Compare a sample against a single stored
template
Typical application: voice lock
69
Search a sample against a database of
templates.
Typical application: identifying fingerprints
70
Big problems:
Biometrics are noisy
Need for error correction
Biometrics collected for one purpose can be
used for another
Stability of Characteristic over Lifetime
Suitability for Logical and Physical Access
Difficulty of Usage
71
Fingerprints
Retina Prints
Face Prints
DNA Identification
Voice Prints
Palm Prints
Handwriting Analysis
Etc
72
Henry Faulds letter to Nature (1880)
Fingerprints might be useful for crime scene
investigations
W. J. Herschel letter to Nature (1880)
Had been using fingerprints in India for 20 years;
suggested a universal registration system to
establish identity and prevent impersonations
73
A live acquisition of a
persons fingerprint.
Image Acquisition Image
Processing Template
Creation Template
Matching
Acquisition Devices:
Glass plate
Electronic
Ultrasound
74
Strengths:
Weaknesses:
Attacks:
Defenses:
Fingerprints dont change
over time
Widely believed fingerprints
are unique
Scars
Surgery to alter or remove
prints
Finger Decapitation
Gummy fingers
Corruption of the database
Measure physical properties
of a live finger (pulse)
75
Based on video
Images
Templates can be
based on
previouslyrecorded images
Technologies:
Eigenface Approach
Feature Analysis
(Visionics)
Neural Network
76
Strengths:
Weaknesses:
Attacks:
Database can be built from drivers license records, visas, etc.
Can be applied covertly (surveillance photos). (Super Bowl 2001)
Few people object to having their photo taken
No real scientific validation
Surgery
Facial Hair
Hats
Turning away from the camera
Defenses:
Scanning stations with mandated poses
77
Image Acquisition Image
Processing Template
Creation Template
Matching
Uses to date:
Physical access control
Computer authentication
78
Strengths:
300+ characteristics; 200 required for match
Weaknesses:
Fear
Discomfort
Proprietary acquisition device
Algorithms may not work on all individuals
No large databases
Attacks:
Defenses:
Surgery (Minority Report )
79
Strengths:
Most systems have audio hardware
Works over the telephone
Can be done covertly
Lack of negative perception
Weaknesses:
Background noise (airplanes)
No large database of voice samples
Attacks:
Tape recordings
Identical twins / soundalikes
Defenses:
80
Typical systems measure 90
different features:
Overall hand and finger width
Distance between joints
Bone structure
Primarily for access control:
Strengths:
Weaknesses:
Machine rooms
Olympics
No negative connotations
non-intrusive
Reasonably robust systems
Accuracy is limited; can only
be used for 1-to-1
verification
Bulky scanner
81
Retina Scan
Very popular in the 1980s military; not used much
anymore.
Facial Thermograms
Vein identification
Scent Detection
Gait recognition
82
RFLP - Restriction
Fragment Length
Polymorphism
Widely accepted
for crime scenes
Twin problem
83
Handwriting (static & dynamic)
Keystroke dynamics
84
�85
