Tip: If anyone wants to speed up the lecture videos a little,
inspect the page, go to the browser console, and paste this in:
document.querySelector('video').playbackRate = 1.2
1.2 Introduction
1.2.1 User Authentication
NIST SP 800-63-3 (Digital Authentication Guideline, October 2016)
defines user authentication as:
“The process of establishing confidence in user identities that are
presented electronically to an information system.”
Systems can use an authenticated identity to determine if the
authenticated individual is authorized to perform particular
functions.
### Authentication Process
* Fundamental building block and primary line of defense
* Basis for access control and user accountability
* Identification step: Presenting an identifier to the
security system
* Verification step: Presenting or generating
authentication information that corroborates the binding between the
entity and the identifier
### Types
1.2.1.1 Four Means of
Authentication
Something the individual knows: Password, PIN,
answers to prearranged questions
Something the individual possesses (token):
Smart-card, electronic key-card, physical key
Something the individual is (static biometrics):
Fingerprint, retina, face
Something the individual does (dynamic biometrics):
Voice pattern, handwriting, typing rhythm
Authentication Model
1.3 Risk assessment
Assurance Level
Describes an organization’s degree of certainty that a user has
presented a credential that refers to his or her identity.
The degree of confidence in the vetting process used to establish
the identity of the individual to whom the credential was issued.
The degree of confidence that the individual who uses the credential
is the individual to whom the credential was issued
Potential Impact
Related to assurance level
Defines levels of potential impact on organizations or individuals,
should there be a breach of security
Potential magnitude of impact combined with probability can produce
areas of likely costly risk
1.4 Passwords
1.4.1 Password Authentication
Widely used line of defense against intruders
User provides name/login and password
System compares password with the one stored for that specified
login
1.4.1.1 The user ID
Determines that the user is authorized to access the system
Determines the user’s privileges (e.g., su)
Is used in discretionary access control
1.4.2 Password Vulnerabilities
Offline dictionary attack: obtain system password
file, which contains hashes, and compares those hashes against hashes of
common passwords.
Specific account attack: target specific account
and submits password guesses (online or offline).
Popular password attack: use a popular password and
try it against a wide range of user IDs (online or offline).
Password guessing against single user: gain
knowledge about the account holder and system password policies and uses
that knowledge to guess the password (online or offline).
Workstation hijacking: wait until a logged-in
workstation is unattended.
Exploiting user mistakes: E.g., If the system
administrator assigns a password, then the user is more likely to write
it down because it is difficult to remember.
Exploiting multiple password use: if different
devices share the same or a similar password for a given user and one is
compromised
Electronic monitoring: password is communicated
across a network to log on to a remote system, it is vulnerable to
eavesdropping.
1.4.3 Hashes and salts
Pass the salt, not the hash
Salt is random data that is used as an additional input to a one-way
function that “hashes” a password or pass-phrase.
Primary function of salts is to defend against dictionary attacks or
against its hashed equivalent, a pre-computed rainbow table attack.
Used to safeguard passwords in storage.
New salt is randomly generated for each password.
Salt and the password are concatenated and processed with a
cryptographic hash function, and the resulting output (but not the
original password) is stored with the salt in a database.
Hashing allows for later authentication, without keeping and
therefore risking the plain-text password, in the event that the
authentication data storage is compromised.
Hashing passwords, with and without salt
Hash password with salt value
Linux/Unix does this, but Windows does not (at the time this was
written at least).
Password and salt serve as inputs to a hashing algorithm to produce
a fixed-length hash code.
Discussion question:
Why use a slow hash?
1.4.3.1 Password hashing with salt
benefits
It prevents duplicate passwords from being visible in the password
file.
Even if two users choose the same password, those passwords will be
assigned different salt values.
Hence, the hashed passwords of the two users will differ.
It greatly increases the difficulty of offline dictionary attacks
(if you don’t have the salt… though you usually do).
For a salt of length b bits, the number of possible passwords is
increased by a factor of 2b , increasing the difficulty of
guessing a password in a dictionary attack.
It becomes harder to find out whether a person with passwords on two
or more systems has used the same password on all of them.
In practice, does someone who got the hash for offline
attack have the salt?
1.4.4 Password attacks
Dictionary attack:
develop a large dictionary of possible passwords and to try each of
these against the password file.
Each password must be hashed using each available salt value and
then compared with stored hash values.
Rainbow table:
Pre-compute tables of hash values for all salts.
A mammoth table of hash values.
Can be countered by using a sufficiently large salt value and a
sufficiently large hash length
Guessable passwords:
user’s name, initials, account name, and other relevant personal
information, dictionary words
Leaked password databases:
(hashes and actual passwords)
Machine learning:
real password databases
1.4.4.1 Machine learning
Machine learning on real password databases
In a particular simulation, with a particular set of passwords (perhaps
of limited generalizable utility)
In the first n characters, the passwords must include at least one
each of uppercase, lowercase, numeric digits, and punctuation
marks.
Password checker
Compile a large dictionary of possible “bad” passwords.
When a user selects a password, the system checks to make sure that
it is not on the disapproved list.
Computationally expensive
Bloom filter
Like hash table, but faster, grabbing a “fingerprint” for each
password.
First loaded up with common bad passwords, generating a fingerprint
for each.
Passwords with common “fingerprints” will be rejected.
Block users from using words on a common list or anything which
hashes to common values.
An empty Bloom filter is a bit array of m bits, all set to 0.
k different hash functions defined, each of which maps or hashes
some set element to one of the m array positions
k is a constant, much smaller than m, which is proportional to the
number of elements to be added
To add an element, feed it to each of the k hash
functions to get k array positions. Set the bits at all these positions
to 1.
To query for an element (test whether it is in the
set), feed it to each of the k hash functions to get k array positions.
If any of the bits at these positions is 0, the element is definitely
not in the set; if it were, then all the bits would have been set to 1
when it was inserted. If all are 1, then either the element is in the
set, or the bits have by chance been set to 1 during the insertion of
other elements, resulting in a false positive.
Bloom filter
An example of a Bloom filter, representing the set {x, y, z}.
The colored arrows show the positions in the bit array that each set
element is mapped to.
The element w is not in the set {x, y, z}, because it hashes to one
bit-array position containing 0.
For this figure, m = 18 and k = 3.
Bloom Filter Performance (Lower Y is Better)
Storage size is lesser on the left, and greater on the right.
Why: space versus speed
However, it’s easy to create a script to do this easily on
Unix/Linux/Mac:
Put this is ~/bin/totp,
where dir/dir is any directory tree,
and secret is your TOTP secret.
#!/bin/bash# use like this: `pass dir/dir/secret | totp`# use like this: `gpg2 dir/dir/secret.gpg | totp`# use like this: `cat dir/dir/secret.txt | totp`readsecretoathtool--base32--totp--digits=6 "$secret"|xclip-i-r-selection clipboard
1.5.3 Biometric authentication
Biometric modes
Decision thresholds
Decision thresholds
Decision thresholds
Remote biometrics
Discussion question:
What happens when your fingerprint database is corrupted?
What are some disadvantages and advantages of biometrics compared to
passwords?
1.5.4 Challenge-response based
schemes
(zero-knowledge proofs, like we previously covered)
1.5.5 Mobile-phone 2-factor
When used in addition to a password, can be more secure, but:
Text messages to mobile phones using SMS are insecure and can be
intercepted.
If the phone is unable to display messages, such as if it becomes
damaged or shuts down for an update or due to temperature extremes
(e.g. winter exposure), access is often impossible without backup
plans.
Account recovery typically bypasses mobile-phone two-factor
authentication.
Email is usually always logged in. So if the phone is lost or
stolen, all accounts for which the email is the key can be hacked as the
phone can receive the second factor. So smart phones combine the two
factors into one factor.
SIM cloning gives hackers access to mobile phone connections.
Social-engineering attacks against mobile-operator companies have
resulted in the handing over of duplicate SIM cards to criminals.