Dr.

Panagiotis Rizomiliotis

Identification is not enough

You have to prove your identity!
(What is an identity?????)

Prove continuity in relationship

Basis of trust

1.

Something that you know

Password
Answer

2.

Password: snoopy1
Mothers maiden name: jones
Pets name: snoopy

Something that you have

Tokens
Smart Card

3.

Something that you are (or where you are)

biometrics

Impersonation
Malicious insiders
Eavesdropping
Keyboard sniffers
Network sniffers
Trojan horses

Authentication often needed in both

directions
Server trusting user is not only concern
User must trust server
Ex. User accessing online bank account

Alice

Im Alice

challenge R
Z=f(K,R)

response Z

Bob

K = shared key
Z=?f(K,R)

f() can be:

encryption function Bob just decrypts and verifies time in within
allowed skew
hash Bob needs to hash all times in allowable interval or Alice sends
time

Problems?

Authentication not mutual

Connection hijacking after authentication attacker spoofs Alice
or Bobs source address and send packets if conversation not
encrypted
Off-line password/key attack depends on length of K
Compromise of database/disk if K is stored, or temporary memory
access

Alice

Im Alice, f(K,timestamp)

Bob

Problems?

Impersonate Alice if intercept and send message race condition

If use same K with multiple servers, could send message to
another server and impersonate Alice
Clock skew/synchronization

10

Alice

Bob

Im Alice

Bob decrypts with Alices

public key and verifies R
was returned.

R
[R]Apriv

Alice
Alice proves to Bob
she has her private
key by returning R

Im Alice

Bob

[R]Apub
R
[R]Ax = R signed with
Alices x key, where x is
private (priv) or public
11
(pub) key

First case:
Can send anything to Alice as R and get Alice to
sign it

Second case:
Intercepted an encrypted message for Alice, send it
and get Alice to decrypt it

12

13

Alice

Im Alice

Bob

R1
f(K,R1)
R2
f(K,R2)

14

More efficient version:

Alice

Im Alice, R2

Bob

R1, f(K,R2)
f(K,R1)

15

Reflection attack:
Trudy
Doesnt
know K so
cant send
f(K,R1)

Im Alice, R2

Bob

R1, f(K,R2)

Trudy
Now use
f(K,R1) in
above attempt

Im Alice, R1

Bob

R3, f(K,R1)

16

Solutions:
Separate keys for each direction
Requirements on R values: odd in one direction, even in the other,
concatenate with senders name

17

Also note, Trudy can get Bob to encrypt a value (or

a several of values) and then try an offline attack to
guess K
Have Bob return R1 value for Alice to encrypt

Alice

Im Alice

Bob

R1
R2, f(K,R1)
f(K,R2)
Now Bob would have to reuse R1 in order for
Trudy, who eavesdrops, to be able to use
f(K,R1)

18

Alice

Im Alice, f(K,timestamp)

Bob

f(K,timestamp+1)

Same issues as before plus clock skew

Any modification to timestamp will work
19

Alice

Im Alice, [R2]Bpub

Bob

[R1]Apub, R2
R1

Always the same issue!

how to obtain/store/validate Bobs public key

20

21

Something that you know

Something that you have
Something that you are

22

PassWords

23

Passwords are cheap to deploy, but also act as

the first line of defense in a security arsenal.

They are also often the weakest link.

Examples of what they protect:

ATMs and bank accounts

Nuclear power and other critical infrastructure systems
Company proprietary information and systems
Email accounts (Gmail, Hotmail, Yahoo, AOL, etc.)
Student information (e.g. MyUalbany & WebCT)

24

Passwords have been used for centuries, e.g.

guards and sentries
Passwords = secret authentication code used for
access.
= real or genuine, from 'authentes' =
author
Answers the question: How do you prove to
someone that you are who you claim to be?

25

Filing System
Clear text

Dedicated Authentication Server

Clear text

Encrypted

Password + Encryption = bf4ee8HjaQkbw

Hashed

Password + Hash function =

aad3b435b51404eeaad3b435b51404ee

Salted Hash

(Username + Salt + Password) + Hash function =

e3ed2cb1f5e0162199be16b12419c012

26

Usually stored as hashes (not plain text)

Plain-text is converted into a message digest

through use of a hashing algorithm (i.e. MD5,
SHA1)

27

 Hash function H must have some properties:

One-way: given H(password), hard to find password

No known algorithm better than trial and error

Collision-resistant: given H(password1), hard to find password2 such
that: H(password1) = H(password2)

It should even be hard to find any pair p1,p2 s.t.

H(p1)=H(p2)

28

In past UNIX systems, password used

modified DES (encryption algorithm) as if it
were a hash function

Encrypts NULL string using password as the key (truncates

passwords to 8 characters!)
Caused artificial slowdown: ran DES 25 times

Also stored password file in directory:

/etc/passwd/

World-readable (anyone who accessed the machine would

be able to copy the password file to crack at their leisure)
Contained userIDs/groupIDs used by many system
programs
Can instruct modern UNIXes to use MD5 hash function

29

System administrator at MIT was editing the

password file and another was editing the daily
message (appeared on everyones login
terminal). Due to a software error, the editor
files were switched and the password file was
printed every time someone logged in.

- Robert Morris & Ken Thompson (April 3,

1978)

30

Password hashes stored in /etc/shadow directory

(or similar)
only readable by system administrator (root)

Less sensitive information still in /etc/password

Added expiration dates for passwords

31

Disclosure
Voluntary disclosure of information
Inadequate guarding of system passwords

Inference
Known pattern to creation of passwords
Use of generated passwords with predictable algorithm

Exposure
Accidental release of password

Loss
Forgetting to remember passwords
Can lead to creation of easy passwords

32

Snooping/Eavesdropping

Guessing

Keyloggers
Network sniffing (intercepting of network
communication where a password is submitted)
Limited amount of choices which can be figured
out through process of elimination
Use of blank/common passwords, passwords
which can be figured out by knowing name of
relatives, pets, etc.

Cracking

Automated guessing
33

Passwords are NOT truly random

52 upper/lowercase letters, 10 digits, and 32

punctuation symbols equals 6 quadrillion
possible 8-character passwords
People like to use dictionary words, relative and pet
names equaling 1 million common passwords
On average, each person has 8-12 passwords:
Different systems impose different password
requirements.
Passwords need to be changed often.
Some passwords are only used occasionally.

34

Dictionary Attack

Hybrid Attack

Brute Force Attack

Quick technique that tries every word in a specific

dictionary
Adds numbers or symbols to the end of a word

Tries all combinations of letters, numbers & symbols

35

Passwords
Cracking Protection - Salting

Salting requires adding a random piece of data and to the password

before hashing it.

This means that the same string will hash to different values at different
times
Users with same password have different entries in the password file
Salt is stored with the other data as a complete hash

Hacker has to get the salt add it to each possible word and then
rehash the data prior to comparing with the stored password.

36

 The

same password can be rehashed many times

over to make it more difficult for the hacker to crack
the password.
This means that the precompiled dictionary hashes
are not useful since the iteration count is different
for different systems
Dictionary attack is still possible!

37

Single sign-on

User only has to remember one password at a time and yet

can access all/most of their resources

Centralized password storage management

Online sites accessible through one password which contain

all other passwords

38

Password complexity

Case-sensitivity
Use of special characters, numbers, and both upper and
lower-case letters
Minimum length requirements

Security questions

Ask personal questions which need to be verified

Some questions are very easy to discover answers

Virtual keyboard

Person clicks on-screen keyboard to enter

password (prevents keylogging)

39

Graphical passwords

Goal: increase the size of memorable password space

Rely on the difficulty of computer vision

Face recognition is easy for humans, harder for machines

Present user with a sequence of faces, he must pick the right
face several times in a row to log in

40

Other examples

Click on a series of pictures in order

Drawing a picture
Clicking four correct points on a picture

Reading graphical text (captcha)

Requires user to input text based on what is seen in the

graphic. Attempts to curb automated password crackers
due to difficulty in distinguishing letters/numbers
Scheme where users had to input text based on graphics
shown to undress a picture

41

1.
2.

3.
4.
5.
6.
7.
8.
9.
10.

Leaving passwords blank or unchanged from default

value.
Using the letters p-a-s-s-w-o-r-d as the password.
Using a favorite movie star name as the password.
Using a spouses name as the password.
Using the same password for everything.
Writing passwords on post-it notes.
Pasting a list of passwords under the keyboard.
Storing all passwords in an Excel spreadsheet on a
PDA or inserting passwords into a rolodex.
Writing all passwords in a personal diary/notebook.
Giving the password to someone who claims to be the
system administrator.
42

43

Tokens
Smart cards
RFID

44

Examples

Use a block cipher

Some work in both directions

RSA
VASCO Digipass

Repeatedly encrypt
Continuously update every x seconds
Update each time user presses button

Customer enters OTP

Server returns OTP, customer (manually)
compares it to value on token

45

Help desk required

Cost

Synchronization not perfect

Premature battery death
$15-$25
banks with million customers

User still needs pin (something you know +

something you have)
Necklace of Tokens issue

Non-standard algorithms

Only recently integrated with cell phones

Still rare to have multiple tokens on single device
OATH effort

46

Tokens, smart cards use crypto

Use a password (or key) in a cryptographic
protocol
Prove possession of key
Mutual authentication

Usually coupled with encryption of data after

authentication
Certificates
PKI covered in another lecture

47

Visual identity application

Plain plastic card is enough

Magnetic strip (e.g. credit cards)

Visual data also available in machine readable
form
No security of data

Electronic memory cards

Machine readable data
Some security (vendor specific)

48

A smart card:
can store data (e.g. profiles, balances,
personal data)
provides cryptographic services (e.g.
authentication, confidentiality, integrity)
is a microcomputer
is small and personal
Anne Doe
is a secure device
1234 5678 8910

49

Communication
Entertainment
Retail
Transportation
Health care

Government
E-commerce
E-banking
Education
Office

50

Retail
Sale of goods
Communication
using Electronic Purses, Credit / Debit
GSM
Vending machines
Payphones
Loyalty programs
Tags & smart labels

Entertainment

Transportation

Public Traffic
Parking
Road Regulation (ERP)
Car Protection

Pay-TV
Public event access
control
51

Healthcare
Insurance data
Personal data
Personal file

sale of information
sale of products
sale of tickets,
reservations

Government
Identification
Passport
Driving license

E-commerce

E-banking
access to accounts
to do transactions
shares

52

Educational facilities

Office

Physical access

Network access

Personal data (results)

Copiers, vending machines, restaurants, ...

Physical access
Network access
Time registration
Secure e-mail & Web
applications

53

CPU

Central Processing
Unit:
heart of the chip

54

security logic:
CPU

security
logic

detecting abnormal
conditions,
e.g. low voltage

55

CPU

serial i/o
interface:
contact to the outside world

security
logic
serial i/o
interface

56

CPU

test
logic

test logic:
self-test procedures

security
logic
serial i/o
interface

57

CPU

test
logic
ROM

security
logic

ROM:
card operating system
self-test procedures
typically 16 kbytes
future 32/64 kbytes

serial i/o
interface

58

CPU

security
logic

test
logic

RAM:

ROM

scratch pad of the

processor

RAM

typically 512 bytes

future 1 kbyte

serial i/o
interface

59

CPU

test
logic
ROM

security
logic
serial i/o
interface

RAM
EEPROM

EEPROM:
cryptographic keys
PIN code
biometric template
balance
application code
typically 8 kbytes
future 32 kbytes

60

databus
CPU

test
logic
ROM

security
logic
serial i/o
interface

RAM

databus:
connection between elements
of the chip
8 or 16 bits wide

EEPROM

61

CLK
RFU

RST
Vcc

GND
RFU
Vpp
I/O

62

Computer based readers

Connect through USB or
COM (Serial) ports

Dedicated terminals
Usually with a small screen,
keypad, printer, often also
have biometric devices such
as thumb print scanner.

63

Password
Card holders protection

Cryptographic challenge Response

Entity authentication

Biometric information
Persons identification

A combination of one or more

64

Biometrics

65

Simple:
Verification Is this who he claims to be?
Identification who is this?

Advanced:
Detecting multiple identities
Patrolling public spaces

66

Convenient
Passwords are not user-friendly
Perceived as more secure
May actually be more secure
May be useful as a deterrent

Passive identification
However:
Strict regulatory frame (thats good!!!)
False positive
The key doesnt change!!!!!!!!!!

67

68

Compare a sample against a single stored

template
Typical application: voice lock

69

Search a sample against a database of

templates.
Typical application: identifying fingerprints

70

Big problems:
Biometrics are noisy
Need for error correction

Biometrics collected for one purpose can be

used for another
Stability of Characteristic over Lifetime
Suitability for Logical and Physical Access
Difficulty of Usage

71

Fingerprints
Retina Prints
Face Prints
DNA Identification
Voice Prints
Palm Prints
Handwriting Analysis
Etc

72

Henry Faulds letter to Nature (1880)

Fingerprints might be useful for crime scene
investigations

W. J. Herschel letter to Nature (1880)

Had been using fingerprints in India for 20 years;
suggested a universal registration system to
establish identity and prevent impersonations

73

A live acquisition of a
persons fingerprint.
Image Acquisition Image
Processing Template
Creation Template
Matching
Acquisition Devices:
Glass plate
Electronic
Ultrasound

74

Strengths:

Weaknesses:

Attacks:

Defenses:

Fingerprints dont change

over time
Widely believed fingerprints
are unique
Scars

Surgery to alter or remove

prints
Finger Decapitation
Gummy fingers
Corruption of the database
Measure physical properties
of a live finger (pulse)

75

Based on video
Images
Templates can be
based on
previouslyrecorded images
Technologies:

Eigenface Approach
Feature Analysis
(Visionics)
Neural Network

76

Strengths:

Weaknesses:

Attacks:

Database can be built from drivers license records, visas, etc.

Can be applied covertly (surveillance photos). (Super Bowl 2001)
Few people object to having their photo taken
No real scientific validation

Surgery
Facial Hair
Hats
Turning away from the camera

Defenses:

Scanning stations with mandated poses

77

Image Acquisition Image

Processing Template
Creation Template
Matching
Uses to date:
Physical access control
Computer authentication

78

Strengths:

300+ characteristics; 200 required for match

Weaknesses:

Fear
Discomfort
Proprietary acquisition device
Algorithms may not work on all individuals
No large databases

Attacks:

Defenses:

Surgery (Minority Report )

79

Strengths:

Most systems have audio hardware

Works over the telephone
Can be done covertly
Lack of negative perception

Weaknesses:

Background noise (airplanes)

No large database of voice samples

Attacks:

Tape recordings
Identical twins / soundalikes

Defenses:

80

Typical systems measure 90

different features:

Overall hand and finger width

Distance between joints
Bone structure

Primarily for access control:

Strengths:

Weaknesses:

Machine rooms
Olympics

No negative connotations
non-intrusive
Reasonably robust systems
Accuracy is limited; can only
be used for 1-to-1
verification
Bulky scanner

81

Retina Scan
Very popular in the 1980s military; not used much
anymore.

Facial Thermograms
Vein identification
Scent Detection
Gait recognition

82

RFLP - Restriction
Fragment Length
Polymorphism
Widely accepted
for crime scenes
Twin problem

83

Handwriting (static & dynamic)

Keystroke dynamics

84

85