David Evans cs.virginia/evans - PowerPoint PPT Presentation

David evans http www cs virginia edu evans l.jpg
Download
1 / 32

Class 35: Cookie Monsters and Semi-Secure Websites David Evans http://www.cs.virginia.edu/evans CS200: Computer Science University of Virginia Computer Science Why Care about Security? http://www.cs.virginia.edu/cs200/problem-sets/ps8/example/query.php3 Security

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

David Evans cs.virginia/evans

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


David evans http www cs virginia edu evans l.jpg

Class 35:

Cookie Monsters and

Semi-Secure Websites

David Evans

http://www.cs.virginia.edu/evans

CS200: Computer Science

University of Virginia

Computer Science


Why care about security l.jpg

Why Care about Security?

http://www.cs.virginia.edu/cs200/problem-sets/ps8/example/query.php3

CS 200 Spring 2003


Security l.jpg

Security

  • Confidentiality – keeping secrets

    • Most web sites don’t want this

  • Integrity – making data reliable

    • Preventing tampering

    • Only authorized people can insert/modify data

  • Availability

    • Provide service (even when attacked)

    • Can’t do much about this without resources

CS 200 Spring 2003


How do you authenticate l.jpg

How do you authenticate?

  • Something you know

    • Password

  • Something you have

    • Physical key (email account?, transparency?)

  • Something you are

    • Biometrics (voiceprint, fingerprint, etc.)

      Serious authentication requires at least 2 kinds

CS 200 Spring 2003


Early password schemes l.jpg

Early Password Schemes

Login does direct password lookup and comparison.

Login: alyssa

Password: spot

Failed login. Guess again.

CS 200 Spring 2003


Login process l.jpg

Eve

Login Process

Terminal

Login: alyssa

Password: fido

Trusted Subsystem

login sends

<“alyssa”, “fido”>

CS 200 Spring 2003


Password problems l.jpg

Password Problems

  • Need to store the passwords

    • Dangerous to rely on database being secure

  • Need to transmit password from user to host

    • Dangerous to rely on Internet being unsniffed

Solve this today

Solve this Wednesday

CS 200 Spring 2003


First try encrypt passwords l.jpg

First Try: Encrypt Passwords

  • Instead of storing password, store password encrypted with secret K.

  • When user logs in, encrypt entered password and compare to stored encrypted password.

Problem if K isn’t so secret: decryptK (encryptK (P)) = P

CS 200 Spring 2003


Hashing l.jpg

Hashing

  • Many-to-one: maps a large number of values to a small number of hash values

  • Even distribution: for typical data sets, probability of (H(x) = n) = 1/N where N is the number of hash values and n = 0..N – 1.

  • Efficient: H(x) is easy to compute.

“dog”

“neanderthal”

“horse”

H (char s[]) = (s[0] – ‘a’) mod 10

CS 200 Spring 2003


Cryptographic hash functions l.jpg

Cryptographic Hash Functions

One-way

Given h, it is hard to find x

such that H(x) = h.

Collision resistance

Given x, it is hard to find y  x

such that H(y) = H(x).

CS 200 Spring 2003


Example one way function l.jpg

Example One-Way Function

Input: two 100 digit numbers, x and y

Output: the middle 100 digits of x * y

Given x and y, it is easy to calculate

f (x, y) = select middle 100 digits (x * y)

Given f(x, y) hard to find x and y.

CS 200 Spring 2003


A better hash function l.jpg

A Better Hash Function?

  • H(x) = encryptx (0)

  • Weak collision resistance?

    • Given x, it should be hard to find y  x such that H(y) = H(x).

    • Yes – encryption is one-to-one. (There is no such y.)

  • A good hash function?

    • No, its output is as big as the message!

CS 200 Spring 2003


Actual hashing algorithms l.jpg

Actual Hashing Algorithms

  • Based on cipher block chaining

    • Start by encrypting 0 with the first block

    • Use the next block to encrypt the previous block

  • SHA [NIST95] – 512 bit blocks, 160-bit hash

  • MD5 [Rivest92] – 512 bit blocks, produces 128-bit hash

    • This is what we will use: built in to PHP

CS 200 Spring 2003


Hashed passwords l.jpg

Hashed Passwords

CS 200 Spring 2003


Dictionary attacks l.jpg

Dictionary Attacks

  • Try a list of common passwords

    • All 1-4 letter words

    • List of common (dog) names

    • Words from dictionary

    • Phone numbers, license plates

    • All of the above in reverse

  • Simple dictionary attacks retrieve most user-selected passwords

  • Precompute H(x) for all dictionary entries

CS 200 Spring 2003


86 of users are dumb and dumber l.jpg

86% of users are dumb and dumber

(Morris/Thompson 79)

CS 200 Spring 2003


Salt of the earth l.jpg

Salt of the Earth

(This is the standard UNIX password scheme.)

Salt: 12 random bits

DES+ (m, key, salt) is an encryption algorithm that

encrypts in a way that depends on the salt.

How much harder is the off-line dictionary attack?

CS 200 Spring 2003


Php code l.jpg

PHP Code

// We use the username as a "salt" (since they must be unique)

$encryptedpass = md5 ($password . $username);

Not quite as secure as using a random value.

What is someone picks xdave as their username

and Lx.Ly. as their password?

CS 200 Spring 2003


Authenticating users l.jpg

Authenticating Users

  • User proves they are a worthwhile person by having a legitimate email address

    • Not everyone who has an email address is worthwhile

    • Its not too hard to snoop (or intercept) someone’s email

  • But, provides much better authenticating than just the honor system

CS 200 Spring 2003


Registering for account l.jpg

Registering for Account

  • User enters email address

  • Account is marked as “Inactive”

  • Send an email with an unguessable URL URL that activates the account

$encryptedpass = md5 ($password . $username);

$query = "INSERT INTO users (username, password, email, activated)

VALUES ('$username', '$encryptedpass', '$email', 0)";

CS 200 Spring 2003


Php code register process php l.jpg

PHP Code (register-process.php)

A string only the server

should know. (Hard to

really keep this secret…)

Why not just use

md5($username)?

$actcode = md5 ($username . $secret);

$url = "http://" . $_SERVER['HTTP_HOST']

. dirname ($_SERVER['PHP_SELF'])

. "/activate.php?user=$username&code=$actcode";

mail ($email, // User’s email address

"WahooChat Account Activation", // Subject Line

"To activate your account visit $url", // Message body

"From: wahoochat-bot@virginia.edu"); // From address

CS 200 Spring 2003


Activate php l.jpg

activate.php

$result = mysql_query ("SELECT activated FROM users WHERE username='$user'");

$rows = mysql_num_rows ($result);

if ($rows == 0) { error ("No account for username: $user");}

else {

$activated = mysql_result ($result, 0, 0);

if ($activated != 0) { error ("Account $username is already activated.");}

else {

$actcode = md5 ($user . $secret);

if ($code == $actcode) {

$result = mysql_query ("UPDATE users SET activated=1

WHERE username='$user'");

if ($result != 1) { error ("Database update failed: $result"); }

else { print "Your account is now activated!<br><p>"; }

} else {

print "Invalid account code!<br>";

}

}

}

CS 200 Spring 2003


Cookies l.jpg

Cookies

  • HTTP is stateless: every request is independent

  • Don’t want user to keep having to enter password every time

  • A cookie is data that is stored on the browser’s machine, and sent to the web server when a matching page is visited

CS 200 Spring 2003


Using cookies l.jpg

Using Cookies

  • Look at the example PHP code

  • Cookie must be sent before any HTML is sent

  • Be careful how you use cookies – anyone can generate any data they want in a cookie

    • Make sure they can’t be tampered with: use md5 hash with secret to authenticate

    • Don’t reuse cookies - easy to intercept them (or steal them from disks): use a counter than changes every time a cookie is used

CS 200 Spring 2003


Problems left l.jpg

Problems Left

  • The database password is visible in plaintext in the PHP code

    • No way around this (with UVa mysql server)

    • Anyone who can read UVa filesystem can access your database

  • The password is transmitted unencrypted over the Internet (next class)

  • Proving you can read an email account is not good enough to authenticate for important applications

CS 200 Spring 2003


Authentication for remote voting l.jpg

Authenticationfor Remote Voting

Nathanael Paul

David Evans

University of Virginia

[nrpaul, evans]@cs.virginia.edu

Avi Rubin

Johns Hopkins University

rubin@jhu.edu

Dan Wallach

Rice University

dwallach@cs.rice.edu


Types of authentication l.jpg

Types of Authentication

  • Something you know

    • passwords

    • Example: login to schedule of classes

  • Something you are

    • Biometrics

    • Examples: iris scanner, fingerprint reader

  • Something you have

    • This: a transparency

CS 200 Spring 2003


Authentication for remote voting28 l.jpg

Authentication for remote voting

  • Remote voting offers convenience

    • 69% votes cast by mail in 2001 in state of Washington

  • Electronic voting is cheaper and faster

    • More secure?

    • New problems: virus, worm, spoofing, denial of service

  • Mutual authentication

    • Voter authenticated to server

    • Server authenticated to voter

CS 200 Spring 2003


Doing encryption without computers l.jpg

Doing Encryption without Computers

  • Can’t trust voters to have trustworthy computers

    • Viruses can tamper with their software

  • Need to do authentication in a way that doesn’t depend on correctness of user’s software

  • Lorenz cipher: use XOR to encrypt

    • Is there a way to do lots of XOR’s without a computer?

CS 200 Spring 2003


Visual cryptography naor shamir 1994 l.jpg

Visual cryptography (Naor & Shamir, 1994)

  • Perfectly secure (one-time pad)

  • Server can encode anything knowing voter’s layer

Option 1

Option 2

Transparency

Screen

Transparency

Screen

Encodes a clear (grey) square

Encodes a dark square

CS 200 Spring 2003


Remote voting system l.jpg

Remote Voting System

Each voter is sent a key, ki

STEP 1

keys

Ek (k1)

S

Ek(k2)

ki =

Ek(kn)

Key: AQEGSDFASDF

STEP 2

ki

STEP 3 – if ki valid…

STEP 4

ki = “AQEGSDFASDF”

S

client machine

client machine

CS 200 Spring 2003


Summary l.jpg

Summary

  • Mutual authentication

    • Authentication of user to server

    • Authentication of server to user

  • Involves the human (as opposed to machine)

  • Anonymity by proper use of layered images

  • You will get a transparency on Wednesday

CS 200 Spring 2003


  • Login