David evans http www cs virginia edu evans
Download
1 / 32

David Evans cs.virginia/evans - PowerPoint PPT Presentation

Class 35: Cookie Monsters and Semi-Secure Websites David Evans http://www.cs.virginia.edu/evans CS200: Computer Science University of Virginia Computer Science Why Care about Security? http://www.cs.virginia.edu/cs200/problem-sets/ps8/example/query.php3 Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

David Evans cs.virginia/evans

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Class 35:

Cookie Monsters and

Semi-Secure Websites

David Evans

http://www.cs.virginia.edu/evans

CS200: Computer Science

University of Virginia

Computer Science


Why Care about Security?

http://www.cs.virginia.edu/cs200/problem-sets/ps8/example/query.php3

CS 200 Spring 2003


Security

  • Confidentiality – keeping secrets

    • Most web sites don’t want this

  • Integrity – making data reliable

    • Preventing tampering

    • Only authorized people can insert/modify data

  • Availability

    • Provide service (even when attacked)

    • Can’t do much about this without resources

CS 200 Spring 2003


How do you authenticate?

  • Something you know

    • Password

  • Something you have

    • Physical key (email account?, transparency?)

  • Something you are

    • Biometrics (voiceprint, fingerprint, etc.)

      Serious authentication requires at least 2 kinds

CS 200 Spring 2003


Early Password Schemes

Login does direct password lookup and comparison.

Login: alyssa

Password: spot

Failed login. Guess again.

CS 200 Spring 2003


Eve

Login Process

Terminal

Login: alyssa

Password: fido

Trusted Subsystem

login sends

<“alyssa”, “fido”>

CS 200 Spring 2003


Password Problems

  • Need to store the passwords

    • Dangerous to rely on database being secure

  • Need to transmit password from user to host

    • Dangerous to rely on Internet being unsniffed

Solve this today

Solve this Wednesday

CS 200 Spring 2003


First Try: Encrypt Passwords

  • Instead of storing password, store password encrypted with secret K.

  • When user logs in, encrypt entered password and compare to stored encrypted password.

Problem if K isn’t so secret: decryptK (encryptK (P)) = P

CS 200 Spring 2003


Hashing

  • Many-to-one: maps a large number of values to a small number of hash values

  • Even distribution: for typical data sets, probability of (H(x) = n) = 1/N where N is the number of hash values and n = 0..N – 1.

  • Efficient: H(x) is easy to compute.

“dog”

“neanderthal”

“horse”

H (char s[]) = (s[0] – ‘a’) mod 10

CS 200 Spring 2003


Cryptographic Hash Functions

One-way

Given h, it is hard to find x

such that H(x) = h.

Collision resistance

Given x, it is hard to find y  x

such that H(y) = H(x).

CS 200 Spring 2003


Example One-Way Function

Input: two 100 digit numbers, x and y

Output: the middle 100 digits of x * y

Given x and y, it is easy to calculate

f (x, y) = select middle 100 digits (x * y)

Given f(x, y) hard to find x and y.

CS 200 Spring 2003


A Better Hash Function?

  • H(x) = encryptx (0)

  • Weak collision resistance?

    • Given x, it should be hard to find y  x such that H(y) = H(x).

    • Yes – encryption is one-to-one. (There is no such y.)

  • A good hash function?

    • No, its output is as big as the message!

CS 200 Spring 2003


Actual Hashing Algorithms

  • Based on cipher block chaining

    • Start by encrypting 0 with the first block

    • Use the next block to encrypt the previous block

  • SHA [NIST95] – 512 bit blocks, 160-bit hash

  • MD5 [Rivest92] – 512 bit blocks, produces 128-bit hash

    • This is what we will use: built in to PHP

CS 200 Spring 2003


Hashed Passwords

CS 200 Spring 2003


Dictionary Attacks

  • Try a list of common passwords

    • All 1-4 letter words

    • List of common (dog) names

    • Words from dictionary

    • Phone numbers, license plates

    • All of the above in reverse

  • Simple dictionary attacks retrieve most user-selected passwords

  • Precompute H(x) for all dictionary entries

CS 200 Spring 2003


86% of users are dumb and dumber

(Morris/Thompson 79)

CS 200 Spring 2003


Salt of the Earth

(This is the standard UNIX password scheme.)

Salt: 12 random bits

DES+ (m, key, salt) is an encryption algorithm that

encrypts in a way that depends on the salt.

How much harder is the off-line dictionary attack?

CS 200 Spring 2003


PHP Code

// We use the username as a "salt" (since they must be unique)

$encryptedpass = md5 ($password . $username);

Not quite as secure as using a random value.

What is someone picks xdave as their username

and Lx.Ly. as their password?

CS 200 Spring 2003


Authenticating Users

  • User proves they are a worthwhile person by having a legitimate email address

    • Not everyone who has an email address is worthwhile

    • Its not too hard to snoop (or intercept) someone’s email

  • But, provides much better authenticating than just the honor system

CS 200 Spring 2003


Registering for Account

  • User enters email address

  • Account is marked as “Inactive”

  • Send an email with an unguessable URL URL that activates the account

$encryptedpass = md5 ($password . $username);

$query = "INSERT INTO users (username, password, email, activated)

VALUES ('$username', '$encryptedpass', '$email', 0)";

CS 200 Spring 2003


PHP Code (register-process.php)

A string only the server

should know. (Hard to

really keep this secret…)

Why not just use

md5($username)?

$actcode = md5 ($username . $secret);

$url = "http://" . $_SERVER['HTTP_HOST']

. dirname ($_SERVER['PHP_SELF'])

. "/activate.php?user=$username&code=$actcode";

mail ($email, // User’s email address

"WahooChat Account Activation", // Subject Line

"To activate your account visit $url", // Message body

"From: wahoochat-bot@virginia.edu"); // From address

CS 200 Spring 2003


activate.php

$result = mysql_query ("SELECT activated FROM users WHERE username='$user'");

$rows = mysql_num_rows ($result);

if ($rows == 0) { error ("No account for username: $user");}

else {

$activated = mysql_result ($result, 0, 0);

if ($activated != 0) { error ("Account $username is already activated.");}

else {

$actcode = md5 ($user . $secret);

if ($code == $actcode) {

$result = mysql_query ("UPDATE users SET activated=1

WHERE username='$user'");

if ($result != 1) { error ("Database update failed: $result"); }

else { print "Your account is now activated!<br><p>"; }

} else {

print "Invalid account code!<br>";

}

}

}

CS 200 Spring 2003


Cookies

  • HTTP is stateless: every request is independent

  • Don’t want user to keep having to enter password every time

  • A cookie is data that is stored on the browser’s machine, and sent to the web server when a matching page is visited

CS 200 Spring 2003


Using Cookies

  • Look at the example PHP code

  • Cookie must be sent before any HTML is sent

  • Be careful how you use cookies – anyone can generate any data they want in a cookie

    • Make sure they can’t be tampered with: use md5 hash with secret to authenticate

    • Don’t reuse cookies - easy to intercept them (or steal them from disks): use a counter than changes every time a cookie is used

CS 200 Spring 2003


Problems Left

  • The database password is visible in plaintext in the PHP code

    • No way around this (with UVa mysql server)

    • Anyone who can read UVa filesystem can access your database

  • The password is transmitted unencrypted over the Internet (next class)

  • Proving you can read an email account is not good enough to authenticate for important applications

CS 200 Spring 2003


Authenticationfor Remote Voting

Nathanael Paul

David Evans

University of Virginia

[nrpaul, evans]@cs.virginia.edu

Avi Rubin

Johns Hopkins University

rubin@jhu.edu

Dan Wallach

Rice University

dwallach@cs.rice.edu


Types of Authentication

  • Something you know

    • passwords

    • Example: login to schedule of classes

  • Something you are

    • Biometrics

    • Examples: iris scanner, fingerprint reader

  • Something you have

    • This: a transparency

CS 200 Spring 2003


Authentication for remote voting

  • Remote voting offers convenience

    • 69% votes cast by mail in 2001 in state of Washington

  • Electronic voting is cheaper and faster

    • More secure?

    • New problems: virus, worm, spoofing, denial of service

  • Mutual authentication

    • Voter authenticated to server

    • Server authenticated to voter

CS 200 Spring 2003


Doing Encryption without Computers

  • Can’t trust voters to have trustworthy computers

    • Viruses can tamper with their software

  • Need to do authentication in a way that doesn’t depend on correctness of user’s software

  • Lorenz cipher: use XOR to encrypt

    • Is there a way to do lots of XOR’s without a computer?

CS 200 Spring 2003


Visual cryptography (Naor & Shamir, 1994)

  • Perfectly secure (one-time pad)

  • Server can encode anything knowing voter’s layer

Option 1

Option 2

Transparency

Screen

Transparency

Screen

Encodes a clear (grey) square

Encodes a dark square

CS 200 Spring 2003


Remote Voting System

Each voter is sent a key, ki

STEP 1

keys

Ek (k1)

S

Ek(k2)

ki =

Ek(kn)

Key: AQEGSDFASDF

STEP 2

ki

STEP 3 – if ki valid…

STEP 4

ki = “AQEGSDFASDF”

S

client machine

client machine

CS 200 Spring 2003


Summary

  • Mutual authentication

    • Authentication of user to server

    • Authentication of server to user

  • Involves the human (as opposed to machine)

  • Anonymity by proper use of layered images

  • You will get a transparency on Wednesday

CS 200 Spring 2003


ad
  • Login