1 / 32

David Evans cs.virginia/evans

Class 35: Cookie Monsters and Semi-Secure Websites David Evans http://www.cs.virginia.edu/evans CS200: Computer Science University of Virginia Computer Science Why Care about Security? http://www.cs.virginia.edu/cs200/problem-sets/ps8/example/query.php3 Security

bernad
Download Presentation

David Evans cs.virginia/evans

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Class 35: Cookie Monsters and Semi-Secure Websites David Evans http://www.cs.virginia.edu/evans CS200: Computer Science University of Virginia Computer Science

  2. Why Care about Security? http://www.cs.virginia.edu/cs200/problem-sets/ps8/example/query.php3 CS 200 Spring 2003

  3. Security • Confidentiality – keeping secrets • Most web sites don’t want this • Integrity – making data reliable • Preventing tampering • Only authorized people can insert/modify data • Availability • Provide service (even when attacked) • Can’t do much about this without resources CS 200 Spring 2003

  4. How do you authenticate? • Something you know • Password • Something you have • Physical key (email account?, transparency?) • Something you are • Biometrics (voiceprint, fingerprint, etc.) Serious authentication requires at least 2 kinds CS 200 Spring 2003

  5. Early Password Schemes Login does direct password lookup and comparison. Login: alyssa Password: spot Failed login. Guess again. CS 200 Spring 2003

  6. Eve Login Process Terminal Login: alyssa Password: fido Trusted Subsystem login sends <“alyssa”, “fido”> CS 200 Spring 2003

  7. Password Problems • Need to store the passwords • Dangerous to rely on database being secure • Need to transmit password from user to host • Dangerous to rely on Internet being unsniffed Solve this today Solve this Wednesday CS 200 Spring 2003

  8. First Try: Encrypt Passwords • Instead of storing password, store password encrypted with secret K. • When user logs in, encrypt entered password and compare to stored encrypted password. Problem if K isn’t so secret: decryptK (encryptK (P)) = P CS 200 Spring 2003

  9. Hashing • Many-to-one: maps a large number of values to a small number of hash values • Even distribution: for typical data sets, probability of (H(x) = n) = 1/N where N is the number of hash values and n = 0..N – 1. • Efficient: H(x) is easy to compute. “dog” “neanderthal” “horse” H (char s[]) = (s[0] – ‘a’) mod 10 CS 200 Spring 2003

  10. Cryptographic Hash Functions One-way Given h, it is hard to find x such that H(x) = h. Collision resistance Given x, it is hard to find y  x such that H(y) = H(x). CS 200 Spring 2003

  11. Example One-Way Function Input: two 100 digit numbers, x and y Output: the middle 100 digits of x * y Given x and y, it is easy to calculate f (x, y) = select middle 100 digits (x * y) Given f(x, y) hard to find x and y. CS 200 Spring 2003

  12. A Better Hash Function? • H(x) = encryptx (0) • Weak collision resistance? • Given x, it should be hard to find y  x such that H(y) = H(x). • Yes – encryption is one-to-one. (There is no such y.) • A good hash function? • No, its output is as big as the message! CS 200 Spring 2003

  13. Actual Hashing Algorithms • Based on cipher block chaining • Start by encrypting 0 with the first block • Use the next block to encrypt the previous block • SHA [NIST95] – 512 bit blocks, 160-bit hash • MD5 [Rivest92] – 512 bit blocks, produces 128-bit hash • This is what we will use: built in to PHP CS 200 Spring 2003

  14. Hashed Passwords CS 200 Spring 2003

  15. Dictionary Attacks • Try a list of common passwords • All 1-4 letter words • List of common (dog) names • Words from dictionary • Phone numbers, license plates • All of the above in reverse • Simple dictionary attacks retrieve most user-selected passwords • Precompute H(x) for all dictionary entries CS 200 Spring 2003

  16. 86% of users are dumb and dumber (Morris/Thompson 79) CS 200 Spring 2003

  17. Salt of the Earth (This is the standard UNIX password scheme.) Salt: 12 random bits DES+ (m, key, salt) is an encryption algorithm that encrypts in a way that depends on the salt. How much harder is the off-line dictionary attack? CS 200 Spring 2003

  18. PHP Code // We use the username as a "salt" (since they must be unique) $encryptedpass = md5 ($password . $username); Not quite as secure as using a random value. What is someone picks xdave as their username and Lx.Ly. as their password? CS 200 Spring 2003

  19. Authenticating Users • User proves they are a worthwhile person by having a legitimate email address • Not everyone who has an email address is worthwhile • Its not too hard to snoop (or intercept) someone’s email • But, provides much better authenticating than just the honor system CS 200 Spring 2003

  20. Registering for Account • User enters email address • Account is marked as “Inactive” • Send an email with an unguessable URL URL that activates the account $encryptedpass = md5 ($password . $username); $query = "INSERT INTO users (username, password, email, activated) VALUES ('$username', '$encryptedpass', '$email', 0)"; CS 200 Spring 2003

  21. PHP Code (register-process.php) A string only the server should know. (Hard to really keep this secret…) Why not just use md5($username)? $actcode = md5 ($username . $secret); $url = "http://" . $_SERVER['HTTP_HOST'] . dirname ($_SERVER['PHP_SELF']) . "/activate.php?user=$username&code=$actcode"; mail ($email, // User’s email address "WahooChat Account Activation", // Subject Line "To activate your account visit $url", // Message body "From: wahoochat-bot@virginia.edu"); // From address CS 200 Spring 2003

  22. activate.php $result = mysql_query ("SELECT activated FROM users WHERE username='$user'"); $rows = mysql_num_rows ($result); if ($rows == 0) { error ("No account for username: $user");} else { $activated = mysql_result ($result, 0, 0); if ($activated != 0) { error ("Account $username is already activated.");} else { $actcode = md5 ($user . $secret); if ($code == $actcode) { $result = mysql_query ("UPDATE users SET activated=1 WHERE username='$user'"); if ($result != 1) { error ("Database update failed: $result"); } else { print "Your account is now activated!<br><p>"; } } else { print "Invalid account code!<br>"; } } } CS 200 Spring 2003

  23. Cookies • HTTP is stateless: every request is independent • Don’t want user to keep having to enter password every time • A cookie is data that is stored on the browser’s machine, and sent to the web server when a matching page is visited CS 200 Spring 2003

  24. Using Cookies • Look at the example PHP code • Cookie must be sent before any HTML is sent • Be careful how you use cookies – anyone can generate any data they want in a cookie • Make sure they can’t be tampered with: use md5 hash with secret to authenticate • Don’t reuse cookies - easy to intercept them (or steal them from disks): use a counter than changes every time a cookie is used CS 200 Spring 2003

  25. Problems Left • The database password is visible in plaintext in the PHP code • No way around this (with UVa mysql server) • Anyone who can read UVa filesystem can access your database • The password is transmitted unencrypted over the Internet (next class) • Proving you can read an email account is not good enough to authenticate for important applications CS 200 Spring 2003

  26. Authenticationfor Remote Voting Nathanael Paul David Evans University of Virginia [nrpaul, evans]@cs.virginia.edu Avi Rubin Johns Hopkins University rubin@jhu.edu Dan Wallach Rice University dwallach@cs.rice.edu

  27. Types of Authentication • Something you know • passwords • Example: login to schedule of classes • Something you are • Biometrics • Examples: iris scanner, fingerprint reader • Something you have • This: a transparency CS 200 Spring 2003

  28. Authentication for remote voting • Remote voting offers convenience • 69% votes cast by mail in 2001 in state of Washington • Electronic voting is cheaper and faster • More secure? • New problems: virus, worm, spoofing, denial of service • Mutual authentication • Voter authenticated to server • Server authenticated to voter CS 200 Spring 2003

  29. Doing Encryption without Computers • Can’t trust voters to have trustworthy computers • Viruses can tamper with their software • Need to do authentication in a way that doesn’t depend on correctness of user’s software • Lorenz cipher: use XOR to encrypt • Is there a way to do lots of XOR’s without a computer? CS 200 Spring 2003

  30. Visual cryptography (Naor & Shamir, 1994) • Perfectly secure (one-time pad) • Server can encode anything knowing voter’s layer Option 1 Option 2 Transparency Screen Transparency Screen Encodes a clear (grey) square Encodes a dark square CS 200 Spring 2003

  31. Remote Voting System Each voter is sent a key, ki STEP 1 keys Ek (k1) S Ek(k2) … ki = … Ek(kn) Key: AQEGSDFASDF STEP 2 ki STEP 3 – if ki valid… STEP 4 ki = “AQEGSDFASDF” S client machine client machine CS 200 Spring 2003

  32. Summary • Mutual authentication • Authentication of user to server • Authentication of server to user • Involves the human (as opposed to machine) • Anonymity by proper use of layered images • You will get a transparency on Wednesday CS 200 Spring 2003

More Related