1 / 21

Authentication

CS 99j. Authentication. John C. Mitchell Stanford University. Computer security. Computer security is concerned with the detection and prevention of unauthorized actions by users of a computer system. Authentication. Verify identity Only allow authorized access

leigh-simpson
Download Presentation

Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 99j Authentication John C. Mitchell Stanford University

  2. Computer security Computer security is concerned with the detection and prevention of unauthorized actions by users of a computer system.

  3. Authentication • Verify identity • Only allow authorized access • Message authentication (different concept) • Confirm source and integrity of message • Message received is the same as message sent

  4. Fundamental limitation I am talking to Joe I am talking to someone who has Joe’s • Password • Private key • Thumbprint

  5. Outline • Password authentication • Unix password scheme • Dictionary attack • Challenge-response mechanisms • Authentication protocols • Protocol analysis methods

  6. Password authentication • Basic idea • User has a secret password • System checks password to authenticate user • Issues • How is password stored? • How does system check password? • How easy is it to guess a password?

  7. Basic password scheme Password file User kiwifruit exrygbzyf kgnosfix ggjoklbsz … … hash function

  8. Basic password scheme • Hash function h : strings  strings • Given h(password), hard to find password • No known algorithm better than trial and error • User password stored as h(password) • When user enters password • System computes h(password) • Compares with entry in password file • No passwords stored on disk

  9. Unix password system • Hash function is 25xDES • Number 25 was meant to make search slow • Password file is publicly readable • Other information in password file … • Any user can try “dictionary attack” • User looks at password file • Computes hash(word) for every word in dictionary • “Salt” makes dictionary attack harder • Otherwise, compare hash(word) to all passwords

  10. Salt [Belgers] • Password line account:crypted-passwd:uid:gid:user-name:homedir:shell walt:fURfuu4.4hY0U:129:129:Belgers:/home/walt:/bin/csh • Checking with salt

  11. Another password vulnerability void check_passwd(char *name, passwd) { char buffer1[2]; char buffer2[2]; /* place password for name in buffer 1 */ strcpy(buffer2,passwd) if (buffer1[1]==buffer2[1] && buffer1[1]==buffer2[1]) { /* allow login */ }; else { /* disallow login */ }; }

  12. Extra Reading • Find Phrack archives .oO Phrack 49 Oo. Volume Seven, Issue Forty-Nine • Look for this article XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Smashing The Stack For Fun And Profit XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX by Aleph One aleph1@underground.org

  13. Challenge-response Challenge User Secret key string f(key,string) Response

  14. Challenge-response authentication • Challenge • System presents user with some string • Response • User computes f(key,string) • Authentication • Check property of f(key,string) • Secret data can stay secret: no password is sent What kind of function will work?

  15. Authentication protocols • Many protocols to confirm identity • Clark-Jacob survey of 50 protocols • Common use • Client and server confirm identity and agree on secret encryption key

  16. Network connection • TCP syncronize/acknowledgement Client SYN Server SYN-ACK ACK sequence numbers omitted ...

  17. Needham-Schroeder Key Exchange { A, Na } Kb { Na, Nb } Ka { Nb} Kb A B Result: A and B share two private numbers not known to any observer without Ka-1, Kb -1

  18. Anomaly in Needham-Schroeder [Lowe] { A, Na } Ke A E { Na, Nb } Ka { Nb } Ke { A, Na } { Na, Nb } Evil agent E tricks honest A into revealing private key Nb from B. Kb Ka B Evil E can then fool B.

  19. Repaired Needham-Schroeder Protocol { A, Na } Kb { Na, B, Nb } Ka { Nb} Kb A B Result: A and B share two private numbers not known to any observer without Ka-1, Kb -1

  20. How do we know this is correct? • Think a lot • Ask smart people • Systematic methods • Protocol logics • BAN, GNY, SvO, … • Model checking • Exhaustive testing of finite systems • Mathematical proof • Prove an abstract form of protocol is correct • Even with simplifications, requires computer assistance

  21. Explicit Intruder Method Informal Protocol Description Formal Protocol Intruder Model Analysis Tool Gee whiz. Looks OK to me.

More Related