Slides for lecture 20

Download Report

Transcript Slides for lecture 20

CMSC 414
Computer and Network Security
Lecture 20
Jonathan Katz
HW3
 Some students have reported problems when using
different grace machines
– Logging in to scary.umd.edu should work
Network Security
Authentication: an Overview
Authentication
 Verifying the identity of another entity
– Computer authenticating to another computer
– Person authenticating to a local/remote computer
 Important to be clear about what is being
authenticated
– The user?
– The machine? A specific application on the machine?
– The data?
 What assumptions are being made?
– E.g., login from untrusted terminal
Authentication
 Mutual authentication vs. unidirectional
authentication
 Authentication -- two main issues:
– How authentication information is stored (at both ends)
– Authentication protocol itself
Authentication
 Authentication may be based on
– What you know
– What you have
– What you are
– Examples? Tradeoffs?
– Others?
 Can also consider two-factor authentication
Address-based authentication
 Is sometimes used
 Generally not very secure
– Relatively easy to forge source addresses of network
packets
 But can be useful if the adversary does not know
what IP address to forge
– E.g., IP address of a user’s home computer
Location-based authentication
 More interest lately, as computation becomes more
ubiquitous
 Re-authentication if laptop moves
Attack taxonomy
 Passive attacks
 Active attacks
– Impersonation
• Client impersonation
• Server impersonation
– Man-in-the-middle
 Server compromise
 Different attacks may be easier/more difficult in
different settings
Password-based protocols
 Password-based authentication
– Any system based on low-entropy shared secret
 Distinguish on-line attacks vs. off-line attacks
Password selection
 User selection of passwords is typically very poor
– Lower entropy password makes dictionary attacks
easier
 Typical passwords:
– Derived from account names or usernames
– Dictionary words, reversed dictionary words, or small
modifications of dictionary words
 Users typically use the same password for
multiple accounts
– Weakest account determines the security!
– Can use program like pwdHash to correct this
Better password selection
 Non-alphanumeric characters
 Longer phrases
 Can try to enforce good password selection…
 …but these types of passwords are difficult for
people to memorize and type!
From passwords to keys?
 Can potentially use passwords to derive symmetric
or public keys
 What is the entropy of the resulting key?
 Often allows off-line dictionary attacks on the
password
Password-based protocols
 Any password-based protocol is potentially
vulnerable to an “on-line” dictionary attack
– On-line attacks can be detected and limited
 How?
– “Three strikes”
– Ratio of successful to failed logins
– Gradually slow login response time
 Potential DoS
– Cache IP address of last successful login
Password-based protocols
 Off-line attacks can never be ‘prevented’, but
protocols can be made secure against such attacks
 Any password-based protocol is vulnerable to off-
line attack if the server is compromised
– Once the server is compromised, why do we care?
Password-based protocols
 Best: Use a password-based protocol which is
secure against off-line attacks when server is not
compromised
– Unfortunately, this has not been the case in practice
(e.g., telnet, cell phones, etc.)
– This is a difficult problem!
Password storage
 In the clear…
 Hash of password (done correctly)
– Doesn’t always achieve anything!
– Makes adversary’s job harder
– Potentially protects users who choose good passwords
 “Salt”-ed hash of password
– Makes bulk dictionary attacks harder, but no harder to attack a
particular password
– Prevents using ‘rainbow tables’
 Encrypted passwords? (What attack is this defending
against?)
 Centralized server stores password…