IS 302: Information Security and TrustWeek 7: User Authentication (part I)

2012

© Yingjiu Li 2007 2

Who are you really?• Impersonation in cyber-world• How does Bob prove he is Bob?

Bob Alice

MalloryAlice, I’m Bob Alice, I’m Bob Who are you?

© Yingjiu Li 2007 3

Asymmetric solution with certificate• Bob: Hi, Alice, I am Bob. Here is my signature and certificate.• Alice: Ok, let me verify your signature and certificate…

Bob Alice

MalloryAlice, I’m Bob. Here are my sig and cert

© Yingjiu Li 2007 4

Symmetric solution with shared secret

• Bob: Hi, Alice, I am Bob. I know our shared secret S– Weak authentication: reveal S itself

– Strong authentication: Bob does not reveal S itself

Bob Alice

MalloryAlice, I’m Bob. I know our secret S

© Yingjiu Li 2007 5

What is shared secret?

• What Bob knows– Password, PIN, mother’s maiden name…

• What Bob possesses– Physical key, token, smart card, passport…

• Who Bob is– Fingerprint, retina, voice, face, signature dynamics,

DNA…

© Yingjiu Li 2007 6

Password based authentications• The most popular user authentication technique

– Weak authentication based on password this week

– Strong authentication based on password week 9

Bob Alice

Alice, I’m Bob, and I know my pw

© Yingjiu Li 2007 7

Weak authentication based on password

• It is subject to eavesdropping attack when a Bob sends pwd across network to a remote server

• It can be used when Bob logins into a local computer

Bob Alice

Bob id, Bob password

© Yingjiu Li 2007 8

Store pwd directly

• Non-cryptographic technique– Alice: stores “Bob id – Bob password” in a password

file

– Alice: authenticates Bob by comparing received password to the password stored in password file

Bob Alice

Bob id – Bob password .....

Bob id, Bob password

Password file

© Yingjiu Li 2007 9

Store hashed or encrypted pwd

• “hashed or encrypted” password file– Alice: stores hash or cipher of Bob’s password

– Alice: authenticates Bob by hashing (or encrypting) received password and comparing it to the corresponding entry in password file.

Bob Alice

Bob id – h(Bob password) .......

Bob id, Bob password

© Yingjiu Li 2007 10

Example I: Unix pwd• Unix pwd

– DES is repeatedly used 25 times to encrypt 64 bit zeros

– Encryption key: user password

– How many possible pwds?

Bob Alice

Bob id, DES25

(Bob pwd , zeros) ...

Bob id, Bob password

© Yingjiu Li 2007 11

Example II: Windows LM Hash• LAN Manager (LM)

– Advanced network OS (MS and 3Com)

• LM hash– Windows 9X Windows Me: store pwd in

LM hash – Windows 2000, NT, and XP: also store LM

hash by default for backwards compatibility (can be disabled)

– Windows Vista onwards: eliminates LM hash store NT(LM) hash only

© Yingjiu Li 2007 12

LM Hash

• Security of LM hash– Passwords >7 chars two 7-char halves are hashed

independently– Upper case only (26+10 for alphabets and numbers)

• 36^7=2^36 for each half, 2^37 possible pwds– Modern desktop can brute-force any LM hash (14-char

pw) in a few hours.

• User pwd uppercase• Null-padded or truncated to 14 bytes 7+7 bytes• 1st 7 bytes DES key1; 2nd 7 bytes DES key 2• Each DES key enc. string “KGS!@#$%” 8+8 bytes

32 hexes=128 bits

© Yingjiu Li 2007 13

NT(LM) Hash

• MD4 hash value of password– 16 bytes=128 bits (the same length as LM hash)

• Security of NTLM hash – not half-half, not upper case only (52+10 for

alphabets and numbers)– 62^14 =2^84 possible pwds – (compare to 2^37 pwds in LM and 2^56 pwds

in UNIX)

© Yingjiu Li 2007 14

SAM File

• Where does windows store LM hash and/or NTLM hash?– C:\Windows\System32\config\SAM– Can you read/copy it? – How to get access to it? – Password cracking test/lab in week 11

© Yingjiu Li 2007 15

Password Attacks

• Brute force attack

• Dictionary attack

© Yingjiu Li 2007 16

Brute Force Attack

• Mallory– Get access to a hashed/encrypted password file– Hash/encrypt every possible password and

compare it to password file

• How to thwart brute force attack?

© Yingjiu Li 2007 17

Dictionary Attack

• Mallory– Create a dictionary of commonly used

passwords– Pre-compute a password file for pwd dictionary– Look for a match between pre-computed

password file and real password file

• How to thwart dictionary attack?

© Yingjiu Li 2007 18

Choose strong pwd– DO NOT use anyone’s name as your password.

– DO NOT use words in common dictionary as your password.

– DO NOT use birth date as your password.

– DO use a combination of alphabets, digits and special characters.

© Yingjiu Li 2007 19

Choose long pwd• Using pass-phrase

– Easy to remember

– Longer, thus harder to crack

• Examples– Redskin is My Favorite @ SMU (to login at SMU)

– Redskin is My Favorite @ gmail (to login at gmail)

© Yingjiu Li 2007 20

Change pwd frequently?

• Arguable

© Yingjiu Li 2007 21

Review 1. How long is unix password when stored

1. 12 bits

2. 56 bits

3. 64 bits

2. How long is LM hash or NT hash1. 14 letters

2. 64 bits

3. 128 bits

3. To thwart brute-force attack, we need to choose1. Strong passwords

2. Long enough passwords

3. Strong authentication of passwords

© Yingjiu Li 2007 22

Notice

• Project draft (hard copy) due during week 9 class– It will not be graded