slide 1

CS 436/636/736

Spring 2012

Nitesh Saxena

*Parts adopted from a previous lecture by Vitaly Shmatikov

User(-to-Device) Authentication

Course Admin

HW4 posted• Problem 1 and 2: due Apr 26, 11am

(individually assigned)• Problem 3: demo due 11am May 7 (can be

teams of 2)• Demo slots were posted (please mark them)

Course Admin

Final Exam – May 3 (Thursday)• 10:45 to 1:15• Venue – CH 430 (our regular lecture room)

Covers everything (cumulative)• 35% -- pre mid-term material• 65% -- post mid-term material

Again, close-book, just like the mid-term Exam Review this Thursday

slide 4

Recall: Basic Problem

?

How do you prove to someone that you are who you claim to be?

Any system with access control must solve this problem

slide 5

Recall: Many Ways to Authenticate

Something you know• Passwords/PINs

Something you have• Secure tokens

Something you are• Biometrics

What is the best method to authenticate: secure as well as usable and universal? Is there any?

slide 6

(Textual) Passwords

User has a secret password. System checks it to authenticate the user. How is the password communicated?

• Eavesdropping risk

How is the password stored?• In the clear? Encrypted? Hashed?

How does the system check the password? How easy is it to guess the password?

• Easy-to-remember passwords tend to be easy to guess

• Password file is difficult to keep secret

slide 7

Passwords in the Real World

From high school pranks…• Student in Tyler changes school attendance records• Students in California change grades

– Different authentication for network login and grade system, but teachers were using the same password (very common)

…to serious cash• English accountant uses co-workers’ password to

steal $17 million for gambling

…to identity theft• Helpdesk employee uses passwords of a credit card

database to sell credit reports to Nigerian scammers

[PasswordResearch.com]

slide 8

Passwords and Computer Security

First step after any successful intrusion: install sniffer or keylogger to steal more passwords Second step: run cracking tools on password files

• Usually on other hijacked computers

In Mitnick’s “Art of Intrusion”, 8 out of 9 exploits involve password stealing and/or cracking• Excite@Home: usernames and passwords stored in the

clear in troubleshooting tickets• “Dixie bank” hack: use default router password to

change firewall rules to enable incoming connections

slide 9

UNIX-Style Passwords

t4h97t4m43 fa6326b1c2 N53uhjr438 Hgg658n53 …

user system password file“cypherpu

nk”

hashfunction

slide 10

Password Hashing

Instead of user password, store H(password) When user enters password, compute its

hash and compare with entry in password file• System does not store actual passwords!• Difficult to go from hash from password!

Hash function H must have some properties• One-way: given H(password), hard to find

password– No known algorithm better than trial and error

• Is collision resistance needed?

slide 11

UNIX Password System

Uses DES encryption as if it were a hash function• Encrypt NULL string using password as the key

– Truncates passwords to 8 characters!

• Can instruct modern UNIXes to use MD5 hash function

Problem: passwords are not truly random• With 52 upper- and lower-case letters, 10 digits

and 32 punctuation symbols, there are 948 6 quadrillion possible 8-character passwords

• Humans like to use dictionary words, human and pet names 1 million common passwords

slide 12

Dictionary Attack

Password file /etc/passwd is world-readable• Contains user IDs and group IDs which are used

by many system programs

Dictionary attack is possible because many passwords come from a small dictionary• Attacker can pre-compute H(word) for every word

in the dictionary – this only needs to be done once!!

– This is an offline attack– Once password file is obtained, cracking is instantaneous

• With 1,000,000-word dictionary and assuming 10 guesses per second, brute-force online attack takes 50,000 seconds (14 hours) on average

slide 13

Salt

shmat:fURxfg,4hLBX:14510:30:Vitaly:/u/shmat:/bin/csh

/etc/passwd entrysalt

(chosen randomly whenpassword is first set)

hash(salt,pwd)Password

• Users with the same password have different entries in the password file

• Offline dictionary attack becomes much harder

slide 14

Advantages of Salting

Without salt, attacker can pre-compute hashes of all dictionary words once for all password entries• Same hash function on all UNIX machines;

identical passwords hash to identical values• One table of hash values works for all password

files

With salt, attacker must compute hashes of all dictionary words once for each combination of salt value and password• With 12-bit random salt, same password can

hash to 4096 different hash values

slide 15

Shadow Passwords

shmat:x:14510:30:Vitaly:/u/shmat:/bin/csh

• Store hashed passwords in /etc/shadow file which is only readable by system administrator (root)

• Add expiration dates for passwords• Early Shadow implementations on Linux called

the login program which had a buffer overflow!

Hashed password is notstored in a world-readable file

/etc/passwd entry

slide 16

Password Security Risks

Keystroke loggers• Hardware

– KeyGhost, KeyShark, others

• Software (spyware)

Observation attacks• See our recent work on keyboard acoustic emanations:

http://eprint.iacr.org/2010/605.pdf

Online attacks Offline attacks

These can be dealt with somewhat (how?), but…….

slide 17

User Issues!!

Make passwords easy to remember• “password”, “Longhorns”, “Kevin123”

Write them down Use a single password at multiple sites

• Do you use the same password for Amazon and your bank account? MyPoly? Do you remember them all?

Some services use “secret questions” to reset passwords

• “What is your favorite pet’s name?”• Paris Hilton’s T-Mobile cellphone hack

Susceptible to Social Engineering• e.g., Phishing

slide 18

Social Engineering

Univ. of Sydney study (1996)• 336 CS students emailed asking for their passwords

– Pretext: “validate” password database after suspected break-in

• 138 returned their passwords; 30 returned invalid passwords; 200 reset passwords (not disjoint)

Treasury Dept. report (2005)• Auditors pose as IT personnel attempting to correct a

“network problem”• 35 (of 100) IRS managers and employees provide

their usernames and change passwords to a known value

Other examples: Mitnick’s “Art of Deception”

slide 19

A Recent Email…

Images from Anti-Phishing Working Group’s Phishing Archive

slide 20

Images from Anti-Phishing Working Group’s Phishing Archive

slide 21

The next page requests:

Name Address Telephone Credit Card Number, Expiration Date, Security

Code PIN Account Number Personal ID Password

slide 22

Images from Anti-Phishing Working Group’s Phishing Archive

slide 23

But wait…

WHOIS 210.104.211.21:

Location: Korea, Republic Of

Images from Anti-Phishing Working Group’s Phishing Archive

slide 24

slide 25

Phishing: A Growing Problem

Over 16,000 unique phishing attacks reported in Nov. 2005, about double the number from 2004

Estimates suggest phishing affected 1.2 million US citizens and cost businesses billions of dollars in 2004

Additional losses due to consumer fears

[Anti-Phishing Working Group, Phishing Activity Trends Report, Dec. 2005]

slide 26

Basic Phishing Attack

Victim receives email seemingly from an institution• Often reports a problem with victim’s account• Email demands immediate action

Victim led to a website that mimics that of the institution• Prompted to enter account information, passwords, personal

information, etc. Two variations:

• Passive: Attacker collects victim’s information for later exploitation

• Active: Attacker relays victim’s information to the real institution and plunders the account in real time

slide 27

Current Phishing Techniques

Employ visual elements from target site DNS Tricks:

• www.ebay.com.kr• www.ebay.com@192.168.0.5• www.gooogle.com• Unicode attacks

JavaScript Attacks• Spoofed SSL lock

Certificates• Phishers can acquire certificates for domains they own• Certificate authorities may make mistakes

slide 28

Advanced Phishing Attacks

Spear-phishing: Improved target selection Socially aware attacks [Jakobsson 2005]

• Mine social relationships from public data• Phishing email appears to arrive from someone known to the

victim Context-aware attacks [ibid]

• “Your bid on eBay has won!”• “The books on your Amazon wishlist are on sale!”

slide 29

User Issues!! Users are “task-focussed” Security is a secondary objective Users choose bad passwords and

readily disclose them Users cannot parse URLs, domain

names or PKI certificates Users are inundated with warnings and

pop-ups

slide 30

Phishing Prevention Approaches

Heuristics• Spoofguard [Chou et al. 2004], TrustBar [HerzGbar 2004], eBay

toolbar, SpoofStick• Recent studies indicate users ignore toolbar warnings [Wu

et al. 2005]

slide 31

Spoofguard example

slide 32

Other Approaches

Origin/Server Authentication• Dynamic Security Skins [DhamTyga 2004], Passmark, and the

Petname project; BankofAmerica SiteKey• All rely on user diligence – a single mistake will result in a

compromised account (slow to load image!)

slide 33

Another approach

PwdHash• Instead of the password p, share the hash of

the password (concatenated with domain name): H(p, domain)

• User types in the password p, the browser computes H(p, domain) and send it to the server

• Phishing site learns the hashed value for its own doman, which is of no “direct” use (except running a dictionary attack on the password)

slide 34

In summary

Lot of problems with the passwords• Especially due to user behavior

Can we help users pick strong(er) passwords• Use of mnemonics: Easy to remember but hard

to guess phrases– Phrase to a password

• “Jack and Jill went up the hill” (JaJwuth) (probably not good!)

• “I’ve owned 4 Gateway computers so far” (Io4Gcsf )

Other Directions…

slide 35

Graphical Passwords

Images are easy for humans to recall/recognize• Especially if you invent a memorable story to

go along with the images

Images can not be “written down”

slide 36

Dhamija and Perrig SchemePick several pictures out of many choices, identify them laterin authentication.

http://www.random-art.org/

• Using Hash Visualization, which, given a seed, automatically generate a set of pictures• No need to store images, but take

longer to create passwords

password space: N!/K! (N-K)!( N-total number of pictures; K-number of pictures selected as passwords)

slide 37

Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by

user) among many other objects, user click inside the convex hull bounded by pass-objects.

• authors suggeated using 1000 objects, which makes the display very crowed and the objects almostindistinguishable.

password space: N!/K! (N-K)!( N-total number of picture objects; K-number of pre-registered objects)

slide 38

PassFaces

Using human faces as password

slide 39

User Quotes

“I chose the images of the ladies which appealed the most”

“I simply picked the best lookin girl on each page”

“In order to remember all the pictures for my login (after forgetting my ‘password’ 4 times in a row) I needed to pick pictures I could EASILY remember... So I chose beautiful women. The other option I would have chosen was handsome men, but the women are much more pleasing to look at”

slide 40

More User Quotes

“I picked her because she was female and Asian and being female and Asian, I thought I could remember that”

“I started by deciding to choose faces of people in my own race…”

“… Plus he is African-American like me”

slide 41

Draw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the coordinates

of the grids occupied by the picture are stored in the order of

drawing

redrawing has to touch thesame grids in the same sequence in authentication user studies showed the drawing sequences is hard to Remember

slide 42

“PassPoint” SchemeUser click on any place on an image to create a password. A

tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.

can be hard to remember the sequences

Password Space: N^K( N -the number of pixels or smallest units of a picture, K - the number ofPoint to be clicked on )

slide 43

Disadvantages

Graphical password schemes are perceived to be more vulnerable to “shoulder surfing”

A change in infrastructure is needed Need to store, transmit images in many

cases

slide 44

Biometric Authentication

Nothing to remember Passive

• Nothing to type, no devices to carry around

Can’t share (usually) Can be fairly unique

• … If measurements are sufficiently accurate

slide 45

Problems with Biometrics

Identification vs. authentication• Identification = associating an identity with an

event or a piece of data– Example: fingerprint at a crime scene

• Authentication = verifying a claimed identity– Example: fingerprint scanner to enter a building

How hard are biometric readings to forge?• Difficulty of forgery is routinely overestimated• Analysis often doesn’t take into account the

possibility of computer-generated forgery

Revocation is difficult or impossible

slide 46

Fake Fingers

Gelatin: gummy fingers

Play-Doh fingers fool 90% of fingerprint scanners• Clarkson University

study

Suggested perspiration measurement to test “liveness” of the finger

[Schuckers]

slide 47

Face/off

slide 48

Tokens

Generally used to improve security of passwords• Two-factor authentication: “Something you have” +

“Something you know”• Use of “one time passwords”

Example: RSA SecurID (many different forms)

Problem: token might not be available, when needed; also each secure site needs a different token

slide 49

Playful Security: Security can be fun! A direction we have been taki

Make security tasks fun and entertaining for the users; entice them

Hoping that users will better comply at them

Tom Sawyer Effect Can be applied to many

different problems Currently, Google has shown

interest in our research See: http://spies.cis.uab.edu/research/playful-

security

slide 50

References

Use google Some of these can be found here:

• http://www.cs.utexas.edu/~shmat/courses/cs378_fall07/cs378_ref.html