Iss lecture 5

147
-1

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
147
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Iss lecture 5

  1. 1. Information System SecurityInformation System SecurityLecture 5Lecture 5User Authentication andUser Authentication andCryptographic Key InfrastructureCryptographic Key Infrastructure
  2. 2. 22OutlineOutline Entity AuthenticationEntity Authentication Entity Authentication FunctionsEntity Authentication Functions– Something you haveSomething you have– Something you areSomething you are– Something you knowSomething you know PasswordsPasswords OTPOTP Challenge-ResponseChallenge-Response Cryptographic Key InfrastructureCryptographic Key Infrastructure
  3. 3. 331. Entity Authentication1. Entity Authentication The aim of this lecture is to present some techniques that allowsThe aim of this lecture is to present some techniques that allowsone party (theone party (the verifierverifier) to gain assurances that the identity of) to gain assurances that the identity ofanother (theanother (the claimantclaimant) is as declared, thereby preventing) is as declared, thereby preventingimpersonation.impersonation. These techniques are referred to asThese techniques are referred to as identificationidentification,, entityentityauthenticationauthentication, and, and identity verificationidentity verification.. Entity authentication is the process whereby one party is assuredEntity authentication is the process whereby one party is assuredof the identity of a second party involved in a protocol, and thatof the identity of a second party involved in a protocol, and thatthe second has actually participated.the second has actually participated.
  4. 4. 44Entity authentication: UsesEntity authentication: Uses1.1. Access controlAccess control– An entity, often human user, must provide assurance of their identity inAn entity, often human user, must provide assurance of their identity inreal time in order to have access to either physical or virtual resources.real time in order to have access to either physical or virtual resources.1.1. As part of a more complex cryptographic process:As part of a more complex cryptographic process:– Typically established at the start of a connection: an entity must provideTypically established at the start of a connection: an entity must provideassurance of their identity in real time in order for the extended processassurance of their identity in real time in order for the extended processto complete satisfactorily.to complete satisfactorily.– For example, the process of establishing a symmetric key that two usersFor example, the process of establishing a symmetric key that two userscan use to immediately communicate with one another commonlycan use to immediately communicate with one another commonlyinvolves mutual entity authentication in order to provide the two usersinvolves mutual entity authentication in order to provide the two userswith sufficient assurance that they have agreed a key with the “correct”with sufficient assurance that they have agreed a key with the “correct”person.person.
  5. 5. 55Entity authentication: TypesEntity authentication: Types Types of entity authentication:Types of entity authentication:– Unilateral entity authentication is assurance of the identity of one entityto another (and not vice-versa). Examples:– Online shopping– File downloading– Mutual entity authentication occurs if both communicating entitiesprovide each other with assurance of their identity. Examples:Examples:– Online BankingOnline Banking– E-learningE-learning
  6. 6. 662. Entity Authentication Functions2. Entity Authentication Functions The most common ways of providing entity authentication areby using (a combination of) the following:– Something that you have– Something that you are– Something that you know
  7. 7. 77Something you haveSomething you have Dumb tokens:Dumb tokens:– Any physical device without a memory that can be used as a type ofAny physical device without a memory that can be used as a type ofelectronic key.electronic key.– Dumb tokens typically operate with a reader that extracts someDumb tokens typically operate with a reader that extracts someinformation from the token and then indicates whether the informationinformation from the token and then indicates whether the informationauthenticates the entity or not.authenticates the entity or not.– A good example of a dumb token is a plastic card with a magnetic stripe.A good example of a dumb token is a plastic card with a magnetic stripe.The security of the card is based entirely on the difficulty of extractingThe security of the card is based entirely on the difficulty of extractingthe information from the magnetic stripe.the information from the magnetic stripe.– It is common to combine the use of a dumb token with another entityIt is common to combine the use of a dumb token with another entityauthentication technique, such as one based on something you know.authentication technique, such as one based on something you know.
  8. 8. 88Something you haveSomething you have Smart cards:Smart cards:– A plastic card that contains a chip, which gives the card a limited amountA plastic card that contains a chip, which gives the card a limited amountof memory and processing power.of memory and processing power.– A smart card can store secret data more securely, and can also engage inA smart card can store secret data more securely, and can also engage incryptographic processes that require some computations to be performedcryptographic processes that require some computations to be performed(e.g. challenge/response).(e.g. challenge/response).– Smart cards have limited memory and processing power, thus restrictingSmart cards have limited memory and processing power, thus restrictingthe types of operation that they can comfortably perform.the types of operation that they can comfortably perform.– Smart cards are widely used in most countries for banking operations,Smart cards are widely used in most countries for banking operations,electronic ticketing applications, etc.electronic ticketing applications, etc.
  9. 9. 99Something you areSomething you are BiometricsBiometrics– Techniques for human user authentication that are based on physicalTechniques for human user authentication that are based on physicalcharacteristics of the human body.characteristics of the human body.– A biometric control typically converts a physical characteristic into aA biometric control typically converts a physical characteristic into adigital template that is stored on a database. When the user physicallydigital template that is stored on a database. When the user physicallypresents themselves for entity authentication, the physical characteristic ispresents themselves for entity authentication, the physical characteristic ismeasured by a reader, digitally encoded, and then compared with themeasured by a reader, digitally encoded, and then compared with thetemplate.template.
  10. 10. 1010Something you areSomething you are Biometric system modelBiometric system modelRaw dataExtractedfeatures TemplateAuthentication decisionDatacollection SignalprocessingMatching StorageMatchscoreDecisionApplication
  11. 11. 1111Something you areSomething you are BiometricsBiometrics– StaticStatic (unchanging) measurements include fingerprints, hand geometry,(unchanging) measurements include fingerprints, hand geometry,face recognition, retina scan.face recognition, retina scan.– DynamicDynamic (changing) measurements include handwriting measurements(changing) measurements include handwriting measurementsand voice recognition.and voice recognition.– There are many implementation issues and as yet entity authentication isThere are many implementation issues and as yet entity authentication isnot widely provided using these techniques.not widely provided using these techniques.
  12. 12. 1212Something you areSomething you areOptical fingerprint sensor[Fingerprint Identification UnitFIU-001/500 by Sony]Fingerprints
  13. 13. 1313Something you knowSomething you know Passwords:– Passwords are probably the most popular technique for providing entityauthentication, despite concerns about how secure they actually are. A password may be a sequence of charactersA password may be a sequence of characters– Examples: 10 digits, a string of letters,Examples: 10 digits, a string of letters, etcetc..– Generated randomly, by user, by computer with user inputGenerated randomly, by user, by computer with user input A password may be a sequence of wordsA password may be a sequence of words– Examples: pass-phrasesExamples: pass-phrases– AA pass-phrasepass-phrase is a sequence of characters that it is too long to be ais a sequence of characters that it is too long to be apassword and it is thus turned into a shorter virtual password by thepassword and it is thus turned into a shorter virtual password by thepassword systempassword system AlgorithmsAlgorithms– Examples: one-time passwords, challenge-response.Examples: one-time passwords, challenge-response.
  14. 14. 1414Password storagePassword storage Passwords stored in plaintext filesPasswords stored in plaintext files– If password file compromised, all passwords are revealedIf password file compromised, all passwords are revealed– Usually password files are read- and write- protectedUsually password files are read- and write- protected Passwords stored in encrypted filePasswords stored in encrypted file– Encrypted/hashed versions of passwords are stored in a password fileEncrypted/hashed versions of passwords are stored in a password file Examples:Examples:– A Windows password is stored as a MD4 hash value.A Windows password is stored as a MD4 hash value.– A Unix password is stored as a Unix DES Encryption.A Unix password is stored as a Unix DES Encryption.
  15. 15. 1515Unix PasswordUnix Password Example: Original UnixExample: Original Unix– A password is up to eight charactersA password is up to eight characters– The password is truncated to its first 8 ASCII characters, forming theThe password is truncated to its first 8 ASCII characters, forming theUnix DES keyUnix DES key– The key is used to encrypt the 64-bit constant 0.The key is used to encrypt the 64-bit constant 0.– The Unix DES is a variation of the standard DES.The Unix DES is a variation of the standard DES. A 12-bitA 12-bit saltsalt is used to modify the expansion function in DES,is used to modify the expansion function in DES, Then DES is iterated 25 timesThen DES is iterated 25 times– Thus the UNIX password is referred to asThus the UNIX password is referred to as salted passwordsalted password– Unix passwords are stored in fileUnix passwords are stored in file /etc/passwd/etc/passwd
  16. 16. 1616Attack on passwordsAttack on passwords Replay of passwordsReplay of passwords– Specially when passwords are transmitted in cleartextSpecially when passwords are transmitted in cleartext Exhaustive password searchExhaustive password search– Trying all possible passwordsTrying all possible passwords Dictionary attackDictionary attack– Most users select passwords from a small subset of the password spaceMost users select passwords from a small subset of the password space(e.g., short passwords, dictionary words, proper names)(e.g., short passwords, dictionary words, proper names)– Dictionary attack: the attacker tries all possible words, found in anDictionary attack: the attacker tries all possible words, found in anavailable or on-line listavailable or on-line list
  17. 17. 1717Password selectionPassword selection Problem: people pick easy to guess passwordsProblem: people pick easy to guess passwords– Based on account names, user names, computer names, place namesBased on account names, user names, computer names, place names– Too short, digits only, letters onlyToo short, digits only, letters only– License plates, acronyms, social security numbersLicense plates, acronyms, social security numbers– Personal characteristics (nicknames, job characteristics,Personal characteristics (nicknames, job characteristics, etcetc.).) Good passwords can be constructed in several waysGood passwords can be constructed in several ways– Example: A password containing at least one digit, one letter, oneExample: A password containing at least one digit, one letter, onepunctuation symbol, and one control character is usually a strongpunctuation symbol, and one control character is usually a strongpasswordpassword
  18. 18. 1818One-Time PasswordsOne-Time Passwords Problem with fixed passwords:Problem with fixed passwords:– If an attacker sees a password, he/she can laterIf an attacker sees a password, he/she can later replayreplay the passwordthe password A partial solution: one-time passwordsA partial solution: one-time passwords– Password that can be used exactlyPassword that can be used exactly onceonce– After use, it is immediately invalidatedAfter use, it is immediately invalidated ProblemsProblems– Synchronization of user and systemSynchronization of user and system– Generation of good random passwordsGeneration of good random passwords– Password distribution problemPassword distribution problem
  19. 19. 1919Challenge-ResponseChallenge-Response(Strong authentication)(Strong authentication) Another alternative is to authenticate in such a way that theAnother alternative is to authenticate in such a way that thetransmitted password changes each timetransmitted password changes each time Let a userLet a user uu wishing to authenticate himself to a systemwishing to authenticate himself to a system SS. Let. Let uuandand SS have an agreed-on secret functionhave an agreed-on secret function ff. A. A challenge-responsechallenge-responseauthentication system is one in whichauthentication system is one in which SS sends a random messagesends a random messagemm (the(the challengechallenge) to) to uu, and, and uu replies with the transformationreplies with the transformation rr ==ff((mm) (the) (the responseresponse).). SS then validatesthen validates rr by computing itby computing itseparately.separately. TheThe challengechallenge may be a nonce, timestamp, sequence number, ormay be a nonce, timestamp, sequence number, orany combination.any combination.
  20. 20. 2020Challenge-ResponseChallenge-Response((by symmetric-key techniques) The user and system share a secret function f (in practice, f canbe a known function with unknown parameters, such as acryptographic key). This called challenge-response by symmetric-key techniques.user systemrequest to authenticateuser systemrandom message r(the challenge)user systemf(r)(the response)
  21. 21. 2121Challenge-ResponseChallenge-Response(by public-key techniques)(by public-key techniques) AA identifiesidentifies BB by checking whetherby checking whether BB holds the secret (private)holds the secret (private)keykey KRKRBB that matches the public keythat matches the public key KUKUBB AA chooses a random challenge (nonce)chooses a random challenge (nonce) rrAA.. BB uses its randomuses its randomnoncenonce rrBB.. BB applies its public-key system for authenticationapplies its public-key system for authentication Message sequence:Message sequence:1.1. A → BA → B:: rrAA..2.2. B → AB → A:: rrBB,, EEKRKRBB(( rrAA,r,rBB))
  22. 22. 2222Cryptographic KeyCryptographic KeyInfrastructureInfrastructure
  23. 23. 2323Cryptographic Key InfrastructureCryptographic Key Infrastructure Goal: bind identity to keyGoal: bind identity to key Symmetric Cryptography:Symmetric Cryptography:– Not possible as all keys are sharedNot possible as all keys are shared Public key Cryptography:Public key Cryptography:– Bind identity to public keyBind identity to public key– Crucial as people will use key to communicate with principal whoseCrucial as people will use key to communicate with principal whoseidentity is bound to keyidentity is bound to key– Erroneous binding means no secrecy between principalsErroneous binding means no secrecy between principals– Assume principal identified by an acceptable nameAssume principal identified by an acceptable name
  24. 24. 2424CertificatesCertificates A certificate is a token (message) containingA certificate is a token (message) containing– Identity of principal (e.g., Alice)Identity of principal (e.g., Alice)– Corresponding public keyCorresponding public key– Timestamp (when issued)Timestamp (when issued)– Other information (perhaps identity of signer)Other information (perhaps identity of signer)– Signature of a trusted authority (e.g., Cathy)Signature of a trusted authority (e.g., Cathy)CCAA == DDkvkv((KKpp || Alice |||| Alice || TT ))DDkvkv is Cathy’s private keyis Cathy’s private keyCCAA is A’s certificateis A’s certificate
  25. 25. 2525Certificate UseCertificate Use Bob gets Alice’s certificateBob gets Alice’s certificate– If he knows Cathy’s public key, he can validate the certificateIf he knows Cathy’s public key, he can validate the certificate When was certificate issued?When was certificate issued? Is the principal Alice?Is the principal Alice?– Now Bob has Alice’s public keyNow Bob has Alice’s public key Problem:Problem:– Bob needs Cathy’s public key to validateBob needs Cathy’s public key to validate AliceAlice’s certificate’s certificate– Many solutions:Many solutions: Public Key Infrastructure (PKI),Public Key Infrastructure (PKI), Trust-based certificatesTrust-based certificates
  26. 26. 2626X.509 certificateX.509 certificate Key certificate fields in X.509v3:Key certificate fields in X.509v3:– VersionVersion– Serial number (unique)Serial number (unique)– Signature algorithm identifier: hash algorithmSignature algorithm identifier: hash algorithm– Issuer’s name; uniquely identifies issuerIssuer’s name; uniquely identifies issuer– Interval of validityInterval of validity– Subject’s name; uniquely identifies subjectSubject’s name; uniquely identifies subject– Subject’s public keySubject’s public key– Signature:Signature: Identifies algorithm used to sign the certificateIdentifies algorithm used to sign the certificate Signature (enciphered hash)Signature (enciphered hash) Issuer is called Certificate Authority (CA)Issuer is called Certificate Authority (CA)
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×