ROOTS, 27. April 2012André N. Klingsheim@klingsen
   Some motivation   Authentication/identities defined   Where authentication fits in   Authentication factors   Pass...
   Verizon Data Breach Investigations Report*     Based on 855 incidents (that resulted in)     174 million compromized...
Source: Verizon Data Breach Investigations Report, p. 26
Source: Verizon Data Breach Investigations Report, p. 32
   TL;DR: How sure are you that it’s the correct    user who’s logging in?     You’re never 100% sure!   Authentication...
   An identifier such as a name, national identity    number, or a customer number, points to an    identity   The identi...
Someone claims to be «klings»!Authentication tries to establish whether that someone is this guy! 
1.       You don’t know who the user is2.       The user authenticates (now you’re pretty         sure who the user is)3. ...
   You’re done with authentication, and then    have to rely on session security   So, authentication helps you figure o...
   Your trust in that you’re talking to the right    person is at its peak in the authentication    instant   Session se...
   Something you know («Pa$$W0rd1»)   Something you have   Something you are    * Fingerprint shared by Wilfredor under...
   In practice a static, shared secret     Password     Security questions      ▪ Mother’s maiden name      ▪ Where did...
   Code generators     Sequence based     Time-based   Your mobile phone     SMS     Google Authenticator   You’re ...
   Biometrics     Fingerprint     Retina scan     Etc..   Not widely deployed on the web...
   Something you know: a password or PIN   Why?     Very cheap (no devices)      ▪ Do note that password resets can cos...
   Som critical aspects of a password based    authentication procedure     How passwords are stored     How users sign...
   The easiest way to store a password is, well,    to store the password in a database in    cleartext     DBA’s can ea...
   Encrypted passwords mean only one thing   They must be decrypted to be verified   Encryption key + database -> all p...
   A hash function is a deterministic one way    function with a fixed output length   Commonly used: MD5, Sha-1, Sha-25...
   Two users with the same password, will have    the same hash values in the db   You can compute the hash value for co...
 Salts add a bit of uniqueness to the input to the  hash function Salts can be stored besides the password hash in  the ...
   If you get your hands on a list of salted    password hashes you can     Run a dictionary attack (calculate password ...
   Are very efficient against common hashes    such as MD5/Sha-family     Millions of hashes checked per second (single ...
   PBKDF2     Password based key derivation function     Runs X iterations of an HMAC (based on SHA-1) to      generate...
   You’ve stored your passwords securely     The password crackers now hate you   Then some other site gets hacked and ...
   Users tend to reuse their passwords across    websites   Other sites get hacked for various reasons   Leads to the c...
 Something you have Is NOT shared  between sites Solves the «other sites  were hacked» problem
   Time-based     Code typically generated based on a secret key,      and the current time     Requires reliable clock...
   Go with time-based if you can     Limited TTL for your codes     Limited number of valid codes at any given time   ...
   Very important that security cannot be    degraded in your system     Fallback from two-factor to single factor      ...
   More complicated for two-factor    authentication     If you can reset one factor with the other, it’s not      reall...
   “Forgotten password”     Secret questions (are not)     E-mail     Snail mail     SMS
   Require re-authentication for all critical    updates   Such as change of     Password     Phone number     E-mail...
   If you have an optional security mechanism    (e.g. one time codes)     You must require the user to use the security...
   Tutorial/demo!    Scenario: Someone is logged in to their    Google account     Two-factor authentication enabled  ...
   Thank you for listening!   Find me on the web:     www.dotnetnoob.com     @klingsen
Getting authentication right
Getting authentication right
Upcoming SlideShare
Loading in …5
×

Getting authentication right

910 views

Published on

My talk at ROOTS 2012

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
910
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Getting authentication right

  1. 1. ROOTS, 27. April 2012André N. Klingsheim@klingsen
  2. 2.  Some motivation Authentication/identities defined Where authentication fits in Authentication factors Passwords Two-factor authentication Keeping your shields up Fun and demos
  3. 3.  Verizon Data Breach Investigations Report*  Based on 855 incidents (that resulted in)  174 million compromized records  Leads to some interesting statistics ▪ Curiosity: One organized criminal group in Eastern Europe worked on average three days per week  Go read it when you get home! * http://www.verizonbusiness.com/dbir/
  4. 4. Source: Verizon Data Breach Investigations Report, p. 26
  5. 5. Source: Verizon Data Breach Investigations Report, p. 32
  6. 6.  TL;DR: How sure are you that it’s the correct user who’s logging in?  You’re never 100% sure! Authentication is the process of establishing an understood level of trust in whether the user is who she claims to be
  7. 7.  An identifier such as a name, national identity number, or a customer number, points to an identity The identity of an individual is the set of information associated with that individual in a particular computer system
  8. 8. Someone claims to be «klings»!Authentication tries to establish whether that someone is this guy! 
  9. 9. 1. You don’t know who the user is2. The user authenticates (now you’re pretty sure who the user is)3. The user gets a security token in return  You associate the user’s identity with this token  Think session cookies (and username written to session)4. Now you «remember» the outcome of the authentication
  10. 10.  You’re done with authentication, and then have to rely on session security So, authentication helps you figure out whether an unkown person/computer can safely be assosciated with a digital identity Session security deals with remembering who the users is in a secure manner
  11. 11.  Your trust in that you’re talking to the right person is at its peak in the authentication instant Session security takes over, remember this is «cached» trust Re-authentication  Rebuilds your trust in that it’s still the correct person acting as the logged in user
  12. 12.  Something you know («Pa$$W0rd1») Something you have Something you are * Fingerprint shared by Wilfredor under CC BY-SA 3.0 lisence
  13. 13.  In practice a static, shared secret  Password  Security questions ▪ Mother’s maiden name ▪ Where did you go to school ▪ And so on...  PINs (debit/credit cards)
  14. 14.  Code generators  Sequence based  Time-based Your mobile phone  SMS  Google Authenticator You’re debit/credit card (physical/VVC2) Cards with printed PIN-codes
  15. 15.  Biometrics  Fingerprint  Retina scan  Etc.. Not widely deployed on the web...
  16. 16.  Something you know: a password or PIN Why?  Very cheap (no devices) ▪ Do note that password resets can cost you…  In some cases available off-the-shelf (e.g. ASP.NET has the SqlMembershipProvider) Scales well Users are well accustomed to passwords/PINs!
  17. 17.  Som critical aspects of a password based authentication procedure  How passwords are stored  How users sign up  How passwords are validated  How passwords are reset  Application security  The security of all other password based IT- systems in the world
  18. 18.  The easiest way to store a password is, well, to store the password in a database in cleartext  DBA’s can easily steal the passwords.  A breach of the database will immediately reveal all passwords (think Sony) So, encryption or hashing to the rescue! PS! Forgot password -> mail with old password -> most likely cleartext passwords
  19. 19.  Encrypted passwords mean only one thing They must be decrypted to be verified Encryption key + database -> all passwords There is most likely a sysadmin with access to both the key, and the db Password encryption is not recommended!
  20. 20.  A hash function is a deterministic one way function with a fixed output length Commonly used: MD5, Sha-1, Sha-256 MD5(‘Password’) => 3GR+tl5nEeFVN1IYISs5ZA==  Look it up on Google  It’s easy to compute the hash value of an input. It should be impossible to calculate the input based on a hash value (hence one way)
  21. 21.  Two users with the same password, will have the same hash values in the db You can compute the hash value for common passwords, and store the values If you get hold of password hashes – just look them up against known values! The precomputation step is the essence of Rainbow tables  Let’s you crack common passwords in no time We need salts!
  22. 22.  Salts add a bit of uniqueness to the input to the hash function Salts can be stored besides the password hash in the db Salt: 3GR+tl5nEeFVN1IYISs5ZA== Hash = Sha-256(salt+password) Hampers rainbow table attacks Does not hamper dictionary attacks/brute force attacks
  23. 23.  If you get your hands on a list of salted password hashes you can  Run a dictionary attack (calculate password hashes for a wordlist, and compare the hashes)  Run a brute force attack (calculate hashes for all possible passwords aaaaaa, aaaaab, aaaaac so on) If it’s not your list of password hashes, do consider the legal aspects
  24. 24.  Are very efficient against common hashes such as MD5/Sha-family  Millions of hashes checked per second (single cpu) Due to the fact that hash functions were designed to be fast (not to store passwords) We need to add a workload!
  25. 25.  PBKDF2  Password based key derivation function  Runs X iterations of an HMAC (based on SHA-1) to generate a key  Computational penalty for password crackers Bcrypt  Also adds computational load => time penalty Scrypt  Based on a memory trade-off, to hamper special purpose hardware w/limited memory
  26. 26.  You’ve stored your passwords securely  The password crackers now hate you Then some other site gets hacked and all their passwords are leaked  Who cares, you’re secure right? Your users used the same password on your site...
  27. 27.  Users tend to reuse their passwords across websites Other sites get hacked for various reasons Leads to the compromise of accounts on your site! But that’s not fair!  No it isn’t. The world is not fair, in case you haven’t noticed.
  28. 28.  Something you have Is NOT shared between sites Solves the «other sites were hacked» problem
  29. 29.  Time-based  Code typically generated based on a secret key, and the current time  Requires reliable clocks on both server and the code generating device Sequence based  Pseudo random number generator, seeded with a secret key  Code generator and server generate same sequence of codes
  30. 30.  Go with time-based if you can  Limited TTL for your codes  Limited number of valid codes at any given time Sequence based generators  Let’s you compute many codes that will be valid until used  E.g. take someone’s token, generate 5 codes, they’ll be valid until the victim tries to use a code
  31. 31.  Very important that security cannot be degraded in your system  Fallback from two-factor to single factor authentication  Disabling of security mechanisms without requiring authentication E.g. to change the password, you need to enter the correct current password
  32. 32.  More complicated for two-factor authentication  If you can reset one factor with the other, it’s not really two-factor  Forgot password -> set new password, confirm with one time code  Lost mobile phone -> log in with password to change mobile number for one time codes Beware such dependencies in your system!
  33. 33.  “Forgotten password”  Secret questions (are not)  E-mail  Snail mail  SMS
  34. 34.  Require re-authentication for all critical updates Such as change of  Password  Phone number  E-mail address  Disabling of security mechanisms And not with just one factor!
  35. 35.  If you have an optional security mechanism (e.g. one time codes)  You must require the user to use the security mechanism in order to turn it off  Else it’s useless! So changing the «security level» must be done according to the current level of security
  36. 36.  Tutorial/demo!  Scenario: Someone is logged in to their Google account  Two-factor authentication enabled  You have figured out their password but don’t have access to their OTPs Can you find any way to gain access to their acount, without OTPs, from another computer?
  37. 37.  Thank you for listening! Find me on the web:  www.dotnetnoob.com  @klingsen

×