indentification Flashcards
1 reason why does a service provider need to track the identity of users requesting its services
the user identity is a parameter in access control decision
user identities aren’t always necessary to access control
2nd reason why does a service provider need to track the identity of users requesting its services
the user identity is recorded when logging security relevant events in an audit trail
identities are more useful in audit logs, for accountability
entity authentication
process where one party is assured on the identity of a second party in protocol
objectives of entry authentication
- honest participant A can successfully authentication itself to the verifier B
- Transferability: B can’t re-use A’s identification to impersonate A to another party
- the probability that a third party C, distinct from A, playing the role of A, can cause B to accept A’s identity is negligible
what is a relay attack
alice pays bob, bob thinks he’s sending alice’s payment info to alice, but really he’s sending it to chloe, who’s impersonating alice (relays authentication credentials) . Chloe sends that shit to dennis, the menace. Like, chloe? Chloe.
what is a relay attack also called
also called a mafia fraud attack
what is WEAK and SIMPLE authentication
password based
unilateral, meaning one entity proves its identity to the verifier
proves knowledge of the secret by giving up the secret
what is strong authentication
- Involves mutual authentication; both parties take both the roles of claimant and verifier:
- Challenge-response protocols: sequence of steps to prove knowledge of shared secrets.
- Prove knowledge of secret WITHOUT giving up the secret
salting
Salt is random data that is used as an additional input to a one-way function that “hashes” a password. Salts are used to safeguard passwords in storage. The primary function of salts is to defend against dictionary attacks. basically its a nonce.
Password storage security relies on a cryptographic construct called one-way function
A one-way function 𝒇𝒇 is a function that is
relatively easy to compute but hard to
reverse.
• Given an input 𝑥𝑥 it is easy to
compute 𝑓𝑓(𝑥𝑥), but given an output 𝑦𝑦
it is hard to find 𝑥𝑥 so that 𝑦𝑦 = 𝑓𝑓(𝑥𝑥)
Hash functions are an example of one-way function: • A hash function 𝑓𝑓 takes an input 𝑥𝑥 of arbitrary length, and produces an output 𝑓𝑓(𝑥𝑥) of fixed length.
Suppose H is a hash function. We say H satisfies:
Pre-image resistant if given a hash value 𝑦𝑦, it is computationally infeasible to find 𝑥𝑥 such that 𝐻𝐻(𝑥𝑥) = 𝑦𝑦.
Collision resistant if it is computationally infeasible to find a pair (𝑥𝑥, 𝑦𝑦) such that 𝑥𝑥 ≠ 𝑦𝑦 and 𝐻𝐻(𝑥𝑥) = 𝐻𝐻(𝑦𝑦).
fucking dumb storing plaintext passwords
• Passwords stored in plaintext.
• Claimant’s password is checked against the
database of passwords.
• No protection against insider (system admin) or
an attacker who gains access to the system.
Hence dispute is possible!
why are hashed and encrypted passwords good
• Passwords are encrypted, or hashed, and only
the encrypted/hashed passwords are stored.
• Claimant’s password is hashed/encrypted, and
checked against the database of
hashed/encrypted password.
• Some degree of protection against
insider/attacker
passwords at the application level, why might it be eksies
passwords may be temporarily held in intermediate storage locations like buffers, caches or web pages
The management of these storage locations is normally beyond the control of the user; a password may be
kept longer than the user has bargained for
what are the attacks on passwords
offline guessing attacks like exhaustive attacks and dictionary attacks
phishing and spoofing
what is an offiline guessing attack
attack where attacker obtains the hashed passwords, then attempts to guess the passwords
This is a plausible threat, due to:
many incidents of stolen (hashed) passwords as a consequence of hacks on servers.
usage of the same passwords across different accounts; so compromise of a password for one account
affects other accounts.
what is a brute force attack
Brute force guessing attack against passwords tries to guess password
by enumerating all passwords and their hashes in sequence, and check whether they match the target hashes.
A measure against brute force attack is to increase the space of possible passwords, e.g., longer passwords, allowing more varieties of symbols (alphabets, numerals, signs).
A measure of the strength of passwords against brute-force attack is based on what thing
the concept of entropy from information theory.
it’s log2 of the search space.
so er, like, “ Suppose the set of passwords 𝑋𝑋 is drawn from any 5 character strings, each character
ranges from ‘a’ to ‘z’.=, then search space is 26^5. so entropy is log2(26^5) which is 23.5. I guess bring a calculator.
erm, somehow, the approximate number of guesses needed is 2^23.5. okay I guess mathwise that makes sense when you consider the log
how to prevent brute force attack
choose password with high entropy
why do we suck at preventing brute force attack
However, hashed passwords, especially for human-generated passwords, are still vulnerable to dictionary attack.
This exploits weakness in human-chosen passwords, which tend to derive from words in natural languages.
what is the pre computed hash table strategy for cracking hashed passwords
A strategy for cracking hashed passwords is to pre-compute a hash table, containing pairs of passwords and
their hashes.
• If we have 𝑘𝑘 password candidates and each hash has 𝑛𝑛 bit, then we have a table of size 𝑘𝑘 × 𝑛𝑛.
• This may not be practical if 𝑘𝑘 is large.
- Hash tables are often represented using a data structure called rainbow table.
- Not all hashes are stored; some will be computed from the stored hashes.
- Not all hashes are represented.
- Tradeoff between space requirement and query time
Salting describe more pl0x
• To reduce the effectiveness of offline attacks using
pre-computed hashes, a salt is added to a password
before applying the hash function.
• A salt is just a random string.
• Each password has its own salt.
• The salt value is stored along with the hash of password+salt.
• So the salt is not secret.
• For a salt of 𝑛𝑛-bit, the attacker needs to precompute 2𝑛𝑛 of hashes for the same password.
password policies rap
set a password a mass of words dont let it age
limit the logins and don’t default to basic (preset) names
then tell the user of who(is) trying to get his name
he’s gotta change he’s gotta make up a passphrase
or draw on a interface or he’ll pick some dogs outofa picture frame
pause
then tell he’s got an OTP
what’s an OTP
just one time just tell me
alt forms of passwords rap
he’s gotta change he’s gotta make up a passphrase
or draw on a interface or he’ll pick some dogs up outta a picture frame
then tell he’s got an OTP
what’s on OTP
just one time just tell me
OTP
The one-time passwords scheme attempts to address a key weakness in the password-based
scheme: reuse of stolen passwords.
The idea is to generate a list of passwords, and each password is used only once.
We’ll discuss one scheme based on Lamport’s one-time passwords.
Lamport’s scheme uses a one-way function, e.g., cryptographic hash, to generate a sequence of
passwords.
phishing and spoofing
TLDR: Im telling secret’s to michael but he’s actually vicky
Identification and authentication through
username and password provide unilateral authentication.
Computer verifies the user’s identity but the user has no guarantees about the identity of the party that has received the password.
In phishing and spoofing attacks, a party voluntarily sends the password over a channel, but is misled about the end-point of the channel.
spoofing (as a joke)
fake login screen lol
spoofing (as a serious_)
- Attacker starts a program that presents a fake login screen and leaves the computer.
- If the next user coming to this machine enters username and password on the fake login screen, these values are captured by the program.
Login is then typically aborted with a (fake) error message
and the spoofing program terminates.
Control returned to operating system, which now prompts the user with a genuine login request.
elaborate on counter measures against attacks like phishing and spoofing
I tell the user of who(is) trying to get his name
switch the beat
then I get a trusted path user’s never spoof’d it’s mutual
authentication
pause
see I key your back you key mine
CNTRLALTDELETE is a secure (attention line)
Phishing regular
computer says: hi sir enter here upgrade your passwords make it clear
phishing social engineering
TLDR: my name is vincent adultman
attacker impersonates ther user to trick a system operator into releasing the password to the attacker.
how to protect the password file
Options for protecting the password file:
cryptographic protection,
access control enforced by the operating system,
combination of cryptographic protection and access control, possibly with further measures to slow down dictionary attacks
what is access control
- Only privileged users must have write access to the password file.
• Otherwise, an attacker could get access to the data of other users simply by changing their password, even if it is protected by cryptographic means. - If read access is restricted to privileged users, then passwords in theory could be stored unencrypted.
- If password file contains data required by unprivileged users, passwords must be “encrypted”; such a file can still be used in dictionary attacks.
• Thus modern Unix/Linux system hides the actual password file in /etc/shadow that is not accessible to non-privileged users.
what are security tokens, say 4 things
offline devices that generate sequencess of seemingly random numbers
the number generation algo is deterministic but it’s dependant on a seed value and a challenge
seed values are secret and shared between the verifier and claimant. Challenges are provided by verifier each time the authentication is requested.
seed values are stored in tamper proof chips inside the tokens.
what is the most secure solution for authenticating a person
biometric
fingerprint authentication walk through the process
Enrolment: reference sample of the user’s fingerprint is acquired
at a fingerprint reader.
Features are derived from the sample: Fingerprint minutiae: end
points of ridges, bifurcation points, core, delta, loops, whorls, …
For higher accuracy, record features for more than one finger.
Feature vectors are stored in a secure database.
When the user logs on, a new reading of the fingerprint is taken;
features are compared against the reference features.
what are the two purposes of biometric authentication
identification: 1:n comparison tries to indentify the user from a database of n people
Verification: 1:1 comparison checks whether there is a match for a given user
talk about acceptance in biometric authentication
user is accepted if match is above a predefined threshold
false match rate
number of successful false matches / number of attempted false matches
false non match rate
number of rejected genuiine matches/ number of attempted genuine matches
equal error rate
when FMR and FNMR are equal.
Currently, the best state-of-the-art fingerprint recognition schemes have an EER of about 0.5 - 2%
what is neelu and 50Cent rapping on an song tgt about fingers
Currently, the best state-of-the-art fingerprint recognition schemes have an EER of about 0.5 - 2%
how fingerprints have been stolen
In general, may be unique but they are no secrets. • In September 2013, hackers show how to lift fingerprints from iPhone 5s. Similar attacks also apply to Samsung S5 phone.
Rubber fingers have defeated many commercial fingerprint recognition systems in the past. • Minor issue if authentication takes place in the presence of security personnel. • When authenticating remote users additional precautions have to be taken to counteract this type of fraud.
