� Authentication�Overview�(NS�chapter�9)� � � ��������� � • Large�set�of�principals�attached�to�an�open�channel�(eg,�Internet).�� Computer�and�Network�Security� • Each�principal�repeatedly� CMSC�414� • attempts�to�initiate�a�connection�(i.e.,�session)�with�a�specified�principal� � • upon�successful�connection�establishment,�exchanges�messages� AUTHENTICATION� • closes�the�connection� • waits�for�an�arbitrary�(but�bounded)�time� � � Udaya�Shankar� �������������������������������� �� shankar@cs.umd.edu� • When�a�principal�A�assumes�it�is�connected�to�a�principal�B,�� � A�is�indeed�exchanging�messages�with�B,�and�not�some�attacker�C.�� • When�principal�A�assumes�confidentiality/integrity�of�the�message�exchange,� this�is�indeed�the�case.� � ���������������������������������������������������������� • Programs�can�use� ������������ �secrets�(eg,�from�space�of�2 128 )� • Human�principals�are�restricted�to� ����������� �secrets�(eg,�space�of�2 32 )� and�cannot�do�cryptographic�operations.� • When�we�say�a�program�principal�A� ������� �it�is�connected�to�B,�� we�mean�that�A’s�program’s�variables�indicate�that�A�is�connected�to�B.� 3/27/2013�shankar� � � � � � authentication�slide�1� 3/27/2013�shankar� � � � � � authentication�slide�2� Typical�authentication�scenario� Types�of�Attacks�� � Internet� An�authentication�protocol�must�identify�the�attacks�it�is�supposed�to�handle� principal� computer� computer� principal� A� n A� n B� B� • network�attacker� • end;point�attacker� [A,B,conn]� [n A ,n B ,�[A,B,�conn]�]� • dictionary�attack� [A,B,conn]� � connection� • …� [B,A,accpt]� [n B ,n A, �[B,A,�accpt]�]� [B,A,accpt]� An�authentication�mechanism�cannot�protect�against�all�attacks,�eg,�� [A,B,accpt]� • overrun�(take�over)�a�human�principal� conversation� data�msgs� • overrun�memory�while�program�principal�is�doing�login�authentication� � disconnection� disconnect�msgs� Attackers�can�span�multiple�classes�� � � ������������������������������������������� � • Connection�establishment:�� Attackes�can�sequentially�mount�attacks�of�different�classes� • A�authenticates�B:�[B,A,accpt]�msg�sent�by�B�in�response�to�[A,B,conn]� • Eg,�record�encrypted�conversation;�much�later�learn�session�key� • B�authenticates�A:�[A,B,accpt]��.�����.����.�����A�����.����.�����.�����[B,A,conn]� • Simultaneously�establish�a�shared�secret�(session�key)�for�conversation� • Conversation:�encryption�/�MAC�� • Disconnection:�A�and�B�close�their�connection�and�forget�any�session�key � � 3/27/2013�shankar� � � � � � authentication�slide�3� 3/27/2013�shankar� � � � � � authentication�slide�4�
Types�of�Attacks�(contd)� Types�of�Attacks�(contd)� � � � $� ���������� ���������!������������� ����������������� ���������" � ������������ ���������!������������� ����������������� ���������"� �� (eg,�public�workstation)� • Principal�C�says�it�is�principal�A�on�a�computer�n A • Sending�messages�with�wrong�values�in�fields: � • online�dictionary�attack� • spoofing:�C�at�n c� sends�messages�with�sender�id�as�[A] � • Read�data�on�hard�disk�(or�back;up�tapes)�of�n A �or�A� • changing�“reject”�to�“accept” � • obtain�old�keys�(encrypted�or�plaintext)�password�files,� ⋅⋅⋅ � • spoofing:�C�at�n c� sends�messages�with�sender�addr/id�as�[n A ,A] � • obtain�current�keys�(encrypted�or�plaintext)�password�files,� ⋅⋅⋅ � • #� • offline�dictionary�attack�on�encrypted�passwords� • Eavesdropping:�observing�messages�in�the�channel. � • Overrun�computer�n A � • Easy�in�WLANs�and�LANs�(because�of�broadcast�nature) � • while�A�is�not�at�n A �� • Not�easy�in�wired�point;to;point�links�(but�doable) � • while�A�is�at�n A � � tap�router�ports � • Read�data�in�memory�of�n A �while�A�is�executing�(unlikely)� � compromise�route�computation�algorithm � • Overrun�a�(human�or�program)�principal�� • Intercepting�messages,�changing�them,�resending�them. � • mail�client,�web�browser�� • Relatively�easy�in�WLANs�and�LANs�(because�of�broadcast�nature) � • Not�easy�in�point;to;point�(but�doable) � 3/27/2013�shankar� � � � � � authentication�slide�5� 3/27/2013�shankar� � � � � � authentication�slide�6� Types�of�Attacks�(contd)� Three�types�of�authentication� � � • ������� ����� ���������������� %������������������!����������� �����������������"� • Authenticating�oneself�by�showing�a�secret�password�to�the�remote�peer� • Finding�a�secret�by�searching�through�a�space�of�possible�secrets� (and�to�the�network)� • Doable�only�if�the�space�is�small�enough�(given�reasonable�time/resources)� • Always�vulnerable�to�eavesdropping�attack� • A�secret�from�a�small�space�is�said�to�be� ����������� � • Always�vulnerable�to�online�dictionary�attack� • A�secret�from�a�large�space�is�said�to�be� ������������ � � Usually�protection:�limit�frequency�of�incorrect�password�entries� • Examples:� � • 128;bit�key�from�a�decent�random�number�generator�is�high;quality� • � ��������� ���������������� • 20;bit�key�from�a�decent�random�number�generator�is�low;quality� • authenticating�oneself�by�using�a�physically;secured�terminal/computer� • Passwords,�and�keys�obtained�from�them,�are�low;quality�(typically)� • Conceptually�similar�to�password;based�authentication�??� • &������ dictionary�attack:�need�to�interact�with�authenticator�at�every�guess� � • &������� dictionary�attack:�interacts�with�authenticator�just�once� • ����������������� ���������������� • authenticating�oneself�by�showing�evidence�of�a�secret�key�� to�the�remote�peer�(and�to�the�network)� but�without�exposing�the�secret�to�the�peer�(or�to�the�network)� • Note:�secret�key�can�be�obtained�from�a�password� � 3/27/2013�shankar� � � � � � authentication�slide�7� 3/27/2013�shankar� � � � � � authentication�slide�8�
Recommend
More recommend
