Authentication Kypros Ioannou Professor: Elias Athanasopoulos - PowerPoint PPT Presentation

Authentication Kypros Ioannou Professor: Elias Athanasopoulos

Passwords (1/3) A password is weak authentication mechanism. Use Brute Force to find the password. We are using Hashing and Salt to protect the password.

Passwords: Two factors authentication(2/3) Two factors authentication is a good option to secure an account. • Require an addition password from the user when log in. Cost and effort to deploy and maintain such a system. Use only by high-value service (e.g. Google). May push the user to put even weaker password because of that.

Passwords: Salt (3/3) We are using salt to produce different hash values for the same password. • Salt is string that is been added to the password before we hash it. • Defeats rainbow tables. • Precomputed table for reversing cryptographic hash functions.

Weak Passwords

Attack Scenarios Guess the password. Shoulder-surfing. Use same password for many system services. Attacker install a malware or use phishing attack. Compromise the mechanism for changing password.

Honeywords A TECHNIQUE IN WHICH IT SETS ONLY ONE IS GENUINE. THE OTHERS ARE THE HONEYWORDS. MULTIPLE POSSIBLE PASSWORDS FOR EACH ACCOUNT.

How it works? Honeychecker is server that can distinguish which password is the genuine from the honeywords. Honeychecker is a separate hardened computer system that can store secret information. Secretly inform an administrator that someone use a honeyword to log in. May allow access, and inform secretly the attack.

Aim and Protection of Honeychecker Store the position of the genuine password of each user. The index for each for each user is stored in a table and is encrypted and authenticated under keys stored. Place the computer system and honeychecker in separate administrative domain Use different operating system for the computer system and the honeychecker.

Failover When the honeychecker failed. Unable to reach the honeychecker. Honeyword is accepted as genuine password. Prevent Denial of Service by let access to the account.

Approach: Setup Generate for each user distinct passwords. Correct password is called sugarword (k-1) Honeywords. Can generate a tough-nut password which is really strong password and is impossible to invert it hash. Store them on honeychecker

Approach: Login SETTING OF AN ALARM LETTING LOGIN PROCEED AS TRACING THE SOURCE OF MONITORING THE NUMBER USUAL THE LOGIN CAREFULLY OF ATTEMPTS OF WRONG PASSWORD SHUTTING DOWN THAT SHUTTING DOWN THE USER’S ACCOUNT UNTIL THE COMPUTER SYSTEM AND USERS ESTABLISHES A NEW REQUIRING ALL USERS TO PASSWORD ESTABLISH NEW PASSWORDS

Approach: Change of Password Create System need to create another list of honeywords. Generate Generate the hashes values of each honeywords. Set Set the index of the sugarword. Notify Securely notify the honeychecker for the new index. Update Update the user table.

Honey Generation Legacy-UI • The Password-change UI is unchanged. Modified-UI • The password change UI is modified to allow for better password/honeyword generation.

Legacy-UI: Password Changes Does not inform the user of honeyword existence Ask again the password for confirmation. Chaffing Technique: • Chaffing by Tweaking • tail tweaking • tweaking digits the last t position that contains digit is change. • Chaffing with a password model • Chaffing with “tough nuts”

Chaffing by tweaking Set position for the characters that will change. Set Set number of honeywords. Change Change each character with the same type. Syntax No password syntax except from length.

Chaffing by tail tweaking Split the password to Head and Tail. The value of t for the tails same for all users. By randomly choose tail digits the attacker find it very difficult to find which password is the real.

Chaffing with a password model Generates honeywords using a probabilistic model of real password. Based on a given list L of thousands or millions of passwords. List may also be available to the adversary. Does not need help from the password.

Password Model-2: Model Syntax Generated using the same syntax as the password. • Depend on the password Decomposed into a sequence of tokens.

Modified-UI Password changes Take-tail method. The UI change a little bit. The system add the tail(randomly generated).

“Random pick” Honeyword Generation 01 02 03 Generate a list Pick one of Set the others of k words. them as a as password. honeywords.

Hybrid Generation method

Comparison between honeyword methods

Attack Scenarios General Password guessing. Target Password guessing. Attacking the honeychecker. Likehood Attack. Denial of Service. Multiple Systems.

General and Target password guessing Legacy-UI has no good effect preventing common passwords. Modified-UI by putting the extra tail can reduce the chances of finding. An attacker can collect personal information and based on them identify the correct password or guess the password of the user. With chaffing with a password model the attacker can’t use any information. The passwords and honeywords are random.

Attacking the honeychecker Can attack directly to honeychecker. Can attack the communication between computer system and honeychecker. Need authenticate before update the database. Need to authenticate the queries from the honeychecker. Possible Solution: Separate computer system and honeychecker in different administrative domain. • Different operating system for both of them.

Likehood Attack The attacker want to maximize the chance of getting the correct password. When the Honeyword generator can’t produce all the possible passwords. The attacker can recognize the password that can’t be produce by the generator.

Denial of Service Problem with chaffing by tweaking • If the attacker know the password can then use a honeyword to produce Denial of Service. • Password from tweaking are similar. If the system is very sensitive can force global password reset. Possible solution: Select random honeywords from a large list of possible honeywords.

Multiple Systems Intersection Attack • Both system use honeywords. • Same password. • But they different list of honeywords • Attacker can easily find the password. • Prevent by: take a tail that the tail for each system will be different. Honeyword-submission Attack • If two systems use same password. • On of them doesn’t support honeywords. • The attacker can find the password easily.

What is SAuth? Protocol which employs authentication synergy among different services. Sauth is an extension and not a replacement of existing authentications methods. Employ passwords decoys to protect the password of the user that share across services. SAuth operates above SSL.

SAuth Architecture

Protocol Details: Security an Trust Service S trusts that V has indeed authenticated the user • V service don’t allow some other user to generate the same vouching token while interacting with V. If V fails the service S operates alone.

Protocol Details: Activation We need to connect those services together. Before enabling SAuth someone can access to user account and then: • Use SAuth to authenticate with he/she own account to the voucher service. Solution to that problem: • Upon registration or enabling SAuth the service that the user want to access generate an anonymous alias. • Provide that alias to the vouching service and associate it with the account of the user. • Return the alias as part of authentication proof of service S and if the match give access.

SAuth Association between services

Protocol Details: Authenticity Ensure the authenticity of protocol message exchanged. • Each protocol message is required to carry this parameters: • Service • Digital Signature • Signed_fields We assume that the secrecy of the messages is preserved as long as the user agent maintains SSL connections with the two services. Service: Identify the sender service and retrieve the necessary information for verifying the signature. Signed_fields: Specifies which parameters are contain in the signature.

SAuth: Resetting password Without SAuth the user change password by requesting to reset it • May be asked a few security question With SAuth: • First we go to the vouching service put credential to confirm that we are actually the user. • Then we can reset password to the service that we want to be reset.

Implementation Define the SAuth protocol messages as a set of URIs. Can be applied to any other application-level protocol provided it supports the concept of end-point redirection. Group the message to two categories: • Registration • Authentication The two services will cooperate to provide authentication to one of the two services need to be aware of each other’s endpoints.

Implementation: Registration (1/3) User visit target service S: • Put name, password and select vouching service or domain of a different service. • Response of service S is redirection to the end-point of voucher service.

Implementation: Registration (2/3) Action set to instruct the vouching service to first authenticate the user (service V) and then associate with account V with an anonymous alias that has been just generated.