CMPSC 497 Password Authentication Trent Jaeger Systems and - - PowerPoint PPT Presentation

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Systems and Internet Infrastructure Security

Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA

1

CMPSC 497 Password Authentication

Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

Security Model - E-voting

• Who are the principals?
• Voters, Admins, Counters, Others
• Who are adversaries?
• Which commands may be threatened (attack surface)?
• Start the application
• Process the vote
• Count the votes
• Who must the application trust? To do what?
• Of principals above

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

Principals

CSE543 - Introduction to Computer and Network Security Page

Principals

• Principals are expected system subjects
• Computers, agents, people, enterprises, …
• Depending on context referred to as: servers, clients, users,

entities, hosts, routers, … - and some may be adversarial

• Security is defined with respect to these subjects
• Implication: every principal may have unique view
• A trusted third party
• Trusted by all principals for some set of actions
• Often used as introducer or arbiter

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4

Challenges

• Distinguish adversaries from trusted principals
• Suppose the e-voting application receives a command
• How do we know whether the command may be from an

adversary or a trusted principal?

• The security mechanism for identifying principals is
• Authentication
• The act of confirming the truth of an attribute of a single

piece of data claimed true by an entity

• For an identity, authentication is the process of actually

confirming a claimed identity

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

Authentication

• Several mechanisms for performing authentication

CSE543 - Introduction to Computer and Network Security Page

What is Authentication?

• Short answer: establishes identity
• Answers the question: To whom am I speaking?
• Long answer: evaluates the authenticity of

identity by proving credentials

• Credential – is proof of identity
• Evaluation – process that assesses the correctness
• f the association between credential and claimed

identity

• for some purpose
• under some policy (what constitutes a good cred.?)

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

E-Voting Application

• Suppose you are building an e-voting application
• How do you ensure your application satisfies security

requirements?

• What does the e-voting application do?
• Process vote commands
• Store votes
• Retrieve/count votes
• What are its security requirements?
• Let’s see how we reason about security

CSE543 - Introduction to Computer and Network Security Page

Why authentication?

• Well, we live in a world of rights, permissions, and

duties

• Authentication establishes our identity so that we can
• btain the set of rights
• E.g., we establish our identity with Tiffany’s by providing

a valid credit card which gives us rights to purchase goods ~ physical authentication system

• Q: How does this relate to security?

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Risk

• What’s at risk in the e-voting application?

7 CSE543 - Introduction to Computer and Network Security Page

Why authentication (cont.)?

• Same in online world, just different constraints
• Vendor/customer are not physically co-located, so we

must find other ways of providing identity

• e.g., by providing credit card number ~ electronic

authentication system

• Risks (for customer and vendor) are different
• Q: How so?
• Computer security is crucially dependent on the

proper design, management, and application of authentication systems.

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Security Requirements

• Usually security requirements are described in three

categories

• Secrecy
• Prevent risk that sensitive data may be leaked to an adversary (e.g.,

votes)

• Integrity
• Prevent risk that adversaries may modified data that others depend
• n (e.g., vote instances, tallies, database)
• Availability
• Prevent risk that adversaries block use of critical services (e.g.,

disable the processing of votes)

8 CSE543 - Introduction to Computer and Network Security Page

What is Identity?

• That which gives you access … which is largely

determined by context

• We all have lots of identities
• Pseudo-identities
• Really, determined by who is evaluating credential
• Driver’s License, Passport, SSN prove …
• Credit cards prove …
• Signature proves …
• Password proves …
• Voice proves …
• Exercise: Give an example of bad mapping between

identity and the purpose for which it was used.

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Exercise

• Classify each of the following as a violation of

confidentiality, of integrity, of availability, or of some combination.

• Carol changes the amount of Angelo's check from $100 to

$1000

• John copies Mary's homework
• Eve registers the domain name “psu.edu" and refuses to

let Penn State buy or use that domain name.

9 CSE543 - Introduction to Computer and Network Security Page

Credentials

• … are evidence used to prove identity
• Credentials can be
• Something I am
• Something I have
• Something I know

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

Passwords

• An example of “something you know”
• Client users must remember passwords to

access their data on servers

• Passwords have a checkered history
• People have often chosen poor passwords
• Why is that an issue?
• We (security community) assumed (in the

1990s) that passwords would be replaced with another technology to enable users to authenticate

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

Lateness Policy

• Assignments and project milestones are

assessed a 20% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don’t give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

• You decide what you turn in

CSE543 - Introduction to Computer and Network Security Page

Password Use

• Naively: Retrieve password for ID from database and check

against that supplied password

• Baravelli: ...you can't come in unless you give the password.
• Professor Wagstaff: Well, what is the password?
• Baravelli: Aw, no.

You gotta tell me. Hey, I tell what I do. I give you three guesses. It's the name of a fish.

• …….
• [Slams door. Professor Wagstaff knocks again. Baravelli opens peephole again.] Hey, what's-a matter, you no

understand English? You can't come in here unless you say, "Swordfish." Now I'll give you one more guess.

• Professor Wagstaff: ...swordfish, swordfish... I think I got it. Is it "swordfish"?
• Baravelli: Hah. That's-a it.

You guess it.

• Professor Wagstaff: Pretty good, eh?

[Marx Brothers, Horse Feathers]

• How should you store passwords to protect them?
• Just storing them in a file gives anyone with access to the file

your password

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

Password Storage

• Instead of storing passwords, we store
• A value that can be computed from the password
• F(password) = value
• That is highly unlikely to be the same as the value

computed from another password (collision-free)

• From which it is difficult to extract (reverse) the

password (one-way)

• What kind of function provides such properties?

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

Cryptographic Hash Functions

• A challenge is to determine how a program may

be threatened by adversaries

• In what ways may an adversary impact CIA?
• Adversaries may be able to control the resources

used by the program and inputs to the program

• Obtained via system calls – later researchers

described the system calls that may receive adversary- controlled input as a program’s attack surface

CSE543 - Introduction to Computer and Network Security Page

Hash Algorithms

• Hash algorithm
• Compression of data into a hash value
• E.g., h(d) = parity(d)
• Such algorithms are generally useful in algorithms (speed/

space optimization)

• … as used in cryptosystems
• One-way - (computationally) hard to invert h() , i.e.,

compute h-1(y), where y=h(d)

• Collision resistant hard to find two data x1 and x2 such that

h(x1) == h(x2)

• Q: What can you do with these constructs?

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Password Storage

• Hosts store password hashes in a file
• Originally, /etc/passwd for UNIX systems
• Now /etc/shadow
• Server programs can also store their own users’

password hashes in a file

• For Apache can store in /usr/local/apache/passwd
• What if an adversary can gain access to a password

storage file?

14

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

Ethics Statement

• This course considers topics involving personal and public

privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of

• thers. As an instructor, I rely on the ethical use of these
• technologies. Unethical use may include circumvention of

existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities

• f these services. Exceptions to these guidelines may occur

in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit

• f these guidelines will be reported to the proper authorities

and may result in dismissal from the class.

• When in doubt, please contact the instructor for advice. Do not

undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger.

CSE543 - Introduction to Computer and Network Security Page

Password Cracking

• Attacker can access the hashed password
• Can guess and test passwords offline
• Called “password cracking”
• Lots of help
• John the Ripper
• How well do these work?

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Password Cracking

• Identify which of the following that are program

vulnerabilities

• A program flaw (e.g., buffer overflow)
• A program flaw in writing user input to a program variable
• A program flaw in writing user input to a program variable

containing a function pointer

• Writing untrusted input to a log file
• Executing log files

16 CSE543 - Introduction to Computer and Network Security Page

Cracking Passwords

• How hard are passwords to crack?
• How many 8-character passwords are there given that

128 characters are available?

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

Road Map

• Introduction
• 1. Today
• Software Vulnerabilities
• 1. Information Flow
• 2. Memory Errors
• Defensive Programming
• 1. Techniques
• 2. Attack Surfaces
• Finding Program Flaws
• 1. Runtime Testing
• 2. Static Analysis
• 3. Symbolic Execution
• Security Mechanisms
• 1. Authorization
• 2. Privilege Separation
• 3. Auditing
• 4. CFI
• Safe Programming Environments
• 1. Memory Safe
• 2. Information Flow-Safe
• Retrofitting Software for Security
• 1. Authorization
• 2. Privilege Separation

CSE543 - Introduction to Computer and Network Security Page

Cracking Passwords

• How hard are passwords to crack?
• How many 8-character passwords given that 128

characters are available?

• 1288 = 256
• How many guesses to find one specific user’s

password?

• 256/2 = 255

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 18

Trusted Computing Base

• To execute a program that obeys security

requirements, you must trust something

CSE543 - Introduction to Computer and Network Security Page

Cracking w/ Dictionaries

• How hard are passwords to crack?
• How many 8-character passwords are there given that

128 characters are available?

• 1288 = 256
• Suppose we use a dictionary where there is a 25%

chance that that user’s password appears in that password dictionary. How many guesses then? (Assume 1 million dictionary entries)

• 1/4(219) + 3/4 (255) ~ 254.6
• However, you probably simply apply the dictionary and

accept a 25% chance of recovery

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 19

Trusted Computing Base

• To execute a program that obeys security

requirements, you must trust something

• Hardware
• Operating Systems
• Libraries
• Critical input files (configuration)
• Other programs (system services running with full

privilege)

• Program installers

CSE543 - Introduction to Computer and Network Security Page

Cracking w/ Dictionaries

• How hard are passwords to crack?
• How many 8-character passwords are there given that

128 characters are available?

• 1288 = 256
• But, in practice the attacker just needs one password

from a set of users - rather than a specific user

• If there are 1024 users, the basic work effort is now
• 255/210 = 245
• However, given a dictionary, we can simply see if one of

the 1024 passwords are in the dictionary

• About equal to size of dictionary/prob. in dictionary

X

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 20

Password Guessing

• Research in password cracking can improve the

cracker’s ability

• Markov Chains
• Guess the next character in order of the probability

that it next character to follow

• Guess the highest probability first character – ‘s’
• Guess the highest probability character to follow ‘s’
• Grammars
• Guess by most popular password structure
• Then, fill in characters as above

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 21

Password Guessing

• How can you make your password hard to guess?

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 22

Password Guessing

• How can you make your password hard to guess?
• Limited by memorability though
• Suppose computers get faster and faster
• Ever make password storage obsolete?

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 23

Password Guessing

• How can you make your password hard to guess?
• Limited by memorability though
• Suppose computers get faster and faster
• Ever make password storage obsolete?
• Can slow down by hashing many times – h100(password)
• Discussed in CMPSC 443…

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 24

Common Passwords

• What if two users have the same password?
• How will that appear in the password database?
• How is the problem addressed?

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 25

Security Model - E-voting

• Who are the principals?
• Voters, Admins, Counters, Others
• Who are adversaries?
• Which commands may be threatened (attack surface)?
• Start the application
• Process the vote
• Count the votes
• Who must the application trust? To do what?
• Of principals above

CSE543 - Introduction to Computer and Network Security Page

“Salt”ing passwords

• Suppose you want to avoid a offline dictionary attack
• bad guy precomputing popular passwords and looking at the

password file

• A salt is a random number added to the password

differentiate passwords when stored in /etc/shadow

• consequence: guesses each password independently

X

...

salt1, h(salt1, pw1) salti, h(salt2, pw2) salti, h(salt3, pw3) saltn, h(saltn, pwn)

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 26

Project #1

• Store passwords for your server’s users
• On “set” enter username and password
• Store pair on first entry of username (unknown_user returns “1”)
• Compute a salt from OpenSSL random number

generator functions

• Concatenate salt (16 bytes) + password (16 bytes,

padded) into input to hash function (32 bytes)

• Compute a hash using digest_message (cmpsc497-ssl.c)
• Store in key-value store provided indexed by username
• Key: username; Value: hash; Tag: salt

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 27

Project #1

• Verify a username-password for a later command
• How do you do that?

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 28

Project #1

• Verify a username-password for a later command
• How do you do that?
• Lookup salt and password hash for user
• Create hash input as before using input password
• Check that this results in expected password hash

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 29

Use OpenSSL Library

• The file cmpsc497-ssl.c has a set of functions to

access the OpenSSL library API

• OpenSSL is a crypto library for implementing the

SSL protocol

• Includes code for encryption, hashing, random

number generation

• Only need to use digest_message from that file, but
• thers may be useful at some point
• Will use OpenSSL to collect salt values also from

its random number generator (engine)

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 30

Use OpenSSL Library

• Random number generation in OpenSSL
• Uses engine_init provided to initialize RNG – in

main already

• Then, need to extract a random number
• For guidance
• https://wiki.openssl.org/index.php/Manual:Rand(3)
• How random does the salt need to be?
• Just different for everyone ideally, but the salt is not a

secret

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 31

Take Away

• Security depends on differentiating friend from foe
• These are called principals
• Mechanism to identify principals is called authentication
• Authentication mechanisms depend on validating

the possession of a secret (credential)

• Something you have, know, are
• Passwords are an authentication mechanism that

validates something you know

• Passwords are stored as a hash of a combination of the

password and a salt value to make cracking harder