getting web authentication right
play

Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk - PowerPoint PPT Presentation

Mar 22, 2023 •36 likes •256 views

Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop March 28, 2011 J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 1 / 14 A parable of obsolescent technology Credit:

  1. Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop March 28, 2011 J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 1 / 14

  2. A parable of obsolescent technology Credit: freeyellow.com J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 2 / 14

  3. Web authentication has evolved very little... Wall Street Journal, 1996 Wall Street Journal, 2010 J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 3 / 14

  4. Goals for this talk An outline for how secure web-based password authentication can be As secure as possible As simple as possible No new software 1 No change to user experience How secure is this? Why aren’t implementations any where close? 1 But a healthy dose of HTML 5 and other modern tricks J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 4 / 14

  5. Goals for this talk An outline for how secure web-based password authentication can be As secure as possible As simple as possible No new software 1 No change to user experience How secure is this? Why aren’t implementations any where close? 1 But a healthy dose of HTML 5 and other modern tricks J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 4 / 14

  6. Goals for this talk An outline for how secure web-based password authentication can be As secure as possible As simple as possible No new software 1 No change to user experience How secure is this? Why aren’t implementations any where close? 1 But a healthy dose of HTML 5 and other modern tricks J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 4 / 14

  7. How password authentication goes wrong Keyloggers Phishing Persistent login cookies . . . Password recovery questions Password re-use Password database compromise . . . Cookie stealing Password guessing J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 5 / 14

  8. Registration (TLS) Transmitted: y = H Y x = H X ℓ 2 ( u || s ) , ℓ 1 ( u || p || s ) Stored: y = H Y z = H Z ( u || x ) ℓ 2 ( u || s ) , s: site identifier u: username p: password x: “authenticator” J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 6 / 14

  9. Login (TLS) Transmitted: x = H X ℓ 1 ( u || p || s ) u , Verified to exist in-database: H Z ( u || x ) Returned: K u , a = AE K s ( K u , u , x , t , d ) s : site identifier K S : Server master key a : session cookie u : username K u : session key p : password t : expiration date x : “authenticator” d : additional data J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 7 / 14

  10. Site interaction (Plain HTTP) Transmitted as a cookie: a = AE K s ( K u , u , x , t , d ) Appended to requests: AE K u ( data ) s : site identifier K S : Server master key a : session cookie u : username K u : session key p : password t : expiration date x : “authenticator” d : additional data J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 8 / 14

  11. Site interaction (Plain HTTP) Transmitted as a cookie: HTTP-only a = AE K s ( K u , u , x , t , d ) Appended to requests: AE K u ( data ) s : site identifier K S : Server master key a : session cookie u : username K u : session key p : password t : expiration date x : “authenticator” d : additional data J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 8 / 14

  12. Site interaction (Plain HTTP) Transmitted as a cookie: HTTP-only a = AE K s ( K u , u , x , t , d ) Appended to requests: JavaScript & HTML5 localStorage AE K u ( data ) s : site identifier K S : Server master key a : session cookie u : username K u : session key p : password t : expiration date x : “authenticator” d : additional data J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 8 / 14

  13. Site interaction (Plain HTTP) Transmitted as a cookie: HTTP-only a = AE K s ( K u , u , x , t , d ) Optional cookie: HTTP-only, SECURE a secure = AE K s ( K u , u , x , t 2 > t , d ) Appended to requests: JavaScript & HTML5 localStorage AE K u ( data ) s : site identifier K S : Server master key a : session cookie u : username K u : session key p : password t : expiration date x : “authenticator” d : additional data J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 8 / 14

  14. Server verification Verify & decrypt a = AE K s ( K u , u , x , t , d ) Verify & decrypt AE K u ( data ) Verify that z = H Z ( u || x ) is stored (optional) Check timestamp t ≥ now Check ACL for u , d , data s : site identifier K S : Server master key a : session cookie u : username K u : session key p : password t : expiration date x : “authenticator” d : additional data J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 9 / 14

  15. Server verification Verify & decrypt a = AE K s ( K u , u , x , t , d ) Verify & decrypt AE K u ( data ) Verify that z = H Z ( u || x ) is stored (optional) Check timestamp t ≥ now Check ACL for u , d , data s : site identifier K S : Server master key a : session cookie u : username K u : session key p : password t : expiration date x : “authenticator” d : additional data J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 9 / 14

  16. Performance analysis Login Server 1 hash 1 DB lookup 1 AE + 1 RNG Browser 1 iterated hash ( ≤ 0.1 s, PC; ∼ 1 s, mobile) Interaction Server 2 AE 1 DB lookup (optional) Browser 2 AE ( ≤ 10 ms, PC; ≤ 0.1 s, mobile) J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 10 / 14

  17. Security analysis-many attacks prevented rainbow tables online password guessing cookie modification . . . session key theft (XSS) session cookie theft (sidejacking) read-only DB access user probing . . . XSS + sidejacking DB access + cookie theft malware in browser password theft phishing persistent log-in J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 11 / 14

  18. Security analysis-many attacks prevented rainbow tables online password guessing cookie modification . . . session key theft (XSS) session cookie theft (sidejacking) read-only DB access user probing . . . XSS + sidejacking DB access + cookie theft malware in browser password theft phishing persistent log-in J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 11 / 14

  19. Security analysis-many attacks prevented rainbow tables online password guessing cookie modification . . . session key theft (XSS) session cookie theft (sidejacking) read-only DB access user probing . . . XSS + sidejacking DB access + cookie theft malware in browser password theft phishing persistent log-in J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 11 / 14

  20. Some sobering facts Over 90% of the top 500 websites collect passwords 29-50% store them in the clear 84% do not prevent brute force attacks at all 40% implement TLS correctly (20% incorrectly, 40% not at all) hashing in browser, HTTP-only cookies extremely rare... J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 12 / 14

  21. Even the frameworks get it wrong! J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 13 / 14

  22. Is it worthwhile to fix password authentication? jcb82@cl.cam.ac.uk J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 14 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
S Q R L S ecure Q uick R eliable L ogin A simple, straightforward, open, intellectual property

S Q R L S ecure Q uick R eliable L ogin A simple, straightforward, open, intellectual property

S Q R L S ecure Q uick R eliable L ogin A simple, straightforward, open, intellectual property unencumbered, easily explained, provably secure, pseudonymous, 2-party, web domain based, authenticated identity solution, including complete identity

840 views • 38 slides
Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding COMP4631 L16 1 Agenda Distributed system security Introduction to Kerberos V4 Kerberos Realms Authentication with Kerberos in Windows NT 5

751 views • 30 slides
CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data

CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data

CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data Federations Users must know the exact filenames for each job. They have to use special tools they are unfamiliar with in order to use it (such

408 views • 18 slides
Mobile User Authentication with On-Premise LDAP Server / Social Login using IBM Mobile

Mobile User Authentication with On-Premise LDAP Server / Social Login using IBM Mobile

Mobile User Authentication with On-Premise LDAP Server / Social Login using IBM Mobile Foundation My My W Ward wh what is t is th the a app a about Ser Servi vices ces used used IBM Mobile Foundation V8 {API} Mo

501 views • 21 slides
04832250 Computer Networks (Honor Track) A Data Communication and Device Networking

04832250 Computer Networks (Honor Track) A Data Communication and Device Networking

04832250 Computer Networks (Honor Track) A Data Communication and Device Networking Perspective A Data Communication and Device Networking Perspective Module 6: Network Security Prof. Chenren Xu Center for Energy-efficient

532 views • 49 slides
Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Authentication Establish and verify identity allow access to resources Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the

228 views • 10 slides
Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar,

873 views • 56 slides

More recommend