[PPT] - - Systems Security: Part 1 - Prof. Dr. Michael Backes Director, PowerPoint Presentation

SLIDE 1

Introduction to Cybersecurity

Systems Security: Part 1 -

Director, CISPA – Center for IT Security, Privacy, and Accountability Chair for IT-security & Cryptography

Prof. Dr. Michael Backes

SLIDE 2

General Information

Correct formatting (Tutorial group 1, Exercise 1):

[1][Exercise 1]

1 Foundations of Cybersecurity 2016

No additional whitespaces! No <>!
New submission mail address to avoid confusion:

submissions-cysec16@cs.uni-saarland.de

Different prefix than regular mailing list
Old submission addresses still work
Exercise groups start on Wednesday

SLIDE 3

Last Lecture

Organizational matters
Commercialization of cyber attacks
What is cyber security and what has to be protected
Hardware, software stack, crypto, network
Software exploits, hardware hacks, side-channels, …
Intro to cryptography
Ancient ciphers: Caesar, Substitution cipher, Vigenère cipher, Enigma
Cryptanalysis of ancient ciphers

2 Foundations of Cybersecurity 2016

SLIDE 4

Part I: System Security

http://dilbert.com/strips/comic/2005-09-12/

Foundations of Cybersecurity 2016 3

SLIDE 5

The Programmer’s Blues

4 Foundations of Cybersecurity 2016

SLIDE 6

Heartbleed

Serious vulnerability in the popular OpenSSL

cryptographic software library

Missing bounds check before a memory

copy operation that uses non-sanitized user input as the length parameter

Not a crypto error, but an

implementation error!

Allows anyone on the Internet to read the

memory of the systems protected by the vulnerable versions of OpenSSL

Private keys
In-memory decrypted packets received

via SSL connection

Etc.

5 Foundations of Cybersecurity 2016

SLIDE 7

How Heartbleed works

6 Foundations of Cybersecurity 2016

http://xkcd.com/1354/

SLIDE 8

Chapter “System Security” Overview

This lecture:

Security Principles & Authentication

2nd lecture:

Access Control & Malware

3rd lecture:

Hijacking control flows

7 Foundations of Cybersecurity 2016

Hardware OS

Software

Crypto User

SLIDE 9

Chapter “System Security” Overview

Practical security (How to exploit vulnerabilities?)
Security principles
Basic design of (in-)secure systems
Basics of access control, malware
How to hijack control in computer systems?
How to defend against such control hijacking attacks?
Authentication methods
Project: Learn about basic control-flow hijacking
Some advanced topics are part of follow-up lectures

(Security, Security Engineering)

8 Foundations of Cybersecurity 2016

SLIDE 10

Recommended Literature

William Stallings, Lawrie Brown. “Computer Security: Principles and Practice.” ISBN-13: 978-0135137116 (third,

international edition)

Chapter 1: Overview
Chapter 3: Authentication
Chapter 4: Access Control
Only Sections 4.1-4.5
Chapter 6: Malicious Software
Chapter 10: Buffer Overflow
Chapter 13: Trusted Computing and Multilevel Security
Only Sections 13.1 and 13.3
David Basin, Patrick Schaller, Michael Schläpfer. “Applied Information Security: A Hands-On Approach.” ISBN:

978-3-642-43632-1

Chapter 1: Security Principles
Chapter 4: Authentication and Access Control
Chapter 6: Web Application Security
Jerome Saltzer, Michael Schroeder. “The Protection of Information in Computer System.” In Proceedings of the

IEEE, volume 63, pages 1278—1308, 1975

9 Foundations of Cybersecurity 2016

SLIDE 11

Prof. Dr. Michael Backes

Security Principles

11.11.2016

SLIDE 12

General Notions

Subject
Active entity (e.g., user or a system acting on behalf of a user)
Object
Passive entity (e.g., data container like files, directories, etc.)
General assumption: Access to an object gives access to the objects’ data

content (information)

Information is encoded/represented as various forms of data
Subject is Authorized: Allowed by security policy to access object

11 Foundations of Cybersecurity 2016

Object

(e.g., Resource like File)

Subject

(e.g., User process) If authorized: Accesses and operates on

SLIDE 13

Refresher: Classic Information Security Goals

Confidentiality
Assure that information is not disclosed to unauthorized principals
Integrity
Data: Prevent unauthorized modification of programs and information
System: Assure that system performs its intended function in an unimpaired manner,

free from unauthorized manipulation

Availability
Guarantee reliable access to information and services by authorized principals
Further important goals:
Accountability: Trace actions of an entity uniquely back to that entity
Authenticity: Property of being genuine and being able to be verified and trusted
Privacy, Non-repudiation, Anonymity, Unlinkability
Depending on context, not always easy to define precisely
Sometimes contradicting and not easy to combine
Anonymity vs accountability

12 Foundations of Cybersecurity 2016

SLIDE 14

12 Security Principles

High level goals
Security best practices
Applicability depends on concrete context
Especially applies to secure software design
Emphasizes clean and secure design
Often requires trade-offs

13 Foundations of Cybersecurity 2016

SLIDE 15

14 Foundations of Cybersecurity 2016

https://cdn1.coolstuff.com/autogen/preset/aspectThumb/960x720/6305517763ac93f87c1e5babc5d657c7.jpg http://www.richter-spielgeraete.de/tl_system/content/de/01_Produkte/xx_Piktogramme/3.63390.gif

VS

SLIDE 16

Simplicity

Applies to any engineering and implementation task:
The simpler the solution
the easier to understand, analyze, and review
less likely to contain flaws
Negative examples: Monolithic operating systems, browser, email clients

15 Foundations of Cybersecurity 2016

Keep it simple.

Linux kernel Firefox Chrome Win Xp OS X Tiger Thunderbird Bash

2 4 6 8 10 50 100 WEIGHTED CVSS SCORE LINES OF CODE (MILLIONS)

Linux kernel Firefox Chrome Win Xp OS X Thunderbird Bash

200 400 600 800 1000 1200 1400 50 100 # VULNERABILITIES LINES OF CODE (MILLIONS)

Sources: cvedetails.com

penhub.net

SLIDE 17

16 Foundations of Cybersecurity 2016

http://www.surface-generation.com/wp-content/uploads/2015/03/Question-mark-box-620-x-350.jpg

SLIDE 18

Open Design

Avoid “Security by obscurity”
In crypto a.k.a. Kerckhoffs’ principle
Security should depend on possession of secrets only (passwords, keys, …)
Simply not possible to maintain secrecy of a system that should be

distributed (e.g., reverse engineering)

Intuitive example: Securing a door does not rely on attacker’s ignorance to
perating a door, but on possession of the key and security of lock

mechanism

Today’s de-facto crypto mechanisms all developed with open design
Counter examples: DRM mechanisms (e.g. DVD, Playstation,…), KeeLoq,

Windows NT LAN Manager, Mifare classic (basis for old UdS card)

17 Foundations of Cybersecurity 2016

The security of a system should not depend on the secrecy of its protection mechanisms.

SLIDE 19

18 Foundations of Cybersecurity 2016

http://uncrate.com/p/2008/03/oxo-pop-containers.jpg

SLIDE 20

Compartmentalization

Groups (or compartments) isolated from each other with limited communication between compartments over

controlled channel

Facilitates simplification of design (“divide-and-conquer” approach); attacks or errors contained to affected

compartment; security-sensitive functionality can be in dedicated hardened compartment

Compartmentalization at different levels:
User-space vs kernel space
Memory space (between processes; data vs code)
Modularization of software
µKernel
Virtual machines
Network zones
Problem: Not always possible to completely isolate

resources/functionality

Tightly control channel between compartments

and compartment interfaces

Intuitive Example:

Compartmentalized submarine design

Example: µKernel vs monolithic kernel

19 Foundations of Cybersecurity 2016

Organize resources into isolated groups of similar needs.

System

Network User input File system Network User device File system Network User input File system Network User display File system

Monolithic design µKernel with compartmentalization

SLIDE 21

20 Foundations of Cybersecurity 2016

https://www.google.de/maps/@48.8547067,2.3438011,17z

SLIDE 22

Minimum Exposure

Reduce external interfaces to a minimum
E.g., network-listening services
f a computer system
Limit amount of information given away that can help an adversary
E.g., error pages of webservers provide

information about the software versions

Minimize the window of opportunity for an adversary to attack
E.g., limit the number of failed password

attempts before locking account

21 Foundations of Cybersecurity 2016

Minimize the attack surface a system presents to the adversary.

http://articles.slicehost.com/assets/2008/12/5/apache-404-footer.jpg http://cache.clickonf5.org/wp-content/uploads/2009/12/twitterlocked_thumb.png http://www.bryanandrews.org/wp-content/uploads/2001/11/nmap-banner-scan-example.png

SLIDE 23

22 Foundations of Cybersecurity 2016

http://melaniejor.typepad.com/.a/6a00e54fd1fc4388340133f2f9498f970b-pi http://www.keyring.com/images/products/detail/92400_Split_key_ring.jpg http://thumbs.dreamstime.com/t/blue-house-22708798.jpg http://cliparts.co/cliparts/qcB/X7G/qcBX7Ga4i.jpg

SLIDE 24

Least Privilege

What is a ‘privilege’?
Ability to access or modify a resource (e.g., file, hardware, networking)
Privileged process: Process that has access to some resource not generally available
More secure systems have many types of privilege
Why?
Obvious reason: A malicious or compromised process cannot misuse privileges that it does

not have!

Compartmentalization helps realizing least privilege
Delegation of tasks to sufficiently privileged processes, but requires careful design of

programs to avoid “confused deputy attacks”

Implementation often difficult: Requires detailed understanding of system and all possible
perations and dependencies
Examples towards least privilege: user accounts vs guest accounts vs administrative

accounts, Android permission framework

23 Foundations of Cybersecurity 2016

Any component (and user) of a system should operate using the least set of privileges necessary to complete its job.

SLIDE 25

24 Foundations of Cybersecurity 2016

https://s-media-cache-ak0.pinimg.com/736x/fb/be/d9/fbbed9c16f8422d0d3febecd55ed98f4.jpg

SLIDE 26

Minimum Trust and Maximum Trustworthiness

Trusted system: User assumes that system will behave as expected, but system may misbehave

(in particular by acting maliciously)

Trust should be avoided when possible
Trustworthy system: System always acts as expected by user
Minimizing trust = minimizing expectations about the system

(can result in complete loss of trust into a system)

Maximizing trustworthiness = turning assumptions into validated properties (e.g., rigorously

prove that system behaves only in expected manner)

Example: Program receiving user input
Never trust the user input! (minimize trust)
Always validate and filter user input! (maximize trustworthiness)
Problem: Transitive trust (‘chain of trust’)
A → B, B → C, thus A → C (possibly unknown to A)
Complicates completely reasoning about security of an entity (e.g. A)

25 Foundations of Cybersecurity 2016

Minimize trust and maximize trustworthiness.

SLIDE 27

26 Foundations of Cybersecurity 2016

http://www.gmesupply.com/images/1/gme-supply_0135s.jpg

SLIDE 28

Secure, Fail-Safe (Fail-Secure) Defaults

System designed to prevent unsafe/insecure consequences of the system's

failure

Requires that system starts in a secure state
Important in access control
Identify conditions under which access is granted
Default case: If conditions are not fulfilled, deny access (whitelisting)
Fail securely: Conditions wrongly identified → Access denied (wrongly)

27 Foundations of Cybersecurity 2016

The system should start in a secure state and return to a secure state in the event of a failure.

SLIDE 29

28 Foundations of Cybersecurity 2016

http://resources0.news.com.au/images/2013/09/11/1226716/529036-airport-security-tsa-screeners.jpg

SLIDE 30

Complete Mediation

Requires that the access control mechanism encompasses all security-

relevant objects and is operational in any system state

Access control must not be circumventable
To mitigate attacks at layers below the access control mechanisms, data

should be additionally be protected in transit and storage (e.g., encryption)

Example lower-layer attacks: booting a different operating system like a

live CD to circumvent access control or sniffing web traffic

Requires authentication to securely identify subjects and objects of any

access

29 Foundations of Cybersecurity 2016

Access to any object must be monitored and controlled.

Object

(e.g., Resource like File)

Subject

(e.g., User process)

access request

Monitor

If authorized

SLIDE 31

30 Foundations of Cybersecurity 2016

http://www.i2clipart.com/clipart-wall-c7b9

SLIDE 32

No Single Point of Failure

Also known as “defense in depth”: Do not rely on a single security mechanism
If one mechanism fails, another should prevent malice
How many security layers?
Depends on cost-benefit analysis: performance requirements, usability

aspects, administrative overhead, etc.

How?
Common technique: Separation of duties
More than one entity/mechanism required to complete a task
Several examples in physical world

(one letter with credit card, separate letter with PIN; airplane with four instead of two engines; high security safes with two locks and keys held by different guards;…)

31 Foundations of Cybersecurity 2016

Build redundant security mechanisms whenever feasible.

SLIDE 33

32 Foundations of Cybersecurity 2016

http://www.tradersmessageboards.com/wp-content/uploads/2015/06/print-audit-300x300.png

SLIDE 34

Traceability

Trace: Sign or evidence of past events
Traceability: System retains traces of activities (i.e., record of sequence of

events from which history of system can be reconstructed)

Important for accountability
Link actions to a subject that can be held responsible
Usually implemented through logging
Logs must be protected to prevent adversary from removing his traces
Can contradict privacy requirements
Possible solution: Use of pseudonyms, store true identities separately

(→ Separation of duties for tracing events of a true identity)

33 Foundations of Cybersecurity 2016

Log security-relevant system events.

SLIDE 35

34 Foundations of Cybersecurity 2016

https://xkcd.com/221/

SLIDE 36

Generating Secrets

Entropy in information theory (coll.): “Degree of randomness”
High entropy of secrets (e.g., crypto keys, passwords, etc) required to prevent

simple guessing or brute-forcing attacks

“Helps keeping secrets secret”
Debian OpenSSL PRNG bug: Random number generator code was

“optimized” → RNG became predictable → Cryptographic key material generated with this RNG became predictable → SSL on Debian was broken

35 Foundations of Cybersecurity 2016

Maximize the entropy of secrets.

SLIDE 37

36 Foundations of Cybersecurity 2016

http://www.searchenginepeople.com/wp-content/uploads/2012/05/bad-usability.jpg

SLIDE 38

Usability

Security mechanisms should be easy to use
The harder the security mechanism is to use, the more likely it is that users

(or developers/administrators) will circumvent it or will apply it incorrectly

37 Foundations of Cybersecurity 2016

Design usable security mechanisms.

Examples:
Alma Whitten, J.D Tygar. “Why Johnny

Can’t Encrypt: A Usability Evaluation of PGP 5.0”: Majority of test users were unable to encrypt an email

Sunshine et al. “Crying wolf: an empirical

study of SSL warning effectiveness”: SSL/TLS warnings ineffective

Recent works on Android: Alarmingly high

number of app developers do not verify SSL certificates correctly, opening their app to network attacks

From https://www.usenix.org/legacy/events/sec09/tech/slides/sunshine.pdf

SLIDE 39

Authentication

SLIDE 40

Authentication: Basic notions

Identification is whom you claim to be
Authentication is how you prove your ID
Credentials: Evidence used to prove the ID
Usually a prerequisite for authorization to use system resources
Forms of authentication
Something you know

(e.g., a password)

Something you have

(e.g., smart card, TAN generator)

Something you are

(e.g., fingerprint)

Combination of those above

(e.g., two-factor authentication for online banking)

39 Foundations of Cybersecurity 2016

SLIDE 41

Password authentication

Most common authentication method
Basic idea
User has a secret password
System checks password to authenticate user
Issues?
How is password stored?
How does system check password?
How easy is it to guess a password?
Difficult to keep password file secret, so best if it is hard to guess password even if

you have the password file

“Passwords are like underwear”
… change them regularly
… don’t share them with friends or strangers
… don’t leave yours lying around

40 Foundations of Cybersecurity 2016

SLIDE 42

Basic password scheme

41 Foundations of Cybersecurity 2016

Password file

User exrygbzyf kgnosfix ggjoklbsz … … frunobulax

hash function

SLIDE 43

Detour: Hash functions (high-level)

Simplified definition (more in crypto part):

hash_function(arbitrary length input) → fixed length output

Illustrative (bad!) example:

𝑦 ∈ ℕ, ℎ𝑏𝑡ℎ 𝑦 → ቊ0 𝑗𝑔 𝑦 𝑗𝑡 𝑓𝑤𝑓𝑜 1 𝑗𝑔 𝑦 𝑗𝑡 𝑝𝑒𝑒

Cryptographic hash functions have ideally the following properties
One-way functions
Easy to compute output from input, infeasible to compute input from output
Collision-resistance
Infeasible to find two different inputs that compute to the same output

42 Foundations of Cybersecurity 2016

Input space Output space Collisions {0,1}

ℕ

???

SLIDE 44

Basic password scheme

Cryptographic hash function h: strings  strings
Given h(password), hard to find password
No known algorithm better than trial and error
User password stored as h(password)
When user enters password
System computes h(password)
Compares with entry in password file
No plaintext passwords stored on disk

43 Foundations of Cybersecurity 2016

SLIDE 45

Example: Unix password system

Structure of password entry:

username:$id$salt$h(salt|password)$

$: Separator between entry fields
id: identifies the algorithm h used to compute h(salt|password)
Examples: 1: md5, 5: SHA-256, 6: SHA-512
Not a plain hash, but several iterations (≈5000) to slow down offline attacks

[http://www.akkadia.org/drepper/SHA-crypt.txt]

salt: makes dictionary attacks harder
|: concatenation operator
Password file is publicly readable
Any user can try “offline dictionary attack”
User looks at password file
Computes h(word) for every word in dictionary; if result matches entry in

password file, user found a valid password for user

44 Foundations of Cybersecurity 2016

SLIDE 46

Dictionary Attack – Some numbers

Kali Linux dictionary (popular pentesting distribution)
Contains database with 14,344,392 entries of common passwords
Names, popular passwords, passwords leaked earlier from websites and services
hashcat tool can test ≈16K salted UNIX SHA-512 passwords per second on a good

workstation

Testing complete dictionary a matter of minutes
GPU-based oclHashcat tool can even test up to billions of hashes per second on small GPU clusters
Dedicated hardware and large GPU clusters (e.g. for bitcoins) can test billions to trillions of hashes

per second [https://en.bitcoin.it/wiki/Mining_hardware_comparison]

Dimensions of password strength: length × size of character set × randomness of characters
If passwords were completely random and uniformly distributed
Assume six-character password
Upper- and lowercase letters, digits, 32 punctuation characters
946 = 689,869,781,056 possible passwords
Exhaustive search (“brute force”) using above machine and hashcat requires ≈250 days on average
Problem with truly random passwords: Hard to remember

45 Foundations of Cybersecurity 2016

SLIDE 47

Example: hashcat to ‘recover’ salted Unix passwords from dictionary

bugiel@Colossus01:~/hashcat-0.47$ cat pw.hash $6$kbA7uCaJ$jSN6v19v8Mj6qqzsi85A/9IG3d4CDzMkY1KxiwoM2BxPS8dqL5wg.DZrOuiHF3OX/6c/b0DoZQTPphptZxx4o. $6$BhvJ.qe2$IopPfOUpXfNX82.rK9g8rqLwutjOaqxFwuVdqWefBNs7JgWPIerp..JSj2khiu9qsW3M0FcMmuB0jrcXvZwHH1 bugiel@Colossus01:~/hashcat-0.47$ ./hashcat-cli64.bin -m 1800 -a 0 -o cracked.txt --remove \ pw.hash ~/rockyou.txt -n 32 All hashes have been recovered Input.Mode: Dict (/home/bugiel/rockyou.txt) Index.....: 5/5 (segment), 541142 (words), 5720149 (bytes) Recovered.: 2/2 hashes, 2/2 salts Speed/sec.: - plains, 6.68k words Progress..: 540718/541142 (99.92%) Running...: 00:00:01:20 Estimated.: --:--:--:-- Started: Tue Sep 9 14:41:23 2014 Stopped: Tue Sep 9 15:20:45 2014 bugiel@Colossus01:~/hashcat-0.47$ cat cracked.txt $6$kbA7uCaJ$jSN6v19v8Mj6qqzsi85A/9IG3d4CDzMkY1KxiwoM2BxPS8dqL5wg.DZrOuiHF3OX/6c/b0DoZQTPphptZxx4o. :ilovebeer $6$BhvJ.qe2$IopPfOUpXfNX82.rK9g8rqLwutjOaqxFwuVdqWefBNs7JgWPIerp..JSj2khiu9qsW3M0FcMmuB0jrcXvZwHH1 :!!!lollipop!!!

46 Foundations of Cybersecurity 2016

SLIDE 48

Salting

Salting:

[Alice, saltA, h(passwordAlice || saltA)], [Bob, saltB, h(passwordBob || saltB)], …

Salt is random for every user
Linux – 8 characters for salt (max. 16)
Assume charset [a-zA-Z0-9./] for salt (64 possible characters):

648 = 281,474,976,710,656 = 248 possible hashes of same password when salted

47 Foundations of Cybersecurity 2016

SLIDE 49

Advantages of salt

Without salt
Same hash functions on all machines
Pre-compute hash of all common strings once
Compare hash file with all known password files
“Break once, break everywhere”-condition
With salt
One password hashed 248 different ways (8 character salt)
Pre-compute hash file?
Need much larger file to cover all common strings

(248 pre-computed hashes per possible password  storage problem)

Dictionary attack on known password file
For each salt found in file, try all common strings
Important: Salt like password hash are publicly readable

48 Foundations of Cybersecurity 2016

SLIDE 50

Other countermeasures

Scenario: Offline attacks
Attacker has password file/database and can apply tools like hashcat
Increase complexity of hash computation to slow down attacker’s guessing

rate

E.g., cascade hashing: h(h(h(…..(h(password)))…)
Key stretching (e.g., PBKDF2)
Protect password file/database (e.g., encryption, access control,…)
Scenario: Online attacks
Attacker must enter password into a form to check current guess (e.g., login

screen)

Login mechanism can apply reactive measures:
Increasing timeout between two guesses
Lock account after number of wrong guesses
Proof that you are human (e.g., CAPTCHA)
Require second factor authentication (e.g., token)

49 Foundations of Cybersecurity 2016

SLIDE 51

Reusable Passwords

People tend to reuse the same passwords in different places
If one site is compromised, the password can be stolen and used elsewhere
At the root of “phishing” attacks
Password managers
Allow complex, long, unique password per account
Store password in an encrypted file
Potential single point of failure: Who can see this file? How strongly is it

protected? Can malware get at the database?

People use multiple machines
Synchronize the password database?
Managers that can securely recognize websites can help protect against

phishing

50 Foundations of Cybersecurity 2016

SLIDE 52

Recall: Phishing

51 Foundations of Cybersecurity 2016

Looks normal...

…but is not!

SLIDE 53

Safe to type your password?

52 Foundations of Cybersecurity 2016

SLIDE 54

Safe to type your password?

53 Foundations of Cybersecurity 2016

SLIDE 55

Safe to type your password?

54 Foundations of Cybersecurity 2016

SLIDE 56

Safe to type your password?

55 Foundations of Cybersecurity 2016

???

SLIDE 57

Safe to type your password?

56 Foundations of Cybersecurity 2016

SLIDE 58

Safe to type your password?

57 Foundations of Cybersecurity 2016

http://www.threattracksecurity.com/it-blog/wp-content/uploads/2013/07/fakewiki1.jpg

SLIDE 59

Tool support for Phishers

58 Foundations of Cybersecurity 2016

10 seconds of work with the setoolkit (social engineering toolkit) Real

SLIDE 60

Guessable passwords

September 16, 2008:

Compromise of gov.palin@yahoo.com using

password-reset functionality of Yahoo Mail.

No secondary mail needed
Date of Birth – Wikipedia
Zipcode – Wasilla has two
Where did you meet your spouse?
Biographie
Wikipedia, again…
Google
Successfully changed

password to “popcorn”

59 Foundations of Cybersecurity 2016

SLIDE 61

Data Mining

Manufacturer of your first car?
Until 1998, Ford had >25% of market
First name of your best friend?
10% of males: James/Jim,

John, Robert/Bob/Rob

Name of your first / favorite pet
Max, Jake, Buddy, Bear… etc.
Top 500 (covers 65% of names)

is available online

Mother’s Maiden Name, Social Security Number
“Messin’ with Texas”

[Griffith & Jakobsson, 2005]

60 Foundations of Cybersecurity 2016

SLIDE 62

Guessable passwords

Wordhound: This is a tool that allows for the automated and targeted

construction of wordlists and dictionaries [based on Twitter data and web contents] for use in conjunction with password attacks.

[https://bitbucket.org/mattinfosec/wordhound]

CeWL: creating custom word lists by spidering a targets website and

collecting unique words [https://digi.ninja/projects/cewl.php]

61 Foundations of Cybersecurity 2016

SLIDE 63

Guessable passwords

62 Foundations of Cybersecurity 2016

SLIDE 64

Targeted attacks

If the attacker really wants your password

63 Foundations of Cybersecurity 2016

http://xkcd.com/538/ “Rubber hose cryptanalysis:” Coercion attack where the user is forcibly asked by an attacker to reveal the key

SLIDE 65

Security research du jour

Neuroscience Meets Cryptography:

Designing Crypto Primitives Secure Against Rubber Hose Attacks

[Bojinov et al., USENIX Security Symposium 2012]

Use concept of implicit learning from cognitive psychology:

user learns patterns without any conscious knowledge of the learned pattern

Authors crafted a computer game to plant a password in the user’s brain without the user having

conscious knowledge of the trained password

Trained password can be used for authentication
But: No rubber hose attack, since user does not have conscious knowledge of password!
Cracking-Resistant Password Vaults using Natural Language Encoders

[Chatterjee et al., IEEE Security & Privacy 2015]

Problem: Master password of password vaults (or managers) is single point of failure,

attackable with efficient offline attacks

Authors built encrypted vaults that resist such offline cracking attacks and forcing attackers

to move to an online attack

Introduce a new type of secure encoding scheme that they call natural-language encoders (NLEs)
When decrypted with the wrong master password, it produces plausible-looking decoy passwords
Attacker must test actual passwords to check if guessed correct master password (i.e. online attack)

64 Foundations of Cybersecurity 2016

SLIDE 66

Biometrics

Use a person’s physical characteristics
fingerprint, voice, face, keyboard timing, …
Advantages
Cannot be disclosed, lost, forgotten
Disadvantages
Cost, installation, maintenance
Reliability of comparison algorithms
False positive: Allow access to unauthorized person
False negative: Disallow access to authorized person
Privacy?
If forged, how do you revoke?

65 Foundations of Cybersecurity 2016

SLIDE 67

Voluntary finger cloning

Select the casting material
Softened, free molding plastic (used by Matsumoto)
Part of a large, soft wax candle (used by Willis; Thalheim)
Push the fingertip into the soft material
Let material harden
Select the finger cloning material
Gelatin: “gummy fingers”, used by Matsumoto
Silicone: used by Willis; Thalheim
Pour a layer of cloning material into the mold
Let the clone harden

66 Foundations of Cybersecurity 2016

SLIDE 68

Matsumoto’s Technique

67 Foundations of Cybersecurity 2016

Press a live finger against it. Only a few dollars’ worth of Materials Put the plastic into hot water to soften it. The mold

SLIDE 69

Involuntary cloning

Clone without victim knowledge or assistance
Appears in Hollywood movies
Sneakers (1992) “My voice is my passport”
Never Say Never Again (1983) cloned retina
Charlie’s Angels (2000)
Fingerprints from beer bottles
Eye scan from oom-pah laser
Bad news: it works!
Chaos Computer Club: “Der Abdruck wurde durch CCC-Aktivisten von einem

Wasserglas sichergestellt, das Dr. Schäuble bei einer öffentlichen Veranstaltung benutzt hatte.” [http://www.ccc.de/en/updates/2008/schaubles-finger]

68 Foundations of Cybersecurity 2016

SLIDE 70

Gummy finger from latent print

Capture clean, complete fingerprint on a glass, CD, or other smooth, clean surface
Pick it up using tape and graphite
Scan it into a computer at high resolution
Enhance the fingerprint image
Print with laser printer
Overlay print with wood glue
After drying, your new identity is ready

69 Foundations of Cybersecurity 2016

Source: http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren.de

SLIDE 71

Security research du jour

Continuous authentication using biometrics
Problem: One-time authentication (e.g. login screen) becoming insufficient on modern

devices

PCs/Laptops often left unattended but logged in!
Smartphones require high frequency of unlocking. Too cumbersome for many users, which

thus do not set a password or lock pattern! (Usability principle not fulfilled)

Continuous authentication: Seamless (re-)authentication of the user’s identity
Various research works based on biometrics
Examples:
How you type text on a keyboard (typing activity)
How you interact with the touchscreen of smartphone (type/swipe

frequency/acceleration/trajectory/pressure, rotation of the phone during interaction)

User’s gait (detected using smartphone sensors)
Fingerprint scanner integrated in mouse
Usually rely on machine learning (neural networks)

70 Foundations of Cybersecurity 2016

SLIDE 72

Token-based authentication

Several configurations and modes of use
Device produces password, user types into system
User unlocks device using PIN
User unlocks device, enters challenge
Example: S/Key
User enters string, device computes sequence
p0 = hash(string|rand); pi+1 = hash(pi)
pn placed on server; set counter k = n
Device can be used n times before reinitializing
Send pk-1 = to server, set k = k-1
Sever checks hash(pk-1) = pk , stores pk-1

71 Foundations of Cybersecurity 2016

SLIDE 73

Disadvantages of Tokens

Can be stolen or lost
Lack of hardware/software support on many machines
Inconvenient to use
Cost

72 Foundations of Cybersecurity 2016

SLIDE 74

Two-Factor Authentication

Combine two of the three types of authentication
Use second factor to work around limitations of first
Important security requirement:

Both channels are independent from each other, so compromise of one channel does not compromise the other

Examples:
Online banking password plus generated TAN
Online banking password plus mTAN

(unless banking done on same phone that receives mTAN)

Account password plus authenticator
RSA SecurID card plus PIN

73 Foundations of Cybersecurity 2016

SLIDE 75

Security research du jour

Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound

[Karapanos et al. USENIX Security Symposium 2015]

Problem: Usability issues of two-factor authenticaton
Authors use proximity of the user’s phone to the device being used to log in as

second factor

proximity of the two devices is verified by comparing the ambient noise recorded by

their microphones

Audio recording and comparison are transparent to the user, so that the user

experience is similar to one-factor authentication (e.g., password only)

The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on

Ambient Audio

[Shrestha et al. Conference on Computer and Communications Security 2016]

Attack on Sound-Proof
Emit predictable sound from smartphone (alert, call, media playback, …)

74 Foundations of Cybersecurity 2016