第十章 1 chapter 10 authentication of people. 第十章 2 introduction this chapter deals with...
Post on 20-Dec-2015
227 views
TRANSCRIPT
第十章 1
Chapter 10 Authentication of People
第十章 2
Introduction
This chapter deals with password-related issues like how to force users to choose unguessable passwords, how to store password information securely at the system being logged into and how to avoid divulging information to eavesdroppers.
The two most important capabilities are the ability to store a high-quality cryptographic key and the ability to perform cryptographic operations.
第十章 3
Introduction (cont.)
For user authentication, three kinds of approaches exist: Knowledge-based authentication
What you know (passwords, PINs) Token-based authentication
What you have (ID cards, Smart Cards) Biometric authentication
What you are (voiceprint identification, retinal scanners).
第十章 4
10.1 Passwords
There are a lot of problems with using passwords for authentication:
1. An eavesdropper might see the password when Alice is using it to login in.
2. An intruder might read the file where the computer stores password information.
3. Alice’s password might be easy to guess by someone making direct login attempts to the computer.
第十章 5
10.1 Passwords
4. Alice’s password may be crackable by an off-line computer search, given information such as a recognizable quantity encrypted with the password.
5. In attempting to force users to choose unguessable passwords, the system might become so inconvenient that it becomes unusable, or users might resort to writing password down.
第十章 6
10.2 On-line password guessing
Type passwords at the system that is going to verify the password.
One attractive mechanism for preventing password guessing is to keep track of the number of consecutive incorrect passwords for an account and when the number exceeds a threshold, “lock” the account and refuse access.
Another approach to slow down a guesser is to only allow a limited number of account/password guesses per connection attempt.
第十章 7
10.2 On-line password guessing
By auditing invalid password attempts, a system manager can be alerted to the fact that an attempt is being made to penetrate the system.
A method for distributing the detective work is for systems to report to users when they log in the time of their previous login and the number of unsuccessful password attempts since the last successful login.
第十章 8
10.2 On-line password guessing A better approach is to let users choose “good”
password. Password complexity criteria (Microsoft® Windows® Server 2003
family) Is at least 7 characters long. Does not contain your User Name, Real Name, or
Company Name. Does not contain a complete dictionary word. Is significantly different from previous passwords. Contains characters from each of the following groups:
uppercase letters lowercase letters numerals symbols found on the keyboard.
第十章 9
10.3Off-line password guessing
Password file The system simply stores passwords
insecure The system stores cryptographic hash of the password
Attacker guesses a password and verify whether you got it right by hashing it and comparing it to the stolen password file.
An attacker with a file full of hashed passwords might hash all the words in a dictionary and check to see whether any of the passwords match any of the stored hashed values.
第十章 10
10.3Off-line password guessing
When disclosure of whole files full of hashed passwords is a concern, another useful technique is to apply salt.
When a user chooses a password, the system chooses a random number (the salt). It then stores both the salt and a hash of the combination of the salt and the password.
Hash(salt | password )
第十章 11
10.3Off-line password guessing
Another technique is to encrypt the password file.
This does not eliminate the problem of keeping passwords secret; it just reduces it to the problem of protecting the key that decrypts the password file.
第十章 12
10.4 How big should a secret be?
How big a space must a secret be chosen in order to be secure? To thwart an on-line attack:
The secret does not have to be chosen from a large space, because the intruder is detected after a small number of guesses.
To thwart an off-line attack: The secret must be chosen from a much larger space.
第十章 13
10.5 Eavesdropping The lowest-tech form of eavesdropping is to watch
as someone types a password. Of course, it’s easier to watch the screen than fingers. Most systems have the sophistication to not display
passwords. A more high-tech method is to place a wiretap on
the communications line and watch all the password go by
Software-based keystroke logs Can be covertly installed on PC
Hardware logging Can be embedded in keyboards or cables.
第十章 14
10.5 Eavesdropping
One-time passwords: The user and the system have a list of valid
passwords, but each one is only valid once. Periodically, the user must get a new list from the
from the system administrator. This mechanism is nearly impervious to
eavesdropping.
第十章 15
10.6 Passwords and careless users
Passwords are particularly easy to abuse. The solutions is to educate users on the
importance of security.
第十章 16
10.6.1 Using a password in multiple places
One of the tough trade-offs: users use the same password in multiple places keep their passwords different for different system
Using different passwords is more secure because if one password is compromised it only gives away the user’s rights on a single system.
However, users sometimes need to write passwords down in order to remember more than one password.
第十章 17
10.6.2 Requiring frequent password changes
The idea behind frequent password changes is that if someone does learn your password, it will only be useful until it next changes. This protection may not be worth much if a lot of
damage can be done in a short time. User sometimes write passwords down and less
likely to give much thought or creativity to choosing them.
第十章 18
10.6.3 A login Trojan Horse to Capture passwords
The Trojan horse program logs the name and password to a file before the program terminates in some way designed to minimize suspicion.
One most systems, there is some way to interrupt running programs.
Training users to enter the interrupt key sequence before logging in would then thwart such Trojan horses.
For example, in newer Windows systems require the user to type Ctrl-Alt-Delete as part of the login sequence.
第十章 19
10.6.3 A login Trojan Horse to Capture passwords
Even if the Trojan horse program can do the login prompt exactly, it might not be able to exactly duplicate the way the system behaves after a user logs in.
This will make an alert user suspicious. Having a message displayed at login telling users
the number of unsuccessful login attempts to the account since the last successful attempt
第十章 20
10.6.4 Non-Login use of passwords
Some systems permit password protection on individual files.
A user could specially protect certain files so that someone learning the user’s login password still couldn't get at those files.
Applications could require their own authentication of a user before permitting access to certain databases.
第十章 21
10.7 Initial password distribution
A secure method for the initial distribution of passwords is for the user to appear at the terminal of the system administrator and authentication by whatever means humans use to authenticate (driver’s license, student ID…).
The system administrator then sets up all the particulars of the account for the user except the password and then lets the user choose a password.
第十章 22
10.7 Initial password distribution
This method has two drawbacks: It may be inconvenient for the user to meet the
system administrator. It’s a little scary to let this new user type to this
highly privileged terminal session while the system administrator discreetly looks away. A skilled user could probably do substantial damage in a short time.
第十章 23
10.7 Initial password distribution
Another variant on this theme is for the system administrator to create the account and an initial strong password, give it to the user, and instruct the user to use the password only for an initial login and then change it to something more easily remembered.
第十章 24
10.8 Authentication token
Authentication token: A physical device that a person carries around
and uses in authenticating. There are several forms of authentication token in
use today.
第十章 25
10.8 Authentication token
Magnetic strip card advantages:
Passwords are not trivial to reproduce Easy to hold a larger secret
disadvantages: Use of these tokens requires custom hardware on
every access device. Token can be lost or stolen.
第十章 26
10.8 Authentication token
Smart card: about the size of a credit card but with an embedded CPU and memory.
When inserted in a smart card reader, the card carries on a conversation with the device.
There are various forms of smart cards: Pin protected memory card Cryptographic challenge/response cards Cryptographic calculator
第十章 27
10.8 Authentication token
PIN protected memory card There is information in the memory of the card
that can only be read after a PIN is input to the card.
Usually, after some number of wrong PIN guesses, the card “locks” itself and will not give the information to anyone.
The stolen card is useless without the PIN.
第十章 28
10.8 Authentication token
Cryptographic challenge/response cards There is a cryptographic key in memory. The card is willing to encrypt and decrypt using
the key but will not reveal the key even after the PIN is entered.
A computer that knows the key in the card can authenticate the user by creating a random challenge and “challenging” the card to encrypt or decrypt it.
第十章 29
10.8 Authentication token
Cryptographic calculator (readerless smart card) It performs cryptographic calculations using a key
that it will not disclose. It requires no electrical connection to the terminal. It has a display and usually a keyboard. Advantage: they can be sued from ordinary
terminals with no special hardware.
第十章 30
10.9 Physical access
A low-tech way of performing user authentication is to have human guards do it “at the door”.
For example, many bank transactions can only be initialed at tellers’ terminals inside the bank.
第十章 31
10.10 Biometric
Technology available today includes: Retinal scanner Fingerprint readers Face recognition Iris scanner Handprint readers Voiceprints Keystroke timing Signatures