Lecture14– PasswordsandAuthentication

StephenCheckowayUniversityofIllinoisatChicago

CS487– Fall2017SlidesbasedonBailey’sECE422

MajorPortionsCourtesyRyanCunningham

AUTHENTICATION

AuthenticationBasics

• Authenticationbindsidentitytoasubject• Twostepprocess– Identification- establishidentitytosystem– Verification- processverifiesandbindsentityandidentity

PASSWORDAUTHENTICATION

Basics

• Userkeepsasecretstring(password)• Somethingtheuserknows• Advantages?• Disadvantages?

Attacks• Stealfromtheuser– Installakeylogger (hardwareorsoftware)– Finditwrittendown– Socialengineering/Phishing– Interceptthepasswordovernetwork– Useasidechannel

• Stealfromtheservice– Installmalwareonthewebserver– DumpthepassworddatabasewithSQLinjection

• Stealfromathirdparty(passwordreuse)

PasswordGuessing

http://www.datagenetics.com/blog/september32012/

Top20Passwords(MarkBurnett)1. password, 320272. 123456, 259693. 12345678, 86674. 1234, 57865. qwerty, 54556. 12345, 45237. dragon, 43218. pussy, 39459. baseball, 373910. football, 3682

11. letmein, 353612. monkey, 348713. 696969, 334514. abc123, 331015. mustang, 328916. michael, 324917. shadow, 320918. master, 318219. jennifer, 258120. 111111, 2570

https://xato.net/10-000-top-passwords-6d6380716fe0#.lo0geeq99

PowerLaw

http://www.philippeadjiman.com/blog/2009/10/26/drawing-the-long-tail-of-a-zipf-law-using-gnuplot-java-and-moby-dick/

SecurePasswords

• Unevendistributionmakesguessingeasier• Passwordsshouldbeuniformlydistributed– Allcharactersinpasswordchosenwithequalprobability

• Passwordsshouldbelong– Longerpassword=largerbruteforcesearchspace

• Passwordsshouldneverbereused• Passwordschosenrandomlyaredifficulttoremember– Tradeoffofsecurityvs.convenience

STORINGPASSWORDS

Slide12

StoringPasswords

• Passworddatabaseishighlysensitive• Weshouldnever storeplaintext passwords• Storesomethingthatletsuserprovetheyknowthepassword

Hashfunctions(morelater)

• Input– dataofanarbitrarysize• Output– fixedlength• Sameinputalwaysproducesthesameoutput• Onewayfunction– cannotdeduceinputfromoutput• A“fingerprint”fortheinput• Examples:MD5,SHA-1,SHA-256,SHA-512,SHA-3– md5("welcome")= 40be4e59b9a2a2b5dffb918c0e86b3d7

• Noneoftheseshouldbeuseddirectlyusedforpasswordhashing

Noncryptographic hashfunctions(andmore)

• Cyclicredundancychecks(CRC)– CRC-16,CRC-32,etc.– Basedonpolynomials,manyvariants

• Checksums– sum-8,sum-16,Adler-32,Luhn algorithm,etc.

• Noncryptographic hashfunctions– FNV-1,Berstein hash(djb2),Java’shashCode()

• Noneoftheseshouldbeusedusedforpasswordhashing

PasswordHashes

• Westoreadatabaseofpasswordhashes• e.g.,/etc/shadowonUNIXrcunnin2:$6$vb1tLY1qiY$M.1ZCqKtJBxBtZm1gRi8Bbkn39KU0YJW1cuMFzTRANcNKFKR4RmAQVk4rqQQCkaJT6wXqjUkFcA/qNxLyqW.U/:15405:0:99999:7::

PasswordCracking

• Bruteforcesearchthroughallpossiblepasswordsinorder• Useadictionary• Useadictionaryofcommonpasswords• Combinedictionarywithcommonpasswordsandheuristics(e.g.p@$$w0rdandpassword123)

• Usestatisticalmodelsofuserpasswords• Easytoparallelize:hashpasswordguess,comparetoentirehashdatabase

• CommonlydonewitharraysofGPUs

RainbowTables

• Manypasswordsarecommon• Precomputetheminalookuptable• Time/spacetradeoff

SaltingPasswordDatabase

• Generateandstorearandomnumber,thesaltforeachpassword• Concatenatepasswordandsalttocomputehash• Effectivelyauniquehashfunctionforeachpassword

p@$$w3rd 1517

zDMovrtf$Vdy63ipRgRAeKHvDIQP3F0

Hash

PasswordSecurityPolicies• Educateusersaboutpasswordsecurity– Specificallytrainthemtousegoodpasswords– Buttheymightormightnotfollowthrough

• Generatepasswordsrandomly– Perfectuniformdistribution– Butnotverypsychologicallyacceptable

• Reactivepasswordchecking– Crackyourownuser’spasswords– Butexpensiveandpasswordsvulnerableuntilcracked

• Complexpasswordpolicy/proactivechecking

ComplexPasswordPolicy/ProactiveChecking

• Lettheuserselecttheirownpassword• Forcethemtofollowapolicy• Rejectpasswordsthatdon’tfollowpolicy• But…– Technicallyreduces numberofpossiblepasswords– Policymightnotbepsychologicallyacceptable–Wedon’tknowifusersarereusingtheirpasswords

SecurityQuestions

• Arealsoasharedsecret• BruceSchneier callsthem“abackuppassword”• Easiertoguessandsocialengineer• Somecannotbechanged• Somewebsiteshaveafixedsetofanswers!

Breacheshappen

• Databasesofusernamesandpasswordsareexposed• https://haveibeenpwned.com/ß Usethis!

RECENTPASSWORDSOLUTIONS

PasswordManagers• Applicationthatgeneratesandmaintainspasswords• Examples:LastPass,KeePass,DashLane,1Password• Advantages:– Canhandlerandompasswords– Cancreateuniquepasswordsforeverywebsiteandservice

• Disadvantages– Onepointoffailure– Requiresastrongpassword(couldbesnooped)– Couldbehacked(onlyassecureasthepasswordmanager)– Inconvenient(doesn’tworkforsomesites,setuptime,etc.)

OnePointofFailure…

SingleSign-On(SSO)

• Logintotrusted3rdparty(identityprovider),whovouchesforuseridentity

• Examples:FacebookConnect,OAuth,OpenID• ProsandconssimilartoPasswordManagers• Thirdpartycantrackusers…

TOKEN-BASEDAUTHENTICATION

Basics

• Somethingtheuserhas• Staticmemorycards– Readonly– e.g.ATMcard/CreditCard– Vulnerabletoreplayattack

• Smartcard– Storageandcomputation– Enableschallenge-responseorone-timepassword– Protectsagainstreplayattack

Challenge-Response

One-timepassword(OTP)

• Smartcardcanalsoimplementone-timepasswordscheme• S/Keyisonesuchscheme:– Startwitharandomseed– Hashthecurrentseedtoproducethenext– Usethehashoutputsinreverseorder

• Time-basedone-timepassword(TOTP)• Vulnerabletoman-in-the-middle(MitM)

Universalsecondfactor(U2F)

• AddressesOTP’sweaknesstoMitM

• Website’soriginiscryptographicallyboundtotheresponse(notdisplayedinthediagram)

https://developers.yubico.com/U2F/Libraries/Using_a_library.html

Disadvantages

• Tokencanbelost,stolen,orcounterfeited• Requiresanindividualphysicaltoken• Requiresanextrastep(mildlyinconvenient)• Hardwarecanbeexpensive…– …butusuallyisn’t– $18forU2FkeyfromYubico– Google,Facebook,andYubico wereallgivingtheseawayatarecentconferenceIattended

BIOMETRICAUTHENTICATION

Biometrics

• Somethingtheuseris ordoes• Deriveasignaturefrombiologicalfeaturesofuser– Voice,fingerprint,face,retina,handwriting,gait

• Advantages?• Disadvantages?

Disadvantages

• Imprecisemeasurementsrequireapproximatematching– Essentiallyamachinelearningtask– Falsenegativesandfalsepositiveshaveacost

• Measurementschangeovertime• Pooraccessibility• Cannotbereplacedorconcealed• Replayattacks/spoofingpossible• Canbelegallycompelledtoprovidebiometrics

OPMBreach

FacialRecognition

OTHERSCHEMES

2FactorAuthentication(2FA)

• SomethingyouhaveANDsomethingyouknow• Eitherfactorisuselesswithouttheother• ChipandPIN• CommonlyimplementedinmobilephonesviaSMS– Disadvantages:

• ONEdevice(ifhacked)• SMSiseasytoredirect• ONEpointoffailureforSE(phonecompany)

• Googleauthenticator,DuoMobile,Authy,Yubico Authenticator• OTPtokens(e.g.,TOTP),U2Fkeys

MultifactorAuthentication

• Nextlevel2FA• Combinationofbiometrics,knowledge,andpossession

BehaviorProfiling

• Trackaccessbehaviorofusers– Systemsused– Timesandlocationswhenactive– Typicalusage

• Lookforanomalousorfraudulentbehavior• “WhyisthisguywhowasinIowa2minutesagologginginfromNigeria?”

• Usedinfraudprevention