project book password management system
TRANSCRIPT
Password Management System: A Security Approach for computer network
Dissertation Submitted to
National University of Bangladesh
In Partial fulfillment of the Degree of
B. Sc. (Hon’s) in Computer Science, 2005
Class Roll: 200239 Exam Roll: 02128 Reg. No: 624565 Session: 2001-02
Course No: CS-409 (Project Work) Printed: February 05, 2008
Brief Content
Abstract 1
Chapter 1 Introduction 2
Chapter 2 Network Security Overview 5
Chapter 3 Password Management Review 14
Chapter 4 Intrusion 22
Chapter 5 Password Protections 36
Chapter 6 Password Selection Strategies 45
Chapter 7 Conclusion 54
References 57
Contents Abstract 1
Chapter 1 Introduction 2
1.1 Introduction
1.2 Objective
1.3 Organization
Chapter 2 Network Security Overview 5
2.1 Network and Distributed Processing
2.2 Network Criteria
2.2.3 Performance
2.2.2 Reliability
2.2.1 Security
2.3 Protocol
2.4 TCP/IP Protocol Suites
2.5 TCP/IP Applications
2.5.1 SMTP
2.5.2 FTP
2.5.3 TELNET
2.6 Addressing
2.7 Point-to-Point Protocol (PPP)
2.7.1 Password Authentication Protocol (PAP)
2.8 Cryptography
2.8.1 Plaintext and Chipertext
2.8.2 Key
2.9 Data Encryption Standard (DES)
2.9.1 DES Function
2.9.2 Drawback of DES
2.9.3 DES Alternative
2.9.4 Triple DES
2.10 Network Security Services
Chapter 3 Password Management Review 14
3.1 Password Management System
3.2 Password
3.3 Intruder
3.4 Authentication
3.4.1 Authentication Factor
3.4.2 Identification Technique
3.4.3 Strong Authentication
3.5 Elements of Strong Password
3.6 Creation of Strong Password
3.7 Keeping one’s Password Safe
Chapter 4 Intrusion 22
4.1 Introduction
4.2 The Password File
4.2.1 One-way Function
4.2.2 Access Control
4.3 Intrusion Techniques
4.4 Intrusion Detection
4.5 Intrusion Detection Approaches
4.5.1 Statistical Anomaly Detection
4.5.2 Rule-Based Detection
4.6 Intrusion Detection Tool
4.7 Statistical Anomaly Detection
4.7.1 Threshold Detection
4.7.2 Profile Based Systems
4.8 Statistical Intrusion Detection
4.9 Rule Based Intrusion Detection
4.10 Distributed Intrusion Detection
4.11 Honeypots
Chapter 5 Password Protections 36
5.1 Approaches to Password Protection
5.2 Password Policy
5.3 Password Change and Reset
5.4 Password Synchronization
5.5 Credential Mapping
5.6 UNIX Password Encryption
5.6.1 “Salt” Value
5.7 UNIX Password Verification
5.8 The Encryption Routine
5.9 Threats in Password Scheme
Chapter 6 Password Selection Strategies 45
6.1 Introduction
6.2 User Education
6.3 Computer-generated passwords
6.4 Reactive password checking
6.5 Proactive password checking
6.6 The Markov Model
6.7 Password Solution Requirement
Chapter 7 Conclusion 54
7.1 Concluding Remarks
7.2 Summery
References 57
1
Abstract
This presentation discusses a real‐world approach to applying usability to a password
management solution. Usability was a primary driver in the selection and
customization of an enterprise wide password management application. The results
of this testing were a set of usability issues to address in the customization phase.
During this phase, prototype screens were designed to address problems related to
terminology, workflow, navigation, password guidelines and authentication
questions. Usability testing of the prototype led to further refinement. While this
focus on usability led to an improved user interface, issues of security, and the
impact of usability recommendations on security had to be balanced with ease of
use.
2
Chapter 1 Introduction
1.1 Introduction 3
1.2 Objective 3
1.3 Organization 4
3
Chapter 1 Introduction
1.1 Introduction
A password is a form of secret authentication data that is used to control access to a
resource. The front line defense against intruders is the password system. The
password is kept secret from those not allowed access, and those wishing to gain
access are tested on whether or not they know the password and are granted or
denied access accordingly.
The use of passwords goes back to ancient times. Sentries guarding a location would
challenge for a password. They would only allow a person in if they knew the
password. In modern times, passwords are used to control access to protected
computer operating systems, mobile phones, cable TV decoders, automated teller
machines (ATMs), etc. A typical computer user may require passwords for many
purposes: logging in to computer accounts, retrieving e‐mail from servers, accessing
files, databases, networks, web sites, and even reading the morning newspaper
online.
Despite the name, there is no need for passwords to be actual words; indeed
passwords which are not actual words are harder to guess, but are generally harder
for users to remember.
1.2 Objective
The use of passwords is now a part of daily life for anyone using a data
communications or storage device. More and more, these passwords are proving a
weak point in the security of our systems and networks yet they are an unavoidably
necessity.
With 400MHz Quad Pentium II computers able to test encrypted passwords against
and 8 Mbyte dictionary of common passwords in seconds a diligent effort is required
by the guardians of our data and communications to ensure that users and
organizations data and communications are as secure as possible. [15]
4
The ideal solution to this problem is to avoid passwords, particularly as a single point
of failure. Cost effective biometric systems now exist that can greatly compliment
existing security systems or even, in limited cases, replace passwords. Systems for
generating pseudorandom super‐keys and storing them on physical devices like
smartcards and thumb‐drives also exist and are a great alternative to the clumsy old
password.
Here I will look at making the most of password structure you have and, as this is
largely dependent on the commitment of users, how best to assist them in helping
you keep your organization’s data safe.
Here is what can someone do to improve the security of his password dependant
systems.
1.3 Organization
It is the purpose of this presentation is to provide a practical survey of both the
principle and practice of password management system. In the first portion of the
book, the basic overview of Computer Network Security is given. At the later portion
I define the review of password management System. Part three is to know how
password protects us from intruder. The final part of the book deals with the
practices of password selection and advanced management system.
5
Chapter 2 Network Security Overview
2.1 Network and Distributed Processing 6
2.2 Network Criteria 6
2.3 Protocol 7
2.4 TCP/IP Protocol Suites 7
2.5 TCP/IP Applications 7
2.6 Addressing 9
2.7 Point-to-Point Protocol (PPP) 9
2.8 Cryptography 10
2.9 Data Encryption Standard (DES) 11
2.10 Network Security Services 12
6
Chapter 2 Network Security Overview
2.1 Network and Distributed Processing
A network is a devices referred to as node connected by communication links. A
node can be a computer, printer or any other device capable of sending and
receiving data generated by other nodes on the network. [16]
Most network use distributed processing, in which a task is divided among multiple
computers. Instead of one single large machine being responsible for all aspects of
process, separate computers handle a subset.
2.2 Network Criteria
A network must be able to meet a certain number of criteria. The most important of
these are:
1. Performance
2. Reliability
3. Security
2.2.1 Performance
Performance can be measured by many ways, including transit time and response
time. Performance is often evaluated by two networking metrics: throughput and
delay.
2.2.2 Reliability
Reliability is measured by the frequency of failure and the time it takes a link to
recover from a failure.
2.2.3 Security
7
Security includes protecting data from unauthorized access, protecting data from
damage and development, and implementing policies for recovery from breaches
and data losses.
2.3 Protocol
A protocol is a set of rules that govern data communications. A protocol defines
what is communicated, how it is communicated and when it is communicated.
2.4 TCP/IP Protocol Suites
The TCP/IP protocol suite was developed prior to the OSI model. There is no official
TCP/IP protocol model. However, based on the protocol standards that have been
developed, we can organize the communication task for TCP/IP into five relatively
independent layers, from bottom to top:
1. Physical layer
2. Network access layer
3. Internet layer
4. Host‐to‐host, or transport layer
5. Application layer
2.5 TCP/IP Applications
A number of applications have been standardized to operate on top of TCP which
need a password to log. I mention three of the most common here.
8
2.5.1 SMTP
The Simple Mail Transfer Protocol (SMTP) provides a basic electronic mail facility. It
provides a mechanism for transferring messages among separate hosts. Features of
SMTP include mailing lists, return receipts, and forwarding. The SMTP protocol does
not specify the way in which messages are to be created; some local editing or native
electronic mail facility is required. Once a message is created, SMTP accepts the
message and makes use of TCP to send it to an SMTP module on another host. The
target SMTP module will make use of a local electronic mail package to store the
incoming message in a user's mailbox.
2.5.2 FTP
The File Transfer Protocol (FTP) is used to send files from one system to another
under user command. Both text and binary files are accommodated, and the
protocol provides features for controlling user access. When a user wishes to engage
in file transfer, FTP sets up a TCP connection to the target system for the exchange of
control messages. This connection allows user ID and password to be transmitted
and allows the user to specify the file and file actions desired. Once a file transfer is
approved, a second TCP connection is set up for the data transfer. The file is
transferred over the data connection, without the overhead of any headers or
control information at the application level. When the transfer is complete, the
control connection is used to signal the completion and to accept new file transfer
commands.
2.5.3 TELNET
TELNET provides a remote logon capability, which enables a user at a terminal or
personal computer to logon to a remote computer and function as if directly
connected to that computer. The protocol was designed to work with simple scroll‐
mode terminals. TELNET is actually implemented in two modules:
9
1. User TELNET interacts with the terminal I/O module to communicate with a local
terminal. It converts the characteristics of real terminals to the network Standard
and vice versa.
2. Server TELNET interacts with an application, acting as a surrogate terminal
handler so that remote terminals appear as local to the application. Terminal
traffic between User and Server TELNET is carried on a TCP connection.
2.6 Addressing
Four levels of addresses are used in an internet employing the TCP/IP protocols
1. Physical Address
2. Logical Address
3. Port Address
4. Specific Address
2.7 Point‐to‐Point Protocol (PPP)
One of the most common protocols for point‐to‐point access is the Point‐to‐Point
Protocol (PPP). Today millions of Internet users who need to connect their home
computers to the server of an Internet service provider use PPP.
2.7.1 Password Authentication Protocol (PAP)
Authentication plays a very important role in PPP because PPP is designed for use
over dial‐up links where verification of user identity is necessary. The Password
Authentication Protocol (PAP) is a simple authentication procedure with a two‐step
process:
1. The user who wants to access a system sends authentication identification and a
password.
2. The system checks the validity of the identification and password and either
accepts or denies connections.
10
2.8 Cryptography
Security in networking is based on cryptography, the science and art of transforming
messages to make them secure and immune to attack. Cryptography means "secret
writing". Cryptography algorithm is divided into two groups:
1. Symmetric‐key or secret‐key cryptography
2. Asymmetric‐key or public‐key cryptography
2.8.1 Plaintext and Ciphertext
The original message, before being transformed, is called plaintext.
After the message is transformed, it is called ciphertext.
2.8.2 Key
A key is a number that the cipher, as an algorithm, operates on. To encrypt a
message, we need an encryption algorithm, an encryption key, and the plaintext.
These create the ciphertext. To decrypt a message, we need a decryption algorithm,
a decryption key, and the ciphertext. These reveal the original plaintext.
11
2.9 Data Encryption Standard (DES)
One example of a complex block cipher is the Data Encryption Standard (DES). The
algorithm encrypts a 64‐bit plaintext block using a 64‐bit key.
DES has two transposition blocks and 16 complex round ciphers. Although the 16
iteration round ciphers are conceptually the same, each uses a different key derived
from the original key.
The initial and final permutations are keyless straight permutations that are the
inverse of each other. The permutation takes a 64‐bit input and permutes them
according to predefined values.
Each round of DES is a complex round cipher. The structure of the encryption round
ciphers is different from that of the decryption one.
2.9.1 DES Function
The heart of DES is the DES function. The DES function applies a 48‐bit key to the
rightmost 32 bits R to produce a 32‐bit output. This function is made up of four
operations
1. An XOR
2. An expansion permutation
3. A group of S‐boxes
4. A straight permutation
2.9.2 Drawback of DES
1. Standard DES with 56 bits key length can relatively easily be broken nowadays
through an exhaustive key search.
2. DES is very robust against known analytical attacks: DES is resistant against
differential and linear cryptanalysis. However, the key length is too short.
3. DES is only reasonably efficient in software but very fast and small in hardware.
12
4. The most conservative alternative to DES is triple DES which has Effective key
lengths of 112 bits.
2.9.3 DES Alternatives
There exists a wealth of other block ciphers. [27] A small collection of as of yet
unbroken ciphers is:
• AES
• Triple DES
• Mars
• RC6
• Serpent
• Twofish
• IDEA
2.9.4 Triple DES
In DES the key is too short. To lengthen the key, Triple DES or 3DES has been
proposed and implemented. This uses three DES blocks. The encrypting block uses a
decryption‐encryption‐decryption combination. Two different versions of 3DES are in
use
1. 3DES with two keys
2. 3DES with three keys
2.10 Network security services
Network security can provide one of the five services
1. Message Confidentiality or privacy: the sender and the receiver except
confidentiality.
2. Message Integrity: The data must arrive at the receiver exactly as they were sent.
3. Message Authentication: A service beyond integrity.
13
4. Message No repudiation: A sender must not be able to deny sending a message
that he or she, in fact, did send.
5. Entity Authentication: The entity or user is verified prior to access to the system
resources.
14
Chapter 3 Password Management Review
3.1 Password Management System 15
3.2 Password 16
3.3 Intruder 16
3.4 Authentication 17
3.5 Elements of Strong Password 18
3.6 Creation of Strong Password 19
3.7 Keeping one’s Password Safe 20
15
Chapter 3 Password Management Review
3.1 Password Management System
The front line defense against intruders is the password system. Virtually all multi‐
user systems require that a user provide not only a name or user identification (ID)
but also a password. The password serves to authenticate the ID of the individual
logging on to the system. [35]
The ID provides:
• The ID determines whether the user is authorized to gain access to a system.
• The ID determines the privileges accorded to the user.
• The ID is used in what is referred to as discretionary access control.
The use of passwords goes back to ancient times. Sentries guarding a location would
challenge for a password. They would only allow a person in if they knew the
password. In modern times, passwords are used to control access to protected
computer operating systems, mobile phones, cable TV decoders, automated teller
machines (ATMs), etc. A typical computer user may require passwords for many
purposes: logging in to computer accounts, retrieving e‐mail from servers, accessing
files, databases, networks, web sites, and even reading the morning newspaper
online.
Despite the name, there is no need for password management system to be actual
words.
16
3.2 Password
A password is a form of secret authentication data that is used to control access to a
resource. The password is kept secret from those not allowed access, and those
wishing to gain access are tested on whether or not they know the password and are
granted or denied access accordingly.
The simplest and the oldest method of message authentication is the password,
something that the claimant possesses. A password is used when a user needs to
access a system to use the system's resources. We can divide this authentication
scheme into two separate groups:
1 Fixed password
2 One‐time password
3.3 Intruder
One of the two most publicized threats to security is the intruder and the other is
viruses, generally referred to as a hacker or cracker.
There are three classes of intruders: [5]
• Masquerader: An individual who is not authorized to use the computer and
who penetrates a system's access controls to exploit a legitimate user's account.
• Misfeasor: A legitimate user who accesses data, programs, or resources for
which such access is not authorized, or who is authorized for such access but misuses
his or her privileges.
• Clandestine user: An individual who seizes supervisory control of the system
and uses this control to evade auditing and access controls or to suppress audit
collection.
An analysis of this attack revealed that there were actually two levels of hackers. The
high level was sophisticated users with a thorough knowledge of the technology; the
17
low level was the "foot soldiers" that merely used the supplied cracking programs
with little understanding of how they worked.
One of the results of the growing awareness of the intruder problem has been the
establishment of a number of computer emergency response teams (CERTs). These
cooperative ventures collect information about system vulnerabilities and
disseminate it to systems managers
In addition to running password‐cracking programs, the intruders attempted to
modify login software to enable them to capture passwords of users logging on to
systems. This made it possible for them to build up an impressive collection of
compromised passwords, which was made available on the bulletin board set up on
one of the victim's own machines.
3.4 Authentication
Authentication is the act of establishing or confirming something or someone as
authentic, which is that claims made by or about the thing are true. Authenticating
an object may mean confirming its provenance, whereas authenticating a person
often consists of verifying their identity.
In computer security, authentication is the process of attempting to verify the digital
identity of the sender of a communication such as a request to log in. The sender
being authenticated, often referred to as the principal, may be a person using a
computer, a computer itself or a computer program. A blind credential, in contrast,
does not establish identity at all, but only a narrow right or status of the user or
program.
In a web of trust, "authentication" is a way to ensure users are who they say they
are—that the user who attempts to perform functions in a system is in fact the user
who is authorized to do so.
3.4.1 Authentication Factor
Authentication factors are generally classified into three cases: [1]
18
1. Something known: password, PIN.
2. Something possessed: chipcard.
3. Something inherent to a human individual: fingerprint, retina pattern.
3.4.2 Identification Technique
Identification Technique is divided into two parts: weak identification and strong
identification. Weak identification include password, PIN, etc. Again strong
identification is divided into three parts: private‐key, public‐key, and zero‐
knowledge. Strong identifications are using challenge-response (CR) protocols.
3.4.3 Strong Authentication
The U.S. Government's National Information Assurance Glossary defines strong
authentication as:
“Layered authentication approach relying on two or more authenticators to establish
the identity of an originator or receiver of information”.
3.5 Elements of Strong Password
There are Five Elements of Strong Passwords:
1. Length Matters: The longer your password, the harder it is to crack. Use a
minimum of eight (8) characters.
2. Mix it Up: Include upper and lowercase letters, punctuation, and numbers.
Select a letter to capitalize at random; try to avoid the first letter.
3. Avoid Dictionary Words or Proper Names: These are easy to guess. If you are
going to spell‐out a word or phrase, remove letters, replace them with numbers, or
deliberately misspell the word or phrase. For example, "I Hate Peas" can become
"eyeH8pEEz".
4. Avoid Personal Information: This includes birthdates, names of family
members or pets, and address information. Try an acronym instead. Example: "You
can't teach an old dog new tricks" becomes "yctaodnt".
19
5. Change Passwords Often: A good rule of thumb is to change passwords every
six months.
3.6 Creation of Strong Password
Be creative and make it fun at the same time. For instance, build your password with
the first or last letters from a favorite phrase, poem, title, song or something else
significant to you. To strengthen it even more, change some of the letters to
uppercase, numeric or punctuation characters.
Construct a password around the Beatles' song "We all live in a Yellow Submarine."
Use the first letter of each word, add the initial of the artists and the year the song
was released, and your well‐constructed password becomes Bwaliays1968. This is a
password that's easy for you to remember, so there is no need to write it down, yet
it is very difficult to guess.
Table 3.1 Example of bad passwords and good passwords
Bad Passwords Good Passwords
tbdbitl Tb$B17l!
whiskers k!TTy,whi#Kers
gobucks gO8uc%ey3S!
3.7 Keeping One’s Password Safe
For keeping one’s password safety we can apply several approaches:
• Don't share passwords associated with any of your accounts or services with
friends, family or anyone else, whether by phone, in person or in e‐mail.
• Don't let others look over your shoulder as you type your password.
20
• Don't write down passwords or keep them in a readable form in your office or
home.
• Don't store passwords in a file on any computer system or PDA without
protecting them with strong encryption.
• Don't use the "Remember Password" feature in web browsers, e‐mail software,
or other programs that connect to the Internet unless the feature is protected by
strong encryption.
• If a technical support person asks you for your password while trying to help you
with a problem, be very cautious, but also understand that it may sometimes be
necessary in order to duplicate your problem.
• Do not hesitate to question the agent about his/her use of or need for your
password.
• If you feel you must reveal your password, first ask the agent to reset it to a
temporary password, which you can change after your problem is resolved.
Legitimate technical support organizations would have no problem with this
request.
• If you reveal your password and then feel it may have been compromised, first
immediately reset the password (if you can) and then report the incident to the
issuer of the account. You can also report a compromised password to OIT's Help
Desk by calling 688‐4357 (8‐HELP) or by sending e‐mail to [email protected].
• As an employee, sharing your organization's passwords is considered a misuse of
property and a security violation. At Ohio State, it is a violation of the university's
Responsible Use Policy.
21
Chapter 4 Intrusion
4.1 Introduction 23
4.2 The Password File 23
4.3 Intrusion Techniques 24
4.4 Intrusion Detection 25
4.5 Intrusion Detection Approaches 26
4.6 Intrusion Detection Tool 27
4.7 Statistical Anomaly Detection 29
4.8 Statistical Intrusion Detection 30
4.9 Rule Based Intrusion Detection 31
4.10 Distributed Intrusion Detection 32
4.11 Honeypots 35
22
Chapter 4 Intrusion
4.1 Introduction
The objective of the intruder is to gain access to a system or to increase the range of
privileges accessible on a system. Generally, this requires the intruder to acquire
information that should have been protected. In some cases, this information is in
the form of a user password. With knowledge of some other user's password, an
intruder can log in to a system and exercise all the privileges accorded to the
legitimate user.
4.2 The Password File
A system must maintain a file that associates a password with each authorized user.
If such a file is stored with no protection, then it is an easy matter to gain access to it
and learn passwords. The password file can be protected in one of two ways:
1. One‐way function
2. Access Control
4.2.1 One‐way function
The system stores only the value of a function based on the user's password. When
the user presents a password, the system transforms that password and compares it
with the stored value. The system usually performs a one‐way transformation in
which the password is used to generate a key for the one‐way function and in which
a fixed‐length output is produced.
4.2.2 Access control
One familiar use of authentication is access control. Access to the password file is
limited to one or a very few accounts. A computer system supposed to be used only
by those authorized must attempt to detect and exclude the unauthorized. Access to
it is therefore usually controlled by insisting on an authentication procedure to
23
establish with some established degree of confidence the identity of the user, thence
granting those privileges as may be authorized to that identity.
Common examples of access control involving authentication include: [35]
• Withdrawing cash from an ATM.
• Controlling a remote computer over the Internet.
• Using an Internet banking system.
One way to stop a password attack is to deny the opponent access to the password
file. If the encrypted password portion of the file is accessible only by a privileged
user, then the opponent cannot read it without already knowing the password of a
privileged user.
Thus, a more effective strategy would be to force users to select passwords that are
difficult to guess.
4.3 Intrusion Techniques
Password crackers, try the following techniques for learning passwords: [4]
1. Try default passwords used with standard accounts that are shipped with the
system. Many administrators do not bother to change these defaults.
2. Exhaustively try all short passwords (those of one to three characters).
3. Try words in the system's online dictionary or a list of likely passwords.
Examples of the latter are readily available on hacker bulletin boards.
4. Collect information about users, such as their full names, the names of their
spouse and children, pictures in their office, and books in their office that are
related to hobbies.
5. Try users' phone numbers, Social Security numbers, and room numbers.
6. Try all legitimate license plate numbers for this state.
24
7. Use a Trojan horse to bypass restrictions on access.
8. Tap the line between a remote user and the host system.
4.4 Intrusion Detection
Inevitably, the best intrusion prevention system will fail. A system's second line of
defense is intrusion detection.
This interest is motivated by a number of considerations, including the following:
1. If an intrusion is detected quickly enough, the intruder can be identified and
ejected from the system before any damage is done or any data are
compromised. Even if the detection is not sufficiently timely to preempt the
intruder, the sooner that the intrusion is detected, the less the amount of
damage and the more quickly that recovery can be achieved.
2. An effective intrusion detection system can serve as a deterrent, so acting to
prevent intrusions.
3. Intrusion detection enables the collection of information about intrusion
techniques that can be used to strengthen the intrusion prevention facility.
The task of detecting an unauthorized user is more difficult, in that the distinction
between abnormal and normal behavior may be small. Such violations would be
undetectable only through the search for anomalous behavior. However, misfeasor
behavior might nevertheless be detectable by intelligent definition of the class of
conditions that suggest unauthorized use. The detection of the underground user
was felt to be beyond the scope of purely automated techniques. These
observations, which were made in 1980, remain true today.
4.5 Intrusion Detection Approaches
There are two approaches to detect intrusion: [28]
1. Statistical anomaly detection
25
2. Rule‐based detection
4.5.1 Statistical Anomaly Detection
Statistical anomaly detection involves the collection of data relating to the behavior
of legitimate users over a period of time. Then statistical tests are applied to
observed behavior to determine with a high level of confidence whether that
behavior is not legitimate user behavior. Two statistical approaches are:
1. Threshold detection: This approach involves defining thresholds,
independent of user, for the frequency of occurrence of various events.
2. Profile based: A profile of the activity of each user is developed and used to
detect changes in the behavior of individual accounts.
4.5.2 Rule‐Based Detection
Rule‐based detection involves an attempt to define a set of rules that can be used to
decide that a given behavior is that of an intruder. Two rule‐based approaches are:
1. Anomaly detection: Rules are developed to detect deviation from previous
usage patterns.
2. Penetration identification: An expert system approach that searches for
suspicious behavior.
In a nutshell, statistical approaches attempt to define normal, or expected, behavior,
whereas rule‐based approaches attempt to define proper behavior.
In terms of the types of attackers listed earlier, statistical anomaly detection is
effective against masqueraders, who are unlikely to mimic the behavior patterns of
the accounts they appropriate. On the other hand, such techniques may be unable
to deal with misfeasors. For such attacks, rule‐based approaches may be able to
recognize events and sequences that, in context, reveal penetration. In practice, a
system may exhibit a combination of both approaches to be effective against a broad
range of attacks.
26
4.6 Intrusion Detection Tool
A fundamental tool for intrusion detection is the audit record. Some record of
ongoing activity by users must be maintained as input to an intrusion detection
system. Basically, two plans are used:
1. Native audit records: Virtually all multiuser operating systems include
accounting software that collects information on user activity. The advantage
of using this information is that no additional collection software is needed.
The disadvantage is that the native audit records may not contain the needed
information or may not contain it in a convenient form.
2. Detection‐specific audit records: A collection facility can be implemented that
generates audit records containing only that information required by the
intrusion detection system. One advantage of such an approach is that it
could be made vendor independent and ported to a variety of systems. The
disadvantage is the extra overhead involved in having, in effect, two
accounting packages running on a machine.
Audit record contains the following fields: [14]
• Subject: Initiators of actions. A subject is typically a terminal user but might also
be process acting on behalf of users or groups of users. All activity arises through
commands issued by subjects. Subjects may be grouped into different access
classes, and these classes may overlap.
• Action: Operation performed by the subject on or with an object; for example,
login, read, perform I/O, execute.
• Object: Receptors of actions. Examples include files, programs, messages,
records, terminals, printers, and user‐ or program‐created structures. When a
subject is the recipient of an action, such as electronic mail, then that subject is
considered an object. Objects may be grouped by type. Object granularity may
27
vary by object type and by environment. For example, database actions may be
audited for the database as a whole or at the record level.
• Exception‐Condition: Denotes which, if any, exception condition is raised on
return.
• Resource‐Usage: A list of quantitative elements in which each element gives the
amount used of some resource (e.g., number of lines printed or displayed,
number of records read or written, processor time, I/O units used, session
elapsed time).
• Time‐Stamp: Unique time‐and‐date stamp identifying when the action took
place.
4.7 Statistical Anomaly Detection
Statistical anomaly detection techniques fall into two broad categories:
1. Threshold detection and
2. Profile‐based systems.
4.7.1 Threshold Detection
Threshold detection involves counting the number of occurrences of a specific event
type over an interval of time. If the count surpasses what is considered a reasonable
number that one might expect to occur, then intrusion is assumed. Threshold
analysis is a crude and ineffective detector of even moderately sophisticated attacks.
Both the threshold and the time interval must be determined. Because of the
variability across users, such thresholds are likely to generate either a lot of false
positives or a lot of false negatives. However, simple threshold detectors may be
useful in conjunction with more sophisticated techniques.
4.7.2 Profile based Systems
Profile‐based anomaly detection focuses on characterizing the past behavior of
individual users or related groups of users and then detecting significant deviations.
28
A profile may consist of a set of parameters, so that deviation on just a single
parameter may not be sufficient in itself to signal an alert.
Metrics that are useful for profile‐based intrusion detection are the following:
• Counter: A nonnegative integer that may be incremented but not decremented
until it is reset by management action. Typically, a count of certain event types is
kept over a particular period of time. Examples include the number of logins by a
single user during an hour, the number of times a given command is executed
during a single user session, and the number of password failures during a
minute.
• Gauge: A nonnegative integer that may be incremented or decremented.
Typically, a gauge is used to measure the current value of some entity. Examples
include the number of logical connections assigned to a user application and the
number of outgoing messages queued for a user process.
• Interval timer: The length of time between two related events. An example is the
length of time between successive logins to an account.
• Resource utilization: Quantity of resources consumed during a specified period.
Examples include the number of pages printed during a user session and total
time consumed by a program execution.
4.8 Statistical Intrusion Detection
For statistical test following approaches that may be taken: [14]
• Mean and standard deviation
• Multivariate
• Markov process
• Time series
• Operational Model
29
4.9 Rule Based Intrusion Detection
Rule‐based techniques detect intrusion by observing events in the system and
applying a set of rules that lead to a decision regarding whether a given pattern of
activity is or is not suspicious.
There are two approaches: [43]
1. Rule‐based anomaly detection
2. Rule‐based penetration identification
A simple example of the type of rules that can be used is found in NIDX, an early
system that used heuristic rules that can be used to assign degrees of suspicion to
activities.
Example heuristics are the following: [9]
1. Users should not read files in other users' personal directories.
2. Users must not write other users' files.
3. Users who log in after hours often access the same files they used earlier.
4. Users do not generally open disk devices directly but rely on higher‐level
operating system utilities.
5. Users should not be logged in more than once to the same system.
6. Users do not make copies of system programs.
30
4.10 Distributed Intrusion Detection
The typical organization needs to defend a distributed collection of hosts supported
by a LAN or internetwork. Although it is possible to mount a defense by using stand‐
alone intrusion detection systems on each host, a more effective defense can be
achieved by coordination and cooperation among intrusion detection systems across
the network.
Issues in the design of a distributed intrusion detection system: [29]
• A distributed intrusion detection system may need to deal with different audit
record formats. In a heterogeneous environment, different systems will employ
different native audit collection systems and, if using intrusion detection, may
employ different formats for security‐related audit records.
• One or more nodes in the network will serve as collection and analysis points for
the data from the systems on the network. Thus, either raw audit data or
summary data must be transmitted across the network. Therefore, there is a
requirement to assure the integrity and confidentiality of these data. Integrity is
required to prevent an intruder from masking his or her activities by altering the
transmitted audit information. Confidentiality is required because the
transmitted audit information could be valuable.
• Either a centralized or decentralized architecture can be used. With a centralized
architecture, there is a single central point of collection and analysis of all audit
data. This eases the task of correlating incoming reports but creates a potential
bottleneck and single point of failure. With a decentralized architecture, there
are more than one analysis centers, but these must coordinate their activities
and exchange information.
A good distributed intrusion detection system is one developed at the University of
California at Davis consists of three main components: [20]
31
• Host agent module: An audit collection module operating as a background
process on a monitored system. Its purpose is to collect data on security‐related
events on the host and transmit these to the central manager.
• LAN monitor agent module: Operates in the same fashion as a host agent module
except that it analyzes LAN traffic and reports the results to the central manager.
• Central manager module: Receives reports from LAN monitor and host agents
and processes and correlates these reports to detect intrusion.
The scheme is designed to be independent of any operating system or system
auditing implementation. [33] Figure 4.1 shows the general approach that is taken.
The agent captures each audit record produced by the native audit collection
system. A filter is applied that retains only those records that are of security interest.
These records are then reformatted into a standardized format referred to as the
host audit record (HAR). Next, a template‐driven logic module analyzes the records
for suspicious activity. At the lowest level, the agent scans for notable events that
are of interest independent of any past events. Examples include failed file accesses,
accessing system files, and changing a file's access control. At the next higher level,
the agent looks for sequences of events, such as known attack patterns. Finally, the
agent looks for anomalous behavior of an individual user based on a historical profile
of that user, such as number of programs executed, number of files accessed, and
the like.
32
Figure 4.1 Agent Architecture
When suspicious activity is detected, an alert is sent to the central manager. The
central manager includes an expert system that can draw inferences from received
data. The manager may also query individual systems for copies of HARs to correlate
with those from other agents.
The LAN monitor agent also supplies information to the central manager. The LAN
monitor agent audits host‐host connections, services used, and volume of traffic. It
searches for significant events, such as sudden changes in network load, the use of
security‐related services, and network activities such as rlogin.
The architecture is quite general and flexible. It offers a foundation for a machine‐
independent approach that can expand from stand‐alone intrusion detection to a
system that is able to correlate activity from a number of sites and networks to
detect suspicious activity that would otherwise remain undetected.
4.11 Honeypots
33
A relatively recent innovation in intrusion detection technology is the honeypot.
Honeypots are decoy systems that are designed to lure a potential attacker away
from critical systems. Honeypots are designed because:
• To divert an attacker from accessing critical systems.
• To collect information about the attacker's activity.
• To encourage the attacker to stay on the system long enough for administrators
to respond.
These systems are filled with fabricated information designed to appear valuable but
that a legitimate user of the system wouldn't access. Thus, any access to the
honeypot is suspect. The system is instrumented with sensitive monitors and event
loggers that detect these accesses and collect information about the attacker's
activities. Because any attack against the honeypot is made to seem successful,
administrators have time to mobilize and log and track the attacker without ever
exposing productive systems.
Initial efforts involved a single honeypot computer with IP addresses designed to
attract hackers. More recent research has focused on building entire honeypot
networks that emulate an enterprise, possibly with actual or simulated traffic and
data. Once hackers are within the network, administrators can observe their
behavior in detail and figure out defenses.
34
Chapter 5 Password Protections
5.1 Approaches to Password Protection 37
5.2 Password Policy 37
5.3 Password Change and Reset 38
5.4 Password Synchronization 38
5.5 Credential Mapping 38
5.6 UNIX Password Encryption 39
5.7 UNIX Password Verification 41
5.8 The Encryption Routine 41
5.9 Threats in Password Scheme 42
35
Chapter 5 Password Protection
5.1 Approaches to Password Protection
There are many ways to approach password management. However, no single
approach will solve all related problems for an organization. For each password
management mechanism and process, either a security or operational tradeoff
exists—and sometimes both. Most password management solutions require a
combination of approaches to reach the intended goal.
Here are five approaches to password management:
1. Password policy
2. Password change
3. Password reset
4. Password synchronization
5. Credential mapping
5.2 Password Policy
An important factor in working toward better password security is the creation and
implementation of an organizational password policy.
Password policies can vary not only between organizations, but also between
different systems within an organization. Some identity stores might not support
certain password strength or complexity requirements, so it might not be possible to
enforce the same password policy throughout your organization.
The solution architect must first decide where the password policy should be
applied. For most organizations, this will be the in the main directory service.
5.3 Password Change and Reset
36
Active Directory Group Policy settings provide a mechanism for ensuring that users
must change their passwords at regular intervals. Password change is a similar
process to password reset, except that with password change the user typically must
authenticate to change their password. Therefore, the password change process
does not have to identify the user.
5.4 Password Synchronization
Password synchronization is a process that applies both to password reset and
password change. Password synchronization can occur in one of two ways:
1. One‐way password synchronization: Changes to the password in one central
system are intercepted and pushed to one or more additional stores.
2. Bidirectional password synchronization: Changes can be made in either store
and then replicated to the other.
5.5 Credential Mapping
An alternative to password synchronization is credential mapping. This technology
accepts that passwords will be different in various systems, but it provides an easy
way to switch from one credential to another. You can generally implement
credential mapping technologies on the client or by using middleware.
Some credential mapping products offer features that can completely control
password management and are usually enabled on an individual target store basis.
The advantages of this approach are:
1. Users do not have to remember passwords for all target systems. The
software signs in on the user's behalf automatically.
2. Users do not have to change passwords on target systems. The software
recognizes or anticipates password change requirements and changes the
password randomly on the user's behalf.
37
3. Passwords on all target systems do not have to be the same as the password
used in your primary authentication mechanism. This approach is especially
useful for systems that do not have the same security characteristics, such as
the ability to support complex passwords.
These credential mapping password management features work best if the target
systems are only accessed through the credential management software.
5.6 UNIX Password Encryption
Let us consider a scheme that is widely used on UNIX, in which passwords are never
stored in the clear. Rather, the following procedure is employed. Each user selects a
password of up to eight printable serves as the key input to an encryption routine.
The encryption routine, known as crypt(3), is based on DES. The DES algorithm is
modified using a 12‐bit “salt” value. The modified DES algorithm is exercised with a
data input consisting of a 64 bit clock of zeros. The output of the algorithm then
serves as input for a second encryption. This process is repeated for a total of 25
encryptions. The resulting 64 –bit output is than translated into an 11‐character
sequence. The hashed password is then stored, together with a plaintext copy of the
salt, in the password file for the corresponding user ID. This method has been shown
to be secure against a variety of cryptanalytic attacks.
Figure 5.1 loading a new password
5.6.1 “Salt” Value
38
“Salt” value is related to the time at which the password is assigned to the user.
The salt serves three purposes: [45]
1. It prevents duplicate passwords from being visible in the password file. Even
if two users choose the same password, those passwords will be assigned at
different times.
2. It effectively increases the length of the password without requiring the user
to remember two additional characters.
3. It prevents the user of a hardware implementation of DES, which would ease
the difficulty of a brute‐force guessing attack.
39
5.7 UNIX Password Verification
When a user attempts to log on to a UNIX system, the user provides an ID and a
password. The operating system uses the ID to index into the password file and
password are used as input to the encryption routine. If the result matches the
stored value, the password is accepted.
Figure 5.2 verifying a password
5.8 The Encryption Routine
The encryption routine is designed to discourage guessing attacks. Software
implementations of DES are slow compared to hardware versions, and the use of 25
iterations multiplies the time required by 25. However, since the original design of
this algorithm, two changes have occurred. First, newer implementations of the
algorithm itself have resulted in speedups. For example, the Internet worm was able
to do online password guessing of a few hundred password in a reasonably short
time by using a more efficient encryption algorithm than the standard one stored on
the UNIX systems that it attacked. Second, hardware performance continues to
increase, so that any software algorithm executes more quickly.
5.9 Threats in Password Scheme
40
There are threats in UNIX password scheme. A user can gain access on a machine
using a guest account or by some other means and then run a password guessing
program, called a password cracker, on that machine. The attacker should be able to
check hundreds and perhaps thousands of possible passwords with little resource
consumption. In addition, if an opponent is able to obtain a copy of the password
file, then a cracker program can be run on another machine at leisure. This enables
the opponent to run through many thousands of possible passwords in a reasonable
period.
As an example, a password cracker was reported on the Internet in August 1993.
Using a thinking Machines Corporation parallel computer, a performance of 1560
encryptions per second per vector unit was achieved. With four vector units per
processing node, this works out to 800,000 encryptions per second on a 128‐node
machine and 6.4 million encryptions per second on a 1024‐node machine. [25]
Even these stupendous guessing rates do not yet make it feasible for an attacker to
user a dump brute‐force technique of trying all possible combinations of characters
to discover a password. Instead, password crackers rely on the fact that some people
choose easily guessable passwords.
Some users, when permitted to choose their own password, pick one that is absurdly
short. The results of one study at Purdue University are shown in table 6.1. The study
observed password change choices on 54 machines, representing approximately
7000 user accounts. Almost 3% of the passwords were three characters of fewer in
length. An attacker could begin the attack by exhaustively testing all possible
passwords of length 3 or fewer. A simple remedy is for the system to reject any
password choice of fewer than, say, six characters or even to require that all
passwords be exactly eight characters in length. Most users would not complain
about such a restriction.
Table 5.1 Observed Password Length [34]
Length Number Fraction of Total
41
1 55 .004
2 87 .006
3 212 .02
4 449 .03
5 1260 .09
6 3035 .22
7 2917 .21
8 5772 .42
Total 13787 1.0
Password length is only part of the problem. Many people, when permitted to
choose their own password, pick a password that is guessable, such as their own
name, their street name, a common dictionary word, and so forth. This makes the
job of password cracking straightforward. The cracker simply has to test the
password file against lists of likely passwords. Because many people use guessable
passwords, such a strategy should succeed on virtually all systems.
One demonstration of the effectiveness of guessing is reported in UNIX Security
Workshop II. From a variety of sources, they collected UNIX password files,
containing nearly 14000 encrypted passwords. The result was frightening. [24]
In all, nearly one‐fourth of the passwords were guessed. The following strategy was
used:
1. Try the user’s name, initials, account name, and other relevant personal
information. In all, 130 different permutations for each user were tried.
42
2. Try words from various dictionaries. The author compiled a dictionary of over
60000 words, including the online dictionary on the system itself, and various
other lists as shown.
3. Try various permutations on the words from step 2. this included making the first
letter uppercase or a control character, making the entire word uppercase,
reversing the word, changing the letter “o” to the digit “zero”. And so on. These
permutations added another 1 million words to the list.
4. Try various capitalization permutations on the words from step 2 that were not
considered in step 3. This added almost 2 million additional words to the list.
Thus, the test involved in the neighborhood of 3 million words. Using the fastest
thinking machines implementation listed earlier, the time to encrypt all these words
for all possible salt values is under an hour. Keep in mind that such a thorough
search could produce a success rate of about 25%, whereas even a single hit may be
enough to gain a wide range of privileges on a system.
43
Chapter 6 Password Selection Strategies
6.1 Introduction 46
6.2 User Education 46
6.3 Computer-generated passwords 47
6.4 Reactive password checking 47
6.5 Proactive password checking 47
6.6 The Markov Model 48
6.7 Password Solution Requirement 53
44
Chapter 6 Password Selection Strategies
6.1 Introduction
Many users choose a password that is too short or too easy to guess. At the other
extreme, if users are assigned passwords consisting of eight randomly selected
printable characters, password cracking is effectively impossible. But it would be
almost as impossible for most users to remember their passwords. Fortunately, even
if we limit the password universe to strings of characters that are reasonably
memorable, the size of the universe is still too large to permit practical cracking.
To eliminate guessable passwords while allowing the user to select a password that
is memorable. Four basic techniques can be use:
1. User education
2. Computer‐generated passwords
3. Reactive password checking
4. Proactive password checking
6.2 User Education
Users can be told the importance of using hard‐to‐guess passwords and can be
provided with guidelines for selecting strong passwords. This user education strategy
is unlikely to succeed at most installations. Particularly where there is a large user
population or a lot of turnover. Many users will simply ignore the guidelines. Others
may not be good judges of what is a strong password. For example, many users
believe that reversing a word or capitalizing the last letter makes a password
unguessable.
6.3 Computer Generated Password
45
Computer generated password also have problems. If the passwords are quite
pronounceable, the user may have problems. If the passwords are quite random in
nature, users wick not be able to remember them. Even if the password is
pronounceable, the user may have difficulty remembering it and so be tempted to
poor acceptance by users. FIPS PUB 181 defines one of the best‐designed automated
password generators. The standard includes not only a description of the approach
but also a complete listing of the C source code of the algorithm. The algorithm
generates words by forming pronounceable syllables and concatenating them to
form a word. A random number generator produces a random stream of characters
used to construct the syllables and words.
6.4 Reactive Password Checking
A reactive password checking strategy is one in which the system periodically runs its
own password cracker to find guessable passwords. The system cancels any
passwords that are guessed and notifies the user. This tactic has a number of
drawbacks. First, it is resource intensive if the job is done right. Because a
determined opponent who is able to steal a password file can devote full CPU time
to the task for hours or even days, an effective reactive password checker is at a
distinct disadvantage. Furthermore, any existing passwords remain vulnerable until
the reactive password checker finds them.
6.5 Proactive Password Checking
The most promising approach to improved password security is a proactive password
checker. In this scheme, a user is allowed to select one’s own password. However at
the time of selection, the system checks to see if the password is allowable and, if
not, reject it. Such checkers are based on the philosophy that, with sufficient
guidance from the system, users can select memorable passwords from a fairly large
password space that are not likely to be guessed in a dictionary attack.
The trick with a proactive password checker is to strike a balance between user
acceptability and strength. If the system rejects too many passwords, users will
46
complain that it is too hard to select a password. If the system uses some simple
algorithm to define what is acceptable, this provide guidance to password crackers
to refine their guessing technique.
6.6 The Markov Model
Two techniques for developing an effective and efficient proactive password checker
that is based on rejecting words on a list show promise. One of these develops a
Markov model for the generation of guessable passwords. Figure 7.1 shows
simplifies version of such a model. This model shows a language consisting of an
alphabet of three characters. The state of the system at any time is the identity of
the probability that one letter. The value on the transition from one state to another
represents the probability that one letter follows another. Thus, the probability that
the next letter is b, given that the current letter is a, is 0.5. [14]
47
Figure 6.1 an Example Markov model
In general, a Markov model is a quadruple [m, A, T, k], where m is the number of
states in the model, A is the state space, T is the matrix of transition probabilities,
and k is the order of the model, the probability of making a transition to a particular
letter depends on the previous k letters that have been generated. Figure shows a
simple first‐order model.
The authors report on the development and use of a second‐order model. To begin,
a dictionary of guessable passwords is constructed. Then the transition matrix is
calculated as follows:
Determine the frequency matrix f, where f(i, j, k) is the number of occurrences of the
trigram consisting of the ith, jth, and kth character. For example, the password
parsnip yields the trigrams par, ars, rsn sni, nip, and ips.
For each bigram ij, calculate f(i, j, ∞) as the total number of trigrams beginning with
ij. For example, f(a,b,∞) would be the total number of trigrams of the form aba, abb,
abc, and so on.
Compute the entries of T as follows:
T( i, j, k)=),,(),,(
∞jifkjif
The result is a model that reflects the structure of the words in the dictionary. With
this model, the question “Is this a bad password?” is transformed into the question
“was this string generated by this Markov model?” for a given password, the
transition probabilities of all its trigrams can be looked up. Some standard statistical
tests can then be used to determine if the password is likely or unlikely for that
model. Passwords that are likely to be generated by the model are rejected. The
authors report good results for a second‐order model. Their system catches virtually
all the passwords in their dictionary and does not exclude so many potentially good
passwords as to be user unfriendly.
48
A quite different approach has been reported [35]. It is based on the use of a bloom
filter. To begin, we explain the operation of the bloom filter. A bloom filter of order k
consists of a set of k independent hash functions H1(x), H2(x), …, Hk(x), where each
function maps a password into a gash value in the range 0 to N‐1. that is,
Hi(Xj), = y 1 ≤ i ≤ k; 1 ≤ j ≤D; 0 ≤ y ≤ N‐1
Where
Xj = jth word in password dictionary
D= number of words in password dictionary
The following procedure is then applied to the dictionary:
1. A hash table of N bits is defined, with all bits initially set to 0.
2. For each password, its k hash values are calculated, and the corresponding bits in
the hash table are set to 1. thus, if Hi(Xj) = 67 for some (i, j), then the sixty‐
seventh bit of the gash table is set to 1; if the bit already gas the value 1, it
remains at 1.
When a new password is presented to the checker, its k hash values are calculated. If
all the corresponding bits of the hash table are equal to 1, then the password is
rejected. All passwords in the dictionary will be rejected. But there will also be some
“false positives”. To see this, consider a scheme with two hash functions. Suppose
that the passwords undertaker and ‘hulkhogan’ are in the dictionary, but ‘xG%#jj98’
is not.
If the password ‘xG%#jj98’ is presented to the system, it will be rejected even though
it is not in the dictionary. If there are too many such false positives, it will be difficult
for users to select passwords. Therefore, we would like to design the hash scheme to
minimize false positives. It can be shown that the probability of a false positive can
be approximated by
P ≈ (1 – ekD/N)k = (1 – ek/R)k
49
Or, equivalently,
R ≈ )1ln( /1 kP
k−−
Where
k= number of hash functions
N= number of bits in hash table
D= number of words in dictionary
R= N/D, ratio of hash table size to dictionary size
Figure 6.2 plots P as a function of R for various values of k. suppose we have a
dictionary of 1 million words and we wish to have a 0.01 probability of rejecting a
password not in the dictionary. If we choose six hash functions, the required ration is
R=9.6. Therefore, we need a hash table of 9.6*106 bits or about 1.2 Mbytes of
storage. In contrast, storage of the entire dictionary would require on the order of 8
Mbytes. Thus we achieve a compression of almost a factor of 7. furthermore,
password checking involves the straightforward calculation of six gash functions and
is independent of the size of the dictionary, whereas with the user of the full
dictionary, there is substantial searching.
50
Figure 6.2 Performance of Bloom Filter
51
6.7 Password Solution Requirement
The first approach is a simple system for rule enforcement. For example, the
following rules could be enforced:
• The password policy should enforce regularly‐scheduled password changes.
• Users must create passwords according to the following rules:
o Users are not allowed to reuse recent passwords.
o Passwords may not contain all or any space‐delimited part of the user's
account name.
o Passwords must be at least eight characters long.
o Passwords must contain characters from three of the following four
categories:
English uppercase characters (A through Z).
English lowercase characters (a through z).
Base 10 digits (0 through 9).
Non‐alphabetic characters (for example, !, $, #, %).
These rules could be coupled with advice to the user. Although this approach is
superior to simply educating users, it may not be sufficient to thwart password
crackers. This scheme alerts crackers as to which passwords not to try but to try may
still make it possible to do password cracking.
52
Chapter 7 Conclusion
7.1 Concluding Remarks 55
7.2 Summery 55
53
Chapter 7 Conclusion
7.1 Concluding Remarks
By including comparative usability ratings as part of the selection of the application,
the strengths and weaknesses of the user interface were recognized at the onset and
could be proactively addressed prior to the rollout of the application. While the
implementation of the password management application is ongoing, the usability‐
focused approach has proactively addressed and improved the application’s ease of
use, while attempting to balance security concerns. In some cases, such as
eliminating case‐sensitive passwords, ease of use was considered to be significant
enough to outweigh the increase in password complexity and security. This is
because case‐sensitive data entry can fail both due to cognitive and mechanical
factors like Caps Lock key enabled. Other potential recommendations, such as
eliminating the requirement for a numeric character, were not applied because the
tradeoff in ease of use was seen as less than the potential loss to security. In that
instance, the cognitive workload alone was not sufficient to mandate reducing the
security of the application.
7.2 Summery
Passwords are an ever increasing weakness in our modern digital storage and
communications environments. They are however, in many cases unavoidable. Poor
password practices lead to many security breaches. Whilst viruses may allow access
to vulnerable systems, strong passwords will continue to protect your critical data
while you return your access controls to a safe level.
Password security is linked to the general security of one organization. Users should
be encouraged to treat data security as any form of organization and personal
security.
57
References
1. Abdalla, M.; Bresson, E.; Chevassut, O.; Moller, B.; and Pointcheval, D. “Provably
Secure Password‐Based Authentication in TLS.”
2. Abdalla, M.; Bresson, E.; Chevassut, O.; Moller, B.; and Pointcheval, D. “Strong
Password‐Based Authentication in TLS using the Three‐Party Group Diffie‐
Hellman Protocol.”
3. Abdalla, M.; Fouque, P; and Pointcheval, D. “Password‐Based Authenticated Key
Exchange in the Three‐Party Setting.”
4. Alvare, A. “How Crackers Crack Passwords or What Password to Avoid.”
5. Anderson, J. “Computer Security Threat Monitoring and Surveillance.”
6. Axelsson, S. "The Base‐Rate Fallacy and the Difficulty of Intrusion Detection."
7. Bace, R. “Intrusion Detection.”
8. Bace, R.; and Mell, P. “Intrusion Detection Systems.”
9. Bauer, W.; and Koblentz, M. “NIDX‐An Expert System for Real‐Time Network Intrusion
Detection.”
10. Bellovin, S. "There Be Dragons."
11. Bellovin, S. "Packets Found on an Internet."
12. Bloom, B. "Space/time Trade‐Offs in Hash Coding with Allowable Errors."
13. Bresson, E; Chevassut, O.; and Pointcheval, D. “A Security Solution for IEEE
802.11’s Ad‐hoc Mode: Password‐Authentication and Group‐Diffie‐Hellman Key
Exchange.”
14. Davies, C., and Ganesan, R. "BApasswd: A New Proactive Password Checker."
15. Denning, D. "An Intrusion‐Detection Model."
16. Emiic. “The Password Guide.”
58
17. Forouzan, B. “Data Communication and Networking.”
18. Fredstie, O. “End Users Attitudes and Behaviours towards Password
Management: Survey Report.”
19. Gaw, S.; and Felten, E. “Password Management Strategies for Online Accounts.”
20. Heberlein, L.; Mukherjee, B.; and Levitt, K. "Internetwork Security Monitor: An Intrusion‐
Detection System for Large‐Scale Networks."
21. Honeynet Project. “Know Your Enemy: Revealing the Security Tools, Tactics, and Motives
of the Blackhat Community.”
22. Javitz, H., and Valdes, A. "The SRI IDES Statistical Anomaly Detector."
23. Kent, S. "On the Trail of Intrusions into Information Systems."
24. Klein, D. “Foiling the Cracker: A Survey of, and Improvements to, Password Security.”
25. Lunt, T., and Jagannathan, R. "A Prototype Real‐Time Intrusion‐Detection Expert
System."
26. Madsen, J. "World Record in Password Checking."
27. McHugh, J.; Christie, A.; and Allen, J. "The Role of Intrusion Detection Systems."
28. Ning, P., et al. "Techniques and Tools for Analyzing Intrusion Alerts."
29. Paar, C. “Applied Cryptography and Data Security.”
30. Porras, P. “STAT: A State Transition Analysis Tool for Intrusion Detection.”
31. Proctor, P. “The Practical Intrusion Detection Handbook.”
32. Safford, D.; Schales, D.; and Hess, D. "The TAMU Security Package: An Ongoing Response
to Internet Intruders in an Academic Environment."
33. Shparlinski, I. “Security of Polynomial Transformations of the Diffie‐Hellman Key.”
34. Snapp, S., et al. "A System for Distributed Intrusion Detection."
35. Spafford, E. "Observing Reusable Password Choices."
59
36. Spafford, E. "OPUS: Preventing Weak Password Choices."
37. Stallings, W. “Cryptography and Network Security.”
38. Stallings W. “Data and Computer Communication.”
39. Sterling, B. “The Hacker Crackdown: Law and Disorder on the Electronic Frontier.”
40. Stoll, C. "Stalking the Wily Hacker."
41. Stoll, C. “The Cuckoo's Egg.”
42. Suo, X; Zhu, Y; and Owen, G. “Graphical Password: A survey.”
43. Tanenbaum, A. “Computer Networks.”
44. Tannen, R; Jackson, K; and Temple, J. “Evaluating and Improving the User
Interface for Password Management Software – A Case Study.”
45. Vaccaro, H., and Liepins, G. "Detection of Anomalous Computer Session Activity."
46. Wagner, D., and Goldberg, I. "Proofs of Security for the UNIX Password Hashing
Algorithm."