Information system security wk5-2-authentication
Preview:
DESCRIPTION
If you have question Message me!
Citation preview
- 1. IT346 Information System Security Week 5-2: Authentication .
Faculty of Information Technology Page
- 2. Hashed Passwords password hashed passwords salt value. UNIX
password : password. Password salt value : Salt password password :
Salt (random number) Faculty of Information Technology Page 2
- 3. Hashed Passwords password (): Salt password hash function
hash function crypt(3) hash function ? Hash plaintext salt user ID
password file Faculty of Information Technology Page 3
- 4. Hashed Passwords Salt: password hash password file offline
dictionary attacks salt b bits password 2b salt password salt
Faculty of Information Technology Page 4
- 5. Hashed Passwords Log-in Unix User User ID password Operating
system User ID password file plaintext salt hash password+salt salt
password user hash hash password Faculty of Information Technology
Page 5
- 6. UNIX Implementation Password 8 7-bit ASCII input 56 bit Hash
function crypt(3) DES Salt 12 bit Crypt(3) password Software
implementation DES hardware dictionary attack supercomputer account
management software software Faculty of Information Technology Page
6
- 7. Implementation hash/salt Unix Hash function MD5 Salt 48-bits
Password hash 128 bits crypt(3) OpenBSD Bcrypt Blowfish block
cipher hash/salt Unix Password 55 salt 128 bit hash 192 bit Faculty
of Information Technology Page 7
- 8. Password Cracking Dictionary attacks dictionary password
password password file Password hash salt password file hash
password file match dictionary password ( ) Faculty of Information
Technology Page 8
- 9. Password Cracking Rainbow table attacks Rainbow table hash
dictionary password password hash salts hash salt hash Faculty of
Information Technology Page 9
- 10. Observed Password Lengths Password crackers password
password Purdue University study on 54 systems and 7000 users
Faculty of Information Technology Page 10
- 11. Guessing Passwords Cracked Set 13,797 Accounts dictionary 3
Faculty of Information Technology Page 11
- 12. Password File Access Control Block offline guessing attacks
encrypted passwords (privileged user) Shadow password file user IDs
hashed passwords Faculty of Information Technology vulnerabilities
OS permissions users password Backup password network traffic Page
12
- 13. Password password password run password cracker password
password password Faculty of Information Technology password
password Page 13
- 14. Password Proactive password : 8 1 Proactive Password
Checker http://www.openwall.com/passwdqc/ Password cracker
dictionary password Bloom filter hash function password Faculty of
Information Technology Page 14
- 15. Token Authentication (embossed card) (magnetic stripe card)
memory card smartcard Faculty of Information Technology Page
15
- 16. Card Token C Type ard D efiningF re eatu E ple xam E bos ed
m s A TM M netics ag tripe pre-paid M ory em pro es o c sr S art m
- (E tric c ntac lec al o t) C ntac s o tles B m IDc io etric ard
(R antenna) adio C ntac o t Faculty of Information Technology Page
16
- 17. Memory Cards security code (electronic memory) , ATM
password PIN memory cards : token Faculty of Information Technology
Page 17
- 18. Smart Tokens 3 : (Physical characteristics): Smart tokens
microprocessor Smart card = smart token card Smart token
(Interface): Manual interface keypad display card Electronic
interface reader/writer Faculty of Information Technology Page
18
- 19. Smart Tokens (Authentication protocol): smart token Static:
authenticate token; token authenticate Dynamic password generator:
Token password . Password authentication electronically token Token
synchronized password token. Faculty of Information Technology Page
19
- 20. Smart Tokens (Authentication protocol): smart token
Challenge-response: challenge Smart token response challenge (
symmetric key asymmetric key) Faculty of Information Technology
Page 20
- 21. Smart Card Smart card electronic interface Smart card
microprocessor : Processor, memory, I/O ports. co-processing
cryptographic encoding/decoding digital signature Card I/O ports
reader (electrical contacts) card reader Faculty of Information
Technology Page 21
- 22. Smart Card Dimensions ISO 7816-2. Faculty of Information
Technology Page 22
- 23. Smart Card Smart card memory Read-Only Memory (ROM)
Electrically Erasable Programmable ROM (EEPROM) application data
programs ( protocols ) ( EEPROM ) Random Access Memory (RAM)
Faculty of Information Technology Page 23
- 24. Smart Card Reader Communication Initialization between a
Smart Card and a Reader Faculty of Information Technology Page
24
- 25. Smart Card Communication smart card reader card reader
reader reset clock Card answer to reset (ATR) message ATR card card
read terminal protocol type selection (PTS) command PTS response
Card terminal card Faculty of Information Technology Page 25
- 26. Biometric Authentication authenticate (static dynamic)
facial characteristics fingerprints hand geometry retinal pattern
iris signature voiceprint pattern recognition passwords tokens
Faculty of Information Technology Page 26
- 27. Biometric Authentication Facial Characteristics ():
(relative location) (shape) feature (infrared camera) thermogram
Faculty of Information Technology Page 27
- 28. Biometric Authentication Fingerprints ( ): fingerprint
match feature pattern Hand geometry ( ): feature - Faculty of
Information Technology Page 28
- 29. Biometric Authentication Retinal pattern (): Pattern
Retinal biometric system retinal pattern (visual light) (infrared
light) Iris (): Faculty of Information Technology Page 29
- 30. Biometric Authentication Signature (): match Voice ( ):
Voice pattern Faculty of Information Technology Page 30
- 31. Faculty of Information Technology Page 31
- 32. Biometric System Biometric biometric ( password) password
PIN biometric ( ) features biometric users template Faculty of
Information Technology Page 32
- 33. Biometric System Verification (Identification)
(Verification) PIN biometric sensor feature users template.
authenticate Identification biometric sensor template template
Faculty of Information Technology Page 33
- 34. Biometric Faculty of Information Technology Page 34
- 35. Biometric false match rate false non match rate. threshold
false match rate false non-match rate High-security app false match
rate Forensic application false non-match rate Faculty of
Information Technology Page 35
- 36. Biometric Measurement Faculty of Information Technology
Page 36
- 37. Remote User Authentication Authentication network, the
Internet, communications link : (Eavesdropping) password Replay
authentication challenge-response protocol Faculty of Information
Technology Page 37
- 38. Password Protocol identity remote host Host random number (
nonce) r, hash function, h() f() response challenge, {r, h(), f()}
hash password Puser, rreturn f() f(rreturn, h(Puser)) Host hash
password Authentication Password h(Puser @server) Kerberos random
number Host f(r, h(Puser @server)) attacker f(r, h(P )) = f(r , h(P
)), user @server return user authenticate Faculty of Information
Technology Page 38
- 39. Token Protocol identity remote host Host nonce r, h() f()
challenge, {r, h(), f()} password P activate passcode W token
f(rreturn, h(W)). token static passcode random passcode Password
token remote host Faculty of Information Technology Static
passcode: Host h(Wuser @server) f(r, h(Wuser @server)) f(rreturn,
h(W)). Dynamic passcode: Host one-time passcode (synchronized
token) f(r, h(Wone-time @server)) f(rreturn, h(W)). Page 39
- 40. Static Biometric Protocol identity remote host Host nonce
r, encryption function E(). Client biometric D Biometric B
biometric template BT E(rreturn,D, BT) Host decrypts message
rreturn ,D BT Host authenticate device ID D biometric match
(Matching score) BT BT threshold Faculty of Information Technology
Page 40
- 41. Dynamic Biometric Protocol Sequence challenge x , Static
Biometric Host random sequence random number challenge Faculty of
Information Technology , x, x sequence biometric signal BS(x)
biometric B encryption E(rreturn, BS(x)). Host decrypts BS(x)
BS(x), x BT() Page 41