Upload
mustafa-jarrar
View
405
Download
1
Embed Size (px)
Citation preview
1PalGov © 2011
أكاديمية الحكومة اإللكترونية الفلسطينية
The Palestinian eGovernment Academy
www.egovacademy.ps
Security Tutorial
Session 3
2PalGov © 2011
About
This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the
Commission of the European Communities, grant agreement 511159-TEMPUS-1-
2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps
University of Trento, Italy
University of Namur, Belgium
Vrije Universiteit Brussel, Belgium
TrueTrust, UK
Birzeit University, Palestine
(Coordinator )
Palestine Polytechnic University, Palestine
Palestine Technical University, PalestineUniversité de Savoie, France
Ministry of Local Government, Palestine
Ministry of Telecom and IT, Palestine
Ministry of Interior, Palestine
Project Consortium:
Coordinator:
Dr. Mustafa Jarrar
Birzeit University, P.O.Box 14- Birzeit, Palestine
Telfax:+972 2 2982935 [email protected]
3PalGov © 2011
© Copyright Notes
Everyone is encouraged to use this material, or part of it, but should properly
cite the project (logo and website), and the author of that part.
No part of this tutorial may be reproduced or modified in any form or by any
means, without prior written permission from the project, who have the full
copyrights on the material.
Attribution-NonCommercial-ShareAlike
CC-BY-NC-SA
This license lets others remix, tweak, and build upon your work non-
commercially, as long as they credit you and license their new creations
under the identical terms.
4PalGov © 2011
Tutorial 5:
Information Security
Session 3: Authentication
Session 3 Outline:
• Session 3 ILO’s.
• Authentication (symmetric and
asymmetric)
• One time password)
• Introduction to LDAP
5PalGov © 2011
Tutorial 5:
Session 3: Authentication
This session will contribute to the following
Tutorial 5 ILOs:• A: Knowledge and Understanding
• a2: Define security standards and policies.
• B: Intellectual Skills• b3: Design end-to-end secure and available systems.
• b5: Design user authentication and authorization services.
• C: General and Transferable Skills• d2: Systems configurations.
• d3: Analysis and identification skills.
6PalGov © 2011
Tutorial 5:
Information Security
Session 3: Authentication
Session 3 Outline:
• Session 3 ILO’s.
• Authentication (Symmetric and
Asymmetric and 1 Time
Password)
• Introduction to LDAP
7PalGov © 2011
Authentication (Symmetric, Asymmetric and OTP)
• Fundamental security block
– Forms basis of access control & user
accountability
• Is the process of verifying an identity.
• Has two steps:
– Identification
– Verification
8PalGov © 2011
Means of User Authentication
• Four means of authenticating user's identity
– Based on something the individual • knows
• possesses
• is (static biometrics)
• does (dynamic biometrics)
– All can provide user authentication (one or multifactor)
9PalGov © 2011
Password Authentication
• Widely used user authentication method
– User provides name/login and password
– System compares password with that saved for
specified login
• Authenticates ID of user logging and
– that the user is authorized to access system
– Determines the user’s privileges
– Is used in discretionary access control
• The password file is a hashed file.
10PalGov © 2011
Password Vulnerabilities
• Password Attacks and Guessing
– Exploiting user mistakes
– Specific account attack
– Offline dictionary attack
– Workstation hijacking
– Multiple password use
– Password guessing against single user
– Monitoring
– Other attacks…
11PalGov © 2011
Countermeasures / Policies and Training
• Password policies
– Length, Character set, Period of use, Frequency of re-use
• Login policies
– Timeout period, Session period, Lockout policy (attempts, period, re-instatement)
• Countermeasures against different vulnerabilities: • Prevent unauthorized access to the password file,
• Intrusion detection measures to identify a compromise,
• Rapid re-issuance of passwords should the password file be compromised;
• Account lockout mechanism.
12PalGov © 2011
Use of Hashed Passwords
13PalGov © 2011
UNIX Implementation
• Original scheme
– 8 character password form 56-bit key
– 12-bit salt used to modify DES encryption into a one-way hash function
– 0 value repeatedly encrypted 25 times
– output translated to 11 character sequence
– The file is called the shadow file.
14PalGov © 2011
Improved Implementations
• Have other, stronger, hash/salt variants
• Many systems now use MD5
– with 48-bit salt
– password length is unlimited
– is hashed with 1000 times inner loop
– produces 128-bit hash
15PalGov © 2011
Password Cracking
• Dictionary attacks
– try each word then obvious variants in large dictionary
against hash in password file
• Rainbow table attacks
– precompute tables of hash values for all salts
– a mammoth table of hash values
– e.g. 1.4GB table cracks 99.9% of alphanumeric Windows
passwords in 13.8 secs
– not feasible if larger salt values used
• The “salt” is useful for remote attackers, but useless if the
attacker can get the shadow file. This is because the salt is not
encrypted.
16PalGov © 2011
Password Choices Policies
• users may pick short passwords– e.g. 3% were 3 chars or less, easily guessed
– system can reject choices that are too short
• users may pick guessable passwords– so crackers use lists of likely passwords
– e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them
– would take about 1 hour on fastest systems to compute all variants, and only need 1 break!
– Recent review by SplashData in 2011 showed two most common passwords on the Internet are:
• password
• 123456
17PalGov © 2011
Token Authentication
• Object user possesses to authenticate,.
– Embossed card (with engraved characters)
– Magnetic stripe card ( like ATM cards)
– Memory card (like phone cards)
– Smartcard (advanced cards)
18PalGov © 2011
Memory Card
• Store but do not process data
• Magnetic stripe card, e.g. bank card
• Electronic memory card
• Used alone for physical access
• Drawbacks of memory cards include:
– user dissatisfaction
– need special reader
– loss of token issues
19PalGov © 2011
Smartcard
• like Credit-card issued by
Banks
• Has own processor, memory,
I/O ports
– wired or wireless access by
reader
– may have crypto co-processor
– ROM, EEPROM, RAM memory
• Executes protocol to
authenticate with
reader/computer
• Also may have USB dongles
20PalGov © 2011
Remote User Authentication
• Very Important for e- gov applications:
– Protects against a number of attacks
– Authentication over network more complex• problems of eavesdropping, replay
– Better to use challenge-response• user sends identity
• host responds with random number
• user computes f(r,h(P)) and sends the result back
• host compares value from user with own computed value, if match user authenticated
21PalGov © 2011
Security Issues with Authentication
• Problems with Client attacks
• Host/Server attacks
• Eavesdropping while communicating
• Replay attacks
• Denial-of-service attacks
22PalGov © 2011
Practical Application (ATM Machines)
• An ATM Machine are programmed with
a Terminal Identification Number (aka
"TID").
• The ATM connects to the ATM
networks.
• After the bank or processing network
approves the transaction the ATM
receives the authorization and
dispenses the cash requested.
23PalGov © 2011
Distributed Systems and Password
Authentication
• How can I gain access to multiple computer systems if password based authentication is used?
Multiple passwords, one for each system
Use same password in each system
Single sign-on application that stores the passwords for each system and has one for itself
Single sign-on where password is stored in just one system and other systems trust this one to perform the authentication properly (e.g. Microsoft Passport, Shibboleth)
24PalGov © 2011
The Multiple Passwords Problem
• I have over 50 passwords to remember, for my Internet accounts such as: google, gmail, birzeit, amazon,
PPU, yahoo, palgov, arab bank etc.
• We are working towards Single Sign On (SSO) schemes for the e-gov applications
25PalGov © 2011
The Mutual Authentication Problem
• How can two people authenticate each other using passwords?
• Its OK if talking to the correct person, since he already knows my password and I know his, but what if it is not the correct person? – Then give the impersonator my password,
– too late to take any action.
• You need “zero knowledge password proof” – One can compare secrets without giving them away.
– Needham-Schroeder and Kerberos are examples of such a scheme.
26PalGov © 2011
Kerberos
ticket = (Username+validity+KeyAS)EncTG Server
27PalGov © 2011
User-AS-TGS Processing
• User sends a request to the Kerberos authentication server
(enclosing its name and a random number). • AS returns to the user the random
number plus a one-off session key to be used for encrypting subsequent messages with the TG server.
28PalGov © 2011
User-AS-TGS Processing
• The random number and session key
are symmetrically encrypted by the
Authentication Server using the user's
hashed password as the secret key. • The user decrypt this message in
order to obtain the session key, and the user can only do this if he/she knows their own password.
29PalGov © 2011
Kerberos Key Server (TGS)
ticket2 = (Username+validity+KeyAB)Enc
KeyApp B
30PalGov © 2011
User-TGS processing
•The AS encrypts the session key into a ticket
using the symmetric key of the TG server,
•The ticket is sent to the user (contains the
name of the user, the validity time of the
ticket and the session key).
•The user passes the ticket to the TG server.
•The TG server can decrypt the ticket, to get
the session key and the user’s name, and
with this can decrypt the user’s message.
31PalGov © 2011
User-TGS processing
•The TG server then generates a new session
key to be used by the user and the application.
• It returns this new session key to the user,
encrypted using the old session key.
•It also give the user a ticket for granting
access to the chosen application, this ticket
containing the name of the user and the new
session key for talking to the application,
encrypted with the secret key of the
application.
32PalGov © 2011
TGS-User-Application processing
• A sends "Key for Application B" to TGS, enciphered using Key AS plus ticket from authentication server containing key AS
• TGS generates Key AB (session key for user and application B)
• TGS sends "Key AB " to A, enciphered using Key AS and a ticket2 for B
• A sends message to B, enciphered using Key AB, plus ticket2
33PalGov © 2011
Kerberos Disadvantages
• Authentication server and TGS are single points of failure.
• Servers and application hosts must be time synchronised
• Not originally scalable. – Users could only login to their own realms
• Kerberos only provides authentication but not authorizations
• Does not prevent attacks– dictionary
34PalGov © 2011
One-time passwords-Hardware
•An increasingly
common
authentication method
is the use of one-time
password cards.
These contain a chip
capable of making
cryptographic
calculations. •challenge response
mechanism
•synchronised clocks.
35PalGov © 2011
Challenge Response OTP
•The user logs into the remote server across the internet (usually
via a firewall), and the server passes the user a challenge, usually
in the form of a numeric string.
•The user responds to the challenge with a one-time password
that is computed from the string by his card (hardware/software)
according to a pre-defined encryption algorithm that is also known
to the remote server.
• One such system (Securenet from digital pathways) relies on the
user having a one-time password card the size of a credit card
that is capable of computing the passwords.
•The card has a digital display, and requires a pin number
/password to be entered before it can be used. Thus it is two
factor authentication, since the user must know the PIN and
possess the card.
36PalGov © 2011
Clock Synchronised OTP
Both the card and the server compute a new password
every 60 seconds, according to a pre-defined encryption
algorithm which uses the date and time, and a shared
secret. (e.g. SecureID from RSA Security),
This eliminates the need for a challenge string.
With the secureid system, the user must transfer a PIN
number plus the computed password, so that if the card
is stolen it cannot be used by anyone else. This
mechanism is two factor authentication, as it is based on
something I possess (the card) and something I know
(the PIN).
Early versions of secureid used to fail as the clocks in
the card and server became out of sync.
37PalGov © 2011
Example: Grid Cards
• A unique OTP card containing a grid of characters
• Select specific characters from card for authentication
• Site can return different characters from user’s card for mutual authentication
• Provides two factor authentication:– something you know (PW)
– something you posses (grid card)
38PalGov © 2011
Mobile Phone Authentication
39PalGov © 2011
Private Key Storage Techniques
• In an encrypted file, protected by a password
• In a smart card, protected by a password or PIN
• What About Mobile Phones (Discussion!!)
40PalGov © 2011
Tutorial 5:
Information Security
Session 3: Authentication
Session 3 Outline:
• Session 3 ILO’s.
• Authentication (Symmetric and
Asymmetric and 1 Time Password)
• Introduction to LDAP
41PalGov © 2011
Introduction to LDAP
• Directory Model
• X.500 Information Model
• LDAP Protocol
• Use of LDAP for Security
42PalGov © 2011
The X.500 Model of the Directory
43PalGov © 2011
Server to Client Referrals
44PalGov © 2011
X.500/LDAP Naming
• Entry has a Distinguished Name
• SEQUENCE of Relative Distinguished
Name
• SET of {Attribute Type, Attribute Value}
comprised of
comprised of
45PalGov © 2011
X.500/LDAP Naming
RDN of Entry X.500 Distinguished
Name of Entry
{null} {null)
{C=GB} {C=GB}
{O=Big PLC}{C=GB,
O=Big PLC}
{O=Sales+
L=Swindon}
{C=GB,O=Big PLC,OU=Sales+L=Swindon}
LDAP
Distinguished
{null)
Name of Entry
{C=GB}
{O=Big PLC,
C=GB}
{OU=Sales+L=Swindon,O=Big PLC,
C=GB}
Example Directory Information Tree
(DIT)
46PalGov © 2011
Relative Distinguished Name (RDN)
• Each LDAP entry is assigned an RDN when
created.
• All children of an entry must have unique
RDNs
• Attribute value(s) forming the RDN are called
the distinguished attribute values
• Entries in different parts of the DIT can have
the same RDNs
47PalGov © 2011
LDAP Protocol
• Connection oriented protocol on top of TCP/IP
• Subset of X.500 Directory Access Protocol
• Two versions - LDAPv2, LDAPv3– LDAPv2 published first – RFC 1777
– LDAPv3 has added referrals and other extensions to LDAPv2 – RFC 2251
– LDAPv2 has ceased to be standardized, but still is used prevalently
• Client issues a request, Server usually gives a response
• Each request elicits one response except Abandon (none), Unbind (none) and Search (multiple)
• Requests can be asynchronous or synchronous
48PalGov © 2011
Basic LDAP Protocol Operations
• Most protocol messages are sent as ASCII
strings
– ModifyDN Request, ModifyDN Response
– Bind Request, Bind Response
– Unbind Request, Abandon Request
– Search Request, Search Response
– Compare Request, Compare Response
– Modify Request, Modify Response
– Add Request, Add Response
– Delete Request, Delete Response
49PalGov © 2011
LDAPv3 Return Result
• Every response contains a Result component
• Result comprises 4 elements• Result Code - an integer signifying success or an error
code
• Matched DN - name of lowest DN matching a request
that has a naming error; or null
• Error Message - human readable error diagnostic
• Referral (optional)
50PalGov © 2011
Using LDAP for Security
• Three main uses:
– To store user’s passwords in their entries for authentication. The login server contacts LDAP with a Compare operation asking if this entry contains this password. If true it lets the user login
– To store user’s attributes that can be used for authorisation
– To store Public Key Certificates and Attribute Certificates for strong security
51PalGov © 2011
Public key certificates and CRLs
• Certificates can be held within X.500/LDAP directory entries as attributes of type
– userCertificate - holds a user’s certificates
– cACertificate - holds a CA’s self issued certificates
– crossCertificatePair - holds CA cross certificates
• CRLs can be held within X.500/LDAP directory entries as attributes of type
– certificateRevocationList - for user certificates
– authorityRevocationList - for CA certificates
– deltaRevocationList - for delta CRLs
52PalGov © 2011
Bibliography
• Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5.
• Cryptography and Network Security, by Behrouz A. Forouzan. Mcgraw-Hill, ©2008. ISBN: 978-007-126361-0.
• Lecture Notes by David Chadwick 2011, True-Trust Ltd.
• (ebook) Wiley - Internet Security-Cryptographic Principles, Algorithms and Protocols, 2003 (Man Young Rhee)
53PalGov © 2011
Summary
• In this session we discussed the
following:
– introduced user authentication
• using passwords
• using tokens
• using biometrics
– remote user authentication issues
• LDAP protocols and standards
54PalGov © 2011
Thanks
Radwan Tahboub