1PalGov © 2011

أكاديمية الحكومة اإللكترونية الفلسطينية

The Palestinian eGovernment Academy

www.egovacademy.ps

Security Tutorial

Session 3

2PalGov © 2011

About

This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the

Commission of the European Communities, grant agreement 511159-TEMPUS-1-

2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps

University of Trento, Italy

University of Namur, Belgium

Vrije Universiteit Brussel, Belgium

TrueTrust, UK

Birzeit University, Palestine

(Coordinator )

Palestine Polytechnic University, Palestine

Palestine Technical University, PalestineUniversité de Savoie, France

Ministry of Local Government, Palestine

Ministry of Telecom and IT, Palestine

Ministry of Interior, Palestine

Project Consortium:

Coordinator:

Dr. Mustafa Jarrar

Birzeit University, P.O.Box 14- Birzeit, Palestine

Telfax:+972 2 2982935 mjarrar@birzeit.edu

3PalGov © 2011

© Copyright Notes

Everyone is encouraged to use this material, or part of it, but should properly

cite the project (logo and website), and the author of that part.

No part of this tutorial may be reproduced or modified in any form or by any

means, without prior written permission from the project, who have the full

copyrights on the material.

Attribution-NonCommercial-ShareAlike

CC-BY-NC-SA

This license lets others remix, tweak, and build upon your work non-

commercially, as long as they credit you and license their new creations

under the identical terms.

4PalGov © 2011

Tutorial 5:

Information Security

Session 3: Authentication

Session 3 Outline:

• Session 3 ILO’s.

• Authentication (symmetric and

asymmetric)

• One time password)

• Introduction to LDAP

5PalGov © 2011

Tutorial 5:

Session 3: Authentication

This session will contribute to the following

Tutorial 5 ILOs:• A: Knowledge and Understanding

• a2: Define security standards and policies.

• B: Intellectual Skills• b3: Design end-to-end secure and available systems.

• b5: Design user authentication and authorization services.

• C: General and Transferable Skills• d2: Systems configurations.

• d3: Analysis and identification skills.

6PalGov © 2011

Tutorial 5:

Information Security

Session 3: Authentication

Session 3 Outline:

• Session 3 ILO’s.

• Authentication (Symmetric and

Asymmetric and 1 Time

Password)

• Introduction to LDAP

7PalGov © 2011

Authentication (Symmetric, Asymmetric and OTP)

• Fundamental security block

– Forms basis of access control & user

accountability

• Is the process of verifying an identity.

• Has two steps:

– Identification

– Verification

8PalGov © 2011

Means of User Authentication

• Four means of authenticating user's identity

– Based on something the individual • knows

• possesses

• is (static biometrics)

• does (dynamic biometrics)

– All can provide user authentication (one or multifactor)

9PalGov © 2011

Password Authentication

• Widely used user authentication method

– User provides name/login and password

– System compares password with that saved for

specified login

• Authenticates ID of user logging and

– that the user is authorized to access system

– Determines the user’s privileges

– Is used in discretionary access control

• The password file is a hashed file.

10PalGov © 2011

Password Vulnerabilities

• Password Attacks and Guessing

– Exploiting user mistakes

– Specific account attack

– Offline dictionary attack

– Workstation hijacking

– Multiple password use

– Password guessing against single user

– Monitoring

– Other attacks…

11PalGov © 2011

Countermeasures / Policies and Training

• Password policies

– Length, Character set, Period of use, Frequency of re-use

• Login policies

– Timeout period, Session period, Lockout policy (attempts, period, re-instatement)

• Countermeasures against different vulnerabilities: • Prevent unauthorized access to the password file,

• Intrusion detection measures to identify a compromise,

• Rapid re-issuance of passwords should the password file be compromised;

• Account lockout mechanism.

12PalGov © 2011

Use of Hashed Passwords

13PalGov © 2011

UNIX Implementation

• Original scheme

– 8 character password form 56-bit key

– 12-bit salt used to modify DES encryption into a one-way hash function

– 0 value repeatedly encrypted 25 times

– output translated to 11 character sequence

– The file is called the shadow file.

14PalGov © 2011

Improved Implementations

• Have other, stronger, hash/salt variants

• Many systems now use MD5

– with 48-bit salt

– password length is unlimited

– is hashed with 1000 times inner loop

– produces 128-bit hash

15PalGov © 2011

Password Cracking

• Dictionary attacks

– try each word then obvious variants in large dictionary

against hash in password file

• Rainbow table attacks

– precompute tables of hash values for all salts

– a mammoth table of hash values

– e.g. 1.4GB table cracks 99.9% of alphanumeric Windows

passwords in 13.8 secs

– not feasible if larger salt values used

• The “salt” is useful for remote attackers, but useless if the

attacker can get the shadow file. This is because the salt is not

encrypted.

16PalGov © 2011

Password Choices Policies

• users may pick short passwords– e.g. 3% were 3 chars or less, easily guessed

– system can reject choices that are too short

• users may pick guessable passwords– so crackers use lists of likely passwords

– e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them

– would take about 1 hour on fastest systems to compute all variants, and only need 1 break!

– Recent review by SplashData in 2011 showed two most common passwords on the Internet are:

• password

• 123456

17PalGov © 2011

Token Authentication

• Object user possesses to authenticate,.

– Embossed card (with engraved characters)

– Magnetic stripe card ( like ATM cards)

– Memory card (like phone cards)

– Smartcard (advanced cards)

18PalGov © 2011

Memory Card

• Store but do not process data

• Magnetic stripe card, e.g. bank card

• Electronic memory card

• Used alone for physical access

• Drawbacks of memory cards include:

– user dissatisfaction

– need special reader

– loss of token issues

19PalGov © 2011

Smartcard

• like Credit-card issued by

Banks

• Has own processor, memory,

I/O ports

– wired or wireless access by

reader

– may have crypto co-processor

– ROM, EEPROM, RAM memory

• Executes protocol to

authenticate with

reader/computer

• Also may have USB dongles

20PalGov © 2011

Remote User Authentication

• Very Important for e- gov applications:

– Protects against a number of attacks

– Authentication over network more complex• problems of eavesdropping, replay

– Better to use challenge-response• user sends identity

• host responds with random number

• user computes f(r,h(P)) and sends the result back

• host compares value from user with own computed value, if match user authenticated

21PalGov © 2011

Security Issues with Authentication

• Problems with Client attacks

• Host/Server attacks

• Eavesdropping while communicating

• Replay attacks

• Denial-of-service attacks

22PalGov © 2011

Practical Application (ATM Machines)

• An ATM Machine are programmed with

a Terminal Identification Number (aka

"TID").

• The ATM connects to the ATM

networks.

• After the bank or processing network

approves the transaction the ATM

receives the authorization and

dispenses the cash requested.

23PalGov © 2011

Distributed Systems and Password

Authentication

• How can I gain access to multiple computer systems if password based authentication is used?

Multiple passwords, one for each system

Use same password in each system

Single sign-on application that stores the passwords for each system and has one for itself

Single sign-on where password is stored in just one system and other systems trust this one to perform the authentication properly (e.g. Microsoft Passport, Shibboleth)

24PalGov © 2011

The Multiple Passwords Problem

• I have over 50 passwords to remember, for my Internet accounts such as: google, gmail, birzeit, amazon,

PPU, yahoo, palgov, arab bank etc.

• We are working towards Single Sign On (SSO) schemes for the e-gov applications

25PalGov © 2011

The Mutual Authentication Problem

• How can two people authenticate each other using passwords?

• Its OK if talking to the correct person, since he already knows my password and I know his, but what if it is not the correct person? – Then give the impersonator my password,

– too late to take any action.

• You need “zero knowledge password proof” – One can compare secrets without giving them away.

– Needham-Schroeder and Kerberos are examples of such a scheme.

26PalGov © 2011

Kerberos

ticket = (Username+validity+KeyAS)EncTG Server

27PalGov © 2011

User-AS-TGS Processing

• User sends a request to the Kerberos authentication server

(enclosing its name and a random number). • AS returns to the user the random

number plus a one-off session key to be used for encrypting subsequent messages with the TG server.

28PalGov © 2011

User-AS-TGS Processing

• The random number and session key

are symmetrically encrypted by the

Authentication Server using the user's

hashed password as the secret key. • The user decrypt this message in

order to obtain the session key, and the user can only do this if he/she knows their own password.

29PalGov © 2011

Kerberos Key Server (TGS)

ticket2 = (Username+validity+KeyAB)Enc

KeyApp B

30PalGov © 2011

User-TGS processing

•The AS encrypts the session key into a ticket

using the symmetric key of the TG server,

•The ticket is sent to the user (contains the

name of the user, the validity time of the

ticket and the session key).

•The user passes the ticket to the TG server.

•The TG server can decrypt the ticket, to get

the session key and the user’s name, and

with this can decrypt the user’s message.

31PalGov © 2011

User-TGS processing

•The TG server then generates a new session

key to be used by the user and the application.

• It returns this new session key to the user,

encrypted using the old session key.

•It also give the user a ticket for granting

access to the chosen application, this ticket

containing the name of the user and the new

session key for talking to the application,

encrypted with the secret key of the

application.

32PalGov © 2011

TGS-User-Application processing

• A sends "Key for Application B" to TGS, enciphered using Key AS plus ticket from authentication server containing key AS

• TGS generates Key AB (session key for user and application B)

• TGS sends "Key AB " to A, enciphered using Key AS and a ticket2 for B

• A sends message to B, enciphered using Key AB, plus ticket2

33PalGov © 2011

Kerberos Disadvantages

• Authentication server and TGS are single points of failure.

• Servers and application hosts must be time synchronised

• Not originally scalable. – Users could only login to their own realms

• Kerberos only provides authentication but not authorizations

• Does not prevent attacks– dictionary

34PalGov © 2011

One-time passwords-Hardware

•An increasingly

common

authentication method

is the use of one-time

password cards.

These contain a chip

capable of making

cryptographic

calculations. •challenge response

mechanism

•synchronised clocks.

35PalGov © 2011

Challenge Response OTP

•The user logs into the remote server across the internet (usually

via a firewall), and the server passes the user a challenge, usually

in the form of a numeric string.

•The user responds to the challenge with a one-time password

that is computed from the string by his card (hardware/software)

according to a pre-defined encryption algorithm that is also known

to the remote server.

• One such system (Securenet from digital pathways) relies on the

user having a one-time password card the size of a credit card

that is capable of computing the passwords.

•The card has a digital display, and requires a pin number

/password to be entered before it can be used. Thus it is two

factor authentication, since the user must know the PIN and

possess the card.

36PalGov © 2011

Clock Synchronised OTP

Both the card and the server compute a new password

every 60 seconds, according to a pre-defined encryption

algorithm which uses the date and time, and a shared

secret. (e.g. SecureID from RSA Security),

This eliminates the need for a challenge string.

With the secureid system, the user must transfer a PIN

number plus the computed password, so that if the card

is stolen it cannot be used by anyone else. This

mechanism is two factor authentication, as it is based on

something I possess (the card) and something I know

(the PIN).

Early versions of secureid used to fail as the clocks in

the card and server became out of sync.

37PalGov © 2011

Example: Grid Cards

• A unique OTP card containing a grid of characters

• Select specific characters from card for authentication

• Site can return different characters from user’s card for mutual authentication

• Provides two factor authentication:– something you know (PW)

– something you posses (grid card)

38PalGov © 2011

Mobile Phone Authentication

39PalGov © 2011

Private Key Storage Techniques

• In an encrypted file, protected by a password

• In a smart card, protected by a password or PIN

• What About Mobile Phones (Discussion!!)

40PalGov © 2011

Tutorial 5:

Information Security

Session 3: Authentication

Session 3 Outline:

• Session 3 ILO’s.

• Authentication (Symmetric and

Asymmetric and 1 Time Password)

• Introduction to LDAP

41PalGov © 2011

Introduction to LDAP

• Directory Model

• X.500 Information Model

• LDAP Protocol

• Use of LDAP for Security

42PalGov © 2011

The X.500 Model of the Directory

43PalGov © 2011

Server to Client Referrals

44PalGov © 2011

X.500/LDAP Naming

• Entry has a Distinguished Name

• SEQUENCE of Relative Distinguished

Name

• SET of {Attribute Type, Attribute Value}

comprised of

comprised of

45PalGov © 2011

X.500/LDAP Naming

RDN of Entry X.500 Distinguished

Name of Entry

{null} {null)

{C=GB} {C=GB}

{O=Big PLC}{C=GB,

O=Big PLC}

{O=Sales+

L=Swindon}

{C=GB,O=Big PLC,OU=Sales+L=Swindon}

LDAP

Distinguished

{null)

Name of Entry

{C=GB}

{O=Big PLC,

C=GB}

{OU=Sales+L=Swindon,O=Big PLC,

C=GB}

Example Directory Information Tree

(DIT)

46PalGov © 2011

Relative Distinguished Name (RDN)

• Each LDAP entry is assigned an RDN when

created.

• All children of an entry must have unique

RDNs

• Attribute value(s) forming the RDN are called

the distinguished attribute values

• Entries in different parts of the DIT can have

the same RDNs

47PalGov © 2011

LDAP Protocol

• Connection oriented protocol on top of TCP/IP

• Subset of X.500 Directory Access Protocol

• Two versions - LDAPv2, LDAPv3– LDAPv2 published first – RFC 1777

– LDAPv3 has added referrals and other extensions to LDAPv2 – RFC 2251

– LDAPv2 has ceased to be standardized, but still is used prevalently

• Client issues a request, Server usually gives a response

• Each request elicits one response except Abandon (none), Unbind (none) and Search (multiple)

• Requests can be asynchronous or synchronous

48PalGov © 2011

Basic LDAP Protocol Operations

• Most protocol messages are sent as ASCII

strings

– ModifyDN Request, ModifyDN Response

– Bind Request, Bind Response

– Unbind Request, Abandon Request

– Search Request, Search Response

– Compare Request, Compare Response

– Modify Request, Modify Response

– Add Request, Add Response

– Delete Request, Delete Response

49PalGov © 2011

LDAPv3 Return Result

• Every response contains a Result component

• Result comprises 4 elements• Result Code - an integer signifying success or an error

code

• Matched DN - name of lowest DN matching a request

that has a naming error; or null

• Error Message - human readable error diagnostic

• Referral (optional)

50PalGov © 2011

Using LDAP for Security

• Three main uses:

– To store user’s passwords in their entries for authentication. The login server contacts LDAP with a Compare operation asking if this entry contains this password. If true it lets the user login

– To store user’s attributes that can be used for authorisation

– To store Public Key Certificates and Attribute Certificates for strong security

51PalGov © 2011

Public key certificates and CRLs

• Certificates can be held within X.500/LDAP directory entries as attributes of type

– userCertificate - holds a user’s certificates

– cACertificate - holds a CA’s self issued certificates

– crossCertificatePair - holds CA cross certificates

• CRLs can be held within X.500/LDAP directory entries as attributes of type

– certificateRevocationList - for user certificates

– authorityRevocationList - for CA certificates

– deltaRevocationList - for delta CRLs

52PalGov © 2011

Bibliography

• Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5.

• Cryptography and Network Security, by Behrouz A. Forouzan. Mcgraw-Hill, ©2008. ISBN: 978-007-126361-0.

• Lecture Notes by David Chadwick 2011, True-Trust Ltd.

• (ebook) Wiley - Internet Security-Cryptographic Principles, Algorithms and Protocols, 2003 (Man Young Rhee)

53PalGov © 2011

Summary

• In this session we discussed the

following:

– introduced user authentication

• using passwords

• using tokens

• using biometrics

– remote user authentication issues

• LDAP protocols and standards

54PalGov © 2011

Thanks

Radwan Tahboub