第三讲用户认证1.ppt

第三讲 用户认证 User Authentication,User Authentication,fundamental security building blockbasis of access control&user accountabilityis the process of verifying an identity claimed by or for a system entityhas two steps:identification-specify identifierverification-bind entity(person)and identifierdistinct from message authentication,（RFC 2828）验证系统实体声称的身份的过程,Means of User Authentication,four means of authenticating users identitybased one something the individual knows-e.g.password,PINpossesses-e.g.key,token,smartcardis(static biometrics)-e.g.fingerprint,retinadoes(dynamic biometrics)-e.g.voice,sign can use alone or combinedall can provide user authenticationall have issues,Password Authentication,widely used user authentication methoduser provides name/login and passwordsystem compares password with that saved for specified loginauthenticates ID of user logging andthat the user is authorized to access systemdetermines the users privilegesis used in discretionary access control(自主访问控制),Password Vulnerabilities,offline dictionary attackspecific account attackpopular password attackpassword guessing against single userworkstation hijackingexploiting user mistakesexploiting multiple password useelectronic monitoring,Countermeasures,stop unauthorized access to password fileintrusion detection measuresaccount lockout mechanismspolicies against using common passwords but rather hard to guess passwordstraining&enforcement of policiesautomatic workstation logoutencrypted network links,Use of Hashed Passwords,盐值：与分配用户口令的时间相关；伪随机数或随机数 使用盐值的目的：防止重复的口令在口令文件中可见增加离线字典攻击难度使得攻击者不可能发现用户是否在多个系统中使用了相同的口令,加载新口令,验证口令,UNIX Implementation,original scheme8 character password form 56-bit key12-bit salt used to modify DES encryption into a one-way hash function0 value repeatedly encrypted 25 timesoutput translated to 11 character sequencenow regarded as woefully insecuree.g.supercomputer,50 million tests,80 minsometimes still used for compatibility,Improved Implementations,have other,stronger,hash/salt variantsmany systems now use MD5with 48-bit saltpassword length is unlimitedis hashed with 1000 times inner loopproduces 128-bit hashOpenBSD uses Blowfish block cipher based hash algorithm called Bcryptuses 128-bit salt to create 192-bit hash value,Password Cracking（口令破解）,dictionary attackstry each word then obvious variants in large dictionary against hash in password filerainbow table attacksprecompute tables of hash values for all saltsa mammoth table of hash values e.g.1.4GB table cracks 99.9%of alphanumeric Windows passwords in 13.8 secsnot feasible if larger salt values used,Password Choices,users may pick short passwordse.g.3%were 3 chars or less,easily guessedsystem can reject choices that are too shortusers may pick guessable passwordsso crackers use lists of likely passwordse.g.one study of 14000 encrypted passwords guessed nearly 1/4 of themwould take about 1 hour on fastest systems to compute all variants,and only need 1 break!,口令破解使用的策略,尝试名字、姓名缩写、帐户名、其他个人信息，对每个用户尝试130中不同的组合尝试不同字典中出现的词汇 将词汇进行排列来尝试破解，包括第一字母大写或添加控制符，所有字符都大写、反写单词、把字母“O”变成“0”等，这些排列增加100万个词汇对前两部未考虑的词汇，尝试尝试各种大写置换，将为口令词汇列表增加约200万个词汇这种约300万个词汇的枚举搜索，用最快速的思维机方案，并用所有可能的盐值加密所有的词汇，破解时间不超过1小时,对包含13797个账户样本集进行的口令破解,Password File Access Control,can block offline guessing attacks by denying access to encrypted passwordsmake available only to privileged usersoften using a separate shadow password file（影子口令文件：散列后的口令保存在于用户ID分离的单独文件中）still have vulnerabilitiesexploit O/S bug（操作系统软件漏洞）accident with permissions making it readableusers with same password on other systemsaccess from unprotected backup mediasniff passwords in unprotected network traffic,Using Better Passwords,clearly have problems with passwordsgoal to eliminate guessable passwordswhilst still easy for user to remembertechniques:user education computer-generated passwords reactive password checking 后验口令检查proactive password checking 先验口令检查,开源软件：Jack the Ripper口令破解器,Proactive Password Checking,rule enforcement plus user advice,e.g.8+chars,upper/lower/numeric/punctuation（大写/小写/数字/标点）开源软件：pam_passwdqcmay not suffice password cracker(构造不可行口令字典)time and space issues（普度大学 30M）Markov Modelgenerates guessable passwordshence reject any password it might generateBloom Filteruse to build table based on dictionary using hashescheck desired password against this table,马尔可夫模型的例子,验证口令能不能由马尔可夫模型产生。研究验证了二阶模型的良好效果,Token Authentication,object user possesses to authenticate,e.g.embossed card（凹凸卡-老式信用卡）magnetic stripe card（磁卡银行卡）memory card（存储卡-预付电话卡）Smartcard（智能卡生物特征ID卡）,Memory Card,store but do not process datamagnetic stripe card,e.g.bank cardelectronic memory cardused alone for physical accesswith password/PIN for computer usedrawbacks of memory cards include:need special readerloss of token issuesuser dissatisfaction,旅馆房间门禁，银行卡,Smartcard,credit-card like has own processor,memory,I/O portswired or wireless access by readermay have crypto co-processorROM,EEPROM,RAM memoryexecutes protocol to authenticate with reader/computeralso have USB dongles 小巧而便宜的闪存设备,计算机的用户认证 最重要的是智能卡。只读存储器（ROM）：存储不变的数据（序列号，持卡人姓名）电可擦写可编程存储器（EEPROM）：存储应用程序和数据（协议，随时间改变的数据）随机存取存储器（RAM）：保存应用程序执行时产生的临时数据,智能卡与读卡器的通信初始化过程,Reset复位信号，对参数初始化ATR复位应答，定义智能卡的参数、协议、执行功能PTS协议类型选择，确定使用的协议和参数,Biometric Authentication,authenticate user based on one of their physical characteristics,Operation of a Biometric System,识别过程,验证过程,Biometric Accuracy,never get identical templatesproblems of false match/false non-match,与预先存储的用户模板比较阈值的设定误判漏判,Biometric Accuracy,can plot characteristic curvepick threshold balancing error rates,Remote User Authentication,authentication over network more complexproblems of eavesdropping,replaygenerally use challenge-responseuser sends identityhost responds with random numberuser computes f(r,h(P)and sends backhost compares value from user with own computed value,if match user authenticatedprotects against a number of attacks,用于远程用户认证基本质询-响应协议,Authentication Security Issues,client attackshost attackseavesdroppingreplaytrojan horsedenial-of-service,Practical Application,Case Study:ATM Security,交易过程用户在ATM插入卡，输入PINATM终端对PIN进行加密并传输到处理商作为请求的一部分处理商更新客户账户信息并发送回应信息21世纪初，ATM终端使用windows系统替换原IBM OS/2,三重DES对PIN加密。但ATM发送的其他数据是明文的（卡号、有效期、账户余额、提取金额）短期解决方案：严格防火墙或物理分割，将ATM流量单独分离，在ATM流量经过的路由器进行网络层加密长期方案：更换应用软件，所有客户信息加密，设备间相互认证，质询-响应协议,Summary,introduced user authenticationusing passwordsusing tokensusing biometricsremote user authentication issuesexample application and case study,问题讨论,在Linux系统的口令方案中引入盐值大大增加了口令猜测的难度（难度是原来的4096倍）。但是盐值以明文的形式和经过加密的口令一起存放在口令文件中，攻击者无需猜测就可以得到盐值和加密的口令。那么，为什么可以断言使用盐值能够提高口令的安全性？,