Computer%20Security%20Protection%20in%20general%20purpose%20Operating%20Systems

1
Computer SecurityProtection in general purpose
Operating Systems
2
Entity Authentication

• Entity Authentication is the process of verifying
  a
• claimed identity
• It is based on
• something the entity knows
• something the entity holds
• something the entity is
• something the entity does
• where the entity is

3
Something the entity knows

• The user has to know some secret, such as a
• password or a personal identification number
  (PIN).
• Threats
• Anybody who knows your secret is you!

4
Something the entity holds

• The user has to present a physical token (such
  as key,
• an identity tag, a card) to be authenticated.
• Threats
• The token can be lost or stolen!

5
Something the entity is

• Use biometrics, such as fingerprints, palm
  prints, iris
• patterns, or retina patterns.
• With biometrics a stored pattern is compared to
  an actual
• taken measurement.
• Problems
• False positives (accepting the wrong entity) and
  false
• negatives!
• Many users find biometrics unacceptable.
• Gruesome threats of the kind used in some
  Hollywood thrillers!

6
Something the entity does

• People perform some mechanical tasks in a way
  that is both
• repeatable and specific to the individual.
• Examples
• hand written signatures
• on a writing pad
• the writing speed/pressure of a hand written
  signature
• on the keyboard
• the typing speed and intervals between strokes
• Problems
• False positives (accepting the wrong entity) and
  false negatives!

7
Where the entity is

• The system may take into account the location of
  the login.
• For example, access may only be granted from
  certain terminals.
• With mobile and distributed computing the precise
  
• geographical location can be established during
• authentication by using the services of a global
• positioning system (GPS).

8
Usernames Passwords

• The most common authentication mechanism.
• Although password protection seems to offer
  relatively good
• security, human practice degrades its quality.
• Attacks on passwords
• Exhaustive search
• Try many probable passwords
• Try likely passwords for the user
• Search for the system list of passwords.
• Ask the user!

9
Exhaustive search attacks

• If passwords are words consisting of the 26
  characters A-Z
• and have length 8, then we are altogether 268
  passwords.
• This is roughly 21011, which seems enough
  intractable.
• It would take of the order of about 6 years to
  test all passwords
• at the rate of 1 millisecond per password.
• If we were to speed up the search to one
  microsecond per
• password, this would come down to approximately 2
  days.

10
Probable passwords

• People prefer simple passwords.
• Our earlier analysis assumes that people choose
• passwords such as vxlagrst.
• Whereas in reality they tend to use names and
  words
• they can remember.
• Spelling checkers carry dictionaries of the most
  common English
• words. The typical size of such a dictionary is
  80,000 words.
• This reduces the search to seconds

11
Passwords likely for a user

• People prefer words which are related to them,
  such
• as the name of a spouse, a child, a relative, a
  pet,
• a street name or something memorable or familiar.
• Some people pick a simple password and replace
• certain characters such as
• 0 (zero) by O,
• 1 for letter L,
• 3 for letter E, etc

12
Passwords defenses

• Password checkers check password against a
• dictionary of weak passwords.
• Password generators users are not allowed to
• pick their own passwords.
• Password ageing an expiry date is set for
  passwords.
• Limit login attacks.
• Inform user after a successful login of the last
• login and the number of failed logins
  since then.

13
Spoofing attacks

• An entity enters a password and the system
  verifies the
• entities identity.
• Does that entity know who has received the
  password?
• A spoofing attack is an attack in which
• one person or a program successfully masquerades
  as another by falsifying data and thereby gaining
  illegitimate advantage (e.g., access to a users
  password)

14
Spoofing attacks

• Defenses
• Display number of failed attempts
• Use trusted paths
• (with Windows NT,
• CTRLALTDEL
• invokes the OS login screen)
• Mutual authentication the system could be
  required to identify itself

15
Protecting the password file

• To validate passwords the system compares the
  password
• entered against a value stored in the password
  file.
• Defenses
• cryptographic protection (e.g. use a one-way
  hash function f instead of listing passwords x,
  list their values f(x)
• beware of dictionary attacks!)
• access control enforced by the OS (e.g. restrict
  access to files and other resources to users
  holding the appropriate privileges)
• combine both

16
Cryptographic protection

• Use one-way hash function f
• Instead of storing the password x in the password
  list,
• the hash is stored.
• The password list is organized as a two column
  table
• of user IDs (usernames) and the corresponding
  hashed
• values
• When the user logs in and enters the password x
  is it is
• hashed (locally) into f (x). This value is then
  compared
• with the stored value.

17
Cryptographic protection

• The one-way hash function f
• crypt(3) for Unix systems
• This uses a slightly modified version of the
  encryption
• scheme DES with 25 rounds (instead of the 16
  rounds)
• This encrypts the all zero block using the
  password x as
• a key.
• The encryption f (x) of the zero block is the
  hash value.

18
Cryptographic protection

• Access control mechanisms in the OS
• These restrict access to files and other
  resources to users
• holding the appropriate privileges.
• Only privileged users can have write access to
  the password file
• otherwise an attacker could access data of other
  users by
• changing their password file.
• If read access is restricted to privileged users
  then passwords
• should be secure, in theory.
• In practice an attacker can still use a
  dictionary attack.

19
Cryptographic protection

• Access control mechanisms in the OS
• Dictionary attacks can be prevented by using
  password
• salting.
• With salting, additional information (the salt)
  is appended
• to the password x before it is hashed to get
  f(x).
• This implies that even if two users have the same
• password their salted hashes will be different.

20
Multiple passwords

• For additional password protection several
  passwords
• may used.
• For example, use
• the first password for workstation
• the second password to get onto the network
• the third password to access the server
• the fourth to access the database management
• system
• etc

21
Passwords Single sign-on

• Remembering many passwords is rather
  inconvenient.
• A single sign-on service solves this problem. You
  enter
• your password once, the system stores it, and
  then uses
• it whenever you have to authenticate yourself
  again.
• However this raises new security concerns.
• How do you protect the stored password?
• (the password needs to be in cleartext)