CSCE 522 Lecture 12 Malicious Code Identification and Authentication - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

CSCE 522 Lecture 12 Malicious Code Identification and Authentication

Description:

John the Ripper password cracker http://www.openwall.com/john/ Brutus the remote password cracker http://www.hoobie.net/brutus ... Password is not stored in the system ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 34
Provided by: far1
Category:

less

Transcript and Presenter's Notes

Title: CSCE 522 Lecture 12 Malicious Code Identification and Authentication


1
CSCE 522Lecture 12Malicious CodeIdentification
and Authentication
2
Reading
  • Reading for this lecture
  • Required
  • Pfleeger Ch. 4 and 5
  • Recommended
  • Securing Digital Identities Information
    http//www.entrust.com/
  • John the Ripper password cracker
    http//www.openwall.com/john/
  • Brutus the remote password cracker
    http//www.hoobie.net/brutus/
  • Smart Card Standards and Interoperability
    http//www.estrategy.gov/smartgov/smart_card.cfm
  • Smart Cards and Biometrics White Paper
    http//www.smartcardalliance.org/about_alliance/Sm
    art_Card_Biometric_paper.cfm
  • Privacy and Secure Identification Systems White
    Paper http//www.smartcardalliance.org/alliance_ac
    tivities/privacy_white_paper.cfm
  • Reading for next lecture
  • Pfleeger Ch. 4 and 5

3
Covert Channel - Trojan Horse
Only John is permitted to access the document
John
Document
Spys Document copy
Spy
4
Covert Channel
  • Need
  • Two active agents
  • Sender (has access to unauthorized information)
    e.g., TH in MS Word
  • Receiver ( reads sent information) e.g.,
    program creating the copy
  • Encoding schema
  • How the information is sent e.g.,
  • File F exists ? 0
  • File F is does not exist ? 1
  • Synchronization e.g., when to check for
    existence of F

5
Storage Covert Channels
  • Based on properties of resources
  • Examples
  • File locks
  • Delete/create file
  • Memory allocation

6
Timing Covert Channel
  • Time is the factor how fast
  • Examples
  • Processing time
  • Transmission time

7
Covert Channel Detection and Removal
  • Identification
  • Shared resources
  • Program code correctness
  • Information flow analysis
  • Removal
  • Total removal may not be possible
  • Reduce bandwidth

8
IdentificationAuthentication
9
Authentication
  • Allows an entity (a user or a system) to prove
    its identity to another entity
  • Typically, the entity whose identity is verified
    reveals knowledge of some secret S to the
    verifier
  • Strong authentication the entity reveals
    knowledge of S to the verifier without revealing
    S to the verifier

10
Authentication Information
  • Must be securely maintained by the
  • system.

11
Elements of Authentication
  • Person/group/code/system to be authenticated
  • Distinguishing characteristic differentiates the
    entities to be authenticated
  • Proprietor/system owner/administrator
    responsible for the system
  • Authentication mechanism verify the
    distinguishing characteristic
  • Access control mechanism grant privileges upon
    successful authentication

12
Authentication Requirements
  • Network must ensure
  • Data exchange is established with addressed peer
    entity not with an entity that masquerades or
    replays previous messages
  • Network must ensure data source is the one
    claimed
  • Authentication generally follows identification
  • Establish validity of claimed identity
  • Provide protection against fraudulent transactions

13
User Authentication
  • What the user knows
  • Password, personal information
  • What the user possesses
  • Physical key, ticket, passport, token, smart card
  • What the user is (biometrics)
  • Fingerprints, voiceprint, signature dynamics

14
Passwords
  • Commonly used method
  • For each user, system stores (user name,
    F(password)), where F is some transformation
    (e.g., one-way hash) in a password file
  • F(password) is easy to compute
  • From F(password), password is difficult to
    compute
  • Password is not stored in the system
  • When user enters the password, system computes
    F(password) match provides proof of identity

15
Vulnerabilities of Passwords
  • Inherent vulnerabilities
  • Easy to guess or snoop
  • No control on sharing
  • Practical vulnerabilities
  • Visible if unencrypted in distributed and network
    environment
  • Susceptible for replay attacks if encrypted
    naively
  • Password advantage
  • Easy to modify compromised password.

16
Weak Passwords
  • Bell Labs study (Morris and Thompson, 1979), 3289
    passwords were examined
  • 15 single ASCII characters, 72 two ASCII
    characters, 464 three ASCII characters, 477 four
    ASCII characters, 706 five letters (all lower
    case or all upper case), 605 six letters, all
    lower case, 492 week passwords (name, dictionary
    words, etc.)
  • Summary 2831 passwords (86 of the sample) were
    weak, i.e., either too easy to predict or too
    short

17
Attacks on Password
  • Guessing attack/dictionary attack
  • Social Engineering
  • Sniffing
  • Trojan login
  • Van Eck sniffing

18
Guessing Attack
  • Exploits human nature to use easy to remember
    passwords
  • Trial-and-error attack
  • Easy to detect (failed logins) and block
  • Need audit mechanism

19
Social Engineering
  • Attacker asks for password by masquerading as
    somebody else (not necessarily an authenticated
    user)
  • May be difficult to detect
  • Protection against social engineering strict
    security policy and users education

20
Dictionary Attacks on Passwords
  • Attack 1
  • Create dictionary of common words and names and
    their simple transformations
  • Use these to guess password
  • Attack 2
  • Usually F is public and so is the password file
    (encrypted)
  • Compute F(word) for each word in dictionary
  • Find match
  • Attack 3
  • Pre-compute dictionary
  • Look up matches

21
Password Salt
  • Used to make dictionary attack more difficult
  • Salt is a 12 bit number between 0 and 4095
  • It is derived from the system clock and the
    process identifier
  • Compute F(passwordsalt) both salt and
    F(passwordsalt) are stored in the password table
  • User gives password, system finds salt and
    computes F(passwordsalt) and check for match
  • Note with salt, the same password is computed in
    4096 ways

22
Password Management Policy
  • Educate users to make better choices
  • Define rules for good password selection and ask
    users to follow them
  • Ask or force users to change their password
    periodically
  • Actively attempt to break users passwords and
    force users to change broken ones
  • Screen password choices

23
One-time Password
  • Use the password exactly once!

24
Lamports scheme
  • Doesnt require any special hardware
  • System computes F(x),F2(x),, F100(x) (this
    allows 100 logins before password change)
  • System stores users name and F100(x)
  • User supplies F99(x) the first time
  • If the login is correct, system replaces F100(x)
    with F99(x)
  • Next login user supplies F98(x) and so on
  • User calculates Fn(x) using a hand-held
    calculator, a workstation, or other devices

25
Time Synchronized
  • There is a hand-held authenticator
  • It contains an internal clock, a secret key, and
    a display
  • Display outputs a function of the current time
    and the key
  • It changes about once per minute
  • User supplies the user id and the display value
  • Host uses the secret key, the function and its
    clock to calculate the expected output
  • Login is valid if the values match

26
Time Synchronized
Secret key
Time
DES
One Time Password
27
Challenge Response
  • Non-repeating challenges from the host is used
  • The device requires a keypad

Network
Work station
Host
User ID
Challenge
Response
28
Challenge Response
Secret key
Challenge
DES
One Time Password
29
Devices with Personal Identification Number (PIN)
  • Devices are subject to theft, some devices
    require PIN (something the user knows)
  • PIN is used by the device to authenticate the
    user
  • Problems with challenge/response schemes
  • Key database is extremely sensitive
  • This can be avoided if public key algorithms are
    used

30
Smart Cards
  • Portable devices with a CPU, I/O ports, and some
    nonvolatile memory
  • Can carry out computation required by public key
    algorithms and transmit directly to the host
  • Some use biometrics data about the user instead
    of the PIN

31
Biometrics
  • Fingerprint
  • Retina scan
  • Voice pattern
  • Signature
  • Typing style

32
Problems with Biometrics
  • Expensive
  • Retina scan (min. cost) about 2,200
  • Voice (min. cost) about 1,500
  • Signature (min. cost) about 1,000
  • False readings
  • Retina scan 1/10,000,000
  • Signature 1/50
  • Fingerprint 1/500
  • Cant be modified when compromised

33
Next Class
  • Access Control
Write a Comment
User Comments (0)
About PowerShow.com