Authentication

1
Authentication
CS 99j

• John C. Mitchell
• Stanford University

2
Computer security

• Computer security is concerned with the
  detection and prevention of unauthorized actions
  by users of a computer system.

3
Authentication

• Verify identity
• Only allow authorized access
• Message authentication (different concept)
• Confirm source and integrity of message
• Message received is the same as message sent

4
Fundamental limitation

• I am talking to Joe

• I am talking to someone who has Joes
• Password
• Private key
• Thumbprint

5
Outline

• Password authentication
• Unix password scheme
• Dictionary attack
• Challenge-response mechanisms
• Authentication protocols
• Protocol analysis methods

6
Password authentication

• Basic idea
• User has a secret password
• System checks password to authenticate user
• Issues
• How is password stored?
• How does system check password?
• How easy is it to guess a password?

7
Basic password scheme

• Password file

User
kiwifruit
exrygbzyf kgnosfix ggjoklbsz
hash function
8
Basic password scheme

• Hash function h strings ? strings
• Given h(password), hard to find password
• No known algorithm better than trial and error
• User password stored as h(password)
• When user enters password
• System computes h(password)
• Compares with entry in password file
• No passwords stored on disk

9
Unix password system

• Hash function is 25xDES
• Number 25 was meant to make search slow
• Password file is publicly readable
• Other information in password file
• Any user can try dictionary attack
• User looks at password file
• Computes hash(word) for every word in dictionary
• Salt makes dictionary attack harder
• Otherwise, compare hash(word) to all passwords

10
Salt Belgers

• Password line
• accountcrypted-passwduidgiduser-namehomedirs
  hell
• waltfURfuu4.4hY0U129129Belgers/home/walt/bin
  /csh
• Checking with salt

11
Another password vulnerability

• void check_passwd(char name, passwd)
• char buffer12
• char buffer22
• / place password for name in buffer 1 /
• strcpy(buffer2,passwd)
• if (buffer11buffer21
• buffer11buffer21)
• / allow login /
• else / disallow login /

12
Extra Reading

• Find Phrack archives
• .oO Phrack 49 Oo.
• Volume Seven, Issue Forty-Nine
• Look for this article
• XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
• Smashing The Stack For Fun And Profit
  
• XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
• by Aleph One
• aleph1_at_underground.org

13
Challenge-response

• Challenge

Secret key
User
string
f(key,string)
Response
14
Challenge-response authentication

• Challenge
• System presents user with some string
• Response
• User computes f(key,string)
• Authentication
• Check property of f(key,string)
• Secret data can stay secret no password is sent
• What kind of
  function will work?

15
Authentication protocols

• Many protocols to confirm identity
• Clark-Jacob survey of 50 protocols
• Common use
• Client and server confirm identity and agree on
  secret encryption key

16
Network connection

• TCP syncronize/acknowledgement

Client
Server
SYN
SYN-ACK
ACK
sequence numbers omitted ...
17
Needham-Schroeder Key Exchange

• A, Na Kb
• Na, Nb Ka
• Nb Kb

A
B
Result A and B share two private numbers not
known to any observer without Ka-1, Kb -1
18
Anomaly in Needham-Schroeder
Lowe
A, Na
Ke
A
E
Na, Nb
Ka
Nb
Ke
A, Na
Na, Nb
Evil agent E tricks honest A into
revealing private key Nb from B.
Kb
Ka
B
Evil E can then fool B.
19
Repaired Needham-Schroeder Protocol

• A, Na Kb
• Na, B, Nb Ka
• Nb Kb

A
B
Result A and B share two private numbers not
known to any observer without Ka-1, Kb -1
20
How do we know this is correct?

• Think a lot
• Ask smart people
• Systematic methods
• Protocol logics
• BAN, GNY, SvO,
• Model checking
• Exhaustive testing of finite systems
• Mathematical proof
• Prove an abstract form of protocol is correct
• Even with simplifications, requires computer
  assistance

21
Explicit Intruder Method
Informal Protocol Description
Intruder Model
Formal Protocol
Analysis Tool
Gee whiz. Looks OK to me.