cit 480: securing computer systemswaldenj/classes/2016/spring/... · 2019. 8. 25. · groups and...

29
CIT 480: Securing Computer Systems Authentication

Upload: others

Post on 07-Feb-2021

1 views

Category:

Documents


0 download

TRANSCRIPT

  • CIT 480: Securing Computer Systems

    Authentication

  • Topics

    1. Digital Identity and Groups 2. Authentication 3. Formal Definition 4. Authentication Types 5. Tokens 6. Biometrics 7. UNIX Authentication

  • Digital Identity A digital identity is data that uniquely describes a subject, which may be a person, process, or machine.

    Personal Identities – Username – User ID – E-mail address

    Machine Identities – Inventory number – IP address – SSL certificate

  • Groups and Roles

    Definitions – A group is a set of users. – A role is a set of users with a common task. – In practice, little difference on most systems.

    Purpose – Groups simplify access control by reducing the

    number of subjects.

  • Authentication Authentication is the act of verifying than an entity is who or what they claim they are.

    Authentication can be based on 1. What the entity knows (e.g., passwords) 2. What the entity has (e.g., access card) 3. What the entity is (e.g., fingerprints)

    Or a combination of two or more of 1..3, which is known as Multi Factor Authentication (MFA).

  • Importance of Authentication

    Access Control – Most systems base access rights on identity of

    principal executing the process.

    Accountability – Logging and auditing functions. – Need to track identity across account/role

    changes (e.g., su, sudo).

  • Authentication System A: set of authentication information

    – information used by entities to prove identity C: set of complementary information

    – information stored by system to validate A F: set of complementation functions f : A → C

    – generate C from A L: set of authentication functions l: A × C→{T,F}

    – verify identity S: set of selection functions

    – enable entity to create or alter A or C

  • What You Know (Passwords)

    Example: Authenticate with 8-character alphanumeric password. System compares against stored MD5 hash.

    A = [A-Za-z0-9]{8} C = 22-char Base64 strings F = { MD5 } L = { MD5(A)==C }

  • What You Have (Tokens) • Disconnected tokens • Connected tokens • Wireless • Smart cards

    RFID used for toll collection

    Online banking Digipass

  • Token Information Types • Static Password Token: contain a physically

    hidden password that is transmitted for each authentication. Example: car keys.

    • Synchronous Dynamic Token: Password changes every N seconds. Time synchronized with server.

    • Asynchronous Dynamic Token: One-time password generated algorithmically.

    • Challenge-Response Token: Server sends random challenge to token; device computes response with a cryptographic algorithm.

  • RFID Radio Frequency Identification Types of Tags

    – Passive: use power from reader signal – Active: internal power source

    Applications – Product tracking (EPC barcode replacement) – Transportation payment – Automotive (embedded in car keys) – Passports – Human implants

    EPC RFID Tag

  • What You Are (Biometrics)

    Identification by human characteristics: 1. Physiological 2. Behavioral

    A biometric characteristic should be: 1. universal: everyone should have it 2. unique: no two people should share it 3. permanent: it should not change with time 4. quantifiable: it must be practically measurable

  • Biometric System Example: User authenticates with fingerprint. System compares to stored fingerprint template. A = { user fingerprints } C = { digital fingerprint templates } F = { scanner + analog->digital } L = { tunable similarity function }

  • How Biometrics Work

  • Types of Biometrics

  • Fingerprints

    Capacitive measurement, using differences in electrical charges of whorls on finger to detect those parts touching chip and those raised.

  • Eye Biometrics Iris Scan

    – Lowest false accept/reject rates of any biometric.

    – Person must hold head still and look into camera.

    Retinal Scan – Cataracts and pregnancy

    change retina pattern. – Lower false accept/reject

    rates than fingerprints. – Intrusive and slow.

  • Measurement Outcomes

    Actual Identity

    Valid User Adversary

    Biom

    etric

    M

    easu

    rem

    ent

    Valid

    Use

    r

    True Positive False Negative

    Adve

    rsar

    y

    False Positive True Negative

  • False Positive/Negative Tradeoff

    Sensitivity

    Erro

    rs

    False Negative Rate

    False Positive Rate

  • Biometrics can be compromised. Unique identifiers, not secrets.

    – You can change a password. – You can’t change your iris scan.

    Examples: – You leave your fingerprints every place. – It’s easy to take a picture of your face.

    Other compromises. – Use faux ATM-style devices to collect biometrics. – Obtain all biometric templates from server.

  • UNIX Authentication

    UNIX identifies user with a UID – Username is for humans, UID for computers. – 15-bit to 32-bit unsigned integer. – UID=0 is the superuser, root.

    Identity and authentication data stored in – /etc/passwd – /etc/shadow – /etc/group

  • /etc/{passwd,shadow}

    /etc/passwd – Username – UID – Default GID – GCOS – Home directory – Login shell

    /etc/shadow – Username – Encrypted password – Date of last pw change. – Days ‘til change allowed. – Days `til change required. – Expiration warning time. – Expiration date.

    Central file(s) describing UNIX user accounts.

    student:x:1000:1000:Example User,1212:/home/student:/bin/bash student:$1$w/UuKtLF$otSSvXtSN/xJzUOGFElNz0:13226:0:99999:7:::

  • Groups and GIDs

    GIDs are 32-bit non-negative integers. Each user has a default GID.

    – File group ownership set to default GID. – Temporarily change default GID: newgrp.

    Groups are described in /etc/group – Users may belong to multiple groups. – Format: group name, pw, GID, user list. – wheel:x:10:root,waldenj,bergs

  • Superuser Powers

    Superuser can • Read any file. • Modify any file. • Add / remove users. • Become any user. • Kill any process. • Reprioritize processes. • Configure network. • Set date/time. • Shutdown / reboot.

    Superuser can’t • Change read-only

    filesystem. • Decrypt hashed

    passwords. • Modify NFS-mounted

    filesystems. • Read or modify SELinux

    protected files.

  • Switching Users with su > id uid=102(wj) gid=102(wj) groups=102(wj) > su Password: # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm) # su john john$ id uid=1995(john) gid=1995(john) groups=1995(john) john$ exit # exit > id uid=102(wj) gid=102(wj) groups=102(wj)

  • Real and Effective UIDs

    Real UID – The UID matching the username you logged in as.

    Effective UID – The UID that is checked for access control. – The su command changes your EUID.

    SETUID programs – A SETUID program executes with an EUID of the

    owner of the program instead of yours. – /usr/bin/passwd is SUID root. Why?

  • Key Points 1. Access control and audit are based on identity. 2. Authentication consists of an entity, the user,

    attempting to convince another entity, the verifier, of the user’s identity

    1. something you know (passwords) 2. something you have (tokens) 3. something you are (biometrics) 4. somewhere you are (location)

    3. UNIX authentication • Usernames, UIDs, groups, GIDs • Storage: /etc/{passwd,shadow} and /etc/group • Real and effective UIDs • SETUID mechanism

  • References 1. Ross Anderson, Security Engineering, 2nd edition, Wiley, 2008. 2. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. 3. DigitalPersona, http://www.digitalpersona.com/company/news/pressKit.php,

    2006. 4. Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and

    Internet Security, 3rd Edition, O’Reilly, 2003. 5. Ben Mook, “Md. pilot program tracks drivers’ speed, location via cell phones,”

    The Daily Record, October 21, 2005, http://www.mddailyrecord.com/pub/5_398_friday/businessnews/172883-1.html

    6. Bruce Schneier, “Biometrics: Truths and Fictions,” Cryptogram, http://www.schneier.com/crypto-gram-9808.html#biometrics, 1998.

    7. Bruce Schneier, “The Curse of the Secret Question,” http://www.schneier.com/essay-081.html, 2005.

    8. Orville Wilson, “Privacy & Identity - Security and Usability: The viability of Passwords & Biometrics,” http://facweb.cs.depaul.edu/research/vc/CIPLIT2004/ppt/Orville_Wilson.ppt, 2004.

    http://www.digitalpersona.com/company/news/pressKit.phphttp://www.schneier.com/crypto-gram-9808.html%23biometricshttp://www.schneier.com/essay-081.htmlhttp://facweb.cs.depaul.edu/research/vc/CIPLIT2004/ppt/Orville_Wilson.ppt

  • Released under CC BY-SA 3.0 This presentation is released under the Creative Commons

    Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free:

    to Share — to copy and redistribute the material in any medium to Adapt— to remix, build, and transform upon the material to use part or all of this presentation in your own classes

    Under the following conditions: Attribution — You must attribute the work to James Walden, but

    cannot do so in a way that suggests that he endorses you or your use of these materials.

    Share Alike — If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license.

    Details and full text of the license can be found at https://creativecommons.org/licenses/by-nc-sa/3.0/

    https://creativecommons.org/licenses/by-nc-sa/3.0/

    CIT 480: Securing Computer SystemsTopicsDigital IdentityGroups and RolesAuthenticationImportance of AuthenticationAuthentication SystemWhat You Know (Passwords)What You Have (Tokens)Token Information TypesRFIDWhat You Are (Biometrics)Biometric SystemHow Biometrics WorkTypes of BiometricsFingerprintsEye BiometricsMeasurement OutcomesFalse Positive/Negative TradeoffBiometrics can be compromised.UNIX Authentication/etc/{passwd,shadow}Groups and GIDsSuperuser PowersSwitching Users with suReal and Effective UIDsKey PointsReferencesReleased under CC BY-SA 3.0