CIT 480: Securing Computer Systems

Authentication

Topics

1. Digital Identity and Groups 2. Authentication 3. Formal Definition 4. Authentication Types 5. Tokens 6. Biometrics 7. UNIX Authentication

Digital Identity A digital identity is data that uniquely describes a subject, which may be a person, process, or machine.

Personal Identities – Username – User ID – E-mail address

Machine Identities – Inventory number – IP address – SSL certificate

Groups and Roles

Definitions – A group is a set of users. – A role is a set of users with a common task. – In practice, little difference on most systems.

Purpose – Groups simplify access control by reducing the

number of subjects.

Authentication Authentication is the act of verifying than an entity is who or what they claim they are.

Authentication can be based on 1. What the entity knows (e.g., passwords) 2. What the entity has (e.g., access card) 3. What the entity is (e.g., fingerprints)

Or a combination of two or more of 1..3, which is known as Multi Factor Authentication (MFA).

Importance of Authentication

Access Control – Most systems base access rights on identity of

principal executing the process.

Accountability – Logging and auditing functions. – Need to track identity across account/role

changes (e.g., su, sudo).

Authentication System A: set of authentication information

– information used by entities to prove identity C: set of complementary information

– information stored by system to validate A F: set of complementation functions f : A → C

– generate C from A L: set of authentication functions l: A × C→{T,F}

– verify identity S: set of selection functions

– enable entity to create or alter A or C

What You Know (Passwords)

Example: Authenticate with 8-character alphanumeric password. System compares against stored MD5 hash.

A = [A-Za-z0-9]{8} C = 22-char Base64 strings F = { MD5 } L = { MD5(A)==C }

What You Have (Tokens) • Disconnected tokens • Connected tokens • Wireless • Smart cards

RFID used for toll collection

Online banking Digipass

Token Information Types • Static Password Token: contain a physically

hidden password that is transmitted for each authentication. Example: car keys.

• Synchronous Dynamic Token: Password changes every N seconds. Time synchronized with server.

• Asynchronous Dynamic Token: One-time password generated algorithmically.

• Challenge-Response Token: Server sends random challenge to token; device computes response with a cryptographic algorithm.

RFID Radio Frequency Identification Types of Tags

– Passive: use power from reader signal – Active: internal power source

Applications – Product tracking (EPC barcode replacement) – Transportation payment – Automotive (embedded in car keys) – Passports – Human implants

EPC RFID Tag

What You Are (Biometrics)

Identification by human characteristics: 1. Physiological 2. Behavioral

A biometric characteristic should be: 1. universal: everyone should have it 2. unique: no two people should share it 3. permanent: it should not change with time 4. quantifiable: it must be practically measurable

Biometric System Example: User authenticates with fingerprint. System compares to stored fingerprint template. A = { user fingerprints } C = { digital fingerprint templates } F = { scanner + analog->digital } L = { tunable similarity function }

How Biometrics Work

Types of Biometrics

Fingerprints

Capacitive measurement, using differences in electrical charges of whorls on finger to detect those parts touching chip and those raised.

Eye Biometrics Iris Scan

– Lowest false accept/reject rates of any biometric.

– Person must hold head still and look into camera.

Retinal Scan – Cataracts and pregnancy

change retina pattern. – Lower false accept/reject

rates than fingerprints. – Intrusive and slow.

Measurement Outcomes

Actual Identity

Valid User Adversary

Biom

etric

M

easu

rem

ent

Valid

Use

r

True Positive False Negative

Adve

rsar

y

False Positive True Negative

False Positive/Negative Tradeoff

Sensitivity

Erro

rs

False Negative Rate

False Positive Rate

Biometrics can be compromised. Unique identifiers, not secrets.

– You can change a password. – You can’t change your iris scan.

Examples: – You leave your fingerprints every place. – It’s easy to take a picture of your face.

Other compromises. – Use faux ATM-style devices to collect biometrics. – Obtain all biometric templates from server.

UNIX Authentication

UNIX identifies user with a UID – Username is for humans, UID for computers. – 15-bit to 32-bit unsigned integer. – UID=0 is the superuser, root.

Identity and authentication data stored in – /etc/passwd – /etc/shadow – /etc/group

/etc/{passwd,shadow}

/etc/passwd – Username – UID – Default GID – GCOS – Home directory – Login shell

/etc/shadow – Username – Encrypted password – Date of last pw change. – Days ‘til change allowed. – Days `til change required. – Expiration warning time. – Expiration date.

Central file(s) describing UNIX user accounts.

student:x:1000:1000:Example User,1212:/home/student:/bin/bash student:$1$w/UuKtLF$otSSvXtSN/xJzUOGFElNz0:13226:0:99999:7:::

Groups and GIDs

GIDs are 32-bit non-negative integers. Each user has a default GID.

– File group ownership set to default GID. – Temporarily change default GID: newgrp.

Groups are described in /etc/group – Users may belong to multiple groups. – Format: group name, pw, GID, user list. – wheel:x:10:root,waldenj,bergs

Superuser Powers

Superuser can • Read any file. • Modify any file. • Add / remove users. • Become any user. • Kill any process. • Reprioritize processes. • Configure network. • Set date/time. • Shutdown / reboot.

Superuser can’t • Change read-only

filesystem. • Decrypt hashed

passwords. • Modify NFS-mounted

filesystems. • Read or modify SELinux

protected files.

Switching Users with su > id uid=102(wj) gid=102(wj) groups=102(wj) > su Password: # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm) # su john john$ id uid=1995(john) gid=1995(john) groups=1995(john) john$ exit # exit > id uid=102(wj) gid=102(wj) groups=102(wj)

Real and Effective UIDs

Real UID – The UID matching the username you logged in as.

Effective UID – The UID that is checked for access control. – The su command changes your EUID.

SETUID programs – A SETUID program executes with an EUID of the

owner of the program instead of yours. – /usr/bin/passwd is SUID root. Why?

Key Points 1. Access control and audit are based on identity. 2. Authentication consists of an entity, the user,

attempting to convince another entity, the verifier, of the user’s identity

1. something you know (passwords) 2. something you have (tokens) 3. something you are (biometrics) 4. somewhere you are (location)

3. UNIX authentication • Usernames, UIDs, groups, GIDs • Storage: /etc/{passwd,shadow} and /etc/group • Real and effective UIDs • SETUID mechanism

References 1. Ross Anderson, Security Engineering, 2nd edition, Wiley, 2008. 2. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. 3. DigitalPersona, http://www.digitalpersona.com/company/news/pressKit.php,

2006. 4. Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and

Internet Security, 3rd Edition, O’Reilly, 2003. 5. Ben Mook, “Md. pilot program tracks drivers’ speed, location via cell phones,”

The Daily Record, October 21, 2005, http://www.mddailyrecord.com/pub/5_398_friday/businessnews/172883-1.html

6. Bruce Schneier, “Biometrics: Truths and Fictions,” Cryptogram, http://www.schneier.com/crypto-gram-9808.html#biometrics, 1998.

7. Bruce Schneier, “The Curse of the Secret Question,” http://www.schneier.com/essay-081.html, 2005.

8. Orville Wilson, “Privacy & Identity - Security and Usability: The viability of Passwords & Biometrics,” http://facweb.cs.depaul.edu/research/vc/CIPLIT2004/ppt/Orville_Wilson.ppt, 2004.

http://www.digitalpersona.com/company/news/pressKit.phphttp://www.schneier.com/crypto-gram-9808.html%23biometricshttp://www.schneier.com/essay-081.htmlhttp://facweb.cs.depaul.edu/research/vc/CIPLIT2004/ppt/Orville_Wilson.ppt

Released under CC BY-SA 3.0 This presentation is released under the Creative Commons

Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free:

to Share — to copy and redistribute the material in any medium to Adapt— to remix, build, and transform upon the material to use part or all of this presentation in your own classes

Under the following conditions: Attribution — You must attribute the work to James Walden, but

cannot do so in a way that suggests that he endorses you or your use of these materials.

Share Alike — If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license.

Details and full text of the license can be found at https://creativecommons.org/licenses/by-nc-sa/3.0/

https://creativecommons.org/licenses/by-nc-sa/3.0/

CIT 480: Securing Computer SystemsTopicsDigital IdentityGroups and RolesAuthenticationImportance of AuthenticationAuthentication SystemWhat You Know (Passwords)What You Have (Tokens)Token Information TypesRFIDWhat You Are (Biometrics)Biometric SystemHow Biometrics WorkTypes of BiometricsFingerprintsEye BiometricsMeasurement OutcomesFalse Positive/Negative TradeoffBiometrics can be compromised.UNIX Authentication/etc/{passwd,shadow}Groups and GIDsSuperuser PowersSwitching Users with suReal and Effective UIDsKey PointsReferencesReleased under CC BY-SA 3.0