introduction to cybersecurity - systems security: part 1 · introduction to cybersecurity - systems...

Introduction to Cybersecurity- Systems Security: Part 1 -

Director, CISPA – Center for IT Security, Privacy, and AccountabilityChair for IT-security & Cryptography

Prof. Dr. Michael Backes

General Information

Correct formatting (Tutorial group 1, Exercise 1):

[1][Exercise 1]

1Foundations of Cybersecurity 2016

No additional whitespaces! No <>!

New submission mail address to avoid confusion:

[email protected]

- Different prefix than regular mailing list

- Old submission addresses still work

Exercise groups start on Wednesday

mailto:[email protected]

Last Lecture

Organizational matters

Commercialization of cyber attacks

What is cyber security and what has to be protected

- Hardware, software stack, crypto, network

- Software exploits, hardware hacks, side-channels, …

Intro to cryptography

- Ancient ciphers: Caesar, Substitution cipher, Vigenère cipher, Enigma

- Cryptanalysis of ancient ciphers


Part I: System Security

http://dilbert.com/strips/comic/2005-09-12/

Foundations of Cybersecurity 2016 3

The Programmer’s Blues


Heartbleed

Serious vulnerability in the popular OpenSSLcryptographic software library

- Missing bounds check before a memory copy operation that uses non-sanitized user input as the length parameter

- Not a crypto error, but an implementation error!

Allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of OpenSSL

- Private keys

- In-memory decrypted packets received via SSL connection

- Etc.


How Heartbleed works


http://xkcd.com/1354/


Chapter “System Security” Overview

This lecture: Security Principles & Authentication

2nd lecture: Access Control & Malware

3rd lecture: Hijacking control flows


Hardware

OS

Software

Cry

pto

User

Chapter “System Security” Overview

Practical security (How to exploit vulnerabilities?)

- Security principles

- Basic design of (in-)secure systems

- Basics of access control, malware

- How to hijack control in computer systems?

- How to defend against such control hijacking attacks?

- Authentication methods

Project: Learn about basic control-flow hijacking

Some advanced topics are part of follow-up lectures(Security, Security Engineering)


Recommended Literature

William Stallings, Lawrie Brown. “Computer Security: Principles and Practice.” ISBN-13: 978-0135137116 (third, international edition)

- Chapter 1: Overview

- Chapter 3: Authentication

- Chapter 4: Access Control

- Only Sections 4.1-4.5

- Chapter 6: Malicious Software

- Chapter 10: Buffer Overflow

- Chapter 13: Trusted Computing and Multilevel Security

• Only Sections 13.1 and 13.3

David Basin, Patrick Schaller, Michael Schläpfer. “Applied Information Security: A Hands-On Approach.” ISBN: 978-3-642-43632-1

- Chapter 1: Security Principles

- Chapter 4: Authentication and Access Control

- Chapter 6: Web Application Security

Jerome Saltzer, Michael Schroeder. “The Protection of Information in Computer System.” In Proceedings of the IEEE, volume 63, pages 1278—1308, 1975


Prof. Dr. Michael Backes

Security Principles

11.11.2016

General Notions

Subject

- Active entity (e.g., user or a system acting on behalf of a user)

Object

- Passive entity (e.g., data container like files, directories, etc.)

- General assumption: Access to an object gives access to the objects’ data content (information)

• Information is encoded/represented as various forms of data

Subject is Authorized: Allowed by security policy to access object


Object(e.g., Resource

like File)

Subject(e.g., User process)

If authorized:

Accesses and operates on

Refresher: Classic Information Security Goals

Confidentiality

- Assure that information is not disclosed to unauthorized principals

Integrity

- Data: Prevent unauthorized modification of programs and information

- System: Assure that system performs its intended function in an unimpaired manner, free from unauthorized manipulation

Availability

- Guarantee reliable access to information and services by authorized principals

Further important goals:

- Accountability: Trace actions of an entity uniquely back to that entity

- Authenticity: Property of being genuine and being able to be verified and trusted

- Privacy, Non-repudiation, Anonymity, Unlinkability

Depending on context, not always easy to define precisely

Sometimes contradicting and not easy to combine

- Anonymity vs accountability


12 Security Principles

High level goals

- Security best practices

- Applicability depends on concrete context

Especially applies to secure software design

- Emphasizes clean and secure design

Often requires trade-offs



https://cdn1.coolstuff.com/autogen/preset/aspectThumb/960x720/6305517763ac93f87c1e5babc5d657c7.jpghttp://www.richter-spielgeraete.de/tl_system/content/de/01_Produkte/xx_Piktogramme/3.63390.gif

VS

Simplicity

Applies to any engineering and implementation task:

The simpler the solution

- the easier to understand, analyze, and review

- less likely to contain flaws

Negative examples: Monolithic operating systems, browser, email clients


Keep it simple.

Linux kernel

Firefox

Chrome

Win Xp

OS X Tiger

Thunderbird

Bash

0

2

4

6

8

10

0 50 100

WEI

GH

TED

CV

SS S

CO

RE

LINES OF CODE (MILLIONS)

Linux kernel

Firefox Chrome

Win Xp

OS X

Thunderbird

Bash

0

200

400

600

800

1000

1200

1400

0 50 100

# V

ULN

ERA

BIL

ITIE

S

LINES OF CODE (MILLIONS)Sources: cvedetails.com

openhub.net


http://www.surface-generation.com/wp-content/uploads/2015/03/Question-mark-box-620-x-350.jpg

Open Design

Avoid “Security by obscurity”

In crypto a.k.a. Kerckhoffs’ principle

Security should depend on possession of secrets only (passwords, keys, …)

- Simply not possible to maintain secrecy of a system that should be distributed (e.g., reverse engineering)

Intuitive example: Securing a door does not rely on attacker’s ignorance to operating a door, but on possession of the key and security of lock mechanism

- Today’s de-facto crypto mechanisms all developed with open design

Counter examples: DRM mechanisms (e.g. DVD, Playstation,…), KeeLoq, Windows NT LAN Manager, Mifare classic (basis for old UdS card)


The security of a system should not depend on the secrecy of its protection mechanisms.


http://uncrate.com/p/2008/03/oxo-pop-containers.jpg

Compartmentalization

Groups (or compartments) isolated from each other with limited communication between compartments over controlled channel

Facilitates simplification of design (“divide-and-conquer” approach); attacks or errors contained to affected compartment; security-sensitive functionality can be in dedicated hardened compartment

Compartmentalization at different levels:

- User-space vs kernel space- Memory space (between processes; data vs code)- Modularization of software- µKernel- Virtual machines- Network zones

Problem: Not always possible to completely isolate resources/functionality

- Tightly control channel between compartmentsand compartment interfaces

Intuitive Example:Compartmentalized submarine design

Example: µKernel vs monolithic kernel


Organize resources into isolated groups of similar needs.

System

Network

User input

File system

Network

User device

File system

Network

User input

File system

Network

User display

File system

Monolithic design

µKernel with compartmentalization


https://www.google.de/maps/@48.8547067,2.3438011,17z

Minimum Exposure

Reduce external interfaces to a minimum

- E.g., network-listening servicesof a computer system

Limit amount of information given away that can help an adversary

- E.g., error pages of webservers provideinformation about the software versions

Minimize the window of opportunity for an adversary to attack

- E.g., limit the number of failed passwordattempts before locking account


Minimize the attack surface a system presents to the adversary.

http://articles.slicehost.com/assets/2008/12/5/apache-404-footer.jpg

http://cache.clickonf5.org/wp-content/uploads/2009/12/twitterlocked_thumb.png

http://www.bryanandrews.org/wp-content/uploads/2001/11/nmap-banner-scan-example.png


http://melaniejor.typepad.com/.a/6a00e54fd1fc4388340133f2f9498f970b-pihttp://www.keyring.com/images/products/detail/92400_Split_key_ring.jpghttp://thumbs.dreamstime.com/t/blue-house-22708798.jpghttp://cliparts.co/cliparts/qcB/X7G/qcBX7Ga4i.jpg

Least Privilege

What is a ‘privilege’?

- Ability to access or modify a resource (e.g., file, hardware, networking)

- Privileged process: Process that has access to some resource not generally available

- More secure systems have many types of privilege

Why?

Obvious reason: A malicious or compromised process cannot misuse privileges that it does not have!

- Compartmentalization helps realizing least privilege

- Delegation of tasks to sufficiently privileged processes, but requires careful design of programs to avoid “confused deputy attacks”

Implementation often difficult: Requires detailed understanding of system and all possible operations and dependencies

Examples towards least privilege: user accounts vs guest accounts vs administrative accounts, Android permission framework


Any component (and user) of a system should operate using the least set of privileges necessary to complete its job.


https://s-media-cache-ak0.pinimg.com/736x/fb/be/d9/fbbed9c16f8422d0d3febecd55ed98f4.jpg

Minimum Trust and Maximum Trustworthiness

Trusted system: User assumes that system will behave as expected, but system may misbehave (in particular by acting maliciously)

- Trust should be avoided when possible

Trustworthy system: System always acts as expected by user

Minimizing trust = minimizing expectations about the system(can result in complete loss of trust into a system)

Maximizing trustworthiness = turning assumptions into validated properties (e.g., rigorously prove that system behaves only in expected manner)

Example: Program receiving user input

- Never trust the user input! (minimize trust)

- Always validate and filter user input! (maximize trustworthiness)

Problem: Transitive trust (‘chain of trust’)

- A → B, B → C, thus A → C (possibly unknown to A)

- Complicates completely reasoning about security of an entity (e.g. A)


Minimize trust and maximize trustworthiness.


http://www.gmesupply.com/images/1/gme-supply_0135s.jpg

Secure, Fail-Safe (Fail-Secure) Defaults

System designed to prevent unsafe/insecure consequences of the system's failure

- Requires that system starts in a secure state

Important in access control

- Identify conditions under which access is granted

- Default case: If conditions are not fulfilled, deny access (whitelisting)

- Fail securely: Conditions wrongly identified → Access denied (wrongly)


The system should start in a secure state and return to a secure state in the event of a failure.


http://resources0.news.com.au/images/2013/09/11/1226716/529036-airport-security-tsa-screeners.jpg

Complete Mediation

Requires that the access control mechanism encompasses all security-relevant objects and is operational in any system state

Access control must not be circumventable

To mitigate attacks at layers below the access control mechanisms, data should be additionally be protected in transit and storage (e.g., encryption)

- Example lower-layer attacks: booting a different operating system like a live CD to circumvent access control or sniffing web traffic

Requires authentication to securely identify subjects and objects of any access


Access to any object must be monitored and controlled.

Object(e.g., Resource

like File)

Subject(e.g., User process)

access requestMonitor

If authorized


http://www.i2clipart.com/clipart-wall-c7b9

No Single Point of Failure

Also known as “defense in depth”: Do not rely on a single security mechanism

- If one mechanism fails, another should prevent malice

How many security layers?

- Depends on cost-benefit analysis: performance requirements, usability aspects, administrative overhead, etc.

How?

Common technique: Separation of duties

- More than one entity/mechanism required to complete a task

- Several examples in physical world(one letter with credit card, separate letter with PIN; airplane with four instead of two engines; high security safes with two locks and keys held by different guards;…)


Build redundant security mechanisms whenever feasible.


http://www.tradersmessageboards.com/wp-content/uploads/2015/06/print-audit-300x300.png

Traceability

Trace: Sign or evidence of past events

- Traceability: System retains traces of activities (i.e., record of sequence of events from which history of system can be reconstructed)

Important for accountability

- Link actions to a subject that can be held responsible

Usually implemented through logging

- Logs must be protected to prevent adversary from removing his traces

Can contradict privacy requirements

- Possible solution: Use of pseudonyms, store true identities separately(→ Separation of duties for tracing events of a true identity)


Log security-relevant system events.


https://xkcd.com/221/

Generating Secrets

Entropy in information theory (coll.): “Degree of randomness”

High entropy of secrets (e.g., crypto keys, passwords, etc) required to prevent simple guessing or brute-forcing attacks

- “Helps keeping secrets secret”

Debian OpenSSL PRNG bug: Random number generator code was “optimized” → RNG became predictable → Cryptographic key material generated with this RNG became predictable → SSL on Debian was broken


Maximize the entropy of secrets.


http://www.searchenginepeople.com/wp-content/uploads/2012/05/bad-usability.jpg

Usability

Security mechanisms should be easy to use

The harder the security mechanism is to use, the more likely it is that users (or developers/administrators) will circumvent it or will apply it incorrectly


Design usable security mechanisms.

Examples:

- Alma Whitten, J.D Tygar. “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0”: Majority of test users were unable to encrypt an email

- Sunshine et al. “Crying wolf: an empirical study of SSL warning effectiveness”: SSL/TLS warnings ineffective

- Recent works on Android: Alarmingly high number of app developers do not verify SSL certificates correctly, opening their app to network attacks

From https://www.usenix.org/legacy/events/sec09/tech/slides/sunshine.pdf

Authentication

Authentication: Basic notions

Identification is whom you claim to be

Authentication is how you prove your ID

- Credentials: Evidence used to prove the ID

- Usually a prerequisite for authorization to use system resources

Forms of authentication

- Something you know(e.g., a password)

- Something you have(e.g., smart card, TAN generator)

- Something you are(e.g., fingerprint)

- Combination of those above(e.g., two-factor authentication for online banking)


Password authentication

Most common authentication method

Basic idea

- User has a secret password

- System checks password to authenticate user

Issues?

- How is password stored?

- How does system check password?

- How easy is it to guess a password?

• Difficult to keep password file secret, so best if it is hard to guess password even if you have the password file

“Passwords are like underwear”

- … change them regularly

- … don’t share them with friends or strangers

- … don’t leave yours lying around


Basic password scheme


Password fileUser

exrygbzyfkgnosfixggjoklbsz……

frunobulax

hash function

Detour: Hash functions (high-level)

Simplified definition (more in crypto part):hash_function(arbitrary length input) → fixed length output

Illustrative (bad!) example:

𝑥 ∈ ℕ, ℎ𝑎𝑠ℎ 𝑥 → ቊ0 𝑖𝑓 𝑥 𝑖𝑠 𝑒𝑣𝑒𝑛1 𝑖𝑓 𝑥 𝑖𝑠 𝑜𝑑𝑑

Cryptographic hash functions have ideally the following properties

- One-way functions

• Easy to compute output from input, infeasible to compute input from output

- Collision-resistance

• Infeasible to find two different inputs that compute to the same output


Input space Output space

Collisions

{0,1}ℕ ???

Basic password scheme

Cryptographic hash function h: strings strings

- Given h(password), hard to find password

- No known algorithm better than trial and error

User password stored as h(password)

When user enters password

- System computes h(password)

- Compares with entry in password file

No plaintext passwords stored on disk


Example: Unix password system

Structure of password entry:username:$id$salt$h(salt|password)$

- $: Separator between entry fields

- id: identifies the algorithm h used to compute h(salt|password)

• Examples: 1: md5, 5: SHA-256, 6: SHA-512

• Not a plain hash, but several iterations (≈5000) to slow down offline attacks[http://www.akkadia.org/drepper/SHA-crypt.txt]

- salt: makes dictionary attacks harder

• |: concatenation operator

Password file is publicly readable

Any user can try “offline dictionary attack”

- User looks at password file

- Computes h(word) for every word in dictionary; if result matches entry in password file, user found a valid password for user


Dictionary Attack – Some numbers

Kali Linux dictionary (popular pentesting distribution)

- Contains database with 14,344,392 entries of common passwords

• Names, popular passwords, passwords leaked earlier from websites and services

- hashcat tool can test ≈16K salted UNIX SHA-512 passwords per second on a good workstation

• Testing complete dictionary a matter of minutes

• GPU-based oclHashcat tool can even test up to billions of hashes per second on small GPU clusters

• Dedicated hardware and large GPU clusters (e.g. for bitcoins) can test billions to trillions of hashes per second [https://en.bitcoin.it/wiki/Mining_hardware_comparison]

Dimensions of password strength: length × size of character set × randomness of characters

If passwords were completely random and uniformly distributed

- Assume six-character password

• Upper- and lowercase letters, digits, 32 punctuation characters

• 946 = 689,869,781,056 possible passwords

• Exhaustive search (“brute force”) using above machine and hashcat requires ≈250 days on average

Problem with truly random passwords: Hard to remember


Example: hashcat to ‘recover’ salted Unix passwords from dictionary

bugiel@Colossus01:~/hashcat-0.47$ cat pw.hash

$6$kbA7uCaJ$jSN6v19v8Mj6qqzsi85A/9IG3d4CDzMkY1KxiwoM2BxPS8dqL5wg.DZrOuiHF3OX/6c/b0DoZQTPphptZxx4o.

$6$BhvJ.qe2$IopPfOUpXfNX82.rK9g8rqLwutjOaqxFwuVdqWefBNs7JgWPIerp..JSj2khiu9qsW3M0FcMmuB0jrcXvZwHH1

bugiel@Colossus01:~/hashcat-0.47$ ./hashcat-cli64.bin -m 1800 -a 0 -o cracked.txt --remove \

pw.hash ~/rockyou.txt -n 32

All hashes have been recovered

Input.Mode: Dict (/home/bugiel/rockyou.txt)

Index.....: 5/5 (segment), 541142 (words), 5720149 (bytes)

Recovered.: 2/2 hashes, 2/2 salts

Speed/sec.: - plains, 6.68k words

Progress..: 540718/541142 (99.92%)

Running...: 00:00:01:20

Estimated.: --:--:--:--

Started: Tue Sep 9 14:41:23 2014

Stopped: Tue Sep 9 15:20:45 2014

bugiel@Colossus01:~/hashcat-0.47$ cat cracked.txt

$6$kbA7uCaJ$jSN6v19v8Mj6qqzsi85A/9IG3d4CDzMkY1KxiwoM2BxPS8dqL5wg.DZrOuiHF3OX/6c/b0DoZQTPphptZxx4o.

:ilovebeer

$6$BhvJ.qe2$IopPfOUpXfNX82.rK9g8rqLwutjOaqxFwuVdqWefBNs7JgWPIerp..JSj2khiu9qsW3M0FcMmuB0jrcXvZwHH1

:!!!lollipop!!!


Salting

Salting: [Alice, saltA, h(passwordAlice || saltA)],[Bob, saltB, h(passwordBob || saltB)], …

Salt is random for every user

Linux – 8 characters for salt (max. 16)

- Assume charset [a-zA-Z0-9./] for salt (64 possible characters):648 = 281,474,976,710,656 = 248 possible hashes of same password when salted


Advantages of salt

Without salt

- Same hash functions on all machines

• Pre-compute hash of all common strings once

• Compare hash file with all known password files

- “Break once, break everywhere”-condition

With salt

- One password hashed 248 different ways (8 character salt)

• Pre-compute hash file?

- Need much larger file to cover all common strings(248 pre-computed hashes per possible password storage problem)

• Dictionary attack on known password file

- For each salt found in file, try all common strings

- Important: Salt like password hash are publicly readable


Other countermeasures

Scenario: Offline attacks

- Attacker has password file/database and can apply tools like hashcat

- Increase complexity of hash computation to slow down attacker’s guessing rate

• E.g., cascade hashing: h(h(h(…..(h(password)))…)

• Key stretching (e.g., PBKDF2)

- Protect password file/database (e.g., encryption, access control,…)

Scenario: Online attacks

- Attacker must enter password into a form to check current guess (e.g., login screen)

- Login mechanism can apply reactive measures:

• Increasing timeout between two guesses

• Lock account after number of wrong guesses

• Proof that you are human (e.g., CAPTCHA)

• Require second factor authentication (e.g., token)


Reusable Passwords

People tend to reuse the same passwords in different places

If one site is compromised, the password can be stolen and used elsewhere

At the root of “phishing” attacks

Password managers

- Allow complex, long, unique password per account

- Store password in an encrypted file

• Potential single point of failure: Who can see this file? How strongly is it protected? Can malware get at the database?

- People use multiple machines

• Synchronize the password database?

- Managers that can securely recognize websites can help protect against phishing


Recall: Phishing


Looks normal...

…but is not!

Safe to type your password?




???



http://www.threattracksecurity.com/it-blog/wp-content/uploads/2013/07/fakewiki1.jpg

Tool support for Phishers


10 seconds of work with the setoolkit(social engineering toolkit)

Real

Guessable passwords

September 16, 2008:

Compromise of [email protected] using password-reset functionality of Yahoo Mail.

No secondary mail needed

Date of Birth – Wikipedia

Zipcode – Wasilla has two

Where did you meet your spouse?

- Biographie

- Wikipedia, again…

- Google

Successfully changed password to “popcorn”


Data Mining

Manufacturer of your first car?

- Until 1998, Ford had >25% of market

First name of your best friend?

- 10% of males: James/Jim, John, Robert/Bob/Rob

Name of your first / favorite pet

- Max, Jake, Buddy, Bear… etc.

- Top 500 (covers 65% of names) is available online

Mother’s Maiden Name, Social Security Number

- “Messin’ with Texas”[Griffith & Jakobsson, 2005]


Guessable passwords

Wordhound: This is a tool that allows for the automated and targeted construction of wordlists and dictionaries [based on Twitter data and web contents] for use in conjunction with password attacks. [https://bitbucket.org/mattinfosec/wordhound]

CeWL: creating custom word lists by spidering a targets website and collecting unique words [https://digi.ninja/projects/cewl.php]


Guessable passwords


Targeted attacks

If the attacker really wants your password



“Rubber hose cryptanalysis:”

Coercion attack where the user is forcibly

asked by an attacker to reveal the key

Security research du jour

Neuroscience Meets Cryptography:Designing Crypto Primitives Secure Against Rubber Hose Attacks[Bojinov et al., USENIX Security Symposium 2012]

- Use concept of implicit learning from cognitive psychology:user learns patterns without any conscious knowledge of the learned pattern

• Authors crafted a computer game to plant a password in the user’s brain without the user having conscious knowledge of the trained password

• Trained password can be used for authentication

• But: No rubber hose attack, since user does not have conscious knowledge of password!

Cracking-Resistant Password Vaults using Natural Language Encoders[Chatterjee et al., IEEE Security & Privacy 2015]

- Problem: Master password of password vaults (or managers) is single point of failure, attackable with efficient offline attacks

- Authors built encrypted vaults that resist such offline cracking attacks and forcing attackers to move to an online attack

• Introduce a new type of secure encoding scheme that they call natural-language encoders (NLEs)

• When decrypted with the wrong master password, it produces plausible-looking decoy passwords

• Attacker must test actual passwords to check if guessed correct master password (i.e. online attack)


Biometrics

Use a person’s physical characteristics

- fingerprint, voice, face, keyboard timing, …

Advantages

- Cannot be disclosed, lost, forgotten

Disadvantages

- Cost, installation, maintenance

- Reliability of comparison algorithms

• False positive: Allow access to unauthorized person

• False negative: Disallow access to authorized person

- Privacy?

- If forged, how do you revoke?


Voluntary finger cloning

Select the casting material

- Softened, free molding plastic (used by Matsumoto)

- Part of a large, soft wax candle (used by Willis; Thalheim)

Push the fingertip into the soft material

Let material harden

Select the finger cloning material

- Gelatin: “gummy fingers”, used by Matsumoto

- Silicone: used by Willis; Thalheim

Pour a layer of cloning material into the mold

Let the clone harden


Matsumoto’s Technique


Press a live finger against it.

Only a few dollars’ worth of Materials

Put the plastic into hot water to soften it.

The mold

Involuntary cloning

Clone without victim knowledge or assistance

Appears in Hollywood movies

- Sneakers (1992) “My voice is my passport”

- Never Say Never Again (1983) cloned retina

- Charlie’s Angels (2000)

• Fingerprints from beer bottles

• Eye scan from oom-pah laser

Bad news: it works!

Chaos Computer Club: “Der Abdruck wurde durch CCC-Aktivisten von einemWasserglas sichergestellt, das Dr. Schäuble bei einer öffentlichenVeranstaltung benutzt hatte.” [http://www.ccc.de/en/updates/2008/schaubles-finger]


Gummy finger from latent print

Capture clean, complete fingerprint on a glass, CD, or other smooth, clean surface

Pick it up using tape and graphite

Scan it into a computer at high resolution

Enhance the fingerprint image

Print with laser printer

Overlay print with wood glue

After drying, your new identity is ready


Source: http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren.de


Continuous authentication using biometrics

- Problem: One-time authentication (e.g. login screen) becoming insufficient on modern devices

• PCs/Laptops often left unattended but logged in!

• Smartphones require high frequency of unlocking. Too cumbersome for many users, which thus do not set a password or lock pattern! (Usability principle not fulfilled)

- Continuous authentication: Seamless (re-)authentication of the user’s identity

- Various research works based on biometrics

• Examples:

- How you type text on a keyboard (typing activity)

- How you interact with the touchscreen of smartphone (type/swipe frequency/acceleration/trajectory/pressure, rotation of the phone during interaction)

- User’s gait (detected using smartphone sensors)

- Fingerprint scanner integrated in mouse

• Usually rely on machine learning (neural networks)


Token-based authentication

Several configurations and modes of use

- Device produces password, user types into system

- User unlocks device using PIN

- User unlocks device, enters challenge

Example: S/Key

- User enters string, device computes sequence

• p0 = hash(string|rand); pi+1 = hash(pi)

• pn placed on server; set counter k = n

- Device can be used n times before reinitializing

• Send pk-1 = to server, set k = k-1

• Sever checks hash(pk-1) = pk , stores pk-1


Disadvantages of Tokens

Can be stolen or lost

Lack of hardware/software support on many machines

Inconvenient to use

Cost


Two-Factor Authentication

Combine two of the three types of authentication

Use second factor to work around limitations of first

Important security requirement:Both channels are independent from each other, socompromise of one channel does not compromisethe other

Examples:

- Online banking password plus generated TAN

- Online banking password plus mTAN(unless banking done on same phonethat receives mTAN)

- Account password plus authenticator

- RSA SecurID card plus PIN



Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound[Karapanos et al. USENIX Security Symposium 2015]

- Problem: Usability issues of two-factor authenticaton

- Authors use proximity of the user’s phone to the device being used to log in as second factor

• proximity of the two devices is verified by comparing the ambient noise recorded by their microphones

• Audio recording and comparison are transparent to the user, so that the user experience is similar to one-factor authentication (e.g., password only)

The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio[Shrestha et al. Conference on Computer and Communications Security 2016]

- Attack on Sound-Proof

- Emit predictable sound from smartphone (alert, call, media playback, …)


introduction to cybersecurity - systems security: part 1 · introduction to cybersecurity - systems...

Documents