introduction to cybersecurity - systems security: part 1 · introduction to cybersecurity - systems...
TRANSCRIPT
Introduction to Cybersecurity- Systems Security: Part 1 -
Director, CISPA – Center for IT Security, Privacy, and AccountabilityChair for IT-security & Cryptography
Prof. Dr. Michael Backes
General Information
Correct formatting (Tutorial group 1, Exercise 1):
[1][Exercise 1]
1Foundations of Cybersecurity 2016
No additional whitespaces! No <>!
New submission mail address to avoid confusion:
- Different prefix than regular mailing list
- Old submission addresses still work
Exercise groups start on Wednesday
Last Lecture
Organizational matters
Commercialization of cyber attacks
What is cyber security and what has to be protected
- Hardware, software stack, crypto, network
- Software exploits, hardware hacks, side-channels, …
Intro to cryptography
- Ancient ciphers: Caesar, Substitution cipher, Vigenère cipher, Enigma
- Cryptanalysis of ancient ciphers
2Foundations of Cybersecurity 2016
Part I: System Security
http://dilbert.com/strips/comic/2005-09-12/
Foundations of Cybersecurity 2016 3
The Programmer’s Blues
4Foundations of Cybersecurity 2016
Heartbleed
Serious vulnerability in the popular OpenSSLcryptographic software library
- Missing bounds check before a memory copy operation that uses non-sanitized user input as the length parameter
- Not a crypto error, but an implementation error!
Allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of OpenSSL
- Private keys
- In-memory decrypted packets received via SSL connection
- Etc.
5Foundations of Cybersecurity 2016
Chapter “System Security” Overview
This lecture: Security Principles & Authentication
2nd lecture: Access Control & Malware
3rd lecture: Hijacking control flows
7Foundations of Cybersecurity 2016
Hardware
OS
Software
Cry
pto
User
Chapter “System Security” Overview
Practical security (How to exploit vulnerabilities?)
- Security principles
- Basic design of (in-)secure systems
- Basics of access control, malware
- How to hijack control in computer systems?
- How to defend against such control hijacking attacks?
- Authentication methods
Project: Learn about basic control-flow hijacking
Some advanced topics are part of follow-up lectures(Security, Security Engineering)
8Foundations of Cybersecurity 2016
Recommended Literature
William Stallings, Lawrie Brown. “Computer Security: Principles and Practice.” ISBN-13: 978-0135137116 (third, international edition)
- Chapter 1: Overview
- Chapter 3: Authentication
- Chapter 4: Access Control
- Only Sections 4.1-4.5
- Chapter 6: Malicious Software
- Chapter 10: Buffer Overflow
- Chapter 13: Trusted Computing and Multilevel Security
• Only Sections 13.1 and 13.3
David Basin, Patrick Schaller, Michael Schläpfer. “Applied Information Security: A Hands-On Approach.” ISBN: 978-3-642-43632-1
- Chapter 1: Security Principles
- Chapter 4: Authentication and Access Control
- Chapter 6: Web Application Security
Jerome Saltzer, Michael Schroeder. “The Protection of Information in Computer System.” In Proceedings of the IEEE, volume 63, pages 1278—1308, 1975
9Foundations of Cybersecurity 2016
Prof. Dr. Michael Backes
Security Principles
11.11.2016
General Notions
Subject
- Active entity (e.g., user or a system acting on behalf of a user)
Object
- Passive entity (e.g., data container like files, directories, etc.)
- General assumption: Access to an object gives access to the objects’ data content (information)
• Information is encoded/represented as various forms of data
Subject is Authorized: Allowed by security policy to access object
11Foundations of Cybersecurity 2016
Object(e.g., Resource
like File)
Subject(e.g., User process)
If authorized:
Accesses and operates on
Refresher: Classic Information Security Goals
Confidentiality
- Assure that information is not disclosed to unauthorized principals
Integrity
- Data: Prevent unauthorized modification of programs and information
- System: Assure that system performs its intended function in an unimpaired manner, free from unauthorized manipulation
Availability
- Guarantee reliable access to information and services by authorized principals
Further important goals:
- Accountability: Trace actions of an entity uniquely back to that entity
- Authenticity: Property of being genuine and being able to be verified and trusted
- Privacy, Non-repudiation, Anonymity, Unlinkability
Depending on context, not always easy to define precisely
Sometimes contradicting and not easy to combine
- Anonymity vs accountability
12Foundations of Cybersecurity 2016
12 Security Principles
High level goals
- Security best practices
- Applicability depends on concrete context
Especially applies to secure software design
- Emphasizes clean and secure design
Often requires trade-offs
13Foundations of Cybersecurity 2016
14Foundations of Cybersecurity 2016
https://cdn1.coolstuff.com/autogen/preset/aspectThumb/960x720/6305517763ac93f87c1e5babc5d657c7.jpghttp://www.richter-spielgeraete.de/tl_system/content/de/01_Produkte/xx_Piktogramme/3.63390.gif
VS
Simplicity
Applies to any engineering and implementation task:
The simpler the solution
- the easier to understand, analyze, and review
- less likely to contain flaws
Negative examples: Monolithic operating systems, browser, email clients
15Foundations of Cybersecurity 2016
Keep it simple.
Linux kernel
Firefox
Chrome
Win Xp
OS X Tiger
Thunderbird
Bash
0
2
4
6
8
10
0 50 100
WEI
GH
TED
CV
SS S
CO
RE
LINES OF CODE (MILLIONS)
Linux kernel
Firefox Chrome
Win Xp
OS X
Thunderbird
Bash
0
200
400
600
800
1000
1200
1400
0 50 100
# V
ULN
ERA
BIL
ITIE
S
LINES OF CODE (MILLIONS)Sources: cvedetails.com
openhub.net
16Foundations of Cybersecurity 2016
http://www.surface-generation.com/wp-content/uploads/2015/03/Question-mark-box-620-x-350.jpg
Open Design
Avoid “Security by obscurity”
In crypto a.k.a. Kerckhoffs’ principle
Security should depend on possession of secrets only (passwords, keys, …)
- Simply not possible to maintain secrecy of a system that should be distributed (e.g., reverse engineering)
Intuitive example: Securing a door does not rely on attacker’s ignorance to operating a door, but on possession of the key and security of lock mechanism
- Today’s de-facto crypto mechanisms all developed with open design
Counter examples: DRM mechanisms (e.g. DVD, Playstation,…), KeeLoq, Windows NT LAN Manager, Mifare classic (basis for old UdS card)
17Foundations of Cybersecurity 2016
The security of a system should not depend on the secrecy of its protection mechanisms.
18Foundations of Cybersecurity 2016
http://uncrate.com/p/2008/03/oxo-pop-containers.jpg
Compartmentalization
Groups (or compartments) isolated from each other with limited communication between compartments over controlled channel
Facilitates simplification of design (“divide-and-conquer” approach); attacks or errors contained to affected compartment; security-sensitive functionality can be in dedicated hardened compartment
Compartmentalization at different levels:
- User-space vs kernel space- Memory space (between processes; data vs code)- Modularization of software- µKernel- Virtual machines- Network zones
Problem: Not always possible to completely isolate resources/functionality
- Tightly control channel between compartmentsand compartment interfaces
Intuitive Example:Compartmentalized submarine design
Example: µKernel vs monolithic kernel
19Foundations of Cybersecurity 2016
Organize resources into isolated groups of similar needs.
System
Network
User input
File system
Network
User device
File system
Network
User input
File system
Network
User display
File system
Monolithic design
µKernel with compartmentalization
20Foundations of Cybersecurity 2016
https://www.google.de/maps/@48.8547067,2.3438011,17z
Minimum Exposure
Reduce external interfaces to a minimum
- E.g., network-listening servicesof a computer system
Limit amount of information given away that can help an adversary
- E.g., error pages of webservers provideinformation about the software versions
Minimize the window of opportunity for an adversary to attack
- E.g., limit the number of failed passwordattempts before locking account
21Foundations of Cybersecurity 2016
Minimize the attack surface a system presents to the adversary.
http://articles.slicehost.com/assets/2008/12/5/apache-404-footer.jpg
http://cache.clickonf5.org/wp-content/uploads/2009/12/twitterlocked_thumb.png
http://www.bryanandrews.org/wp-content/uploads/2001/11/nmap-banner-scan-example.png
22Foundations of Cybersecurity 2016
http://melaniejor.typepad.com/.a/6a00e54fd1fc4388340133f2f9498f970b-pihttp://www.keyring.com/images/products/detail/92400_Split_key_ring.jpghttp://thumbs.dreamstime.com/t/blue-house-22708798.jpghttp://cliparts.co/cliparts/qcB/X7G/qcBX7Ga4i.jpg
Least Privilege
What is a ‘privilege’?
- Ability to access or modify a resource (e.g., file, hardware, networking)
- Privileged process: Process that has access to some resource not generally available
- More secure systems have many types of privilege
Why?
Obvious reason: A malicious or compromised process cannot misuse privileges that it does not have!
- Compartmentalization helps realizing least privilege
- Delegation of tasks to sufficiently privileged processes, but requires careful design of programs to avoid “confused deputy attacks”
Implementation often difficult: Requires detailed understanding of system and all possible operations and dependencies
Examples towards least privilege: user accounts vs guest accounts vs administrative accounts, Android permission framework
23Foundations of Cybersecurity 2016
Any component (and user) of a system should operate using the least set of privileges necessary to complete its job.
24Foundations of Cybersecurity 2016
https://s-media-cache-ak0.pinimg.com/736x/fb/be/d9/fbbed9c16f8422d0d3febecd55ed98f4.jpg
Minimum Trust and Maximum Trustworthiness
Trusted system: User assumes that system will behave as expected, but system may misbehave (in particular by acting maliciously)
- Trust should be avoided when possible
Trustworthy system: System always acts as expected by user
Minimizing trust = minimizing expectations about the system(can result in complete loss of trust into a system)
Maximizing trustworthiness = turning assumptions into validated properties (e.g., rigorously prove that system behaves only in expected manner)
Example: Program receiving user input
- Never trust the user input! (minimize trust)
- Always validate and filter user input! (maximize trustworthiness)
Problem: Transitive trust (‘chain of trust’)
- A → B, B → C, thus A → C (possibly unknown to A)
- Complicates completely reasoning about security of an entity (e.g. A)
25Foundations of Cybersecurity 2016
Minimize trust and maximize trustworthiness.
26Foundations of Cybersecurity 2016
http://www.gmesupply.com/images/1/gme-supply_0135s.jpg
Secure, Fail-Safe (Fail-Secure) Defaults
System designed to prevent unsafe/insecure consequences of the system's failure
- Requires that system starts in a secure state
Important in access control
- Identify conditions under which access is granted
- Default case: If conditions are not fulfilled, deny access (whitelisting)
- Fail securely: Conditions wrongly identified → Access denied (wrongly)
27Foundations of Cybersecurity 2016
The system should start in a secure state and return to a secure state in the event of a failure.
28Foundations of Cybersecurity 2016
http://resources0.news.com.au/images/2013/09/11/1226716/529036-airport-security-tsa-screeners.jpg
Complete Mediation
Requires that the access control mechanism encompasses all security-relevant objects and is operational in any system state
Access control must not be circumventable
To mitigate attacks at layers below the access control mechanisms, data should be additionally be protected in transit and storage (e.g., encryption)
- Example lower-layer attacks: booting a different operating system like a live CD to circumvent access control or sniffing web traffic
Requires authentication to securely identify subjects and objects of any access
29Foundations of Cybersecurity 2016
Access to any object must be monitored and controlled.
Object(e.g., Resource
like File)
Subject(e.g., User process)
access requestMonitor
If authorized
30Foundations of Cybersecurity 2016
http://www.i2clipart.com/clipart-wall-c7b9
No Single Point of Failure
Also known as “defense in depth”: Do not rely on a single security mechanism
- If one mechanism fails, another should prevent malice
How many security layers?
- Depends on cost-benefit analysis: performance requirements, usability aspects, administrative overhead, etc.
How?
Common technique: Separation of duties
- More than one entity/mechanism required to complete a task
- Several examples in physical world(one letter with credit card, separate letter with PIN; airplane with four instead of two engines; high security safes with two locks and keys held by different guards;…)
31Foundations of Cybersecurity 2016
Build redundant security mechanisms whenever feasible.
32Foundations of Cybersecurity 2016
http://www.tradersmessageboards.com/wp-content/uploads/2015/06/print-audit-300x300.png
Traceability
Trace: Sign or evidence of past events
- Traceability: System retains traces of activities (i.e., record of sequence of events from which history of system can be reconstructed)
Important for accountability
- Link actions to a subject that can be held responsible
Usually implemented through logging
- Logs must be protected to prevent adversary from removing his traces
Can contradict privacy requirements
- Possible solution: Use of pseudonyms, store true identities separately(→ Separation of duties for tracing events of a true identity)
33Foundations of Cybersecurity 2016
Log security-relevant system events.
34Foundations of Cybersecurity 2016
https://xkcd.com/221/
Generating Secrets
Entropy in information theory (coll.): “Degree of randomness”
High entropy of secrets (e.g., crypto keys, passwords, etc) required to prevent simple guessing or brute-forcing attacks
- “Helps keeping secrets secret”
Debian OpenSSL PRNG bug: Random number generator code was “optimized” → RNG became predictable → Cryptographic key material generated with this RNG became predictable → SSL on Debian was broken
35Foundations of Cybersecurity 2016
Maximize the entropy of secrets.
36Foundations of Cybersecurity 2016
http://www.searchenginepeople.com/wp-content/uploads/2012/05/bad-usability.jpg
Usability
Security mechanisms should be easy to use
The harder the security mechanism is to use, the more likely it is that users (or developers/administrators) will circumvent it or will apply it incorrectly
37Foundations of Cybersecurity 2016
Design usable security mechanisms.
Examples:
- Alma Whitten, J.D Tygar. “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0”: Majority of test users were unable to encrypt an email
- Sunshine et al. “Crying wolf: an empirical study of SSL warning effectiveness”: SSL/TLS warnings ineffective
- Recent works on Android: Alarmingly high number of app developers do not verify SSL certificates correctly, opening their app to network attacks
From https://www.usenix.org/legacy/events/sec09/tech/slides/sunshine.pdf
Authentication
Authentication: Basic notions
Identification is whom you claim to be
Authentication is how you prove your ID
- Credentials: Evidence used to prove the ID
- Usually a prerequisite for authorization to use system resources
Forms of authentication
- Something you know(e.g., a password)
- Something you have(e.g., smart card, TAN generator)
- Something you are(e.g., fingerprint)
- Combination of those above(e.g., two-factor authentication for online banking)
39Foundations of Cybersecurity 2016
Password authentication
Most common authentication method
Basic idea
- User has a secret password
- System checks password to authenticate user
Issues?
- How is password stored?
- How does system check password?
- How easy is it to guess a password?
• Difficult to keep password file secret, so best if it is hard to guess password even if you have the password file
“Passwords are like underwear”
- … change them regularly
- … don’t share them with friends or strangers
- … don’t leave yours lying around
40Foundations of Cybersecurity 2016
Basic password scheme
41Foundations of Cybersecurity 2016
Password fileUser
exrygbzyfkgnosfixggjoklbsz……
frunobulax
hash function
Detour: Hash functions (high-level)
Simplified definition (more in crypto part):hash_function(arbitrary length input) → fixed length output
Illustrative (bad!) example:
𝑥 ∈ ℕ, ℎ𝑎𝑠ℎ 𝑥 → ቊ0 𝑖𝑓 𝑥 𝑖𝑠 𝑒𝑣𝑒𝑛1 𝑖𝑓 𝑥 𝑖𝑠 𝑜𝑑𝑑
Cryptographic hash functions have ideally the following properties
- One-way functions
• Easy to compute output from input, infeasible to compute input from output
- Collision-resistance
• Infeasible to find two different inputs that compute to the same output
42Foundations of Cybersecurity 2016
Input space Output space
Collisions
{0,1}ℕ ???
Basic password scheme
Cryptographic hash function h: strings strings
- Given h(password), hard to find password
- No known algorithm better than trial and error
User password stored as h(password)
When user enters password
- System computes h(password)
- Compares with entry in password file
No plaintext passwords stored on disk
43Foundations of Cybersecurity 2016
Example: Unix password system
Structure of password entry:username:$id$salt$h(salt|password)$
- $: Separator between entry fields
- id: identifies the algorithm h used to compute h(salt|password)
• Examples: 1: md5, 5: SHA-256, 6: SHA-512
• Not a plain hash, but several iterations (≈5000) to slow down offline attacks[http://www.akkadia.org/drepper/SHA-crypt.txt]
- salt: makes dictionary attacks harder
• |: concatenation operator
Password file is publicly readable
Any user can try “offline dictionary attack”
- User looks at password file
- Computes h(word) for every word in dictionary; if result matches entry in password file, user found a valid password for user
44Foundations of Cybersecurity 2016
Dictionary Attack – Some numbers
Kali Linux dictionary (popular pentesting distribution)
- Contains database with 14,344,392 entries of common passwords
• Names, popular passwords, passwords leaked earlier from websites and services
- hashcat tool can test ≈16K salted UNIX SHA-512 passwords per second on a good workstation
• Testing complete dictionary a matter of minutes
• GPU-based oclHashcat tool can even test up to billions of hashes per second on small GPU clusters
• Dedicated hardware and large GPU clusters (e.g. for bitcoins) can test billions to trillions of hashes per second [https://en.bitcoin.it/wiki/Mining_hardware_comparison]
Dimensions of password strength: length × size of character set × randomness of characters
If passwords were completely random and uniformly distributed
- Assume six-character password
• Upper- and lowercase letters, digits, 32 punctuation characters
• 946 = 689,869,781,056 possible passwords
• Exhaustive search (“brute force”) using above machine and hashcat requires ≈250 days on average
Problem with truly random passwords: Hard to remember
45Foundations of Cybersecurity 2016
Example: hashcat to ‘recover’ salted Unix passwords from dictionary
bugiel@Colossus01:~/hashcat-0.47$ cat pw.hash
$6$kbA7uCaJ$jSN6v19v8Mj6qqzsi85A/9IG3d4CDzMkY1KxiwoM2BxPS8dqL5wg.DZrOuiHF3OX/6c/b0DoZQTPphptZxx4o.
$6$BhvJ.qe2$IopPfOUpXfNX82.rK9g8rqLwutjOaqxFwuVdqWefBNs7JgWPIerp..JSj2khiu9qsW3M0FcMmuB0jrcXvZwHH1
bugiel@Colossus01:~/hashcat-0.47$ ./hashcat-cli64.bin -m 1800 -a 0 -o cracked.txt --remove \
pw.hash ~/rockyou.txt -n 32
All hashes have been recovered
Input.Mode: Dict (/home/bugiel/rockyou.txt)
Index.....: 5/5 (segment), 541142 (words), 5720149 (bytes)
Recovered.: 2/2 hashes, 2/2 salts
Speed/sec.: - plains, 6.68k words
Progress..: 540718/541142 (99.92%)
Running...: 00:00:01:20
Estimated.: --:--:--:--
Started: Tue Sep 9 14:41:23 2014
Stopped: Tue Sep 9 15:20:45 2014
bugiel@Colossus01:~/hashcat-0.47$ cat cracked.txt
$6$kbA7uCaJ$jSN6v19v8Mj6qqzsi85A/9IG3d4CDzMkY1KxiwoM2BxPS8dqL5wg.DZrOuiHF3OX/6c/b0DoZQTPphptZxx4o.
:ilovebeer
$6$BhvJ.qe2$IopPfOUpXfNX82.rK9g8rqLwutjOaqxFwuVdqWefBNs7JgWPIerp..JSj2khiu9qsW3M0FcMmuB0jrcXvZwHH1
:!!!lollipop!!!
46Foundations of Cybersecurity 2016
Salting
Salting: [Alice, saltA, h(passwordAlice || saltA)],[Bob, saltB, h(passwordBob || saltB)], …
Salt is random for every user
Linux – 8 characters for salt (max. 16)
- Assume charset [a-zA-Z0-9./] for salt (64 possible characters):648 = 281,474,976,710,656 = 248 possible hashes of same password when salted
47Foundations of Cybersecurity 2016
Advantages of salt
Without salt
- Same hash functions on all machines
• Pre-compute hash of all common strings once
• Compare hash file with all known password files
- “Break once, break everywhere”-condition
With salt
- One password hashed 248 different ways (8 character salt)
• Pre-compute hash file?
- Need much larger file to cover all common strings(248 pre-computed hashes per possible password storage problem)
• Dictionary attack on known password file
- For each salt found in file, try all common strings
- Important: Salt like password hash are publicly readable
48Foundations of Cybersecurity 2016
Other countermeasures
Scenario: Offline attacks
- Attacker has password file/database and can apply tools like hashcat
- Increase complexity of hash computation to slow down attacker’s guessing rate
• E.g., cascade hashing: h(h(h(…..(h(password)))…)
• Key stretching (e.g., PBKDF2)
- Protect password file/database (e.g., encryption, access control,…)
Scenario: Online attacks
- Attacker must enter password into a form to check current guess (e.g., login screen)
- Login mechanism can apply reactive measures:
• Increasing timeout between two guesses
• Lock account after number of wrong guesses
• Proof that you are human (e.g., CAPTCHA)
• Require second factor authentication (e.g., token)
49Foundations of Cybersecurity 2016
Reusable Passwords
People tend to reuse the same passwords in different places
If one site is compromised, the password can be stolen and used elsewhere
At the root of “phishing” attacks
Password managers
- Allow complex, long, unique password per account
- Store password in an encrypted file
• Potential single point of failure: Who can see this file? How strongly is it protected? Can malware get at the database?
- People use multiple machines
• Synchronize the password database?
- Managers that can securely recognize websites can help protect against phishing
50Foundations of Cybersecurity 2016
Recall: Phishing
51Foundations of Cybersecurity 2016
Looks normal...
…but is not!
Safe to type your password?
52Foundations of Cybersecurity 2016
Safe to type your password?
53Foundations of Cybersecurity 2016
Safe to type your password?
54Foundations of Cybersecurity 2016
Safe to type your password?
55Foundations of Cybersecurity 2016
???
Safe to type your password?
56Foundations of Cybersecurity 2016
Safe to type your password?
57Foundations of Cybersecurity 2016
http://www.threattracksecurity.com/it-blog/wp-content/uploads/2013/07/fakewiki1.jpg
Tool support for Phishers
58Foundations of Cybersecurity 2016
10 seconds of work with the setoolkit(social engineering toolkit)
Real
Guessable passwords
September 16, 2008:
Compromise of [email protected] using password-reset functionality of Yahoo Mail.
No secondary mail needed
Date of Birth – Wikipedia
Zipcode – Wasilla has two
Where did you meet your spouse?
- Biographie
- Wikipedia, again…
Successfully changed password to “popcorn”
59Foundations of Cybersecurity 2016
Data Mining
Manufacturer of your first car?
- Until 1998, Ford had >25% of market
First name of your best friend?
- 10% of males: James/Jim, John, Robert/Bob/Rob
Name of your first / favorite pet
- Max, Jake, Buddy, Bear… etc.
- Top 500 (covers 65% of names) is available online
Mother’s Maiden Name, Social Security Number
- “Messin’ with Texas”[Griffith & Jakobsson, 2005]
60Foundations of Cybersecurity 2016
Guessable passwords
Wordhound: This is a tool that allows for the automated and targeted construction of wordlists and dictionaries [based on Twitter data and web contents] for use in conjunction with password attacks. [https://bitbucket.org/mattinfosec/wordhound]
CeWL: creating custom word lists by spidering a targets website and collecting unique words [https://digi.ninja/projects/cewl.php]
61Foundations of Cybersecurity 2016
Guessable passwords
62Foundations of Cybersecurity 2016
Targeted attacks
If the attacker really wants your password
63Foundations of Cybersecurity 2016
http://xkcd.com/538/
“Rubber hose cryptanalysis:”
Coercion attack where the user is forcibly
asked by an attacker to reveal the key
Security research du jour
Neuroscience Meets Cryptography:Designing Crypto Primitives Secure Against Rubber Hose Attacks[Bojinov et al., USENIX Security Symposium 2012]
- Use concept of implicit learning from cognitive psychology:user learns patterns without any conscious knowledge of the learned pattern
• Authors crafted a computer game to plant a password in the user’s brain without the user having conscious knowledge of the trained password
• Trained password can be used for authentication
• But: No rubber hose attack, since user does not have conscious knowledge of password!
Cracking-Resistant Password Vaults using Natural Language Encoders[Chatterjee et al., IEEE Security & Privacy 2015]
- Problem: Master password of password vaults (or managers) is single point of failure, attackable with efficient offline attacks
- Authors built encrypted vaults that resist such offline cracking attacks and forcing attackers to move to an online attack
• Introduce a new type of secure encoding scheme that they call natural-language encoders (NLEs)
• When decrypted with the wrong master password, it produces plausible-looking decoy passwords
• Attacker must test actual passwords to check if guessed correct master password (i.e. online attack)
64Foundations of Cybersecurity 2016
Biometrics
Use a person’s physical characteristics
- fingerprint, voice, face, keyboard timing, …
Advantages
- Cannot be disclosed, lost, forgotten
Disadvantages
- Cost, installation, maintenance
- Reliability of comparison algorithms
• False positive: Allow access to unauthorized person
• False negative: Disallow access to authorized person
- Privacy?
- If forged, how do you revoke?
65Foundations of Cybersecurity 2016
Voluntary finger cloning
Select the casting material
- Softened, free molding plastic (used by Matsumoto)
- Part of a large, soft wax candle (used by Willis; Thalheim)
Push the fingertip into the soft material
Let material harden
Select the finger cloning material
- Gelatin: “gummy fingers”, used by Matsumoto
- Silicone: used by Willis; Thalheim
Pour a layer of cloning material into the mold
Let the clone harden
66Foundations of Cybersecurity 2016
Matsumoto’s Technique
67Foundations of Cybersecurity 2016
Press a live finger against it.
Only a few dollars’ worth of Materials
Put the plastic into hot water to soften it.
The mold
Involuntary cloning
Clone without victim knowledge or assistance
Appears in Hollywood movies
- Sneakers (1992) “My voice is my passport”
- Never Say Never Again (1983) cloned retina
- Charlie’s Angels (2000)
• Fingerprints from beer bottles
• Eye scan from oom-pah laser
Bad news: it works!
Chaos Computer Club: “Der Abdruck wurde durch CCC-Aktivisten von einemWasserglas sichergestellt, das Dr. Schäuble bei einer öffentlichenVeranstaltung benutzt hatte.” [http://www.ccc.de/en/updates/2008/schaubles-finger]
68Foundations of Cybersecurity 2016
Gummy finger from latent print
Capture clean, complete fingerprint on a glass, CD, or other smooth, clean surface
Pick it up using tape and graphite
Scan it into a computer at high resolution
Enhance the fingerprint image
Print with laser printer
Overlay print with wood glue
After drying, your new identity is ready
69Foundations of Cybersecurity 2016
Source: http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren.de
Security research du jour
Continuous authentication using biometrics
- Problem: One-time authentication (e.g. login screen) becoming insufficient on modern devices
• PCs/Laptops often left unattended but logged in!
• Smartphones require high frequency of unlocking. Too cumbersome for many users, which thus do not set a password or lock pattern! (Usability principle not fulfilled)
- Continuous authentication: Seamless (re-)authentication of the user’s identity
- Various research works based on biometrics
• Examples:
- How you type text on a keyboard (typing activity)
- How you interact with the touchscreen of smartphone (type/swipe frequency/acceleration/trajectory/pressure, rotation of the phone during interaction)
- User’s gait (detected using smartphone sensors)
- Fingerprint scanner integrated in mouse
• Usually rely on machine learning (neural networks)
70Foundations of Cybersecurity 2016
Token-based authentication
Several configurations and modes of use
- Device produces password, user types into system
- User unlocks device using PIN
- User unlocks device, enters challenge
Example: S/Key
- User enters string, device computes sequence
• p0 = hash(string|rand); pi+1 = hash(pi)
• pn placed on server; set counter k = n
- Device can be used n times before reinitializing
• Send pk-1 = to server, set k = k-1
• Sever checks hash(pk-1) = pk , stores pk-1
71Foundations of Cybersecurity 2016
Disadvantages of Tokens
Can be stolen or lost
Lack of hardware/software support on many machines
Inconvenient to use
Cost
72Foundations of Cybersecurity 2016
Two-Factor Authentication
Combine two of the three types of authentication
Use second factor to work around limitations of first
Important security requirement:Both channels are independent from each other, socompromise of one channel does not compromisethe other
Examples:
- Online banking password plus generated TAN
- Online banking password plus mTAN(unless banking done on same phonethat receives mTAN)
- Account password plus authenticator
- RSA SecurID card plus PIN
73Foundations of Cybersecurity 2016
Security research du jour
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound[Karapanos et al. USENIX Security Symposium 2015]
- Problem: Usability issues of two-factor authenticaton
- Authors use proximity of the user’s phone to the device being used to log in as second factor
• proximity of the two devices is verified by comparing the ambient noise recorded by their microphones
• Audio recording and comparison are transparent to the user, so that the user experience is similar to one-factor authentication (e.g., password only)
The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio[Shrestha et al. Conference on Computer and Communications Security 2016]
- Attack on Sound-Proof
- Emit predictable sound from smartphone (alert, call, media playback, …)
74Foundations of Cybersecurity 2016