Transcript Document

Computer Science 653 --Lecture 2
Passwords
Professor Wayne Patterson
Howard University
Fall 2009
Access Control
Access Control
• Two parts to access control
• Authentication: Who goes there?
– Determine whether access is allowed
– Authenticate human to machine
– Authenticate machine to machine
• Authorization: Are you allowed to do that?
– Once you have access, what can you do?
– Enforces limits on actions
• Note: Access control often used as synonym for
authorization
Authentication
Who Goes There?
• How to authenticate a human to a machine?
• Can be based on…
– Something you know
• For example, a password
– Something you have
• For example, a smartcard
– Something you are
• For example, your fingerprint
Something You Know
• The most familiar example is the password. The theory is
that if you know the secret password for an account, you
must be the owner of that account.
• There is a problem with this theory: You might give your
password away or have it stolen from you. If you write it
down, someone might read it. If you tell someone, that
person might tell someone else. If you have a simple, easyto-guess password, someone might guess it or systemically
crack it.
Something You Have
• Examples are keys, tokens, badges, and smart cards you
must have to “unlock” your terminal or your account. The
theory is that if you have the key or equivalent, you must
be the owner of it.
• The problem with this theory is that you might lose the
key, it might be stolen from you, or someone might borrow
it and duplicate it. Electronic keys, badges, and smart cards
are gaining acceptance as authentication devices and as
access devices for buildings and computer rooms.
Something You Are
• Examples are physiological or behavioral traits
such as your fingerprint, handprint, retina pattern,
voice, signature, or keystroke pattern.
• Biometric systems compare your particular trait
against the one stored for you and determine your
authenticity.
• The problem with these systems is that, on the
whole, people aren’t comfortable with them.
Passwords: The First Line of
Defense
• Remember this:
–
8x3;2jqab%
System Access: Logging into Your
System
• The first way in which a system provides computer
security is by controlling access to that system. Who’s
allowed to log in? How does the system decide whether a
user is legitimate? How does the system keep track of
who’s doing what in the system?
• What’s really going on when you try to log into a system?
It’s a kind of challenge. You tell the system who you are,
and the system proves that you are (or you aren’t) who you
claim to be. In security terms, this two-step process is
called identification and authentication.
Something You Know
• Passwords
• Lots of things act as passwords!
–
–
–
–
–
PIN
Social security number
Mother’s maiden name
Date of birth
Name of your pet, etc.
Passwords: The Method of
Choice
• Passwords are still, far and away, the
authentication tool of choice. In most systems, you
identify yourself to the system by entering some
kind of unique login identifier, followed by a
password. The identifier is typically a name,
initials, a login number, or an account number
assigned by the system administrator based on
your own name and/or group.
Trouble with Passwords
• “Passwords are one of the biggest practical problems facing
security engineers today.”
• “Humans are incapable of securely storing high-quality
cryptographic keys, and they have unacceptable speed and
accuracy when performing cryptographic operations. (They
are also large, expensive to maintain, difficult to manage,
and they pollute the environment. It is astonishing that these
devices continue to be manufactured and deployed.)”
Why Passwords?
• Why is “something you know” more
popular than “something you have” and
“something you are”?
• Cost: passwords are free
• Convenience: easier for SA to reset pwd
than to issue user a new thumb
Keys vs Passwords
•
•
•
•
•
• Passwords
Crypto keys
• Spse passwords are 8
Spse key is 64 bits
characters, and 256 different
characters
Then 264 keys
8 = 264 pwds
•
Then
256
Choose key at random
• Users do not select
Then attacker must try about
passwords at random
63
2 keys
• Attacker has far less than 263
pwds to try (dictionary
attack)
The UNIX Example
•
As you know, for example, UNIX systems display the prompt:
• login:
•
and expect a “name” in response. Other systems may expect an identifier of a
specific length --- for example, a 3-character ID or an account number. After
you enter your login ID, the system prompts:
• Password:
•
•
and you type the password, and authenticates your identity by verifying that
the entered password is currently valid for your account.
Passwords are your main defense against intruders. To protect your system and
your data, you must select good passwords, and you must protect them
carefully.
Hints for Protecting Passwords
•
Both system administrators and users share responsibility share responsibility for
enforcing password security. Here are some hints:
•
A password should be like a toothbrush. Use it every day; change it regularly;
and don’t share it with friends.
Don’t allow any logins without passwords. If you’re the administrator, make sure
every account has a password.
Don’t keep passwords that may have come with your system. Change all test or
guest passwords, for example root, system, test, demo, etc.
Don’t ever let anyone use your password.
Don’t write your password down --- particularly on your computer, or anywhere
around your desk. If you ever do write it down, don’t identify it as a password,
and don’t write the phone number of the computer on the same piece of paper.
Don’t type a password while anyone else is watching.
Don’t record your password online or send it anywhere by electronic mail.
Don’t make a bad situation worse. If you do share your password, change it
immediately.
Don’t keep the same password indefinitely.
•
•
•
•
•
•
•
•
After Authentication
• Once you’ve been authenticated, the system
uses your ID to determine what you’re
allowed to do in the system. For example, if
you try to modify a sensitive file, the system
checks your authenticated user ID against
the list of IDs representing users who are
authorized to read and write the data in that
file.
Good and Bad Passwords
• Bad passwords
–
–
–
–
–
–
–
frank
Fido
password
4444
Pikachu
102560
AustinStamp
• Good Passwords?
–
–
–
–
–
–
jfIej,43j-EmmL+y
09864376537263
P0kem0N
FSa7Yago
0nceuP0nAt1m8
PokeGCTall150
Password Experiment
•
Three groups of users  each group advised to
select passwords as follows
– Group A: At least 6 chars, 1 non-letter
winner – Group B: Password based on passphrase
– Group C: 8 random characters
•
Results
–
–
Group A: About 30% of pwds easy to crack
Group B: About 10% cracked
•
–
Passwords easy to remember
Group C: About 10% cracked
•
Passwords hard to remember
Password Experiment
• User compliance hard to achieve
• In each case, 1/3rd did not comply (and about
1/3rd of those easy to crack!)
• Assigned passwords sometimes best
• If passwords not assigned, best advice is
– Choose passwords based on passphrase
– Use pwd cracking tool to test for weak pwds
– Require periodic password changes?
Brute Force Attacks
• At one time, a system cracker would have to try to guess your
password, one attempt at a time (a so-called brute force attack). Like
many things, this process has been automated. In theory, the longer the
password, the longer it takes to break by brute force. If a password has
eight random characters, the number of possible combinations will be:
• (Under the assumption that the allowable characters are the 26 letters,
not case-sensitive, and the 10 numerals. Thus, 36 symbols altogether.)
•
368 = 2,821,109,907,456  3 trillion.
• At one search per microsecond, this is still 2,821,110 seconds, or
slightly less than 1000 hours, or about six weeks. (By a standard
argument of probability, you only have to expect to wait half that long,
or three weeks, before you would hit the right password.)
Case-sensitivity
• If you make the passwords case-sensitive, you can improve
this to
•
628 = 218,340,105,584,896  218 trillion.
• And now the same attacker, at a million tries per second,
would have to take 70 times as long, or approximately 4
years.
• The problem is, users don’t select random, or even
decently secure passwords, and a cracker doesn’t need to
figure out your password --- any password will do.
Unfortunately, users typically pick passwords that are
laughably easy to guess --- their initials, their children’s
names, their license plates, etc.
Brute Force Attacks in General
• The “brute force” or “exhaustive search” password
attack relies on trying every potential combination
for a password
• Thus, in general, if a password system requires
entering exactly n symbols, and the allowable
symbol set has c elements, the total number of
potential passwords is:
• c choices for the first symbol, then c choices for
the second symbol, …
• These are all mutually exclusive, so the total
number of choices is c x c … c = cn
Brute Force Attacks (more)
• So with cn choices, if our symbol set was case
sensitive letters, {A..Z,a..z} (cardinality 52) and
we had to enter 7 symbols, the total number of
choices would be 527 = 1,028,071,702,528 = 1.0 x
1012
• With in addition numerics and perhaps 4 special
symbols {& % # $} and a requirement for 10
symbols, now we have 6610 =
1,568,336,880,910,795,776 = 1.6 x 1018
Brute Force Attacks (more)
• The computation gets a little more complicated if
the password rule insists on at least one of each
type of character, for example; or if the password
can have a variable length.
• E.g., if we only allowed the 26 letters, and the
password could be anywhere from 6 to 10
characters, the total number of choices would be
• 266 + 267 + 268 + 269 + 2610 =
146,813,767,122,880 = 1.5 x 1014
How Long will the Attack Take?
• It is not unreasonable to think that an automated
brute force attack could test one password per
microsecond
• Thus, 106/sec; 3.6 x 109/hr; ~1011/day
• So for the 7-symbol, case-sensitive system, we
could try all passwords in 10 days
• But: every one of the tries has an equal probability
of succeeding; thus, the expectation is that we will
succeed by the time we are halfway through.
Therefore, 5 days to break this system.
Attacks on Passwords
• Attacker could…
–
–
–
–
Target one particular account
Target any account on system
Target any account on any system
Attempt denial of service (DoS) attack
• Common attack path
– Outsider  normal user  administrator
– May only require one weak password!
Password Retry
• Suppose system locks after 3 bad
passwords. How long should it lock?
– 5 seconds
– 5 minutes
– Until SA restores service
• What are +’s and -’s of each?
Password File
• Bad idea to store passwords in a file
• But need a way to verify passwords
• Cryptographic solution: hash the passwords
– Store y = h(password)
– Can verify entered password by hashing
– If attacker obtains password file, he does not obtain
passwords
– But attacker with password file can guess x and check
whether y = h(x)
– If so, attacker has found password!
Dictionary Attack
• Attacker pre-computes h(x) for all x in a
dictionary of common passwords
• Suppose attacker gets access to password file
containing hashed passwords
– Attacker only needs to compare hashes to his precomputed dictionary
– Same attack will work each time
• Can we prevent this attack? Or at least make
attacker’s job more difficult?
More General Dictionary Attacks
• We can devise dictionary attacks using standard
dictionaries. It is not hard to obtain lists of
dictionary words online.
• Then, the attacker can process this list, trying each
word.
• This raises the question, “how many words are
there in a dictionary?”
• Perhaps more generally, “how many words are
there in the English language?”
Password File
• Store hashed passwords
• Better to hash with salt
• Given password, choose random s, compute
y = h(password, s)
and store the pair (s,y) in the password file
• Note: The salt s is not secret
• Easy to verify password
• Attacker must recompute dictionary hashes for
each user  lots more work!
Password Cracking:
Do the Math
• Assumptions
• Pwds are 8 chars, 128 choices per character
– Then 1288 = 256 possible passwords
•
•
•
•
There is a password file with 210 pwds
Attacker has dictionary of 220 common pwds
Probability of 1/4 that a pwd is in dictionary
Work is measured by number of hashes
Password Cracking
• Attack 1 password without dictionary
– Must try 256/2 = 255 on average
– Just like exhaustive key search
• Attack 1 password with dictionary
– Expected work is about
1/4 (219) + 3/4 (255) = 254.6
– But in practice, try all in dictionary and quit if not
found  work is at most 220 and probability of success
is 1/4
Password Cracking
• Attack any of 1024 passwords in file
• Without dictionary
– Assume all 210 passwords are distinct
– Need 255 comparisons before expect to find password
– If no salt, each hash computation gives 210 comparisons
 the expected work (number of hashes) is 255/210 = 245
– If salt is used, expected work is 255 since each
comparison requires a new hash computation
Password Cracking
• Attack any of 1024 passwords in file
• With dictionary
– Probability at least one password is in dictionary is 1 (3/4)1024 = 1
– We ignore case where no pwd is in dictionary
– If no salt, work is about 219/210 = 29
– If salt, expected work is less than 222
– Note: If no salt, we can precompute all dictionary
hashes and amortize the work
Other Password Issues
• Too many passwords to remember
– Results in password reuse
– Why is this a problem?
• Who suffers from bad password?
– Login password vs ATM PIN
•
•
•
•
Failure to change default passwords
Social engineering
Error logs may contain “almost” passwords
Bugs, keystroke logging, spyware, etc.
Social Engineering Attacks
• A third approach to breaking passwords is
called “social engineering.”
• If one is trying to find a password for a
specific individual, this is likely to be the
most fruitful.
• See the film, “War Games” and remember
Joshua.
Passwords
• The bottom line
• Password cracking is too easy!
– One weak password may break security
– Users choose bad passwords
– Social engineering attacks, etc.
• The bad guy has all of the advantages
• All of the math favors bad guys
• Passwords are a big security problem
Password Cracking Tools
• Popular password cracking tools
–
–
–
–
Password Crackers
Password Portal
L0phtCrack and LC4 (Windows)
John the Ripper (Unix)
• Admins should use these tools to test for weak
passwords since attackers will!
• Good article on password cracking
– Passwords - Conerstone of Computer Security
Picking Passwords (à la
Patterson)
• Now here’s the problem with passwords, and it’s
serious. There are a limited number of things a
human being can remember. What was that string I
gave you at the beginning of the class?
• Here’s my personal strategy. It is definitely NOT
the recommended way. But no one has ever
guessed one of mine, and I’ve never forgotten one.
What We Remember
• There are many things that we do remember easily.
Unfortunately, for many of these things, anyone else can
remember, discover, or guess them as well. Someone can
guess your password by accident or by design. If they
guess it by a totally random process, then the only
protection you have is to choose longer passwords.
• But, if they guess it by design, it’s because you had a
weakness in your choice of password. Let’s examine the
ways in which one can choose passwords, and the ways in
which people can guess that information.
The Bulls-Eye
• Let’s design a chart, like a bulls-eye, of
things that are lodged in your memory. Let
rank these things from 1 to 10 by ease of
recollection (with 10 meaning easiest to
remember). Such a chart might look
something like this:
Memory Reference
Where I left my car
keys
Next
dentist
appt
Student ID
1
5
10
Bank account
number
Bill collector’s
phone number
Car
licence
Test
dates
Mom
Girlfrien
d
Boyfrien
d
Dog
Favorite
CD
Favorite
place to
visit
Ease of Learning by Opponent
• Now, by the same token, let’s design another chart, also in
this bulls-eye format, representing the ease (10) or the
difficulty (1) of someone else remembering or learning the
same information.
• In this case, what’s easy to determine? My mother’s name,
girlfriend/boyfriend, dog’s name, favorite CD, are
probably all easy for someone to determine, if they talk to
anyone who knows me at all. So I would rank all of these a
10. Where I left my car keys, or my next dentist
appointment might be more difficult to determine, so they
would probably be down closer to a 1. Student ID, or bank
account number? Not too difficult for someone to
determine. Let’s say about a 7 or 8. Let’s look at a possible
“Cracker Reference”:
Cracker’s Reference
Where I left my
car keys
Next
dentist
appoin
tment
1
Studen
t ID
5
10
Car
licence
Favorite
place to
visit
Mom
Girlfr
iend
Boyfr
iend
Dog
Simple to Remember, Hard to Guess
• So here’s the principle that’s involved. I want to be
able to choose passwords that are as simple as
possible to remember (in other words, maximizing
the value in the bulls-eye in the memory reference
chart); at the same time, making it as hard as
possible for anyone else to determine, that is
minimizing the value in the cracker’s reference.
Simple to Remember, Hard to Guess
• Furthermore, in this latter case, I have to minimize
this value over all possible crackers --- i.e. anyone
else who has some information about me. Thus, if
99% of the world does not know what my favorite
place to visit is (therefore giving a cracker reference
of 1), but I have discussed that wonderful vacation
with 1 percent of the population (for whom that
value might therefore be 7 or 8), I have to treat the
overall value for that place name to be the 7 or 8.
PFQ
• So the principle, which I can state as a formula, is maximize the
Memory Reference for a potential password, and minimize the greatest
possible value for a Cracker Reference. Then, calculate the Privacy
and Familiarity Quotient (PFQ) by dividing these two quantities:
Memory Reference
• PFQ = ------------------------------------------------Max(over all people) Cracker Reference
• Obviously, the best possible value for PFQ is 10/1 = 10. Your
passwords should come as close as possible to that value.
B. O. Lounder
• In practice, how can you maximize this “PFQ”? Here’s
what I do. I think back through my life for an event, or
series of events, that are very vivid to me. For example, the
teacher who had me expelled from high school was named
B. O. Lounder. I will never forget his name.
• That might have been a very good choice of password,
since it is clearly a 10 in Memory Reference. However,
there are still a lot of my high school classmates around,
and sooner or later, if someone talked to them about me,
they would likely hear the story of Mr. Lounder.
Penobscot
• But no one knows about the time that I went off on my
own, when I was in college, and had an interesting visit to
Penobscot, Maine.
• That’s a trip I won’t forget --- and really I’ve never
discussed it with anyone --- until now --- and so penobscot
would be a very good password choice for me.
• Actually, an even better one would be something like
penobscotm, or penobscotx, or qpenobscot, or
penob%scot, just in case a cracker had an index of all of
the place names in the United States.
A Dozen Solid Memory References
• In this way, I construct a list of about a dozen of those
solid memory references, to which virtually no one else
can connect me (by the way, I’m just kidding about
Penobscot --- but not about B. O. Lounder).
• And I construct a slightly modified version of those names
for my collection of passwords. As I said, I keep about a
dozen or so on hand. And none of them are ever written
down --- they don’t have to be!
Protecting Passwords
• Most systems protect passwords in two
important ways: they make passwords hard
to guess and login controls hard to crack,
and they protect the file in which passwords
are stored.
• But not UNIX --- e.g.:
– cat /etc/passwd
• !!!
Sample Login/Password Controls
• Last login message
– When you log in, the system may display the date and
time of your last login. Many systems also display the
number of unsuccessful attempts since the last
successful login. This may give you a chance to
discover if your account has been used by someone
else.
• User-changeable passwords
– In many systems, you’re allowed to change your own
password at any time
Sample Login/Password Controls
• System-generated passwords
– Some systems require you to use passwords generated randomly by the
system. VAX/VMS 4.3 ensures that these passwords are pronounceable.
Some systems let you view several random choices from which you can
pick one. The danger, of course, is that these are eminently forgettable.
• Password aging and expiration
– When a specified time is reached, e.g. the end of the month, all passwords
in the system may expire. New passwords usually may not be identical to
the old passwords. The system should give reasonable notice before
requiring you to change a password, if you have to pick quickly, you’re
likely to pick poorly.
• Minimum length
– Some systems require that passwords be a minimum length, say 6 to 8
characters.
Sample Login/Password Controls
• Password locks
– Locks allow the system administrator to restrict certain users from
logging in or to lock login accounts that haven’t been used for an
extended period of time.
• System passwords
– System passwords control access to particular devices that might
be targets for unauthorized use.
• Primary and secondary passwords
– Some systems require that two users, each with a valid password,
be present to log in successfully to extremely sensitive accounts.
• Network password
– Some systems require special passwords for network or
communications access.
Protecting Your Password in Storage
• Typically, valid passwords are stored in a password file.
Protection of passwords is extremely critical to system
security. Systems commonly use both encryption and
access controls to protect password data.
• Most systems encrypt the data stored in the system’s
password file.
• Most systems perform “one-way encryption” of
passwords. One-way encryption means that the password
is never decrypted. Each time you log in and enter your
password, the system encrypts your entered password and
compares the encrypted version with the encrypted
password stored in the password file.