User(-to-Device) Authentication*
Nitesh Saxena
Polytechnic Institute of NYU
*Adopted from a previous lecture by Vitaly Shmatikov
slide 1
Course Admin
 Exam next Thursday: same room, 6-8:30pm
 Final study topics posted
 Basically covers most of the lecture materials
 A sample final exam will be given out soon
 TA will do a short review on coming Monday (56pm)
 HW6 demos on Dec 20 and Dec 21; please
sign-up for your slots
 HW5 being graded; solution will be provided
very soon
slide 2
Recall: Basic Problem
?
How do you prove to someone that
you are who you claim to be?
Any system with access control must solve this problem
slide 3
Recall: Many Ways to Authenticate
Something you know
• Passwords/PINs
Something you have
• Secure tokens
Something you are
• Biometrics
 What is the best method to authenticate: secure
as well as usable and universal? Is there any?
slide 4
(Textual) Passwords
User has a secret password.
System checks it to authenticate the user.
How is the password communicated?
• Eavesdropping risk
How is the password stored?
• In the clear? Encrypted? Hashed?
How does the system check the password?
How easy is it to guess the password?
• Easy-to-remember passwords tend to be easy to guess
• Password file is difficult to keep secret
slide 5
Passwords in the Real World
[PasswordResearch.com]
From high school pranks…
• Student in Tyler changes school attendance records
• Students in California change grades
– Different authentication for network login and grade system,
but teachers were using the same password (very common)
…to serious cash
• English accountant uses co-workers’ password to steal
$17 million for gambling
…to identity theft
• Helpdesk employee uses passwords of a credit card
database to sell credit reports to Nigerian scammers
slide 6
Passwords and Computer Security
First step after any successful intrusion: install
sniffer or keylogger to steal more passwords
Second step: run cracking tools on password files
• Usually on other hijacked computers
In Mitnick’s “Art of Intrusion”, 8 out of 9 exploits
involve password stealing and/or cracking
• Excite@Home: usernames and passwords stored in the
clear in troubleshooting tickets
• “Dixie bank” hack: use default router password to
change firewall rules to enable incoming connections
slide 7
UNIX-Style Passwords
user
“cypherpunk
”
hash
function
system password file
t4h97t4m43
fa6326b1c2
N53uhjr438
Hgg658n53
…
slide 8
Password Hashing
Instead of user password, store H(password)
When user enters password, compute its hash
and compare with entry in password file
• System does not store actual passwords!
• Difficult to go from hash from password!
Hash function H must have some properties
• One-way: given H(password), hard to find password
– No known algorithm better than trial and error
• Is collision resistance needed?
slide 9
UNIX Password System
Uses DES encryption as if it were a hash function
• Encrypt NULL string using password as the key
– Truncates passwords to 8 characters!
• Can instruct modern UNIXes to use MD5 hash function
Problem: passwords are not truly random
• With 52 upper- and lower-case letters, 10 digits and
32 punctuation symbols, there are 948  6 quadrillion
possible 8-character passwords
• Humans like to use dictionary words, human and pet
names  1 million common passwords
slide 10
Dictionary Attack
Password file /etc/passwd is world-readable
• Contains user IDs and group IDs which are used by
many system programs
Dictionary attack is possible because many
passwords come from a small dictionary
• Attacker can pre-compute H(word) for every word in
the dictionary – this only needs to be done once!!
– This is an offline attack
– Once password file is obtained, cracking is instantaneous
• With 1,000,000-word dictionary and assuming 10
guesses per second, brute-force online attack takes
50,000 seconds (14 hours) on average
slide 11
Salt
shmat:fURxfg,4hLBX:14510:30:Vitaly:/u/shmat:/bin/csh
/etc/passwd entry
salt
(chosen randomly when
password is first set)
Password
hash(salt,pwd)
• Users with the same password have different entries
in the password file
• Offline dictionary attack becomes much harder
slide 12
Advantages of Salting
Without salt, attacker can pre-compute hashes of
all dictionary words once for all password entries
• Same hash function on all UNIX machines; identical
passwords hash to identical values
• One table of hash values works for all password files
With salt, attacker must compute hashes of all
dictionary words once for each combination of
salt value and password
• With 12-bit random salt, same password can hash to
4096 different hash values
slide 13
Shadow Passwords
shmat:x:14510:30:Vitaly:/u/shmat:/bin/csh
Hashed password is not
stored in a world-readable file
/etc/passwd entry
• Store hashed passwords in /etc/shadow file which is
only readable by system administrator (root)
• Add expiration dates for passwords
• Early Shadow implementations on Linux called the
login program which had a buffer overflow!
slide 14
Password Security Risks
 Keystroke loggers
• Hardware
– KeyGhost, KeyShark, others
• Software (spyware)
 Observation attacks
• See our recent work on keyboard acoustic emanations:
http://eprint.iacr.org/2010/605.pdf
 Online attacks
 Offline attacks
 These can be dealt with somewhat (how?), but…….
slide 15
User Issues!!
 Make passwords easy to remember
• “password”, “Longhorns”, “Kevin123”
 Write them down
 Use a single password at multiple sites
• Do you use the same password for Amazon and your bank
account? MyPoly? Do you remember them all?
 Some services use “secret questions”
to reset passwords
• “What is your favorite pet’s name?”
• Paris Hilton’s T-Mobile cellphone hack
 Susceptible to Social Engineering
• e.g., Phishing
slide 16
Social Engineering
Univ. of Sydney study (1996)
• 336 CS students emailed asking for their passwords
– Pretext: “validate” password database after suspected break-in
• 138 returned their passwords; 30 returned invalid
passwords; 200 reset passwords (not disjoint)
Treasury Dept. report (2005)
• Auditors pose as IT personnel attempting to correct a
“network problem”
• 35 (of 100) IRS managers and employees provide their
usernames and change passwords to a known value
Other examples: Mitnick’s “Art of Deception”
slide 17
A Recent Email…
slide 18
Images from Anti-Phishing Working Group’s Phishing Archive
slide 19
Images from Anti-Phishing Working Group’s Phishing Archive
The next page requests:
 Name
 Address
 Telephone
 Credit Card Number, Expiration Date, Security Code
 PIN
 Account Number
 Personal ID
 Password
slide 20
slide 21
Images from Anti-Phishing Working Group’s Phishing Archive
But wait…
WHOIS 210.104.211.21:
Location: Korea, Republic Of
slide 22
Images from Anti-Phishing Working Group’s Phishing Archive
slide 23
Phishing: A Growing Problem
Over 16,000 unique phishing attacks reported in
Nov. 2005, about double the number from 2004
Estimates suggest phishing affected 1.2 million
US citizens and cost businesses billions of
dollars in 2004
Additional losses due to consumer fears
slide 24
[Anti-Phishing Working Group, Phishing Activity Trends Report, Dec. 2005]
Basic Phishing Attack
 Victim receives email seemingly from an institution
• Often reports a problem with victim’s account
• Email demands immediate action
 Victim led to a website that mimics that of the institution
• Prompted to enter account information, passwords, personal
information, etc.
 Two variations:
• Passive: Attacker collects victim’s information for later exploitation
• Active: Attacker relays victim’s information to the real institution and
plunders the account in real time
slide 25
Current Phishing Techniques
 Employ visual elements from target site
 DNS Tricks:
•
•
•
•
www.ebay.com.kr
www.ebay.com@192.168.0.5
www.gooogle.com
Unicode attacks
 JavaScript Attacks
• Spoofed SSL lock
 Certificates
• Phishers can acquire certificates for domains they own
• Certificate authorities make mistakes
slide 26
Advanced Phishing Attacks
 Spear-phishing: Improved target selection
 Socially aware attacks [Jakobsson 2005]
• Mine social relationships from public data
• Phishing email appears to arrive from someone known to the victim
 Context-aware attacks [ibid]
• “Your bid on eBay has won!”
• “The books on your Amazon wishlist are on sale!”
slide 27
User Issues!!
Users are “task-focussed”
Security is a secondary objective
Users choose bad passwords and readily
disclose them
Users cannot parse URLs, domain names or
PKI certificates
Users are inundated with warnings and popups
slide 28
Phishing Prevention Approaches
 Heuristics
• Spoofguard [Chou et al. 2004], TrustBar [HerzGbar 2004], eBay toolbar,
SpoofStick
• Recent studies indicate users ignore toolbar warnings [Wu et al.
2005]
slide 29
Spoofguard example
slide 30
Other Approaches
 Origin/Server Authentication
• Dynamic Security Skins [DhamTyga 2004], Passmark, and the Petname
project; BankofAmerica SiteKey
• All rely on user diligence – a single mistake will result in a
compromised account (slow to load image!)
slide 31
Another approach
PwdHash
• Instead of the password p, share the hash of the
password (concatenated with domain name):
H(p, domain)
• User types in the password p, the browser computes
H(p, domain) and send it to the server
• Phishing site learns the hashed value for its own
doman, which is of no “direct” use (except running a
dictionary attack on the password)
slide 32
In summary
 Lot of problems with the passwords
• Especially due to user behavior
 Can we help users pick strong(er) passwords
• Use of mnemonics: Easy to remember but hard to
guess phrases
– Phrase to a password
• “Jack and Jill went up the hill” (JaJwuth) (probably not
good!)
• “I’ve owned 4 Gateway computers so far” (Io4Gcsf )
Other Directions…
slide 33
Graphical Passwords
Images are easy for humans to recall/recognize
• Especially if you invent a memorable story to go
along with the images
Images can not be “written down”
slide 34
Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them later
in authentication.
http://www.random-art.org/
• Using Hash Visualization, which,
given a seed, automatically
generate a set of pictures
• No need to store images, but
take longer to create passwords
password space: N!/K! (N-K)!
( N-total number of pictures; K-number of pictures selected as passwords)
slide 35
Sobrado and Birget Scheme
System display a number of pass-objects (pre-selected by user)
among many other objects, user click inside the convex hull
bounded by pass-objects.
• authors suggeated using 1000
objects, which makes the display
very crowed and the objects almost
indistinguishable.
password space: N!/K! (N-K)!
( N-total number of picture objects; K-number of pre-registered objects)
slide 36
PassFaces
Using human faces as password
slide 37
User Quotes
“I chose the images of the ladies which appealed
the most”
“I simply picked the best lookin girl on each page”
“In order to remember all the pictures for my
login (after forgetting my ‘password’ 4 times
in a row) I needed to pick pictures I could
EASILY remember... So I chose beautiful women.
The other option I would have chosen was
handsome men, but the women are much more
pleasing to look at”
slide 38
More User Quotes
“I picked her because she was female and Asian
and being female and Asian, I thought I could
remember that”
“I started by deciding to choose faces of people in
my own race…”
“… Plus he is African-American like me”
slide 39
Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the coordinates of the
grids occupied by the picture are stored in the order of drawing
redrawing has to touch the
same grids in the same
sequence in authentication
user studies showed the
drawing sequences is hard to
Remember
slide 40
“PassPoint” Scheme
User click on any place on an image to create a password. A tolerance
around each chosen pixel is calculated. In order to be authenticated,
user must click within the tolerances in correct sequence.
 can be hard to remember the
sequences
Password Space: N^K
( N -the number of pixels or smallest
units of a picture, K - the number of
Point to be clicked on )
slide 41
Disadvantages
Graphical password schemes are perceived to be
more vulnerable to “shoulder surfing”
A change in infrastructure is needed
Need to store, transmit images in many cases
slide 42
Biometric Authentication
Nothing to remember
Passive
• Nothing to type, no devices to carry around
Can’t share (usually)
Can be fairly unique
• … If measurements are sufficiently accurate
slide 43
Problems with Biometrics
Identification vs. authentication
• Identification = associating an identity with an event or
a piece of data
– Example: fingerprint at a crime scene
• Authentication = verifying a claimed identity
– Example: fingerprint scanner to enter a building
How hard are biometric readings to forge?
• Difficulty of forgery is routinely overestimated
• Analysis often doesn’t take into account the possibility
of computer-generated forgery
Revocation is difficult or impossible
slide 44
Fake Fingers
[Schuckers]
Gelatin: gummy fingers
Play-Doh fingers fool 90%
of fingerprint scanners
• Clarkson University study
Suggested perspiration
measurement to test
“liveness” of the finger
slide 45
Face/off 
slide 46
Tokens
 Generally used to improve security of passwords
• Two-factor authentication: “Something you have” + “Something
you know”
• Use of “one time passwords”
 Example: RSA SecurID (many different forms)
 Problem: token might not be available, when needed; also each
secure site needs a different token
slide 47
Playful Security: Security can be fun!
 A direction we have been
taking
 Make security tasks fun and
entertaining for the users;
entice them
 Hoping that users will better
comply at them
 Tom Sawyer Effect
 Can be applied to many
different problems
 Currently, Google has shown
interest in our research
slide 48
References
 Use google
 Some of these can be found here:
• http://www.cs.utexas.edu/~shmat/courses/cs378_fall07/cs378_ref.html
slide 49