Matakuliah
Tahun
Versi
: H0242 / Keamanan Jaringan
: 2006
:1
Pertemuan 04
Pengamanan Akses
Sistem
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan
mahasiswa akan mampu :
– Mahasiswa dapat menerapkan keamanan
akses sistem
2
Outline Materi
• Proteksi Password
• Strategi Password
3
Authentication
• Verifying the identity of another entity
• Two interesting cases (for this class):
– Computer authenticating to another
computer
– Person authenticating to a computer
• Two issues:
– How authentication information is
stored (at both ends)
– Authentication protocol itself
4
Password-based protocols
• Any password-based protocol is
vulnerable to an off-line dictionary attack
if server is compromised
• Goal: password-based protocol should be
secure against off-line attacks when
server is not compromised
– Unfortunately, this has not been the
case in practice (e.g., telnet, cell
phones, etc.)
5
Password selection
• User selection of passwords is typically
very weak
– Lower entropy password makes
dictionary attacks easier
• Typical passwords:
– Derived from account names or
usernames
– Dictionary words, reversed dictionary
words, or small modifications of
dictionary word
6
Password Selection
•
•
•
•
Non-alphanumeric characters
Longer phrases
Can try to enforce good password selection
But these types of passwords are difficult for
people to memorize and type!
7
Centralized Password Storage
• Authentication storage node
– Central server stores password; servers
request the password to authenticate
user
• Auth. facilitator node
– Central server stores password; servers
send information from user to be
authenticated by the central server
• Note that central server must be
authenticated!
8
Authentication Protocols
• Server stores H(pw); user sends pw
– Secure against server compromise, but
not eavesdropping (or replay attacks)
• Server stores pw, sends R; user sends
H(pw,R)
– Secure against eavesdropping, but not
server compromise (or dictionary attack)
• Can we achieve security against both?
9
Authentication of People
•
•
•
•
What you know (passwords)
What you have (keys)
What you are (biometric devices)
Where you are (physical)
10
Access Control
• State of a system
– Includes, e.g., current memory contents,
all secondary storage, contents of all
registers, etc.
• Secure states
– States in which the system is allowed to
reside
– Security policy defines the set of secure
states
– Security mechanism ensures that system
never leaves secure state
11
Access Control List (ACL)
• Instead of storing central matrix, store each
column with the object it represents
– Stored as pairs (s, r)
• Subjects not in list have no rights
– Can use wildcards to give default rights
12
Potential problems
• What if one process gives capabilities to
another? (Possibly indirectly)
– Can lead to security violation
• One solution: assign security
classifications to capabilities
– E.g., when capability created, its
classification is the same as the
requesting process
– Capability contains rights depending on
the object to which it refers
13
Example
• Cryptographic key used to encrypt a file
– A file cannot be “read” unless the subject
has the encryption key
– Can also enforce that requests from n
users are required in order to read data
(and-access), or that any of n users are
able to read data (or-access)
14
Cryptographic secret sharing
• (t, n)-threshold scheme to share a “key”
• Using this to achieve (t, n)-threshold
encryption
• Shamir secret sharing
15
Another example
• Type checking
• Label memory locations as either data or
instructions
– Do not allow execution of type data
– Can potentially be used to limit buffer
overflows
16