CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz Password-based protocols Any password-based protocol is potentially vulnerable to an “on-line” dictionary attack – On-line attacks can be detected and limited – How? Off-line attacks can never be prevented, but protocols can be made secure against such attacks Any password-based protocol is vulnerable to off- line attack if the server is compromised – Once the server is compromised, why do we care? Password-based protocols Best: Use a password-based protocol which is secure against off-line attacks when server is not compromised – Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.) – This is a difficult problem! Password storage In the clear… Hash of password (done correctly) – Doesn’t always achieve anything! – Makes adversary’s job harder – Potentially protects users who choose good passwords “Salt”-ed hash of password – Makes bulk dictionary attacks harder, but no harder to attack a particular password Encrypted passwords? (What attack is this defending against?) Centralized server stores password Threshold password storage Centralized password storage Authentication storage node – Central server stores password; servers request the password to authenticate user Auth. facilitator node – Central server stores password; servers send information from user to be authenticated by the central server Note that communication with the central server must be authenticated! Authentication tokens RSA SecureID PIN-protected memory card Cryptographic smartcards Aladdin eTokens Still need a secure protocol! Biometrics How much entropy is there? How private are these? How reliable are they? Revocation? Biometrics Difficult to use securely – Errors – Non-uniform – Still need a secure protocol… Biometric authentication How can you securely authenticate yourself to a remote server using your fingerprint? Trivial solution: User Server close? Completely vulnerable to eavesdropping! Better(?) solution User nonce h=H( , nonce) Server ? h=H( , nonce) A single-bit difference in the scanned fingerprint results in a failed authentication!