As more and more information is relayed over and stored on the internet, it becomes increasingly important to scrutinize and determine the identity of those who access that information. In the modern world, the importance of information security has attained an all time high. Authentication refers to the act of verifying the identity of an entity or an object. In the world of Information security, it refers to a method of reliably identifying a person / entity as authorized to access certain information. The process of authentication often checks certain characteristics of the claimant or information that he/she possesses to confirm genuineness. On a computer system this process presents several difficulties, which in turn limit us to using three main ways to authenticate humans â€œ
Biometric Devices such as fingerprint analyzers or retinal scanners which directly identify â€œ who a user is
Smart Cards and physical keys that can authenticate â€œ what the user has
And Passwords which authenticate â€œ what the user knows
Each of these techniques of authentication presents their own advantages and drawbacks. But because they are most cheap and convenient, Password authentication has become the most popular. There is hardly a computer system that does not rely on passwords to authenticate its users.
The object of my seminars is to present a holistic view of password based authentication systems and to analyze their problems. My special focus will be on dictionary attacks and methods to prevent dictionary attacks against password based authentication systems.
Password Based Authentication Systems
Because itâ„¢s cheap and convenient, passwords have become the most popular technique for authenticating users in any computer environment. Today passwords are used my most computer users to access confidential information and secure their private data. However, Password based authentication systems are the most susceptible to attacks since they provide least security.
People generally tend to select short and simple passwords that are easily stolen or identified by an attacker. Meanwhile, if users do choose a complex password, they are likely to forget it or misplace their passwords, thus defeating the entire purpose of the password based authentication system in the first place.
Looking at password based authentication systems; we can draw the following conclusions â€œ
Â¢ They are cheap and convenient
Â¢ They are highly susceptible to attacks
Hence the aim of any good password based authentication system is to provide enough security, even to a user using a short / simple password such that the password is not stolen or hacked over the system by a remote entity (Attacker).
Common Mechanisms and Security Concerns
Transmitting a password in plaintext format is the simplest (and most insecure) format of password based authentication. To validate a userâ„¢s password, the server compares it with a password (either in plaintext or an image of the password under a one way function) stored in a file. However, this method lets an adversary, who is passively eavesdropping on the communication channel to learn the password.
Challenge Response Protocol
To secure against passive eavesdropping, researchers developed challenge response protocols. This protocol ensures that a passive eavesdropper on the communication channel does not discover the password. Assume two entities, A and B, are trying to authenticate each other. To initiate the Challenge Response Protocol, Entity A sends a message containing Aâ„¢s identity to Entity B. Then B sends a random number called a challenge to A.
A uses the challenge and itâ„¢s password to perform some computation and sends the result, called a response to Entity B. B then uses Aâ„¢s stored password, in Bâ„¢s database, to perform the same computation and verify the response. Since B uses a different challenge for each run of the protocol, an adversary will not be able to simply eavesdrop on the channel and acquire the userâ„¢s password.
The Challenge Response Protocol is vulnerable to a password guessing attack, or dictionary attack. In this form of attack, we assume that an adversary has already built a database of possible passwords that a user may have chosen. This is different from a Brute force approach in which an attacker tries all combinations to hack a userâ„¢s password. There are mainly two kinds of Dictionary Attacks in practice â€œ
Offline Dictionary Attack
In this mode of the Dictionary attack, the adversary eavesdrops on the communication channel and records a successful run of the Challenge Response Protocol (CRP) to learn the Random Challenge and the corresponding response. Then the adversary selects passwords one by one from the dictionary and tries to generate a response that matches the recorded one. If there is match, then the adversary has successfully guessed Aâ„¢s password. After every failed attempt, the adversary picks a different password from the dictionary and repeats the process. This form of non-interactive attack is known as the Offline Dictionary Attack.
Online Dictionary Attack
Sometimes an adversary may try different usernames and passwords to log into a system. This is often tried on popular internet services like Yahoo!, the attacker can choose a trivial username due to the large number of registered users. The attacker can also find valid usernames within interactive web communities such as social networking websites and various internet groups and forums. If the system rejects a password as being incorrect, the attacker selects a different password from the dictionary and repeats the attack. Such an interactive form of attack is called the Online Dictionary Attack.
Other Security Issues
Password based authentication can also involve other security issues such as the man in the middle attack and also the insider attack. In the former case, consider that two entities A and B are trying to authenticate each other through a password protocol. An attacker can accept messages between the entities and inject his own messages effectively crippling the system. In an insider attack, a legitimate user tries to hack other accounts in the system. He is aided by additional information regarding the person / account he wishes to hack.
Preventing Offline Dictionary Attacks
When we seek to prevent Offline Dictionary attacks, there are few things we must consider first.
Â¢ Seeking convenience people tend to select weak passwords from a relatively small sample space, which an attacker can easily enumerate. Thus Password Based Authentication systems require something stronger than simple CRPs that can use these weak passwords to securely authenticate users.
Â¢ Such an authentication would be deemed secure if whenever an entity accepts authentication session with another entity, it should have indeed participated in the authentication session.
Hence the goal of a Password Based Authentication System becomes, to produce a cryptographically strong, shared, secret key called the session key. After a successful run of the protocol, both entities can use this session key to safely encrypt subsequent messages.
1. A: (Ea, Da).
2. A ÃƒÂ B: A, Kpwd (Ea).
3. B: Compute Ea = Kpwd (Ea) /Kpwd ; Generate random secret key Kab
4. B ÃƒÂ A: Kpwd (Ea(Kab)).
5. A: Kab = Da (Kpwd (Ea (Kab)))/ Kpwd; Generate unique challenge Ca.
6. A ÃƒÂ B: Kab (Ca)
7. B: Compute Ca = Kab (Ca)/Kab; Generate unique challenge Cb
8. B ÃƒÂ A: Kab (Ca, Cb).
9. A: Decrypt message sent by B to obtain Ca and Cb. Compare former with his own challenge, if they match, go to next step, else abort.
10. A ÃƒÂ B: Kab (Cb).
11. Decrypt message from A and compare with challenge Cb. If they match, authenticate, and encrypt subsequent messages with Kab.
In step 1, A generates a public / private key pair (Ea, Da) and also derives a secret key Kpwd from the password pwd. In step 2, A encrypts the public key Ea with Kpwd and sends it to B. In steps 3 and 4, B decrypts the message using the stored password of A and uses Ea with Kpwd to encrypt a session key Kab and sends it to A. In steps 5 and 6 A uses this session key to encrypt a unique challenge Ca and sends it to B. B decrypts the message to obtain the challenge and generates a unique challenge of itâ„¢s own Cb. In step 8, B encrypts Ca and Cb with Kab and sends it to A. A verifies Ca and decrypts Cb, which it sends back to B. In step 11, B decrypts this message and compares it to itâ„¢s own challenge Cb. If they match, the protocol is successfully completed and subsequent messages from both entities are encrypted by Kab.
The EKE protocol and its variants suffer from plaintext equivalence, which means that the user and the host have access to the same secret password or hash of the password. Intuitively, there are disadvantages to plaintext equivalence. In a simple scenario, if entity A enters the password in the client software which uses a one-way function to hash the password, and send it over the network to B, an attacker can eavesdrop on the channel to obtain this hashed password and impersonate Entity A by resending the hashed password.
Secure Remote Password
Thomas Wu, combined Zero Knowledge proofs with asymmetric key-exchange protocols to develop a new protocol, the Secure Remote Password (SRP) protocol, a verifier based protocol that eliminates Plaintext equivalence. Here the password is a private key with limited entropy, and we create a verifier (public key) such that, it is easy to derive the verifier from the password but inversely infeasible.
All SRP computations are held in a finite field Fn. Let A be a large prime, let g be the generator of Fn, let A be a user and B be a server. Before initiating the SRP protocol, A and B do the following,
Â¢ A and B agree on the underlying finite field.
Â¢ A picks a password pwd and a random salt s, and computes verifier v=gx, where x=H(s,pwd) is the long term private key and H is a cryptographic hash function.
Â¢ B stores the verifier v and salt s corresponding to A, now A and B can implement the SRP protocol.
1. A ÃƒÂ B: A.
2. B ÃƒÂ A: s.
3. A: x = H (s, pwd); Ka = ga.
4. A ÃƒÂ B: Ka
5. B: Kb = v + gb
6. B ÃƒÂ A: Kb; r.
7. A: S = (Kb â€œ gx)a+rx and B: S = (Ka vr)b.
8. A, B: Kab = H(S).
9. A ÃƒÂ B: Ca = H (Ka, Kb, Kab).
10. B verifies Ca and computes Cb = H (Ka, Ca, Kab).
11. B ÃƒÂ A: Cb.
12. A verifies Cb. Accept if verification passes; abort if not
Internet Security â€œ Password Based Authentication and Prevention Of Dictionary Attacks(Dowload Report,PPT,Abstact)