Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484

1
Rethinking Password StrategiesRavi SandhuChief
Scientistsandhu_at_nsdsecurity.com703 283 3484
2
Outline

• Security doctrine for the 21st century
• Password vulnerabilities and countermeasures
• Available technologies

3
Secure doctrine for the 21st century

• Good enough security
• Absolute security is not possible
• Too much security is counterproductive
• Too little security is not acceptable
• The goal is to find the sweet spot
• Security dollars must work smarter and harder
• Security threats are growing
• Security budgets are flat and expertise is
  shrinking
• Need more bang for the buck
• Prevent catastrophic failure and tolerate
  sporadic isolated failures
• Focus on preventing catastrophic failure
• Tolerate sporadic isolated failures

4
The threat environment is getting worse
RISK
Claim The potential threat has gone up
hundredfold.
1990 1995 2000 2005
5
Resources and expertise are not growing
Skilled resources to address the problems
Dollars devoted to problem
1990 1995 2000 2005
6
Work smarter and harder

• Starting point
• Risks went up 100 fold
• Security dollars went up a little
• Skilled resources went down
• So what could happen?
• Option Your security budget goes up enormously
• Reality Security budget stays flat as of IT
  budget.
• The security dollars have to work smarter and
  harder!

7
Some thoughts on smarter...

• Proposition We waste dollars on non/small
  problems (the 20/80 rule of security!)
• Example Unnecessary encryption (40 bit vs. 128
  bit SSL)
• Explanation
• Security has many roots in the cold war era. The
  communication link was the problem. In our world
  the end points are a MUCH bigger problem. So why
  do we waste so many dollars encrypting links
  unlikely to be attacked?
• Challenge spending on non-problems

8
Some thoughts on smarter...

• Proposition We are vulnerable to peer pressure.
  Sometimes our peers are just wrong.
• Example Bank B has to deploy technology/policy X
  because Bank A did so. And then Bank C, Bank D...
  Soon weve spent scarce dollars on
  technology/policy of doubtful value. (e.g.
  password aging)
• Explanation Its hard to buck a so-called best
  practice in our business, even if the evidence
  is lacking.
• Challenge best practices

9
Some thoughts on smarter...

• Proposition the vendor crypto-techno-geeks lead
  us by the nose.
• Example The entire PKI fiasco. How much did we
  spend? What value have we seen? Who told the
  crypto-geeks that they decide what sort of
  digital signatures are legal?
• Explanation Security is an obscure science where
  you are trying to prove the negative. Its hard to
  question the crypto-experts in their Ivory
  Towers.
• Challenge the geeks

10
Some thoughts on smarter...

• Proposition Vendor business models drive our
  infrastructure, as opposed to our needs.
• Example Why do SSL certificates expire annually
  causing us outages? Who determined that a
  technology company can better manage a
  certificate authority infrastructure than a
  bank that secures tens of billions of dollars?
• Explanation FUD (Fear-Uncertainty-Doubt)
• Challenge vendor business models

11
Some thoughts on harder...

• Proposition Security products must address your
  lack of skilled resources issue.
• Example Many products need experts to set up
  and run them.
• Explanation Most products are designed by the
  experts for the experts. They do not realize
  that most products are run by non-experts with
  little time to get trained on everything.
• Ask Can a reasonably competent systems/network
  person with little security experience run the
  product?

12
Some thoughts on harder...

• Proposition Security products must be
  defensive
• Example Many security products work great as
  long as those operating them walk on water and
  dont get their feet wet.
• Explanation Designed by security geeks whove
  never lived in a real operational world.
• Ask Can an average person having a real bad day,
  be woken at 2AM to fix an issue without opening
  up a major hole inadvertently?

13
Some thoughts on harder...

• Proposition Security products must address
  fundamental problems, before the esoteric.
• Example Weak passwords are a major critical
  problem. Why spend money on esoteric new problems
  before this is fixed?
• Explanation The fundamental problems are often
  not sexy.
• Ask Before securing the attic window, we should
  get a better lock on the front door!

14
Some thoughts on harder...

• Proposition To get more from your security
  dollars, a security product must solve multiple
  problems.
• Example One product for passwords, one for PKI,
  one for 2-factor, one for signatures... (and
  thats for the Internet, lets get even more for
  wireless...)
• Explanation Vendors address niches. Your
  business sees the big picture.
• Ask Can I reuse the product, for multiple
  functions across multiple channels?

15
Outline

• Security doctrine for the 21st century
• Password vulnerabilities and countermeasures
• Available technologies

16
A Common Misperception

• Fact Password based systems are often vulnerable
  to attacks
• Myth Passwords are inherently insecure.
• Fact It is completely possible to design a
  sufficiently secure password system.
• Fact A sufficiently secure password system must
  use some form of PKI under the covers
• This is a mathematical theorem proved in 1998

Designing sufficiently secure password-based
systems is non-trivial but it is possible by
proper use of PKI under the covers.
17
Another Common Misperception

• Fact Users hate current password systems that
  require
• too many passwords and
• force too many changes
• Myth Users inherently hate passwords.
• Fact It is completely possible to design a user
  friendly password system with PKI beneath the
  covers

Designing user-friendly and sufficiently secure
password-based systems is non-trivial but it is
possible by proper use of PKI under the covers.
18
Yet Another Common Misperception

• Myth Security is increased by forcing users to
  change their passwords frequently
• Fact There is no empirical evidence to show this
  and much anecdotal evidence to show the opposite
• Changing passwords too frequently will degrade
  security because of user reaction

A strong password-based system should not force
frequent password changes
19
Password Vulnerabilities and Countermeasures

• End-user Vulnerabilities
• User education and awareness
• Technology can help mitigate some (but not all)
  of these
• Sniffing Attacks
• Everything on the wire should be encrypted
• Server Spoofing Attacks
• Need server authentication
• Guessing Attacks online
• Prevented by throttling
• Guessing Attacks offline (Dictionary attacks)
• Prevented by PKI encryption on the wire and
  hardened password server on the backend

20
End-user Vulnerabilities

• Poor password selection
• Users choose easy-to-guess passwords
• Countermeasure enforce complexity rules
• Passwords written down by users
• Infrequently used passwords are often written
  down
• Countermeasure reduce number of passwords a user
  needs to remember
• Password shoulder surfing
• Password exposed to observant bystander
• Countermeasure user awareness
• Password reuse across multiple servers
• Password becomes vulnerable at weak servers
• Countermeasure user awareness

21
End-user Vulnerabilities

• Password sharing
• Users will share passwords with others only if
  there is no personal risk
• Countermeasure personal risk must be injected
  into the system (perhaps by policy and procedure)
• Password reset costs
• Users forget passwords
• Countermeasure automate password resets BUT be
  careful not to reduce security too much
• Undetected theft
• Users are not aware if their passwords are
  compromised
• Countermeasure detection technology and feedback
  to the user

22
Sniffing attacks

• Sniffing on the wire is easily prevented by
  widely deployed technologies such as SSL and
  IPSEC
• No excuse for letting this happen anymore
• Sniffing on the desktop by malicious code
• Password exposure is limited to a single user
• Users need to be free of viruses, worms and
  Trojan horses for all kinds of reasons
• Windows 2000, Windows XP allow tighter control of
  the desktop by the organization
• Ultimately we need stronger platforms that reduce
  the risk of malicious code

23
Server-spoofing attacks

• To prevent server-spoofing we need server
  authentication and user awareness
• SSL with server-side certificates is a good
  enough and widely deployed solution for this
  problem
• In future we can move to solutions where the
  password is never communicated to the server
• SSL enhanced with password-based client-side
  certificates is the most promising technology
• Need a footprint on the desktop

24
Guessing Attacks online

• Attacker tries various passwords until he
  succeeds
• Slow down (throttle) the rate at which an
  attacker can try different guesses
• Many strategies are used in practice
• 3 strikes and lock the account for password reset
• 3 strikes and lock the account for some time
• Slowdown each successive guess
• Aggressive strategies can lead to denial of
  service to legitimate users
• Loss is limited to small number of passwords

25
Guessing Attacks offline aka Dictionary Attack

• Attacker obtains encrypted password
• Attacker tries passwords from a dictionary of
  commonly used passwords and compares with
  encrypted password
• Encrypted password is often salted to make this
  harder
• Various studies have shown that 25 to 50 of
  passwords fall to this attack
• This is catastrophic failure
• In the past these attacks would take months, with
  current processor speeds they take hours or days
  or even less
• We are at the point where exhaustive search is
  feasible so even a dictionary is not needed

This is the single biggest vulnerability in most
existing password systems and it leads to
catastrophic failure
26
Guessing Attacks offline aka Dictionary Attack

• How to prevent old approach
• Force user to select passwords that withstand
  dictionary attack
• Record shows that this is easier said than done
• Trend is that exhaustive search on entire space
  of human-memorizable passwords is feasible
• Password aging to force a change every 30 days or
  so
• Would need to age much faster than 30 days to
  have any effect on feasibility of attack
• Hide password files (e.g. shadow files)
• Old solution dating to when users had access to
  system current end users usually dont have
  access to system.
• Meaningless against hackers and admin account
  compromise
• Harden password system OS
• Very hard to maintain in hardened manner.
• admin accounts tend to have carte-blanche
  access.
• Too many insider accounts.

27
Guessing Attacks offline aka Dictionary Attack

• How to prevent modern approach
• Make password system OS very hard to penetrate.
• Use least privilege based partitioning to sharply
  minimize or eliminate insider account attacks.
• Use PKI technology to eliminate traditional
  encrypted password file
• Make it non-invasive to end-user (zero client
  footprint, pure back-end solution).
• Make it very easy to integrate with existing
  systems (e.g. IBM WebSeal, Netegrity, LDAP,
  Active Directory, etc.)

28
Outline

• Security doctrine for the 21st century
• Password vulnerabilities and countermeasures
• Available technologies

29
Support multiple security levels on a single
infrastructure
Two-factor PKI
Password plus USB token or variant
Roaming PKI
Password Usability PKI Security
Zero Footprint Hardened Password
No change for users No change for issuer No
password file (PKI hardened)
Weak Password Systems, Catastrophic Dictionary
attacks
30
2-Key RSA vs. 3-Key RSA Hardened Passwords

• 2-Key RSA
• Keys
• Alice Public e
• Alice Private d
• Alice Cert C
• Challenge/Response
• Challenge sent
• Response signed with d
• Verified with e and C
• Observation Guessing d from e is
  extremely difficult.

• 3-Key RSA
• Keys
• Alice Public e
• Alice Private d
• Alice has D1PKCS5(password)
• Appliance has D2
• Alice Cert C
• Challenge/Response
• Challenge sent
• Response signed with D1
• Verified with D2, e and C
• Observation Guessing D1 from D2 is
  extremely difficult.

31
SIA Solution How it works