File Protection Mechanisms - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

File Protection Mechanisms

Description:

UK Study (http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/?related) ... Challenge-Response Systems. Impersonation of Login. Authentication Other ... – PowerPoint PPT presentation

Number of Views:641
Avg rating:3.0/5.0
Slides: 13
Provided by: csu15
Category:

less

Transcript and Presenter's Notes

Title: File Protection Mechanisms


1
File Protection Mechanisms
  • All-None Protection
  • Lack of trust
  • All or nothing
  • Timesharing issues
  • Complexity
  • File listings

2
File Protection Mechanisms
  • Group Protection
  • User cannot belong to two groups
  • Forces one person to be multiple users
  • Forces user to be put into all groups
  • Files can only be shared within groups

3
File Protection Mechanisms
  • Single Permissions
  • Password/Token for each file
  • Can be lost
  • Inconvenient
  • Must be protected (if changed, must notify all
    users)
  • Temporary Acquired Permission
  • UNIXs set userid (suid)

4
User Authentication
  • Something the user knows (password, PIN,
    passphrase, mothers maiden name)
  • Something the user has (ID, key, drivers
    license, uniform)
  • Something the user is (biometrics)

5
Use of Passwords
  • Mutually agreed-upon code words, assumed known
    only to user and system
  • First line of defense
  • Loose-Lipped Systems
  • WELCOME TO XYZ COMPUTING
  • ENTER USER ID summers
  • INVALID USER NAME
  • ENTER USER ID

6
Attack on Passwords
  • Ask the user
  • Search for the system list of passwords
  • Find a valid user ID
  • Create a list of possible passwords (encrypt if
    needed)
  • Rank the passwords from high to low probability
  • Try each password
  • If attempt fails, try again (don't exceed
    password lockout)

7
Attack on Passwords
  • Exhaustive Attack (brute-force)
  • 18,278 passwords of 3 letters or less
  • 1 password / millisecond would take 18 seconds (8
    minutes for 4 letters, 3.5 hours for 5 letters)
  • Probable passwords (dictionary attack)
  • 80,000 word dictionary would take 80 seconds
  • Expanded dictionary

8
Attack on Passwords
  • UK Study (http//www.cnn.com/2002/TECH/ptech/03/13
    /dangerous.passwords/?related)
  • 50 passwords were family names
  • Celebrities/soccer stars 9 each
  • Pets 8
  • 10 reflect a fantasy
  • Only 10 use cryptic combinations

9
Attack on Passwords
  • Look on desk
  • Try no password
  • Try user ID
  • Try users name
  • Common words (password, private, secret)
  • Short dictionary
  • Complete English word list
  • Common non-English dictionaries
  • Dictionary with capitalization and substitutions
    (0 for o and 1 for i)
  • Brute force (lowercase alphabet)
  • Brute force (full character set)

10
Attack on Passwords
  • Plaintext System Password List (MS Windows)
  • Encrypted Password List 1-way (/etc/passwd)
  • Shadow Password List (/etc/shadow)
  • Salt 12-bit number formed from system time and
    process id concatenated to password

11
Password Selection Criteria
  • Use characters other than A-Z
  • Choose long passwords
  • Avoid names and words
  • Choose unlikely password
  • Change password regularly (dont reuse)
  • Dont write it down
  • Dont tell anyone
  • http//www.mit.edu/afs/sipb/project/doc/passwords/
    passwords.html
  • One-time passwords

12
Authentication
  • Should be slow (5-10 seconds)
  • Should only allow a limited of failures (e.g.
    3)
  • Challenge-Response Systems
  • Impersonation of Login
  • Authentication Other than Passwords
Write a Comment
User Comments (0)
About PowerShow.com