Computer Science 653 --- Lecture 2 Passwords

1
Computer Science 653 --- Lecture 2Passwords

• Professor Wayne Patterson
• Howard University
• Fall 2009

2
Access Control
3
Access Control

• Two parts to access control
• Authentication Who goes there?
• Determine whether access is allowed
• Authenticate human to machine
• Authenticate machine to machine
• Authorization Are you allowed to do that?
• Once you have access, what can you do?
• Enforces limits on actions
• Note Access control often used as synonym for
  authorization

4
Authentication
5
Who Goes There?

• How to authenticate a human to a machine?
• Can be based on
• Something you know
• For example, a password
• Something you have
• For example, a smartcard
• Something you are
• For example, your fingerprint

6
Something You Know

• The most familiar example is the password. The
  theory is that if you know the secret password
  for an account, you must be the owner of that
  account.
• There is a problem with this theory You might
  give your password away or have it stolen from
  you. If you write it down, someone might read it.
  If you tell someone, that person might tell
  someone else. If you have a simple, easy-to-guess
  password, someone might guess it or systemically
  crack it.

7
Something You Have

• Examples are keys, tokens, badges, and smart
  cards you must have to unlock your terminal or
  your account. The theory is that if you have the
  key or equivalent, you must be the owner of it.
• The problem with this theory is that you might
  lose the key, it might be stolen from you, or
  someone might borrow it and duplicate it.
  Electronic keys, badges, and smart cards are
  gaining acceptance as authentication devices and
  as access devices for buildings and computer
  rooms.

8
Something You Are

• Examples are physiological or behavioral traits
  such as your fingerprint, handprint, retina
  pattern, voice, signature, or keystroke pattern.
• Biometric systems compare your particular trait
  against the one stored for you and determine your
  authenticity.
• The problem with these systems is that, on the
  whole, people arent comfortable with them.

9
Passwords The First Line of Defense

• Remember this
• 8x32jqab

10
System Access Logging into Your System

• The first way in which a system provides computer
  security is by controlling access to that system.
  Whos allowed to log in? How does the system
  decide whether a user is legitimate? How does the
  system keep track of whos doing what in the
  system?
• Whats really going on when you try to log into a
  system? Its a kind of challenge. You tell the
  system who you are, and the system proves that
  you are (or you arent) who you claim to be. In
  security terms, this two-step process is called
  identification and authentication.

11
Something You Know

• Passwords
• Lots of things act as passwords!
• PIN
• Social security number
• Mothers maiden name
• Date of birth
• Name of your pet, etc.

12
Passwords The Method of Choice

• Passwords are still, far and away, the
  authentication tool of choice. In most systems,
  you identify yourself to the system by entering
  some kind of unique login identifier, followed by
  a password. The identifier is typically a name,
  initials, a login number, or an account number
  assigned by the system administrator based on
  your own name and/or group.

13
Trouble with Passwords

• Passwords are one of the biggest practical
  problems facing security engineers today.
• Humans are incapable of securely storing
  high-quality cryptographic keys, and they have
  unacceptable speed and accuracy when performing
  cryptographic operations. (They are also large,
  expensive to maintain, difficult to manage, and
  they pollute the environment. It is astonishing
  that these devices continue to be manufactured
  and deployed.)

14
Why Passwords?

• Why is something you know more popular than
  something you have and something you are?
• Cost passwords are free
• Convenience easier for SA to reset pwd than to
  issue user a new thumb

15
Keys vs Passwords

• Passwords
• Spse passwords are 8 characters, and 256
  different characters
• Then 2568 264 pwds
• Users do not select passwords at random
• Attacker has far less than 263 pwds to try
  (dictionary attack)

• Crypto keys
• Spse key is 64 bits
• Then 264 keys
• Choose key at random
• Then attacker must try about 263 keys

16
The UNIX Example

• As you know, for example, UNIX systems display
  the prompt
• login
• and expect a name in response. Other systems
  may expect an identifier of a specific length ---
  for example, a 3-character ID or an account
  number. After you enter your login ID, the system
  prompts
• Password
• and you type the password, and authenticates your
  identity by verifying that the entered password
  is currently valid for your account.
• Passwords are your main defense against
  intruders. To protect your system and your data,
  you must select good passwords, and you must
  protect them carefully.

17
Hints for Protecting Passwords

• Both system administrators and users share
  responsibility share responsibility for enforcing
  password security. Here are some hints
• A password should be like a toothbrush. Use it
  every day change it regularly and dont share
  it with friends.
• Dont allow any logins without passwords. If
  youre the administrator, make sure every account
  has a password.
• Dont keep passwords that may have come with your
  system. Change all test or guest passwords, for
  example root, system, test, demo, etc.
• Dont ever let anyone use your password.
• Dont write your password down --- particularly
  on your computer, or anywhere around your desk.
  If you ever do write it down, dont identify it
  as a password, and dont write the phone number
  of the computer on the same piece of paper.
• Dont type a password while anyone else is
  watching.
• Dont record your password online or send it
  anywhere by electronic mail.
• Dont make a bad situation worse. If you do share
  your password, change it immediately.
• Dont keep the same password indefinitely.

18
After Authentication

• Once youve been authenticated, the system uses
  your ID to determine what youre allowed to do in
  the system. For example, if you try to modify a
  sensitive file, the system checks your
  authenticated user ID against the list of IDs
  representing users who are authorized to read and
  write the data in that file.

19
Good and Bad Passwords

• Bad passwords
• frank
• Fido
• password
• 4444
• Pikachu
• 102560
• AustinStamp

• Good Passwords?
• jfIej,43j-EmmLy
• 09864376537263
• P0kem0N
• FSa7Yago
• 0nceuP0nAt1m8
• PokeGCTall150

20
Password Experiment

• Three groups of users ? each group advised to
  select passwords as follows
• Group A At least 6 chars, 1 non-letter
• Group B Password based on passphrase
• Group C 8 random characters
• Results
• Group A About 30 of pwds easy to crack
• Group B About 10 cracked
• Passwords easy to remember
• Group C About 10 cracked
• Passwords hard to remember

winner ?
21
Password Experiment

• User compliance hard to achieve
• In each case, 1/3rd did not comply (and about
  1/3rd of those easy to crack!)
• Assigned passwords sometimes best
• If passwords not assigned, best advice is
• Choose passwords based on passphrase
• Use pwd cracking tool to test for weak pwds
• Require periodic password changes?

22
Brute Force Attacks

• At one time, a system cracker would have to try
  to guess your password, one attempt at a time (a
  so-called brute force attack). Like many things,
  this process has been automated. In theory, the
  longer the password, the longer it takes to break
  by brute force. If a password has eight random
  characters, the number of possible combinations
  will be
• (Under the assumption that the allowable
  characters are the 26 letters, not
  case-sensitive, and the 10 numerals. Thus, 36
  symbols altogether.)
• 368 2,821,109,907,456 ? 3 trillion.
• At one search per microsecond, this is still
  2,821,110 seconds, or slightly less than 1000
  hours, or about six weeks. (By a standard
  argument of probability, you only have to expect
  to wait half that long, or three weeks, before
  you would hit the right password.)

23
Case-sensitivity

• If you make the passwords case-sensitive, you can
  improve this to
• 628 218,340,105,584,896 ? 218 trillion.
• And now the same attacker, at a million tries per
  second, would have to take 70 times as long, or
  approximately 4 years.
• The problem is, users dont select random, or
  even decently secure passwords, and a cracker
  doesnt need to figure out your password --- any
  password will do. Unfortunately, users typically
  pick passwords that are laughably easy to guess
  --- their initials, their childrens names, their
  license plates, etc.

24
Brute Force Attacks in General

• The brute force or exhaustive search password
  attack relies on trying every potential
  combination for a password
• Thus, in general, if a password system requires
  entering exactly n symbols, and the allowable
  symbol set has c elements, the total number of
  potential passwords is
• c choices for the first symbol, then c choices
  for the second symbol,
• These are all mutually exclusive, so the total
  number of choices is c x c c cn

25
Brute Force Attacks (more)

• So with cn choices, if our symbol set was case
  sensitive letters, A..Z,a..z (cardinality 52)
  and we had to enter 7 symbols, the total number
  of choices would be 527 1,028,071,702,528 1.0
  x 1012
• With in addition numerics and perhaps 4 special
  symbols and a requirement for 10
  symbols, now we have 6610 1,568,336,880,910,795,
  776 1.6 x 1018

26
Brute Force Attacks (more)

• The computation gets a little more complicated if
  the password rule insists on at least one of each
  type of character, for example or if the
  password can have a variable length.
• E.g., if we only allowed the 26 letters, and the
  password could be anywhere from 6 to 10
  characters, the total number of choices would be
• 266 267 268 269 2610 146,813,767,122,880
  1.5 x 1014

27
How Long will the Attack Take?

• It is not unreasonable to think that an automated
  brute force attack could test one password per
  microsecond
• Thus, 106/sec 3.6 x 109/hr 1011/day
• So for the 7-symbol, case-sensitive system, we
  could try all passwords in 10 days
• But every one of the tries has an equal
  probability of succeeding thus, the expectation
  is that we will succeed by the time we are
  halfway through. Therefore, 5 days to break this
  system.

28
Attacks on Passwords

• Attacker could
• Target one particular account
• Target any account on system
• Target any account on any system
• Attempt denial of service (DoS) attack
• Common attack path
• Outsider ? normal user ? administrator
• May only require one weak password!

29
Password Retry

• Suppose system locks after 3 bad passwords. How
  long should it lock?
• 5 seconds
• 5 minutes
• Until SA restores service
• What are s and -s of each?

30
Password File

• Bad idea to store passwords in a file
• But need a way to verify passwords
• Cryptographic solution hash the passwords
• Store y h(password)
• Can verify entered password by hashing
• If attacker obtains password file, he does not
  obtain passwords
• But attacker with password file can guess x and
  check whether y h(x)
• If so, attacker has found password!

31
Dictionary Attack

• Attacker pre-computes h(x) for all x in a
  dictionary of common passwords
• Suppose attacker gets access to password file
  containing hashed passwords
• Attacker only needs to compare hashes to his
  pre-computed dictionary
• Same attack will work each time
• Can we prevent this attack? Or at least make
  attackers job more difficult?

32
More General Dictionary Attacks

• We can devise dictionary attacks using standard
  dictionaries. It is not hard to obtain lists of
  dictionary words online.
• Then, the attacker can process this list, trying
  each word.
• This raises the question, how many words are
  there in a dictionary?
• Perhaps more generally, how many words are there
  in the English language?

33
Password File

• Store hashed passwords
• Better to hash with salt
• Given password, choose random s, compute
• y h(password, s)
• and store the pair (s,y) in the password file
• Note The salt s is not secret
• Easy to verify password
• Attacker must recompute dictionary hashes for
  each user ? lots more work!

34
Password CrackingDo the Math

• Assumptions
• Pwds are 8 chars, 128 choices per character
• Then 1288 256 possible passwords
• There is a password file with 210 pwds
• Attacker has dictionary of 220 common pwds
• Probability of 1/4 that a pwd is in dictionary
• Work is measured by number of hashes

35
Password Cracking

• Attack 1 password without dictionary
• Must try 256/2 255 on average
• Just like exhaustive key search
• Attack 1 password with dictionary
• Expected work is about
• 1/4 (219) 3/4 (255) 254.6
• But in practice, try all in dictionary and quit
  if not found ? work is at most 220 and
  probability of success is 1/4

36
Password Cracking

• Attack any of 1024 passwords in file
• Without dictionary
• Assume all 210 passwords are distinct
• Need 255 comparisons before expect to find
  password
• If no salt, each hash computation gives 210
  comparisons ? the expected work (number of
  hashes) is 255/210 245
• If salt is used, expected work is 255 since each
  comparison requires a new hash computation

37
Password Cracking

• Attack any of 1024 passwords in file
• With dictionary
• Probability at least one password is in
  dictionary is 1 - (3/4)1024 1
• We ignore case where no pwd is in dictionary
• If no salt, work is about 219/210 29
• If salt, expected work is less than 222
• Note If no salt, we can precompute all
  dictionary hashes and amortize the work

38
Other Password Issues

• Too many passwords to remember
• Results in password reuse
• Why is this a problem?
• Who suffers from bad password?
• Login password vs ATM PIN
• Failure to change default passwords
• Social engineering
• Error logs may contain almost passwords
• Bugs, keystroke logging, spyware, etc.

39
Social Engineering Attacks

• A third approach to breaking passwords is called
  social engineering.
• If one is trying to find a password for a
  specific individual, this is likely to be the
  most fruitful.
• See the film, War Games and remember Joshua.

40
Passwords

• The bottom line
• Password cracking is too easy!
• One weak password may break security
• Users choose bad passwords
• Social engineering attacks, etc.
• The bad guy has all of the advantages
• All of the math favors bad guys
• Passwords are a big security problem

41
Password Cracking Tools

• Popular password cracking tools
• Password Crackers
• Password Portal
• L0phtCrack and LC4 (Windows)
• John the Ripper (Unix)
• Admins should use these tools to test for weak
  passwords since attackers will!
• Good article on password cracking
• Passwords - Conerstone of Computer Security

42
Picking Passwords (à la Patterson)

• Now heres the problem with passwords, and its
  serious. There are a limited number of things a
  human being can remember. What was that string I
  gave you at the beginning of the class?
• Heres my personal strategy. It is definitely NOT
  the recommended way. But no one has ever guessed
  one of mine, and Ive never forgotten one.

43
What We Remember

• There are many things that we do remember easily.
  Unfortunately, for many of these things, anyone
  else can remember, discover, or guess them as
  well. Someone can guess your password by accident
  or by design. If they guess it by a totally
  random process, then the only protection you have
  is to choose longer passwords.
• But, if they guess it by design, its because you
  had a weakness in your choice of password. Lets
  examine the ways in which one can choose
  passwords, and the ways in which people can guess
  that information.

44
The Bulls-Eye

• Lets design a chart, like a bulls-eye, of things
  that are lodged in your memory. Let rank these
  things from 1 to 10 by ease of recollection (with
  10 meaning easiest to remember). Such a chart
  might look something like this

45
(No Transcript)
46
Ease of Learning by Opponent

• Now, by the same token, lets design another
  chart, also in this bulls-eye format,
  representing the ease (10) or the difficulty (1)
  of someone else remembering or learning the same
  information.
• In this case, whats easy to determine? My
  mothers name, girlfriend/boyfriend, dogs name,
  favorite CD, are probably all easy for someone to
  determine, if they talk to anyone who knows me at
  all. So I would rank all of these a 10. Where I
  left my car keys, or my next dentist appointment
  might be more difficult to determine, so they
  would probably be down closer to a 1. Student ID,
  or bank account number? Not too difficult for
  someone to determine. Lets say about a 7 or 8.
  Lets look at a possible Cracker Reference

47
(No Transcript)
48
Simple to Remember, Hard to Guess

• So heres the principle thats involved. I want
  to be able to choose passwords that are as simple
  as possible to remember (in other words,
  maximizing the value in the bulls-eye in the
  memory reference chart) at the same time, making
  it as hard as possible for anyone else to
  determine, that is minimizing the value in the
  crackers reference.

49
Simple to Remember, Hard to Guess

• Furthermore, in this latter case, I have to
  minimize this value over all possible crackers
  --- i.e. anyone else who has some information
  about me. Thus, if 99 of the world does not know
  what my favorite place to visit is (therefore
  giving a cracker reference of 1), but I have
  discussed that wonderful vacation with 1 percent
  of the population (for whom that value might
  therefore be 7 or 8), I have to treat the overall
  value for that place name to be the 7 or 8.

50
PFQ

• So the principle, which I can state as a formula,
  is maximize the Memory Reference for a potential
  password, and minimize the greatest possible
  value for a Cracker Reference. Then, calculate
  the Privacy and Familiarity Quotient (PFQ) by
  dividing these two quantities
• Memory Reference
• PFQ --------------------------------------------
  -----
• Max(over all people) Cracker Reference
• Obviously, the best possible value for PFQ is
  10/1 10. Your passwords should come as close as
  possible to that value.

51
B. O. Lounder

• In practice, how can you maximize this PFQ?
  Heres what I do. I think back through my life
  for an event, or series of events, that are very
  vivid to me. For example, the teacher who had me
  expelled from high school was named B. O.
  Lounder. I will never forget his name.
• That might have been a very good choice of
  password, since it is clearly a 10 in Memory
  Reference. However, there are still a lot of my
  high school classmates around, and sooner or
  later, if someone talked to them about me, they
  would likely hear the story of Mr. Lounder.

52
Penobscot

• But no one knows about the time that I went off
  on my own, when I was in college, and had an
  interesting visit to Penobscot, Maine.
• Thats a trip I wont forget --- and really Ive
  never discussed it with anyone --- until now ---
  and so penobscot would be a very good password
  choice for me.
• Actually, an even better one would be something
  like penobscotm, or penobscotx, or qpenobscot, or
  penobscot, just in case a cracker had an index
  of all of the place names in the United States.

53
A Dozen Solid Memory References

• In this way, I construct a list of about a dozen
  of those solid memory references, to which
  virtually no one else can connect me (by the way,
  Im just kidding about Penobscot --- but not
  about B. O. Lounder).
• And I construct a slightly modified version of
  those names for my collection of passwords. As I
  said, I keep about a dozen or so on hand. And
  none of them are ever written down --- they dont
  have to be!

54
Protecting Passwords

• Most systems protect passwords in two important
  ways they make passwords hard to guess and login
  controls hard to crack, and they protect the file
  in which passwords are stored.
• But not UNIX --- e.g.
• cat /etc/passwd
• !!!

55
Sample Login/Password Controls

• Last login message
• When you log in, the system may display the date
  and time of your last login. Many systems also
  display the number of unsuccessful attempts since
  the last successful login. This may give you a
  chance to discover if your account has been used
  by someone else.
• User-changeable passwords
• In many systems, youre allowed to change your
  own password at any time

56
Sample Login/Password Controls

• System-generated passwords
• Some systems require you to use passwords
  generated randomly by the system. VAX/VMS 4.3
  ensures that these passwords are pronounceable.
  Some systems let you view several random choices
  from which you can pick one. The danger, of
  course, is that these are eminently forgettable.
• Password aging and expiration
• When a specified time is reached, e.g. the end of
  the month, all passwords in the system may
  expire. New passwords usually may not be
  identical to the old passwords. The system should
  give reasonable notice before requiring you to
  change a password, if you have to pick quickly,
  youre likely to pick poorly.
• Minimum length
• Some systems require that passwords be a minimum
  length, say 6 to 8 characters.

57
Sample Login/Password Controls

• Password locks
• Locks allow the system administrator to restrict
  certain users from logging in or to lock login
  accounts that havent been used for an extended
  period of time.
• System passwords
• System passwords control access to particular
  devices that might be targets for unauthorized
  use.
• Primary and secondary passwords
• Some systems require that two users, each with a
  valid password, be present to log in successfully
  to extremely sensitive accounts.
• Network password
• Some systems require special passwords for
  network or communications access.

58
Protecting Your Password in Storage

• Typically, valid passwords are stored in a
  password file. Protection of passwords is
  extremely critical to system security. Systems
  commonly use both encryption and access controls
  to protect password data.
• Most systems encrypt the data stored in the
  systems password file.
• Most systems perform one-way encryption of
  passwords. One-way encryption means that the
  password is never decrypted. Each time you log in
  and enter your password, the system encrypts your
  entered password and compares the encrypted
  version with the encrypted password stored in the
  password file.