Pertemuan 04 Pengamanan Akses Sistem

1
Pertemuan 04 Pengamanan Akses Sistem

• Matakuliah H0242 / Keamanan Jaringan
• Tahun 2006
• Versi 1

2
Learning Outcomes

• Pada akhir pertemuan ini, diharapkan mahasiswa
  akan mampu
• Mahasiswa dapat menerapkan keamanan akses sistem

3
Outline Materi

• Proteksi Password
• Strategi Password

4
Authentication

• Verifying the identity of another entity
• Two interesting cases (for this class)
• Computer authenticating to another computer
• Person authenticating to a computer
• Two issues
• How authentication information is stored (at both
  ends)
• Authentication protocol itself

5
Password-based protocols

• Any password-based protocol is vulnerable to an
  off-line dictionary attack if server is
  compromised
• Goal password-based protocol should be secure
  against off-line attacks when server is not
  compromised
• Unfortunately, this has not been the case in
  practice (e.g., telnet, cell phones, etc.)

6
Password selection

• User selection of passwords is typically very
  weak
• Lower entropy password makes dictionary attacks
  easier
• Typical passwords
• Derived from account names or usernames
• Dictionary words, reversed dictionary words, or
  small modifications of dictionary word

7
Password Selection

• Non-alphanumeric characters
• Longer phrases
• Can try to enforce good password selection
• But these types of passwords are difficult for
  people to memorize and type!

8
Centralized Password Storage

• Authentication storage node
• Central server stores password servers request
  the password to authenticate user
• Auth. facilitator node
• Central server stores password servers send
  information from user to be authenticated by the
  central server
• Note that central server must be authenticated!

9
Authentication Protocols

• Server stores H(pw) user sends pw
• Secure against server compromise, but not
  eavesdropping (or replay attacks)
• Server stores pw, sends R user sends H(pw,R)
• Secure against eavesdropping, but not server
  compromise (or dictionary attack)
• Can we achieve security against both?

10
Authentication of People

• What you know (passwords)
• What you have (keys)
• What you are (biometric devices)
• Where you are (physical)

11
Access Control

• State of a system
• Includes, e.g., current memory contents, all
  secondary storage, contents of all registers,
  etc.
• Secure states
• States in which the system is allowed to reside
• Security policy defines the set of secure states
• Security mechanism ensures that system never
  leaves secure state

12
Access Control List (ACL)

• Instead of storing central matrix, store each
  column with the object it represents
• Stored as pairs (s, r)
• Subjects not in list have no rights
• Can use wildcards to give default rights

13
Potential problems

• What if one process gives capabilities to
  another? (Possibly indirectly)
• Can lead to security violation
• One solution assign security classifications to
  capabilities
• E.g., when capability created, its classification
  is the same as the requesting process
• Capability contains rights depending on the
  object to which it refers

14
Example

• Cryptographic key used to encrypt a file
• A file cannot be read unless the subject has
  the encryption key
• Can also enforce that requests from n users are
  required in order to read data (and-access), or
  that any of n users are able to read data
  (or-access)

15
Cryptographic secret sharing

• (t, n)-threshold scheme to share a key
• Using this to achieve (t, n)-threshold encryption
• Shamir secret sharing

16
Another example

• Type checking
• Label memory locations as either data or
  instructions
• Do not allow execution of type data
• Can potentially be used to limit buffer overflows