Professional Documents
Culture Documents
03 Week3 4 Authentication Compressed
03 Week3 4 Authentication Compressed
• password, PIN,
answers to • smartcard, • fingerprint,
prearranged electronic retina, face • voice pattern,
questions keycard, handwriting,
physical key typing rhythm
• Algorithm G (KeyGen):
• choose rand pw in PWD. output sk = vk = pw.
sk
User P Server V
(prover) (verifier)
vk
yes
sk
iff sk=vk
Alice pwalice
Bob pwbob
… …
… …
yes iff H(sk)=vk
• Public salt:
Alice SA H(pwA , SA)
• When setting password,
pick a random n-bit salt S Bob SB H(pwB , SB)
• When verifying pw for A,
test if H(pw, SA) = hA … … …
original scheme
• up to eight printable characters in length
• 12-bit salt used to modify DES encryption
into a one-way hash function
• zero value repeatedly encrypted 25 times
• output translated to 11 character sequence
recommended hash
function is based on MD5
• salt of up to 48-bits
• password length is unlimited
• produces 128-bit hash
• uses an inner loop with 1000
iterations to achieve slowdown
make
available only
vulnerabilities
to privileged
users
system periodically runs its own password cracker to find guessable passwords
user is allowed to select their own password, however the system goal is to eliminate guessable passwords while allowing the user to
checks to see if the password is allowable, and if not, rejects it select a password that is memorable
CS4293 Topics on Cybersecurity 30
Proactive Password Checking
password rule
enforcement
cracker
•specific rules that
•compile a large passwords must
dictionary of adhere to
passwords not to
use
Bloom filter
•used to build a
table based on
dictionary using
hashes
•check desired
password against
this table
• Algorithm G: (setup)
• Choose random key k ¬ K
• Output sk = (k,0) ; vk = (k,0)
vasco
• Identification:
prover verifier
sk = (k,0)
r0 ¬ F(k,0) vk = (k,0) Yes iff
r = F(k,0)
sk = (k,1) r1 ¬ F(k,1) vk = (k,1)
(n)
• Notation: H (x) = H(H(…H(x)…))
n times
• Algorithm G: (setup)
• Choose random key k ¬ K
(n+1)
• Output sk = (k,n) ; vk = H (k)
K is random, its hard to guess, not like a pw from dict which is
hackable by matching
• Identification:
k H(k) H(n-2)(k) H(n-1)(k) H(n)(k) H(n+1)(k)
vk
pwd #4 pwd #3 pwd #2 pwd #1
CS4293 Topics on Cybersecurity 38
The S/Key system (public vk, stateful)
• SecurID:
Secret vk must not be exposed
• Problems:
• Biometrics are not generally secret
• Cannot be changed, unlike passwords
Reader
Biometric
Feature vector
Comparison algorithm
Reference vector
Distance (feature vector, reference vector) < threshold? matches doesn’t match
CS4293 Topics on Cybersecurity 49
Cost Versus Accuracy
Characteristic Curves
A high-security application
may require a very low false
match rate, resulting in a
point farther to the left on
the curve.
• Standard solution:
• Client side software that converts a common
password pw into a unique site password
pw ¬ H( pw, user-id, server-id )
pw is sent to server
Bank of Adelaide
Swivel PinSafe
CS4293 Topics on Cybersecurity 61
Remote Authentication via
Token Protocol
Recall token is something you possess.
E.g.: RSA SecureID, Magnetic Stripe Cards, Smart card, etc. (yet to be introduced)
Circuit interface