COMP2700 - Week 2 - Identification and Authentication

Table of Contents

Authentication

A party (verifier) is assured of the identity of the second party (claimant/prover) in a protocol

User identity is a parameter in access control
User identity is recorded -> Audit trail

Basis of Authentication

What you know
- Authentication via knowledge of certain secrets
What you have
- Hardware tokens, smart cards, etc
Who you are
- Physical or behavioral characteristics

Protocols

Weak authentication
- Password-based
- Unilateral -> Entity proves identity to verifier
Strong authentication
- Mutal authentication -> Both parties take role of claimant and verifier
- Challenge-response protocols -> Series of steps to prove knowledge of secrets

Passwords

Techniques

Storage
- Plaintext
  - Password checked against database
  - No protection against attacker who has access
- Encrypted
  - Only encrypted/hashed passwords stored
  - Checked against encrypted/hashed database
  - Some protection against attacker who has access
- OSs store hashes in a password file
  - Unix -> /etc/shadow
  - Windows -> SAM file; %windir%\system32\config\SAM
- Applications may store it temporarily in buffers or caches
Policies
- What rules are imposed on password selection
  - Failed attempts
  - Min length
"Salting"
Alternative forms of passwords
- Passphrases
- One-time passwords
- Visual passwords

One-way functions

A function which is easy to compute, but hard to reverse

Given an input $x$ it is easy to compute $f(x)$ , but given an output $y$ it is hard to find $x$ such that $y = f(x)$

Internet security depends on the fact that $N \ne NP$

Properties of Hash Functions

Given hash function, $H$ ,

Pre-image resistant -> If given hash value $y$ , it is computationally infeasible to find $x$ such that $H(x) = y$
- Hash function produces fixed output, as such it is theoretically possible to enumerate through all possibilities to find the correct value that results in the coresponding hash
Collision resistant -> computationally infeasible to find a pair $(x,y)$ such that $x \ne y$ and $H(x) = H(y)$
- Two hashes hash to the same value despite being unique
- Pigeonhole principle

Hash Verification

Provided password is still initially in plaintext

Hash Tables

Can pre-compute password hashes for easier and faster lookup
If $k$ password candidates exist and each requires $m$ bits to store, where each hash has $n$ bits, then a table of size $k \times m \times n$ bits exists
- May not be practical for large $k$
Tradeoff between space and time

Attacks

Offline guessing -> Attacker obtains hashed passwords and tries to crack them
- Brute force
  - Brute enumeration to check for matching hashes
  - Potential measure is to increase total possible space of passwords
- Dictionary
  - Exploits fact that human chosen passwords tend to derive from words in natural languages
Phishing and spoofing
- Deception
- 'Social engineering'

Password Entropy

Measure of strength of password against brute-force attacks

Let $X$ be a random variable which takes on a finite set of values $x_1,...,x_n$ with probability $Pr(X = x_i) = p_i$ , where $0 \le p_i \le 1$ for each $1 \le i \le n$ and $\textstyle\sum_{i=1}^n p_i = 1$

Therefore, entropy of $X$ is defined to be

\displaystyle\sum_{i=1}^n \medspace p_i log_2 (\frac {1}{p_i})

Password Salting

A salt is a random, plaintext string

Offline attack effectiveness can be reduced by adding a salt to a password
For a salt of n-bit, as attacker needs to pre-compute $2^n$ hashes for the same password

Password Security

Users have difficulting memorising complex passwords + frequent changes
Users usually reuse favourite password(s)

Password Policies

Set a password
Change often -> Password ageing
Avoid guessable passwords
Limit login attempts + notify user

Password Alternatives

Passphrase
Visual drawing patterns
One-time password -> Limits reuse of passwords, used only once
- E.g. Lamport's one-time passwords
Biometrics -> Utilise unique features, i.e. fingerprints

Verification & Identification

Biometrics need to include an enrollment process -> Acquire and store

Verification: 1:1 -> Checks if there is a match for a user
Identification: 1:n -> Tries to identify user from database on n persons

Failure Rates

User is accepted if match is above a predefined threshold
- 0 to 1 scale
False positive -> Accepting wrong user
- Security problem
False negative -> Reject legitimate user
- Usability problem

Performance of Algorithms

False match rate (FMR)

FMR = \frac {Number \medspace of \medspace successful \medspace false \medspace matches} {Number \medspace of \medspace attempted \medspace false \medspace matches}

False non-match rate (FNMR)

FNMR = \frac {Number \medspace of \medspace rejected \medspace genuine \medspace matches} {Number \medspace of \medspace attempted \medspace genuine \medspace matches}

Matching Rate

The matching threshold can be adjusted, i.e lowering false match rate against a higher false non-match rate and vice versa.
The right balance depends on the use case and the application
Equal-error rate -> When the threshold values, FMR and FNMR are equal

Scenario Analysis

Recording error rates in field trials, i.e. Fingerprint reader
Failure-to-capture rate (FTC) -> Frequency of failing to capture a sample
Failure-to-extract rate (FTX) -> Frequency of failing to extract a feature from a sample
Failure-to-acquire rate (FTA) -> Frequency of failing to acquire a biometric feature

FTA = FTC + FTX \times (1 - FTC)

False accept rate (FAR) -> False accept rate for entire biometric scheme

FAR = FMR \times (1 - FTA)

False reject rate (FRR)

FRR = FTA + FNMR \times (1 - FTA)

False positive identification rate (FPIR) - For database with $n$ persons

FPIR = (1 - FTA) \times (1 - (1 - FMR)^n)

Note: Error rate increases as database size increases