My topic is…………

CONTENT
✓ USER AUTHENTICATION
✓ MEANS OF USER AUTHENTICATION
✓ PASSWORD –BASED AUTHENTICATION
✓ PASSWORD VULNERABILITIES
✓ USE OF HASHED PASSWORDS-IN UNIX
✓ PASSWORD CRACKING TECHNIQUES
✓ USING BETTER PASSWORDS
✓ PASSWORS FILE ACCESS CONTROL
✓ TOKEN BASED AUTHENTICATION
✓ BIOMETRIC AUTHENTICATION
✓ REMOTE USER AUTHENTICATION
✓ SECURITY ISSUES FOR USER AUTHENTICATION.
About the topic…….

-It is the fundamental building

block and the primary lines of
defense in computer security.
-It is a basic for access control and
for user accountability.
-It is a means of identifying the
user and verifying that the user is
allowed to access some restricted
service.
Identification step : Presenting an
identifier to the security system.

Verification step : Presenting or

generating Authentication
information that corroborates the
binding between the entity and the
identifier.
 There are 4 general means of
authenticating a user’s identity:-

➢ Something the individual knows.

➢ Something the individual possesses.
➢ Something the individual is(static biometrics).
➢ Something the individual does(dynamic
biometrics).
 Something the individual knows.
Your fb password!!!

Answers to
A personal a
A password, identification prearranged
number, set of
questions.

✓ Anybody can guess or steal your password.

✓ Anybody can forget a password.
 Something the individual possesses.
Referred as TOKENS.

Electronic Smart Physical

keycards, cards, keys.

✓ Anybody can forge or steal your token.

✓ Anybody can loose a token.
 Something the individual is
(static biometrics).

• Fingerprint,
Recognition
by
• Retina,
• Face.

✓ User acceptance cost and convenience.

 Something the individual does
(dynamic biometrics).

• Voice pattern,
Recognition
by
• Handwriting characteristics,
• Typing rhythm.

✓ User acceptance cost and convenience.

• All of these methods, properly implemented and
used, can provide secure user authentication.
However, each method has problems. An adversary
may be able to guess or steal a password. Similarly,
an adversary may be able to forge or steal a token. A
user may forget a password or lose a token. Further,
there is a significant administrative overhead for
managing password and token information on
systems and securing such information on systems.
With respect to biometric authenticators, there are a
variety of problems, including dealing with false
positives and false negatives, user acceptance, cost,
and convenience.
 There are 3 types of
Authentication:-

Biometric
Token-Based Authentication.
Password-Based Authentication.
Authentication.
 1.Password-Based Authentication.
->It is a widely used line of defense against intruders.
->Virtually all multiuser systems not only require the user
name or identifier (ID) but also the password.

How does it work???

->The system compares the password to a previously stored
password for that user ID, maintained in a system password
file.
->The password serves to authenticate id of the individual
logging on to the system .
 The ID provides the security in
the following ways:-

➢ It determines whether a user is authorized to gain

access to the system.
➢ It determines the privileges accorded to the user.
➢ It is used in discretionary access control.
 The use of hashed password

✓ A widely used password security technique is the

use of hashed passwords and a salt value.

✓ This scheme is found on virtually all UNIX variants

as well as many other operating systems
 The purpose of salt
✓ It prevents duplicate passwords from being visible
in the password file.
✓ It increases the difficulty of offline dictionary
attacks and guessing a password in a dictionary
attack.
✓ It becomes impossible to find out whether a
person with passwords on two or more systems
has used the same password on all of them.
 a) Loading a new password

Salt Password

User id Salt Hash code

Slow hash
function

Password file
 b) Verifying a password

User id Salt Hash code

User id
Password
Salt

select

Slow hash
Password file
function

compare
Use of Hashed Passwords
 UNIX Implementations…
• Each user selects a password of up to eight printable
characters in length. This is converted into a 56-bit value
that serves as the key input to an encryption routine.
• The hash routine, known as crypt(3), is based on DES.
• A 12-bit salt value is used.
• The modified DES algorithm is executed with a data input
consisting of a 64-bit block of zeros.
• The output of the algorithm then serves as input for a
second encryption. This process is repeated for a total of 25
encryptions.
• The resulting 64-bit output is then translated into an 11-
character sequence. The modification of the DES algorithm
converts it into a one-way hash function.
• The crypt(3) routine is designed to discourage guessing
attacks.
 UNIX Implementation
• original scheme
– 8 character password form 56-bit key
– 12-bit salt used to modify DES encryption into a
one-way hash function
– 0 value repeatedly encrypted 25 times
– output translated to 11 character sequence
• now regarded as woefully insecure
– e.g. supercomputer, 50 million tests, 80 min
• sometimes still used for compatibility
• Since the original development of UNIX, most implementations have
relied on the following password scheme. Each user selects a password
of up to eight printable characters in length. This is converted into a 56-
bit value (using 7-bit ASCII) that serves as the key input to an encryption
routine. The hash routine, known as crypt(3), is based on DES. A 12-bit
salt value is used. The modified DES algorithm is executed with a data
input consisting of a 64-bit block of zeros. The output of the algorithm
then serves as input for a second encryption. This process is repeated
for a total of 25 encryptions. The resulting 64-bit output is then
translated into an 11-character sequence. The modification of the DES
algorithm converts it into a one-way hash function, designed to
discourage guessing attacks. Software implementations of DES are slow
compared to hardware versions, and the use of 25 iterations multiplies
the time required by 25. This particular implementation is now
considered woefully inadequate. . [PERR03] reports the results of a
dictionary attack using a supercomputer. The attack was able to process
over 50 million password guesses in about 80 minutes. Further, the
results showed that for about $10,000 anyone should be able to do the
same in a few months using one uniprocessor machine. Despite its
known weaknesses, this UNIX scheme is still often required for
compatibility with existing account management software or in multi-
vendor environments.
 Improved Implementations
• have other, stronger, hash/salt variants
• many systems now use MD5
– with 48-bit salt
– password length is unlimited
– is hashed with 1000 times inner loop
– produces 128-bit hash
• OpenBSD uses Blowfish block cipher based
hash algorithm called Bcrypt
– uses 128-bit salt to create 192-bit hash value
• There are other, much stronger, hash/salt schemes available for UNIX.
FreeBSD is an open source UNIX implementation that is widely used.
The recommended hash function for many UNIX systems, including
Linux, Solaris, and FreeBSD, is based on the MD5 secure hash
algorithm (which is similar to, but not as secure as SHA-1). The MD5
crypt routine uses a salt of up to 48 bits and effectively has no
limitations on password length. It produces a 128-bit hash value. It is
also far slower than crypt(3). To achieve the slowdown, MD5 crypt
uses an inner loop with 1000 iterations. Probably the most secure
version of the UNIX hash/salt scheme was developed for OpenBSD,
another widely used open source UNIX. This scheme, reported in
[PROV99], uses a hash function based on the Blowfish symmetric
block cipher. The hash function, called Bcrypt,is quite slow to execute.
Bcrypt allows passwords of up to 55 characters in length and requires
a random salt value of 128 bits, to produce a 192-bit hash value.
Bcrypt also includes a cost variable; an increase in the cost variable
causes a corresponding increase in the time required to perform a
Bcyrpt hash. The cost assigned to a new password is configurable, so
that administrators can assign a higher cost to privileged users.
• The traditional approach to password guessing, or password cracking as
it is called, is to develop a large dictionary of possible passwords and to
try each of these against the password file. This means that each
password must be hashed using each available salt value and then
compared to stored hash values. If no match is found, then the cracking
program tries variations on all the words in its dictionary of likely
passwords. Such variations include backward spelling of words,
additional numbers or special characters, or sequence of characters, An
alternative is to trade off space for time by precomputing potential hash
values. In this approach the attacker generates a large dictionary of
possible passwords. For each password, the attacker generates the hash
values associated with each possible salt value. The result is a mammoth
table of hash values known as a rainbow table. For example, [OECH03]
showed that using 1.4 GB of data, he could crack 99.9% of all
alphanumeric Windows password hashes in 13.8 seconds. This approach
can be countered by using a sufficiently large salt value and a sufficiently
large hash length. Both the FreeBSD and OpenBSD approaches should be
secure from this attack for the foreseeable future.
 Proactive Password Checking
• rule enforcement plus user advice, e.g.
– 8+ chars, upper/lower/numeric/punctuation
– may not suffice
• password cracker
– time and space issues
• Markov Model
– generates guessable passwords
– hence reject any password it might generate
• Bloom Filter
– use to build table based on dictionary using hashes
– check desired password against this table
▪ Now look at possible approaches to proactive password checking.
▪ The first approach is a simple system for rule enforcement coupled
with advice to the user, e.g:
▪ All passwords must be at least eight characters long.
▪ In the first eight characters, the passwords must include at least one
each of uppercase, lowercase, numeric digits, and punctuation marks.
▪ Another method is to compile a large dictionary of possible
“bad”passwords. When a user selects a password, the system runs a
Password Cracker to make sure that it is not on the disapproved list.
This still consumes significant time and space.
▪ Use a Markov Model for the generation of guessable passwords, and
reject any passwords likely to be generated by the model .
▪ Use a Bloom filter, which is a set of k independent hash functions
which map a password into a set of hash values in the range 0 … N–1.
These are used to set bits in a lookup table of size N. When a new
password is presented to the checker, its k hash values are calculated.
If all the corresponding bits of the hash table are equal to 1, then the
password is rejected. All passwords in the dictionary will be rejected.
But there will also be some other “false positives”
 Countermeasures
• stop unauthorized access to password file
• intrusion detection measures
• account lockout mechanisms
• policies against using common passwords but
rather hard to guess passwords
• training & enforcement of policies
• automatic workstation logout
• encrypted network links
 Countermeasures
• Countermeasures Found in Each Layer Security
countermeasures are the controls used to protect
the confidentiality, integrity, and availability of data
and information systems. There is a wide array of
security controls available at every layer of the stack.
Overall security can be greatly enhanced by adding
additional security measures, removing unneeded
services, hardening systems, and limiting access
 Countermeasures
• Countermeasures against the listed vulnerabilities include
controls to: prevent unauthorized access to the password
file, intrusion detection measures to identify a
compromise, rapid re-issuance of passwords should the
password file be compromised; account lockout
mechanism which locks out access to the account after a
number of failed login attempts; policies to inhibit the
selection by users of common passwords; training in and
enforcement of password policies that make passwords
difficult to guess; automatically logging the workstation
out after a period of inactivity; a policy that forbids the
same or similar password on particular network devices;
encrypted communications links.
• A widely used password security technique is the use of hashed passwords and a salt
value. This scheme is found on virtually all UNIX variants as well as on a number of other
operating systems. The procedure shown here in Figure 3.1a from the text is used. To load
a new password into the system, the user selects or is assigned a password.This password
is combined with a fixed-length salt value (so the same user password can create multiple
hash values, depending on which salt is used. to make attacks harder). In older
implementations, the salt is related to the time the password is assigned to the user.
Newer implementations use a pseudorandom or random number. The password and salt
serve as inputs to a hashing algorithm to produce a fixed-length hash code. The hash
algorithm is designed to be slow to execute to thwart attacks. The hashed password is
then stored, together with a plaintext copy of the salt, in the password file for the
corresponding user ID. The hashed-password method has been shown to be secure
against a variety of cryptanalytic attacks. When a user attempts to log on to a system, the
user provides an ID and a password (as shown in Figure 3.1b). The operating system uses
the ID to index into the password file and retrieve the plaintext salt and the encrypted
password. The salt and user-supplied password are used as input to the encryption
routine. If the result matches the stored value, the password is accepted. There are two
threats to this password scheme. First, a user can gain access on a machine using a guest
account or by some other means and then run a password guessing program, called a
password cracker, on that machine. In addition, if an opponent is able to obtain a copy of
the password file, then a cracker program can be run on another machine at leisure. This
enables the opponent to run through millions of possible passwords in a reasonable
period.
 Password File Access Control
• can block offline guessing attacks by denying
access to encrypted passwords
– make available only to privileged users
– often using a separate shadow password file
• still have vulnerabilities
– exploit O/S bug
– accident with permissions making it readable
– users with same password on other systems
– access from unprotected backup media
– sniff passwords in unprotected network traffic
• One way to thwart a password attack is to deny the
opponent access to the password file. If the hashed password
portion of the file is accessible only by a privileged user, then
the opponent cannot read it without already knowing the
password of a privileged user. Often, the hashed passwords
are kept in a separate file from the user IDs, referred to as a
shadow password file. Special attention is paid to making the
shadow password file protected from unauthorized access.
Although password file protection is certainly worthwhile,
there remain vulnerabilities: a hacker may be able to exploit
a software vulnerability in the operating system to bypass the
access control system long enough to extract the password
file; an accident of protection might render the password file
readable; some users may use the same password on other
less protected or compromised machines; a lack of or
weakness in physical security (e.g. of backups) may provide
opportunities for a hacker to access a copy of the file;
passwords may be captured by sniffing network traffic.
 2.Token-based authentication.

❖ It’s an object that the user possesses for the

purpose of user authentication.

❖ The 2 types of token are:

the cards that have the appearance
and
the size of the bank cards.
 Memory cards
✓ When combined with a pin or password it
provides greater security then password
alone.

Drawbacks are….

o Require special reader.

o Token loss.
o User dissatisfaction.
❑ Memory cards can store but not process data. The most common such card
is the bank card with a magnetic stripe on the back. A magnetic stripe can
store only a simple security code, which can be read (and unfortunately
reprogrammed) by an inexpensive card reader. There are also memory
cards that include an internal electronic memory. Memory cards can be
used alone for physical access, such as a hotel room. For computer user
authentication, such cards are typically used with some form of password or
personal identification number (PIN). A typical application is an automatic
teller machine (ATM). The memory card, when combined with a PIN or
password, provides significantly greater security than a password alone. An
adversary must gain physical possession of the card (or be able to duplicate
it) plus must gain knowledge of the PIN. Among the potential drawbacks are
the following [NIST95]:
❑ • Requires special reader: This increases the cost of using the token and
creates the requirement to maintain the security of the reader’s hardware
and software.
❑ • Token loss: A lost token temporarily prevents its owner from gaining
system access. Thus there is an administrative cost in replacing the lost
token. In addition, if the token is found, stolen, or forged, then an adversary
now need only determine the PIN to gain unauthorized access.
❑ • User dissatisfaction: Although users may have no difficulty in accepting
the use of a memory card for ATM access, its use for computer access may
be deemed inconvenient.
• For user authentication to computer, the most important category of smart
token is the smart card, which has the appearance of a credit card, has an
electronic interface, and may use any of the possible authentication
protocols (static, dynamic password, challenge-response; see text). A smart
card contains within it an entire microprocessor, including processor,
memory, and I/O ports, as shown in Figure 3.4 from the text. Some versions
incorporate a special co-processing circuit for cryptographic operation to
speed the task of encoding and decoding messages or generating digital
signatures to validate the information transferred. In some cards, the I/O
ports are directly accessible by a compatible reader by means of exposed
electrical contacts. Other cards rely instead on an embedded antenna for
wireless communication with the reader. A typical smart card includes three
types of memory. Read-only memory (ROM) stores data that does not
change during the card’s life, such as the card number and the cardholder’s
name. Electrically erasable programmable ROM (EEPROM) holds application
data and programs, such as the protocols that the card can execute. It also
holds data that may vary with time. Random access memory (RAM) holds
temporary data generated when applications are executed. Figure 3.5 in the
text illustrates a typical interaction between a smart card and a reader or
computer system. An alternative to the smart card is a small, inexpensive
flash memory device known as a USB dongle. It has the same functionality as
a smart card, but connects to the existing USB port on a computer, hence it
does not need a specific card reader.
 Smart cards.
• These can be categorized along three
dimensions that are not mutually exclusive:
1. Physical characteristics: Smart tokens include
an embedded microprocessor.
• A smart token that looks like a bank card is
called a smart card.
• Other smart tokens can look like calculators,
keys, or other small portable objects.
2. Interface: Manual interfaces include a keypad
and display for human/token interaction. Smart
tokens with an electronic interface communicate
with a compatible reader/writer.
3. Authentication protocol: The purpose of a
smart token is to provide a means for user
authentication.We can classify the authentication
protocols used with smart tokens into three
categories:
1. Static
2. Dynamic password generator
3. Challenge-response
• For user authentication to computer, the most important category of smart
token is the smart card, which has the appearance of a credit card, has an
electronic interface, and may use any of the possible authentication protocols
(static, dynamic password, challenge-response; see text). A smart card contains
within it an entire microprocessor, including processor, memory, and I/O ports,
as shown in Figure 3.4 from the text. Some versions incorporate a special co-
processing circuit for cryptographic operation to speed the task of encoding
and decoding messages or generating digital signatures to validate the
information transferred. In some cards, the I/O ports are directly accessible by
a compatible reader by means of exposed electrical contacts. Other cards rely
instead on an embedded antenna for wireless communication with the reader.
A typical smart card includes three types of memory. Read-only memory
(ROM) stores data that does not change during the card’s life, such as the card
number and the cardholder’s name. Electrically erasable programmable ROM
(EEPROM) holds application data and programs, such as the protocols that the
card can execute. It also holds data that may vary with time. Random access
memory (RAM) holds temporary data generated when applications are
executed. Figure 3.5 in the text illustrates a typical interaction between a smart
card and a reader or computer system. An alternative to the smart card is a
small, inexpensive flash memory device known as a USB dongle. It has the
same functionality as a smart card, but connects to the existing USB port on a
computer, hence it does not need a specific card reader.
Figure 3.5 illustrates the typical interaction between a smart card and a
reader or computer system. Each time the card is inserted into a
reader, a reset is initiated by the reader to initialize parameters such as
clock value. After the reset function is performed, the card responds
with answer to reset (ATR) message. This message defines the
parameters and protocols that the card can use and the functions it
can perform. The terminal may be able to change the protocol used
and other parameters via a protocol type selection (PTS) command.
The cards PTS response confirms the protocols and parameters to be
used. The terminal and card can now execute the protocol to perform
the desired application.
➢ An application of increasing importance is the use of a smart card as a
national identity card for citizens. A national electronic identity (eID) card can
serve the same purposes as other national ID cards, and similar cards such as
a driver’s license, for access to government and commercial services. In
addition, an eID card can provide stronger proof of identity and be used in a
wider variety of applications. In effect, an eID card is a smart card that has
been verified by the national government as valid and authentic.

➢ One of the most recent and most advanced eID deployments is the German
eID card neuer Personalausweis [POLL12]. The card has human-readable data
printed on its surface, including the following:

➢ Personal data: Such as name, date of birth, and address; this is the type of
printed information found on passports and driver’s licenses.

➢ Document number: An alphanumerical nine-character unique identifier of

each card.

➢ Card access number (CAN): A six-digit decimal random number printed on

➢ the face of the card. This is used as a password, as explained subsequently.

➢ Machine readable zone (MRZ): Three lines of human- and machine-readable

text on the back of the card. This may also be used as a password.
 3.Biometric authentication.

➢ Authenticate an individual based on his/her unique

physical characteristics.

➢ It is technically complex and expensive.

➢ It is based on pattern recognition.

➢ It is yet to mature as a standard tool for user

authentication to computer system.
 The physical characteristics used
are…
➢ Static:
✓ Facial characteristics.
✓ Fingerprints.
✓ Hand geometry.
✓ Retinal pattern.
✓ Iris.
➢ Dynamic:
✓ Signature.
✓ Voice.
A biometric authentication system attempts to authenticate an individual based on unique
physical characteristics.These include static characteristics, such as fingerprints, hand
geometry, facial characteristics, and retinal and iris patterns; and dynamic characteristics,
such as voiceprint and signature. Compared to passwords and tokens, biometric
authentication is both technically complex and expensive, and have yet to mature as a
standard tool for user authentication to computer systems. Figure 3.6 from the text gives a
rough indication of the relative cost and accuracy of the most common biometric
measures:
• Facial characteristics: define characteristics based on relative location and shape of key
facial features, such as eyes, eyebrows, nose, lips, and chin shape.
• Fingerprints: the pattern of ridges and furrows on the surface of the fingertip, believed
to be unique across the entire human population. Automated fingerprint systems extract a
number of features to use as a surrogate for the full pattern.
• Hand geometry: identify features of hand,: e.g. shape, lengths & widths of fingers.
• Retinal pattern: formed by veins beneath the retinal surface is unique and therefore
suitable for identification. Uses a digital image of the retinal pattern by projecting a low-
intensity beam of visual or infrared light into the eye.
• Iris: Another unique physical characteristic is the detailed structure of the iris.
• Signature: each individual has a unique style of handwriting, esp in signature.
• Voice: patterns are more closely tied to physical and anatomical characteristics of the
speaker, but still have a variation from sample to sample over time from the same
speaker,complicating the biometric recognition task.
Operation of a
Biometric
System
• Above Figure from the text illustrates the operation of a biometric system.
Each individual who is to be included in the database of authorized users
must first be enrolled in the system. This is analogous to assigning a
password to a user .For a biometric system, the user presents a name and,
typically, some type of password or PIN to the system. At the same time the
system senses some biometric characteristic of this user (e.g. fingerprint of
right index finger). The system digitizes the input and then extracts a set of
features that can be stored as a number or set of numbers representing this
unique biometric characteristic ;this set of numbers is referred to as the
user’s template. The user is now enrolled in the system, which maintains
for the user a name (ID), perhaps a PIN or password, and the biometric
value. Depending on application, user authentication on a biometric system
involves either verification or identification. Verification is analogous to a
user logging on to a system by using a memory card or smart card coupled
with a password or PIN. For biometric verification, the user enters a PIN
and also uses a biometric sensor. The system extracts the corresponding
feature and compares that to the template stored for this user. If there is a
match, then the system authenticates this user. For an identification system,
the individual uses the biometric sensor but presents no additional
information. The system then compares the presented template with the set
of stored templates. If there is a match, then this user is identified.
Otherwise, the user is rejected.
 Cost verses accuracy of various biometric
characteristics.

iris
hand
retina
signature
cost

face finger

voice

accuracy
 Biometric Accuracy
• can plot characteristic curve
• pick threshold balancing error rates
• In any biometric scheme, some physical characteristic of the individual is
mapped into a digital representation. For each individual, a single digital
representation, or template, is stored in the computer. When the user is to be
authenticated, the system compares the stored template to the presented template.
Given the complexities of physical characteristics, we cannot expect that there
will be an exact match between the two templates. Rather, the system uses an
algorithm to generate a matching score (typically a single number) that quantifies
the similarity between the input and the stored template. Figure 3.8 illustrates the
dilemma posed to the system. If a single user is tested by the system numerous
times, the matching score swill vary, with a probability density function typically
forming a bell curve, as shown. On average, any other individual should have a
much lower matching score but again will exhibit a bell-shaped probability
density function .The difficulty is that the range of matching scores produced by
two individuals, one genuine and one an imposter, compared to a given reference
template, are likely to overlap. In Figure 3.8 a threshold value is selected so that
if the presented value is s>=t then a match is assumed, and for s< t, a mismatch is
assumed. The shaded part to the right of t indicates a range of values for which a
false match is possible, and the shaded part to the left indicates a range of values
for which a false nonmatch is possible. The area of each shaded part represents to
probability of a false match or nonmatch, respectively. By moving the threshold,
left or right, the probabilities can be altered, but note that an decrease in false
match rate necessarily results in an increase in false nonmatch rate, and vice
versa.
 Remote User Authentication
• authentication over network more complex
– problems of eavesdropping, replay
• generally use challenge-response
– user sends identity
– host responds with random number
– user computes f(r,h(P)) and sends back
– host compares value from user with own
computed value, if match user authenticated
• protects against a number of attacks
 Remote User Authentication

• Authentication over a network, the Internet,

or a communications link is more complex
• Additional security threats such as:
– Eavesdropping, capturing a password, replaying an authentication
sequence that has been observed

• Generally rely on some form of a challenge-

response protocol to counter threats

73
 Authentication Security Issues

• client attacks
• host attacks
• eavesdropping
• replay
• trojan horse
• denial-of-service
 Eavesdropping
Adversary attempts to
learn the password by
some sort of attack that
involves the physical Host Attacks
Denial-of-Service proximity of user and
adversary Directed at the user file
Attempts to disable a at the host where
user authentication passwords, token
service by flooding the passcodes, or biometric
service with numerous templates are stored
authentication attempts

Trojan Horse Replay

An application or physical Adversary repeats a
device masquerades as previously captured
an authentic application Client Attacks user response
or device for the purpose
of capturing a user Adversary attempts to
password, passcode, or achieve user
biometric authentication without
access to the remote
host or the intervening
communications path

75
Client attacks are those in which an adversary attempts to achieve user
authentication without access to the remote host or to the intervening communications
path. The adversary attempts to masquerade as a legitimate user. For a password-based
system, the adversary may attempt to guess the likely user password. Multiple guesses
may be made. At the extreme, the adversary sequences through all possible passwords in
an exhaustive attempt to succeed. One way to thwart such an attack is to select a
password that is both lengthy and unpredictable. In effect , such a password has large
entropy; that is, many bits are required to represent the password. Another
countermeasure is to limit the number of attempts that can be made in a given time
period from a given source.

.
A token can generate a high-entropy passcode from a low-entropy PIN or password, thwarting
exhaustive searches. The adversary may be able to guess or acquire the PIN or password but
must additionally acquire the physical token to succeed.
Host attacks are directed at the user file at the host where passwords, token
passcodes, or biometric templates are stored. Section 3.2 discusses the security
considerations with respect to passwords. For tokens, there is the additional
defense of using one-time passcodes, so that passcodes are not stored in a host
passcode file. Biometric features of a user are difficult to secure because they are
physical features of the user. For a static feature, biometric device authentication
adds a measure of protection. For a dynamic feature, a challenge-response
protocol enhances security.
Eavesdropping in the context of passwords refers to an adversary’s attempt to
Learn the password by observing the user, finding a written copy of the password,
or some similar attack that involves the physical proximity of user and adversary.
Another form of eavesdropping is keystroke logging (keylogging), in which malicious
hardware or software is installed so that the attacker can capture the user’s keystrokes
for later analysis. A system that relies on multiple factors (e.g., password plus token or
password plus biometric) is resistant to this type of attack. For a token, an analogous
threat is theft of the token or physical copying of the token. Again, a multifactor
protocol resists this type of attack better than a pure token protocol. The analogous
threat for a biometric protocol is copying or imitating the biometric parameter so as to
generate the desired template. Dynamic biometrics are less susceptible to such attacks. For
static biometrics, device authentication is a useful countermeasure.
Replay attacks involve an adversary repeating a previously captured
user response. The most common countermeasure to such attacks is the challenge-
response
protocol.

In a Trojan horse attack, an application or physical device masquerades as

an authentic application or device for the purpose of capturing a user password,
passcode, or biometric. The adversary can then use the captured information to
masquerade as a legitimate user. A simple example of this is a rogue bank machine
used to capture user ID/password combinations.

A denial-of-service attack attempts to disable a user authentication service by

flooding the service with numerous authentication attempts. A more selective attack
denies service to a specific user by attempting logon until the threshold is reached
that causes lockout to this user because of too many logon attempts. A multifactor
authentication protocol that includes a token thwarts this attack, because the
adversary must first acquire the token.
• As with any security service,user authentication,particularly remote
user authentication, is subject to a variety of attacks, as presented
in Table 3.4 in the text. Client attacks are those in which an
adversary attempts to achieve user authentication without access
to the remote host or to the intervening communications path. The
adversary attempts to masquerade as a legitimate user. e.g. in a
password-based system, the adversary may attempt to guess the
likely user password. Host attacks are directed at the user file at the
host where passwords,token passcodes, or biometric templates are
stored. Eavesdropping refers to an adversary’s attempt to learn the
password by observing the user, finding a written copy of the
password, keystroke logging, etc. Replay attacks involve an
adversary repeating a previously captured user response. The most
common countermeasure to such attacks is the challenge- response
protocol. In a Trojan horse attack, an application or physical device
masquerades as an authentic application or device for the purpose
of capturing a user password, passcode, or biometric. The adversary
can then use the captured information to masquerade as a
legitimate user. A denial-of-service attack attempts to disable a user
authentication service by flooding the service with numerous
authentication attempts.
Practical Application
• As an example, we look at an iris biometric system that was developed for use in the
banking industry for authentication of debit card users. Figure 3.12 here shows a generic
version of this system, which is now in use commercially in a number of locations
worldwide. There is considerable interest commercially in the use of an iris biometric
system for this application because of its exceptional accuracy (see Figure 3.10) and
because the biometric itself can be acquired without the individual having to come into
physical contact with the biometric acquisition device. The system is designed to operate
with automated teller machines (ATMs) in public places as well as with personal use
devices that can be installed at home. For ATMs, a wide-angle camera finds the head of the
person to be identified. A zoom lens then targets in on the user’s iris and takes a digital
photo. A template of concentric lines is laid on the iris image and a number of specific
points are recorded and the information converted into a digital code. For personal-use
systems, a low-cost camera device involves more cooperative action on the part of the user
to focus and capture the biometric. A customer must initially enroll through a public-use
ATM device owned by the bank. The biometric is converted into a numeric iris code. This
code and the customer identification number (CIN) are encrypted and transmitted over the
bank’s intranet to a verification server. The verification server then performs the user
authentication function. A user may employ a personal-use device to access the system via
the Internet. The image information plus the CIN are transmitted securely over the Internet
to the bank’s Web server. From there, the data are transmitted over the bank’s intranet to
the verification server. which does the conversion of iris image to iris code. Initial field trials
of the system showed very high acceptance rate of customers preferring this method to
other user authentication techniques,such as PIN codes.
Case Study: ATM Security
In this text discusses a security vulnerability in ATM (automated teller machine) usage
that affects a number of small to mid-size ATM card issuers. Customers expect 24/7
service at ATM stations. For many small to mid-sized issuers, it is more cost-effective for
contract processors to pro-ide the required data processing and EFT/ATM services. Each
service typically requires a dedicated data connection between the issuer and the
processor, using a leased line or a virtual leased line. Prior to about 2003, the typical
configuration involving issuer,processor, and ATM machines could be characterized by
Figure 3.13a. The ATM units linked directly to the processor rather than to the issuer that
owned the ATM, via leased or virtual leased line. The use of a dedicated link made it
difficult to maliciously intercept transferred data. In the early 2000s, banks worldwide
began the process of migrating from an older generation of ATMs to new systems.
Because issuers typically run their own Internet-connected intranets, it was attractive to
connect ATMs to these issuer networks and maintain only a single dedicated line to the
processor, leading to the configuration illustrated in Figure 3.13b. This configuration saves
the issuer expensive monthly circuit fees and enables easier management of ATMs by the
issuer. In this configuration, the information sent from the ATM to the processor traverses
the issuer’s network before being sent to the processor. It is during this time on the
issuer’s network that the customer information is vulnerable. A hacker tapping into the
bank’s network, either from an internal location or from across the Internet potentially
would have complete access to every single ATM transaction. The system has two
principal vulnerabilities: confidentiality and integrity, as the text discusses.
 Summary
• introduced user authentication
– using passwords
– using tokens
– using biometrics
• remote user authentication issues
• example application and case study
 Summary
• Electronic user authentication • Biometric
principles
authentication
• Password-based
– Physical characteristics used
authentication
in biometric applications
– The vulnerability of – Operation of a biometric
passwords authentication system
– The use of hashed passwords – Biometric accuracy
– Password cracking of user-
chosen passwords • Remote user
– Password file access control authentication
– Password selection strategies – Password protocol
• Token-based authentication – Token protocol
– Memory cards – Static biometric protocol
– Smart cards – Dynamic biometric protocol
– Electronic identity cards

86
Questions……
1. Write a short note on user authentication and
characterization of user authentication.
2. Define user authentication as per IRC and explain
the types of user authentication.
3. Write short note on the following:
-memory cards and smart cards.
-purpose of salt value.
4. Explain loading and verifying hash password with
neat diagram.
Difference between Authentication and Authorization.
• In authentication process, the identity of users are checked
for providing the access to the system. While in authorization
process, person’s or user’s authorities are checked for
accessing the resources. Authentication is done before the
authorization process, whereas authorization process is done
after the authentication process.
• Authorization is a security mechanism to determine access
levels or user /client privileges related to system resources
including files, services, computer programs , data and
application features.
S.NO Authentication Authorization

In authentication process, the identity of users are While in authorization process, person’s or user’s authorities
1. checked for providing the access to the system. are checked for accessing the resources.

In authentication process, users or persons are

2. verified. While in this process, users or persons are validated.

3. It is done before the authorization process. While this process is done after the authentication process.

4. It needs usually user’s login details. While it needs user’s privilege or security levels.

Authentication determines whether the person is

5. user or not. While it determines What permission do user have?