Outline

• Passwords
• Quiz
• Biometrics

Attacks on Passwords

• Attacker could...
  • Target one particular account
  • Target any account on system
  • Target any account on any system
  • Attempt denial of service (DoS) attack
• Common attack path
  • Outsider -> normal user -> administrator
  • May only require one weak password!

Password Retry

• Suppose system locks after 3 bad passwords. How long should it lock?
  • 5 seconds
  • 5 minutes
  • Until system administrator restores service
• What are +'s and -'s of each?

Password File?

• Bad idea to store passwords in a file
• But we need to verify passwords
• Cryptographic solution: hash the password
  • Store `y = h(\p\a\s\s\w\o\r\d)`
  • Can verify entered password by hashing
  • If Trudy obtains "password file," she does not obtain passwords
• But Trudy can try a forward search
  • Guess `x` and check whether `y = h(x)`

Dictionary Attack

• Trudy pre-computes `h(x)` for all `x` in a dictionary of common passwords
• Suppose Trudy gets access to password file containing hashed passwords
  • She only needs to compare hashes to her pre-computed dictionary
  • After one-time work, actual attack is trivial
• Can we prevent this attack? Or at least make attackers job more difficult?

Salt

• Hash password with salt
• Choose random salt `s` and compute
  `y = h(\p\a\s\s\w\o\r\d, s)`
  and store `(s,y)` in the password file
• Note: The salt `s` is not secret
• Easy to verify salted password
• But Trudy must re-compute dictionary hashes for each user -- Lots more work for Trudy!

Password Cracking: Do the Math

Assumptions:

• Passwords are 8 chars, 128 choices per character. Then
  `128^8 = 2^(56)` possible passwords
• There is a password file with `2^(10)` passwords
• Attacker has dictionary of `2^(20)` common passwords
• Probability of `1/4` that a password is in dictionary
• Work is measured by number of hashes

Password Cracking: Case I

• Attack 1 password without dictionary
• Must try `2^(56)/2 = 2^(55)` on average
• Like exhaustive key search
• Does salt help in this case? Yes, Trudy can't precompute hashes.

Password Cracking: Case II

• Attack 1 password with dictionary
• With salt
  • Expected work: `1/4 (2^(19)) + 3/4 (2^(55)) = 2^(54.6)`
  • In practice, try all passwords in dictionary...
  • ...then work is at most `2^20` and probability of success is `1/4`
• What if no salt is used?
  • One-time work to compute dictionary: `2^(20)`
  • Expected work still same order as above
  • But with precomputed dictionary hashes, the "in practice" attack is free...

Password Cracking: Case III

• Any of 1024 passwords in file, without dictionary
  • Assume all `2^(10)` passwords are distinct
  • Need `2^(55)` comparisons before expect to find password
• If no salt is used
  • Each computed hash yields `2^(10)` comparisons
  • So expected work (hashes) is `2^(55)/2^(10) = 2^45`
• If salt is used
  • Expected work is `2^(55)`
  • Each comparison requires a hash computation

Password Cracking: Case IV

• Any of 1024 passwords in file, with dictionary
  • Probability one or more password in dictionary: `1 - (3/4)^1024 approx 1`
  • So, we ignore case where no password is in dictionary
• • If salt is used, expected work less than `2^22`
  • See book for details
  • Approximate work: size of dictionary / probability
• What if no salt is used?
  • If dictionary hashes not precomputed, work is about `2^(19)/2^(10) = 2^9`

Other Password Issues

• Too many passwords to remember
  • Results in password reuse
  • Why is this a problem?
• Who suffers from bad password?
  • Login password vs ATM PIN
• Failure to change default passwords
• Social engineering
• Error logs may contain "almost" passwords
• Bugs, keystroke logging, spyware, etc.

Passwords

• The bottom line...
  • One weak password may break security
  • Users choose bad passwords
  • Social engineering attacks, etc.
• Trudy has (almost) all of the advantages
• All of the math favors bad guys
• Passwords are a BIG security problem...
  • And will continue to be a big problem.

Password Cracking Tools

• Popular password cracking tools
  • Password Crackers
  • L0phtCrack and LC6 (Windows)
  • John the Ripper (Unix)
• Admins should use these tools to test for weak passwords since attackers will
• Good articles on password cracking
  • Passwords - Cornerstone of Computer Security
  • Passwords revealed by sweet deal

Quiz

Which of the following is true?

1. Steganography and watermarks are the same thing.
2. Exhaustive search is a possible attack against the visual crypto scheme given in class.
3. The spam reduction protocol we gave in class works better against a computationally weaker attacker.

Biometrics -- Something You Are

Some example biometrics include:

• Fingerprint
• Handwritten signature
• Facial recognition
• Speech recognition
• Gait (walking) recognition
• "Digital doggie" (odor recognition)
• Many more!

Why Biometrics?

• Cheap and reliable biometrics needed
  • Today, an active area of research
• Biometrics are used in security today
  • Thumbprint mouse
  • Palm print for secure entry
  • Fingerprint to unlock car door, etc.
• But biometrics not too popular
  • Has not lived up to its promise (yet?)

Ideal Biometric

• Universal -- applies to (almost) everyone
• More secure replacement for passwords
  • In reality, no biometric applies to everyone
• Distinguishing -- distinguish with certainty
  • In reality, cannot hope for 100% certainty
• Permanent -- physical characteristic being measured never changes
  • In reality, OK if it to remains valid for long time
• Collectable -- easy to collect required data
  • Depends on whether subjects are cooperative
• Also, safe, user-friendly, etc., etc.

Biometric Modes

• Identification -- Who goes there?
  • Compare one-to-many
  • Example: The FBI fingerprint database
• Authentication -- Are you who you say you are?
  • Compare one-to-one
  • Example: Thumbprint mouse
• Identification problem is more difficult
  • More "random" matches since more comparisons
• We are interested in authentication

Enrollment vs Recognition

• Enrollment phase
  • Subject's biometric info put into database
  • Must carefully measure the required info
  • OK if slow and repeated measurement needed
  • Must be very precise
  • May be weak point of many biometric
• Recognition phase
  • Biometric detection, when used in practice
  • Must be quick and simple
  • But must be reasonably accurate

Cooperative Subjects?

• Authentication  cooperative subjects
• Identification  uncooperative subjects
• For example, facial recognition
  • Used in Las Vegas casinos to detect known cheaters (terrorists in airports, etc.)
  • Often do not have ideal enrollment conditions
  • Subject will try to confuse recognition phase
• Cooperative subject makes it much easier
  • We are focused on authentication
  • So, subjects are generally cooperative

Biometric Errors

• Fraud rate versus insult rate
  • Fraud -- Trudy mis-authenticated as Alice
  • Insult -- Alice not authenticated as Alice
• For any biometric, can decrease fraud or insult, but other one will increase
• For example
  • 99% voiceprint match -- low fraud, high insult
  • 30% voiceprint match -- high fraud, low insult
• Equal error rate: rate where fraud == insult
  • A way to compare different biometrics

Fingerprint History

• 1823 -- Professor Johannes Evangelist Purkinje discussed 9 fingerprint patterns
• 1856 -- Sir William Hershel used fingerprint (in India) on contracts
• 1880 -- Dr. Henry Faulds article in Nature about fingerprints for ID
• 1883 -- Mark Twain's Life on the Mississippi (murderer ID'ed by fingerprint)
• 1888 -- Sir Francis Galton developed classification system
  • His system of "minutia" still used today
  • Also verified that fingerprints do not change

Fingerprint Comparison

• Common minutia of fingerprints include loops, whorls, and arches
• In the pre-computer era, collected fingerprints were classified into one 1024 bins.
• Given a fingerprint of an unknown subject, a binary search on minutia, let one find quickly which bin to check for matches.
• Features within these minutia were then compared. In Britain, fingerprints had to match in 16 of these feature locations; in the U.S. no fixed number was used.

Fingerprint: Enrollment

• Capture image of fingerprint
• Enhance image
• Identify points

Fingerprint: Recognition

• Extracted points are compared with information stored in a database
• Is it a statistical match?
• Aside: Do identical twins' fingerprints differ?

Hand Geometry

• A popular biometric
• Measures shape of hand
  • Width of hand, fingers
  • Length of fingers, etc
• Human hands not unique
• Hand geometry sufficient for many situations
• OK for authentication
• Not useful for ID problem

Pros/Cons Hand Geometry

• Advantages
  • Quick -- 1 minute for enrollment, 5 seconds for recognition
  • Hands are symmetric -- so what?
• Disadvantages
  • Cannot use on very young or very old (or amputees)
  • Relatively high equal error rate

Iris Patterns

• Iris pattern development is "chaotic"
• Little or no genetic influence
• Different even for identical twins
• Pattern is stable through lifetime

Iris Recognition: History

• 1936 -- suggested by Frank Burch
• 1980s -- James Bond films
• 1986 -- first patent appeared
• 1994 -- John Daugman patented best current approach. Patent owned by Iridian Technologies

Iris Scan

• Scanner locates iris
• Take b/w photo
• Use polar coordinates...
• Get 256 byte iris code

Measuring Iris Similarity

• Based on Hamming distance
• Define `d(x,y)` to be:
  • # of non match bits / # of bits compared
  • d(0010,0101) = 3/4 and d(101111,101001) = 1/3
• Compute `d(x,y)` on 2048-bit iris code
  • Perfect match is d(x,y) = 0
  • For same iris, expected distance is 0.08
  • At random, expect distance of 0.50
  • Accept iris scan as match if distance < 0.32

Iris Scan Error Rate

Attack on Iris Scan

• Good photo of eye can be scanned -- Attacker could use photo of eye
• Afghan woman was authenticated by iris scan of old photo from National Geographic. http://news.bbc.co.uk/2/hi/south_asia/1870382.stm
• To prevent attack, scanner could use light to be sure it is a "live" iris

Equal Error Rate Comparison

• Equal error rate (EER): fraud == insult rate
• Fingerprint biometric has EER of about 5%
• Hand geometry has EER of about `10^(-3)`
• In theory, iris scan has EER of about `10^(-6)`.
  • But in practice, may be hard to achieve
  • Enrollment phase must be extremely accurate
• Most biometrics much worse than fingerprint!
• Biometrics useful for authentication...
  • ...but identification biometrics almost useless today

Biometrics: The Bottom Line

• Biometrics are hard to forge
• But attacker could
  • Steal Alice's thumb
  • Photocopy Bob's fingerprint, eye, etc.
  • Subvert software, database, "trusted path"...
• And how to revoke a "broken" biometric?
• Biometrics are not foolproof
• Biometric use is limited today
• That should change in the (near?) future