Scribd
Upload
49 views

Lecture 5-Operating System Security-NPTEL

lecture note for nptel

Uploaded by

lovely althaf
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
49 views

Lecture 5-Operating System Security-NPTEL

lecture note for nptel

Uploaded by

lovely althaf
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Operating System Security

Dr. Neminath Hubballi

Indian Institute of Technology Indore


Outline
q Memory Management
q Password and User Account Management

Indian Institute of Technology Indore


Memory Management
qProcess granularity
qEach process upon creation is allocated some memory
called as address space
qOperating system protects one process from other by not
allowing access to others address space
qGlobal granularity
qKernel address space
qUser address space

Indian Institute of Technology Indore


Memory Management

Indian Institute of Technology Indore


Memory Management
qProcess address space is organized in segments
q.text, .data, .bss, .heap and .stack segments
qEach segment has its own access permissions
qReadable, writable and executable

Indian Institute of Technology Indore


Memory Management

Stack

Heap

BSS

Data

Text

Indian Institute of Technology Indore


Examples

Heap
int main()
{
ptr = (int *) malloc(10*sizeof(int));
}

.bss
Int main()
{
static int a;
}

.data
int gb=10;
Int main()
{
}

IIT Indore © Neminah Hubballi


Password and User Account
Management in Operating System
qNaive approach
qCreate a file password where all users passwords are stored
qNeminath : pass156
qGourinath : test234
qSomnath : temp123
qSave the file password in a place in the system
qWhat if a thief gets access to this file ?
qAll user accounts are compromised

Indian Institute of Technology Indore


Password and User Account
Management in Operating System

Indian Institute of Technology Indore


Password and User Account
Management in Operating System

Indian Institute of Technology Indore


Password and User Account
Management in Operating System

Indian Institute of Technology Indore


Password and User Account
Management in Operating System
qOne way hashing is a function f
qCharacteristic of this function is
qwhen supplied x computes f(x) easily
qBut inverse is extremely complex i.e., given f(x) it is difficult to calculate x.
qSomanath : d34ef

Indian Institute of Technology Indore


Password and User Account
Management in Operating System
qOne way hashing is a function f
qCharacteristic of this function is
qwhen supplied x computes f(x) easily
qBut inverse is difficult to calculate i.e., given f(x) finding x.
qSomanath : d34ef

Indian Institute of Technology Indore


Password and User Account
Management in Operating System
qOne way hashing is a function f
qCharacteristic of this function is
qwhen supplied x computes f(x) easily
qBut inverse is extremely complex i.e., given f(x) it is difficult to calculate x.
qSomanath : d34ef

qAn example
qConvert all the characters into their ASCII values and XOR them
qResult is a small number derived out of XOR operation
qStore the hash value in password file
qNote we do not store the password anywhere
qThe idea is make it impossible to guess the password even if hash value is known
qNow the password file looks like
qNeminath : a12hf
qGourinath : b4a2e

Indian Institute of Technology Indore


Password and User Account
Management in Operating System

Indian Institute of Technology Indore


Password and User Account
Management in Operating System

Indian Institute of Technology Indore


Password and User Account
Management in Operating System
qSalting
qDo not hash passwords as it is, add something to it and then
hash
qUnix system used an additional 12 bit number to hash
password
qHow to chose value of salt
qDeterministic across the users: not a good idea !
qUnique for each user : sounds good but how to get a unique one
qTake the current timestamp of system and divide with a
predetermined number to get a 12 bit remainder and use it as a salt.
qMeta data as salt : use the birthday or PAN number of user as salt

Indian Institute of Technology Indore


Password and User Account
Management in Operating System

Indian Institute of Technology Indore


Unix Password Management
qA file in the directory /etc/passwd stores the Unix users
password
qUnix password is hashed and salted
qSalting and hashing effectively increase the amount of work
done to break into the target system
qAlgorithm
qTake the first 8 ASCI characters of the user password and encrypt
a 64 bit constant character consisting of all 0’s
qIf the user password is less than 8 characters suitably pad it to
make it 56 bits
qEncrypt the 64 bit length 0’s 25 times with DES (using crypt()
function) using user password as key
qResultant encrypted version is stored in the file

Indian Institute of Technology Indore


Unix Password Management

Indian Institute of Technology Indore


Password Management in Unix/Linux
User ID Salt Password
User 1 5689 A9yU0
User enters
password

crypt3

Salt
User n 8940 79ih0
Where is the Hashed Password Stored
?
Username
Password
UID
GID
User info
Home
Shell

Username
Encrypted Password
Elapsed time
Validity
Due date
Warning date
Expiry date
Disabled time
IIT Indore © Neminah Hubballi Reserved
Where is Hashed Password Stored ?
qPassword has 3 components

qFirst part – hashing algorithm


qSecond part – plain text salt value
qThird part – actual hash value generated

IIT Indore © Neminah Hubballi


Attacks on Password based
Authentication
Computed
Dictionary Hash Values User ID Password
2003 Ty870 User 1 A9yU0
pass Yzftu
password yU5b9
65 rDfh6
Hashing
computer Algorith JbK2S
Match
Key fGC58
my 58BMl
qwerty A9yU0
User n 79ih0
11111 hd68v Found
Password
janu i3ps4
Attacks on Password based
Authentication
Computed
Dictionary Hash Values User ID Salt Password
2003 Ty870 User 1 5689 A9yU0
pass Yzftu
password yU5b9
65 rDfh6
Hashing
computer Algorith JbK2S
Match
Key fGC58
my 58BMl
qwerty A9yU0
User n 8940 79ih0
11111 hd68v Found
Password
janu i3ps4
Attacks on Password based
Authentication
Brute force Computed
Trials Hash Values User ID Password
0000 Ty870 User 1 A9yU0
0000 Yzftu
yU5b9
9999 Hashing rDfh6
Algorith
aaaa JbK2S
Match
crypt3 fGC58
zzzz 58BMl
AAAA A9yU0
User n 79ih0
hd68v Found
Password
ZZZZ i3ps4
Attacks on Password based
Authentication
Brute force Computed
Trials Hash Values User ID Salt Password
0000 Ty870 User 1 5689 A9yU0
0000 Yzftu
yU5b9
9999 Hashing rDfh6
Algorith
aaaa JbK2S
Match
crypt3 fGC58
zzzz 58BMl
AAAA A9yU0
User n 8940 79ih0
hd68v Found
Password
ZZZZ i3ps4
Salt

You might also like