Chapter 3

User Authentication
 RFC 4949
RFC 4949 defines user authentication as:
“The process of verifying an identity claimed
by or for a system entity.”
 Authentication Process
• Fundamental • Identification step
building block  Presenting an
identifier to the
and primary security system
line of defense
• Verification step
 Presenting or
• Basis for generating
authentication
access control information that
and user corroborates the
binding between
accountability the entity and the
identifier
 Registration, Credential Issuance,
and Maintenance
Registration Identity Proofing Subscriber/ Authenticated Session Relying
Authority (RA) User Registration Claimant Party (RP)
Au
th
Registration l e Authenticated
ntia nce nt
ic
Confirmation e Ex at Assertion
r ed ssua ch d e
C /I an Pr
e n, tion ge oto
k a
To istr co
l
g
Re
Credential
Token/Credential
Service Verifier
Provider (RA) Validation

E-Authentication using
Token and Credential

Figure 3.1 The NIST SP 800-63-2 E-Authentication Architectural Model

 The four means of authenticating
user identity are based on:

• Password, PIN,
answers to • Smartcard, • Fingerprint,
prearranged electronic retina, face
questions • Voice pattern,
keycard, handwriting,
physical key typing rhythm
 Risk Assessment for
User Authentication

Assurance
• There are
three Level
separate
concepts: Potential
impact

Areas of
risk
 More specifically Four levels of
is defined as: assurance
Describes an
organization’s Level 1
The degree of confidence
degree of in the vetting process
•Little or no confidence in the
asserted identity's validity
used to establish the
certainty that a identity of the individual
to whom the credential Level 2
user has was issued •Some confidence in the asserted
identity’s validity
presented a
credential that Level 3
•High confidence in the asserted
The degree of confidence
refers to his or her that the individual who
identity's validity

identity uses the credential is the

individual to whom the Level 4
credential was issued •Very high confidence in the
asserted identity’s validity
• FIPS 199 defines three levels of potential
impact on organizations or individuals
should there be a breach of security:
o Low
• An authentication error could be expected to have a
limited adverse effect on organizational operations,
organizational assets, or individuals
o Moderate
• An authentication error could be expected to have a
serious adverse effect
o High
• An authentication error could be expected to have a
severe or catastrophic adverse effect
 Table 3.1
Assurance Level Impact Profiles
Potential Impact Categories for Authentication Errors 1 2 3 4
Inconvenience, distress, or damage to standing or Low Mod Mod High
reputation Low Mod Mod High
Financial loss or organization liability None Low Mod High
Harm to organization programs or interests None Low Mod High
Unauthorized release of sensitive information Mod/
Personal safety None None Low
High
Civil or criminal violations None Low Mod High

Maximum Potential Impacts for Each

Assurance Level
 Password Authentication
• Widely used line of defense against
intruders
o User provides name/login and password
o System compares password with the one stored for that
specified login

• The user ID:

o Determines that the user is authorized to access the system
o Determines the user’s privileges
o Is used in discretionary access control
Password Vulnerabilities
Offline Password
guessing Workstation Electronic
dictionary against hijacking monitoring
attack single user

Exploiting
Specific Popular Exploiting
multiple
account password user
password
attack attack mistakes
use
 Password
Password File
User ID Salt Hash code
Salt

•
slow hash Load •
function •

(a) Loading a new password

Password File
User id
User ID Salt Hash code

Salt

Select Password

slow hash
function

Hashed password
Compare
(b) Verifying a password

Figure 3.2 UNIX Password Scheme

UNIX Implementation
Original scheme
• Up to eight printable characters in length
• 12-bit salt used to modify DES encryption
into a one-way hash function
• Zero value repeatedly encrypted 25
times
• Output translated to 11 character
sequence

Now regarded as
inadequate
• Still often required for compatibility with
existing account management software
or multivendor environments
 Improved
Implementations
OpenBSD uses Blowfish
block cipher based hash
algorithm called Bcrypt
•Most secure version of Unix
Much stronger hash/salt hash/salt scheme
schemes available for •Uses 128-bit salt to create
Unix 192-bit hash value

Recommended hash
function is based on MD5
•Salt of up to 48-bits
•Password length is unlimited
•Produces 128-bit hash
•Uses an inner loop with 1000
iterations to achieve slowdown
Password Cracking
Dictionary attacks Rainbow table attacks
• Develop a large dictionary • Pre-compute tables of
of possible passwords and hash values for all salts
try each against the • A mammoth table of hash
password file values
• Each password must be • Can be countered by using
hashed using each salt a sufficiently large salt
value and then compared value and a sufficiently
to stored hash values large hash length

Password crackers John the Ripper

exploit the fact that • Open-source password
people choose easily cracker first developed in
guessable passwords in 1996
• Uses a combination of
• Shorter password lengths brute-force and dictionary
are also easier to crack
techniques
 Modern Approaches
• Complex password policy
o Forcing users to pick stronger passwords

• However password-cracking techniques

have also improved
o The processing capacity available for password cracking has
increased dramatically
o The use of sophisticated algorithms to generate potential
passwords
o Studying examples and structures of actual passwords in use
 50%

40%
Percent guessed

30%

20%

10%

0%
104 107 1010 1013
Number of guesses

Figure 3.3 The Percentage of Passwords Guessed After

a Given Number of Guesses
 Anderson Formula
Anderson’s formula:
• P probability of guessing a password in specified
period of time
• G number of guesses tested in 1 time unit
• T number of time units
• N number of possible passwords
• Then P ≥ TG/N

Slide-
http://ceit.aut.ac.ir/~shahriari
19
 Example
• Goal
o Passwords drawn from a 96-char alphabet
o Can test 104 guesses per second
o Probability of a success to be 0.5 over a 365 day
period
o What is minimum password length?
• Solution
o N ≥ TG/P = (365246060)104/0.5 = 6.311011
o Choose s such that sj=0 96j ≥ N
o So s ≥ 6, meaning passwords must be at least 6
chars long
Slide-
http://ceit.aut.ac.ir/~shahriari
20
Password File Access Control
Can block offline guessing attacks by denying access to
encrypted passwords

Make
available
only to
Vulnerabilities
privileged
users

Weakness Accident Users with

Sniff
in the OS with same Access from
passwords
Shadow that allows permissions password backup
in network
password access to the making it on other media
traffic
file file readable systems
Password Selection Strategies
User education
Users can be told the importance of using hard to guess passwords and can be provided with guidelines for selecting strong passwords

Computer generated passwords

Users have trouble remembering them

Reactive password checking

System periodically runs its own password cracker to find guessable passwords

Complex password policy

User is allowed to select their own password, however the system Goal is to eliminate guessable passwords while allowing the user to
checks to see if the password is allowable, and if not, rejects it select a password that is memorable
Proactive Password
Checking

Rule enforcement
Password
•Specific rules that
cracker passwords must
•Compile a large adhere to
dictionary of
passwords not to use

Bloom filter
•Used to build a table
based on dictionary
using hashes
•Check desired
password against this
table
 Table 3.2
Card Type Defining Feature Example
Embossed Raised characters only, on Old credit card
front
Magnetic stripe Magnetic bar on back, characters on front Bank card
Memory Electronic memory inside Prepaid phone card
Smart Electronic memory and processor inside Biometric ID card
Contact Electrical contacts exposed on surface
Contactless Radio antenna embedded inside

Types of Cards Used as Tokens

 Challenge-Response
• User, system share a secret function f (in practice, f is a
known function with unknown parameters, such as a
cryptographic key)

request to authenticate
user system
random message r
user (the challenge)
system

f(r)
user (the response)
system

Slide
http://ceit.aut.ac.ir/~shahriari #12-
25
 Pass Algorithms
• Challenge-response with the function f itself
a secret
o Example:
• Challenge is a random string of characters such as
“abcdefg”, “ageksido”
• Response is some function of that string such as “bdf”,
“gkip”
o Can alter algorithm based on ancillary
information
• Network connection is as above, dial-up might require
“aceg”, “aesd”
o Usually used in conjunction with fixed, reusable
password

Slide-
http://ceit.aut.ac.ir/~shahriari
26
 One-Time Passwords
• Password that can be used exactly once
o After use, it is immediately invalidated
• Challenge-response mechanism
o Challenge is number of authentications; response is
password for that particular number
• Problems
o Synchronization of user, system
o Generation of good random passwords
o Password distribution problem

Slide-
http://ceit.aut.ac.ir/~shahriari
27
 S/Key
• One-time password scheme based on idea
of Lamport
• h one-way hash function (MD5 or SHA-1, for
example)
• User chooses initial seed k
• System calculates:
h(k) = k1, h(k1) = k2, …, h(kn–1) = kn
• Passwords are reverse order:
p1 = kn, p2 = kn–1, …, pn–1 = k2, pn = k1

Slide-
http://ceit.aut.ac.ir/~shahriari
28
 S/Key Protocol
System stores maximum number of authentications n, number
of next authentication i, last correctly supplied password pi–1.
{ name }
user system
{i}
user system

{ pi }
user system
System computes h(pi) = h(kn–i+1) = kn–i = pi–1. If match with
what is stored, system replaces pi–1 with pi and increments i.
Slide
http://ceit.aut.ac.ir/~shahriari #12-
29
 Hardware Support
• Token-based
o Used to compute response to challenge
• May encipher or hash challenge
• May require PIN from user

• Temporally-based
o Every minute (or so) different number shown
• Computer knows what number to expect when
o User enters number and fixed password

Slide-
http://ceit.aut.ac.ir/~shahriari
30
 Slide-
http://ceit.aut.ac.ir/~shahriari
31
 Memory Cards
• Can store but do not process data
• The most common is the magnetic stripe card
• Can include an internal electronic memory
• Can be used alone for physical access
o Hotel room
o ATM
• Provides significantly greater security when combined
with a password or PIN
• Drawbacks of memory cards include:
o Requires a special reader
o Loss of token
o User dissatisfaction
 Smart Tokens
• Physical characteristics:
o Include an embedded microprocessor
o A smart token that looks like a bank card
o Can look like calculators, keys, small portable objects
• Interface:
o Manual interfaces include a keypad and display for interaction
o Electronic interfaces communicate with a compatible
reader/writer
• Authentication protocol:
o Classified into three categories:
• Static
• Dynamic password generator
• Challenge-response
 Smart Cards
• Most important category of smart token
o Has the appearance of a credit card
o Has an electronic interface
o May use any of the smart token protocols
• Contain:
o An entire microprocessor
• Processor
• Memory
• I/O ports
• Typically include three types of memory:
o Read-only memory (ROM)
• Stores data that does not change during the card’s life
o Electrically erasable programmable ROM (EEPROM)
• Holds application data and programs
o Random access memory (RAM)
• Holds temporary data generated when applications are executed
 Electronic Identity Cards
(eID)
Use of a smart card as a national Most advanced deployment is the
identity card for citizens German card neuer Personalausweis

Can serve the same purposes as other national Has human-readable data printed on its
ID cards, and similar cards such as a driver’s surface
license, for access to government and •Personal data
commercial services •Document number
•Card access number (CAN)
•Machine readable zone (MRZ)

Can provide stronger proof of identity and can

be used in a wider variety of applications

In effect, is a smart card that has been verified

by the national government as valid and
authentic
 Table 3.3

Electronic
Functions
and Data
for
eID Cards

CAN = card access number

MRZ = machine readable zone
PACE = password authenticated connection establishment
PIN = personal identification number
 t
e ques
ic at ion r
uth ent
4. A t ge
r e que s l e xchan eID
N co
5. PI n p roto dire
ct
server
at io r r e
tic t fo
Au then n r esul
7. tio
6. User enters PIN
t h entica
u
8. A

2. Se
rvic
e re q
1. User requests service 3. R uest
(e.g., via Web browser) edir
ect t
9. A o eID
uthe mes
ntica sage
tion
10. S r esul
ervi t for
ce g war
rant ded
ed

Host/application
server

Figure 3.6 User Authentication with eID

 Biometric Authentication
• Attempts to authenticate an individual based on
unique physical characteristics
• Based on pattern recognition
• Is technically complex and expensive when
compared to passwords and tokens
• Physical characteristics used include:
o Facial characteristics
o Fingerprints
o Hand geometry
o Retinal pattern
o Iris
o Signature
o Voice
 Name (PIN)

Biometric Feature
sensor extractor Biometric
database

User interface
(a) Enrollment

Name (PIN)

Biometric Feature
sensor extractor Biometric
database

User interface Feature

true/false
matcher One template
(b) Verification

Biometric Feature
sensor extractor Biometric
database

User interface user's identity or Feature

"user unidentified" matcher N templates
(c) Identification

Figure 3.8 A Generic Biometric System. Enrollment creates

an association between a user and the user's biometric
characteristics. Depending on the application, user
authentication either involves verifying that a claimed user is
the actual user or identifying an unknown user.
 Probability
density function

decision
threshold (t)
imposter profile of
profile genuine user

false
nonmatch false
possible match
possible

average matching average matching Matching score (s)

value of imposter value of genuine user

Figure 3.9 Profiles of a Biometric Characteristic of an Imposter and an Authorized

Users In this depiction, the comparison between presented feature and a reference
feature is reduced to a single numeric value. If the input value ( s) is greater than a
preassigned threshold (t), a match is declared.
 100%

in
cr
ea
se
t hr
es
10% ho
ld
false nonmatch rate

in
se crea

de
d c
co ecr uri sed

cr
nv ea ty,

ea
se
en sed

th
ien

re
de ecu ase nce
ce

s
cr rit d

ho
s e ie
ea y,

l d
in ven

se
co
c

d
n
1%

ne
e li
r at
r
rro
al e
eq u

0.1%
0.0001% 0.001% 0.01% 0.1% 1% 10% 100%
false match rate 100%

Figure 3.10 Idealized Biometric Measurement

Operating Characteristic Curves (log-log scale)
 Face Fingerprint Voice Hand Iris
100%
false nonmatch rate

10%

1%

0.1%
0.0001% 0.001% 0.01% 0.1% 1% 10% 100%
false match rate

Figure 3.11 Actual Biometric Measurement Operating Characteristic Curves,

reported in [MANS01]. To clarify differences among systems, a log-log scale is used.
Remote User Authentication
• Authentication over a network, the Internet, or a
communications link is more complex
• Additional security threats such as:
o Eavesdropping, capturing a password, replaying an
authentication sequence that has been observed

• Generally rely on some form of a challenge-

response protocol to counter threats
 Table 3.4
Some Potential
Attacks,
Susceptible
Authenticators,
and
Typical
Defenses
 Eavesdropping
Adversary attempts to
learn the password by
some sort of attack that
Host Attacks
Denial-of-Service involves the physical
proximity of user and Directed at the user
Attempts to disable a adversary file at the host where
user authentication passwords, token
service by flooding the passcodes, or
service with numerous biometric templates
authentication are stored
attempts

Trojan Horse Replay

An application or
physical device Adversary repeats a
masquerades as an Client Attacks previously captured
authentic application Adversary attempts to user response
or device for the achieve user
purpose of capturing a authentication
user password, without access to the
passcode, or biometric remote host or the
intervening
communications path
 Iris Iris Iris
scanner scanner scanner

Iris workstation Iris workstation Iris workstation

LAN switch

Iris Merge
Remote

Iris
database

Iris Engine 1 Iris Engine 2

Network
switch

Figure 3.13 General Iris Scan Site Architecture for UAE System
Case Study:
ATM
Security
Problems
 Summary
• Electronic user • Biometric
authentication principles authentication
o A model for electronic user
authentication o Physical characteristics
o Means of authentication used in biometric
o Risk assessment for user applications
authentication o Operation of a biometric
• Password-based authentication system
authentication o Biometric accuracy
o The vulnerability of passwords • Remote user
o The use of hashed passwords
o Password cracking of user- authentication
chosen passwords o Password protocol
o Password file access control o Token protocol
o Password selection strategies
o Static biometric protocol
• Token-based o Dynamic biometric
authentication protocol
o Memory cards
o Smart cards
• Security issues for
o Electronic identity cards user authentication