Lecture 4: Password Authentication

• Overview
• Authentication Mechanism
o Something you know, you have, you are
• Attacks
o On authentication process
o Searching password (Exhaustive, Guessing, Dictionary)
o Stealing of password
• Password Strength and Entropy
• Multi-Factor Authentication & Multi-Step Authentication
0 Admin
Admin

• Quiz 2
o Open at 12 PM, closed tomm 23.59. NO extension will be given

• Assignment 1
o Deadline: 7th March 2025
o Piazza for questions
o Zoom consultation with assignment TA next week: 20th Feb, 2 PM – 4 PM
o Submission guidelines
o Plagiarism
1 Recap
Integrity and Authentication

• Hash Functions: use hash value to ensure integrity of the message

• Message Authentication Codes (uses symmetric scheme):
o Use a mac tag to ensure authenticity of the message and its integrity
o Generated using a key that is shared between sender and receiver

• Digital Signature (uses asymmetric scheme):

o Sign a message using private key and verify using the public key
o Unlike MAC, provides non-repudiation

• Password Authentication: Mainly for entity authentication using passwords

2 Overview
Authentication: Two Types

Communicating Entity Data Origin

• Verifying the identity of communicating • Verifying the source of the data
parties. received
o Ensuring that the data comes from a
• "Who" is sending the data?
legitimate source and has not been
• Alice received a phone call, which claimed tampered with in-transit.
to be from the police department. • "Where" is the data coming from?
Authentic?
• Alice downloaded an apps, say
• Alice logged-in to “Canvas”. Alice SingPass from some apps store. Is the
wondered, was the server indeed the app authentic?
authentic “Canvas”?
Authentication

• MAC and digital signature provides communicating entity and data origin
authentication
• To attain communicating entity authentication, we need some information
bound to the owner.
• Credentials: pieces of information that verify the identity of an individual
o A user provides credentials to prove their identity.
o If a user can provide the credentials, it is proof that the user is indeed who they claim to be.
Credentials: Three types

• Something the user knows: Passwords, PIN numbers, passphrases, etc.

• Something the user is (biometrics): Fingerprint, the pattern of a person’s

voice, or a face.

• Something the user has: Identity badges, physical keys, a driver’s

license, etc.
3 Something the User Knows : Passwords
Password System

• Password is a way to achieve communicating entity authentication

o Username: you announce who you are (Identification)
o Password: you prove that you are who you claim to be (Authentication)

• Note: identity information is not considered to be secret, although it is not

advisable to voluntarily make it public.

• Commonly used for used login system, device access, Wi-Fi security, etc
Passwords vs Secret Key

• Similarity:
o Both can be used for entity authentication
o Both are sensitive information, if compromised can lead to breaches

• Difference:
o Passwords are generated by human and can be remembered by human
o Secret keys are long binary sequence that are infeasible to be remembered by human
o Secret keys can be randomly generated or derived from password
Password System: Three Stages

Bootstrapping Authentication Password reset

• A user and the server • The server • Many reasons to reset
establish a common authenticates an password.
password. entity. o E.g., User forgets the
• An entity who can password.
• The server keeps the
convince the server o E.g., A password policy
password file: user_id, could require regular
that it knows the
(username) and the changes of password.
password, is deemed
corresponding to be authentic.
password.
1. Bootstrapping Process: Password is Established
Guidelines for May require
passwords email verification

(1) I like to signup Server

Looked up
(2) Provide details and pwd during the next
sign in
Alice (3) Completed details

(4) Registered
Password File
Bob 123456
Ali SesameOpen
Secure Alice OpenSesaMe
storage …
1. Bootstrapping Mechanism

• The server/user chooses a password and sends it to the user/server

through another communication channel.
• Default password.
• Some bootstrapping mechanisms:
o Send mail by courier
o Initial password is sent that is valid only for a single login, user need to change immediately
o E.g., WPS (Wi-Fi Protected Setup): add new devices to the Wi-Fi network without the
password
2. An Authentication Protocol

(1) I am Alice Server

(2) What is you pwd?

Alice (3) OpenSesaMe
4. Server verifies the password
(5) Ok
Password File
Alice OpenSesaMe
Bob 123456
Ali SesameOpen
…
3. Password Reset

• Important: Only the authentic entity can reset the password.

o How to verify that the entity is authentic?
o What if the user forgets the password?

• We need to authenticate the entity before allowing the entity to change

password.
o Anyone who know the old password.
o Need another credential (other than the old password) to authenticate.
3. Password Reset: Methods

• Having human (i.e., admin or IT support) involved in resetting password is

expensive.
o Many systems provide “self-help password reset” (initiate the password reset process
themselves)

• Using Recovery Email Account

o Users initiate a password reset request
o System sends a password reset link or temporary password to the registered email address.

• Using Security Questions

o Users answer pre-selected security questions to verify their identity before resetting their
password.
 Password Reset using Recovery Email’s Account
Ownership of the email
address proves that the
4. Alice clicks on entity is authentic Alice OpenSesaMe [email protected]
the URL and enter …
new password (1) I am Alice, want to reset
Password File

(5) OTP

Server
(3) https://aaa.com/reset?OTP=13ac92DadvSEga5
aaa.com

(2) https://aaa.com/reset?OTP=13ac92DadvSEga5

Recovery email server Project Noun: Alzam Anwar Hossain

Password Reset Using Security Question

• Security questions (or challenge questions) are used to authenticate users who
have lost their passwords.
• Idea: User may not remember arbitrary strings (i.e., password) but should know
the answers to personal questions without needing to memorize or guess.
o This mechanism was very common but less so now.

• E.g., of security questions.

o What is your first car?
o What is your favourite cake?
o With which company did you hold your first job?
Secure Password File Storage Salt "Password"

What property of
hash function is
• Password file never stored in clear text important here?
Hash
function
• Use of hashed passwords and a fixed-length
Why salt
random salt value (virtually all UNIX variants) Hash + salt important?
Password File
• Password + salt is hashed and stored in the User id Salt Hash
password file "nitya" 35ddc4dafe 42f749ade7

• Pre-image resistance property: cannot get "abcd" 10effae5f4 195bf4753f

back the password from the hash value …

…
4 Attacks on Bootstrapping and Resetting
Attack the Bootstrapping: Default Password

• Attacker may intercept the password during bootstrapping.

o For example, if the password is sent through postal mail, an attacker could
steal the mail to get the password.

• Attacker uses the “default” passwords.

o There are many reported incidents on this simple attack. (for e.g. IP camera,
src
Wifi router)
Why not remove it?
Usability and logistic issue

• Mitigation: Require the user to change password after first login.

Example: Mirai Botnet

• Vulnerability: IoT devices such as IP cameras, home routers, had factory

default usernames and passwords
• Attack steps:
• Mirai malware scans the internet for IoT devices with open Telnet or SSH ports.
• Once a device is found, it attempts to log in using a list of common default usernames and
passwords (e.g., "admin/admin" or "root/123456").
o Mirai successfully logs into a device, infect it and adds it to botnet which is later used for DDOS
attack
src
Attacks on Password Reset: Password Reset
Poisoning

• Goal:
o OTP (or token) that is included in the reset link
(https://aaa.com/reset?OTP=13ac92DadvSEga5)
o Change the victim’s password and take control of their account.

• Vulnerability: how the application constructs password reset URLs

o Constructing the reset link by taking the domain name from the Host header of HTTP request
without validation
POST /password/reset HTTP 1.1
Host: aaa.com
 Password Reset Poisoning Attack Steps
evil.com
(1) I am Alice, want to reset
POST /password/reset HTTP 1.1 (2) Manipulates the host
Host: aaa.com POST /password/reset HTTP 1.1
OTP to Host: evil.com
reset!
(6) OTP
(5) Alice clicks Alice OpenSesaMe [email protected]
on the URL …
Password File
Server
aaa.com

(4)https://evil.com/reset? (3)https://evil.com/reset?
OTP=13ac92DadvSEga5 OTP=13ac92DadvSEga5

Project Noun: Alzam Anwar Hossain

Attacks on Password Reset: Mitigation

• Input Validation: Ensure robust validation and sanitization of HTTP headers and
user inputs.
• Secure URL Generation: Use server-side configuration for generating URLs
• User Awareness: Educate users about recognizing phishing attempts and
verifying password reset emails.

• Secure Communication: Enforce HTTPS to protect data in

• 2FA
Attacks on Password Reset: Security Questions
• Personal security questions facilitate self-help password reset and improve
“usability”.
• However, it weakens the password system.
o An attacker who knows the victim’s identity can learn an answer to many personal questions.
o A victim’s resume/webpages/biographic descriptions would reveal the answer to “with which
company did you hold your first job?”
o Social media accounts exposes structured information about users

• Mitigation using CAPTCHAs: ask a question about an image or audio file that
had been previously specified by the user.
5 Searching for Password
Password Guessing

• An attacker guess the password and test whether a password is correct.

• An attacker may follow two basic guessing strategies:

o Exhaustive search (brute force) – try all possible combinations of valid symbols, up to a
certain length
o Dictionary attacks– search through a restricted name space by maintaining a dictionary
Searching for Password: Dictionary Attacks

• Attacker uses a pre-compiled list, or "dictionary," of likely password candidates

to guess passwords
• Intuition: password are not chosen completely random, but something
meaningful to to entity
• Dictionary attack test combinations:
o Try all combinations of 2 words from the dictionary
o Try all possible capitalizations of letters in each word; substituting “a” by “@”, etc
o Popular passwords
o Password associated with users src
Dictionary Attacks: Online Dictionary Attack
• Attacker interact with the authentication system to test the password
• Attacker obtained a list of 1000 valid nusnet id. …

• Goal: The attacker wants to find the password for some of them. Canvas
Guessed
• Step: writes an automated script that attempt to login to Canvas Passwords
using guessed passwords for each nusnet id. "abcdef"
• Guessing password: using some social information about the user. "123456"
• Mitigation: rate limiting and account lockout; strong password policy. …
• Tool: Hydra (open-source network login cracker) …
Dictionary Attacks: Offline Dictionary Attack

• The attacker obtains some information, D about the

password
• How?
o Possibly by sniffing the login session of the authentic user, or
by interacting with the server Eve Got
hash(pwd) =
o e.g., the “hashed” password is sent over, and the attacker 195bf4753fd
manage to obtain the hash
Dictionary Attacks: Offline Dictionary Attack
• Next, the attacker carries out dictionary attack
using D without interacting with the system. Got
hash(pwd) =
195bf4753fd
• The attacker generates a large dictionary of
possible passwords and its hash values.

• Compare with the hashed words with the table. Eve

Password Hash
• Mitigation: adding salt to password and then
"abcdef" 42f749ade7f
hash lead to increased attack complexity Comp
are? "123456" 195bf4753fd
• Tool: John the Ripper
…
Other Mitigation Techniques

• Limited login attempts (for online password cracking): Add delay into login
session, lock the account after a few failed attempts
• Password checker or metering (for offline password cracking): System checks
for weak password when user registers/ changes password
• Password usage policy: Users must use strong passwords

• Password ageing: Users must regularly change passwords

• 2FA: recommended nowadays!
6 Stealing the Passwords
Techniques for Stealing
Sniffing Virus and Keylogger
• Shoulder surfing: This is the look- • Captures the keystrokes and sends
over-the-shoulder attack. the information to the attacker.
• Side-channel attack: Using sound • (software) Computer viruses are
made by keyboard. designed as a key-logger.
• (hardware) Hardware key-logger
Phishing Cache and Lost password file
• Tricks the user to visit a website, • When using a shared workstation
which is a spoofed login web. information keyed in could be cached
• Social engineering attack • Password file can be stolen
Phishing Prevention

• User Training:
o Workshop, reminders
o Embedded Phishing Exercise
− Similar to fire drill, authorized entities send out “phishing” emails to employees.

• Blacklisting
o Repository site keeping lists of phishing site. Example: https://phishtank.com/
o Organization actively monitor for phishing site. When a site is found, blacklist it.
o Blacklist used by browser or firewall.
7 Password Strength
Guidelines for Strong Password

• NIST password guidelines:

o At least 8 characters long, 15 char preferable
o Character options: at least one each of uppercase, lowercase, numeric digits, and special
characters

• Proactive password checker: At the time of selection, the system checks to see
if the password is allowable and, if not, rejects it.
o strike a balance between user acceptability and strength
Key Strength vs Password Strength

• In encryption, we “quantify” the key-strength by the size of the key if best known
attack is exhaustive search.
o E.g. Strength of 128-bit AES key is: 128 bits. (exhaustive search goes through 2128 keys)
o E.g. Strength of 256-bit SHA is: 128 bits

• What about password?

o Exhaustive search not feasible and may not be requires since some combination has very low
probability of usage
o For password, we use an imprecise/hard to estimate measure: Entropy.
o As it is difficult to describe entropy to user, many use the length of randomly chosen characters.
Password Entropy: Quantify Strength of Password

• Entropy is a measurement of randomness (amount of variation)

• Suppose Alice chooses a password of length, L randomly and uniformly from a
set of N possible symbols,
o Number of possible passwords = NL
o Increasing either N or L will increase the strength of the password

• Password information entropy, H = Password Length x log2​(Symbol Set Size)

H = L x log2(N)
Password Entropy for Symbol Sets

src
Example Calculation

• Consider an 8-character password using

o lowercase and uppercase letters,
o digits, and
o special characters

• The symbol set size, N = 26 + 26 + 10 + 32 = 94

• Entropy for symbol set or per character entropy = log2(94) ≈ 6.55

• Entropy for 8 (i.e., L)character = 8 x 6.55 ≈ 52.4 bits ≈ 53 bits

Guideline on Password Strength w.r.t to H

• Human generated password are not truly random.

• Online: Recommendation by RFC 4086 (Randomness Required for Security)
suggests the password to have at least 29 bits of entropy to be secure against
online attacks.
o It recommends at least 36- 59 bits for “higher security”.

• Offline: When offline attacks are possible, the requirement on passwords must
be stricter.
o One would expect that it should be equivalent to requirement of symmetric key.
o Since NIST recommend 128 bits for crypto keys, in this course, let’s take 128 bits entropy as
the requirement.
8 Something the User Is: Biometric
Essentially, Biometric Data is the Password
Enrolment e.g., face, For greater accuracy,
fingerprints, several templates may
iris be recorded, possibly for
Scanner more than one finger.

Database:
Alice – template1.0,1.1,1.2
Bob – template 2.0,2.1,2.2
Verification (Authentication)
Accept

Scanner Matching algorithm

Reject
Noise

• Authentication by password gives a clear reject or accept at each

authentication attempt.
• In contrast, with biometrics will hardly ever match precisely the template
derived from the current measurements.
• A matching algorithm measures the similarity between reference template and
current template.
• The user is accepted if the similarity is above a predefined threshold.
Example on Fingerprint to Illustrate the noise
The features points from the two scans are similar
but not exactly the same.
Performance Metric for Matching Algorithm

• False positive: incorrectly identifies an unauthorized user as an authorized user

𝑁𝑜.𝑜𝑓 𝑠𝑢𝑐𝑐𝑒𝑠𝑠𝑓𝑢𝑙 𝑓𝑎𝑙𝑠𝑒 𝑚𝑎𝑡𝑐ℎ𝑒𝑠 (𝐵)
o 𝐹𝑀𝑅 𝑓𝑎𝑙𝑠𝑒 𝑚𝑎𝑡𝑐ℎ 𝑟𝑎𝑡𝑒 = 𝑁𝑜.𝑜𝑓 𝑎𝑡𝑡𝑒𝑚𝑝𝑡𝑒𝑑 𝑓𝑎𝑙𝑠𝑒 𝑚𝑎𝑡𝑐ℎ𝑒𝑠 (𝐵+𝐷)

• False negative: fails to recognize an authorized user, rejecting their correct

biometric data as a non-match
𝑁𝑜.𝑜𝑓 𝑟𝑒𝑗𝑒𝑐𝑡𝑒𝑑 𝑔𝑒𝑛𝑢𝑖𝑛𝑒 𝑚𝑎𝑡𝑐ℎ𝑒𝑠 (𝐶)
o 𝐹𝑁𝑀𝑅 𝑓𝑎𝑙𝑠𝑒 𝑛𝑜𝑛 − 𝑚𝑎𝑡𝑐ℎ 𝑟𝑎𝑡𝑒 = 𝑁𝑜.𝑜𝑓 𝑎𝑡𝑡𝑒𝑚𝑝𝑡𝑒𝑑 𝑔𝑒𝑛𝑢𝑖𝑛𝑒 𝑚𝑎𝑡𝑐ℎ𝑒𝑠 (𝐴+𝐶)
Matching Algorithm

• The matching algorithm typically makes decision based on some adjustable

threshold.
• By adjusting the threshold, the FMR and FNMR can be adjusted.
o lower threshold => more relax in accepting
o higher threshold => more stringent in accepting

• How to set the threshold? Depend on application.

Attack of Biometric System

• Presentation attacks: using some artefact to impersonate (Fake fingerprint)

o Mitigation: additional mechanism on liveness detection
− This mechanism verifies that the subject is indeed “live”, instead of spoofed materials, say a
photograph.
− Example of liveness detection: temperature sensor in fingerprint scanner.
− Limit the number of attempts

• Replay attacks: capturing and reusing a biometric data sample

o Mitigation: liveness detection
o 2FA
9 Something You Have: Tokens
Something You have

• Examples: ATM card, mobile phone, OTP token.

• One Time Password Token: A hardware that generates one time password (i.e.
password that can be used only once).
o Each token and the server share some secrets.

• A physical token can be lost or stolen.

• To increase security, physical tokens are often used in combination with

src
something you know: bank cards come with a PIN
Two Types

• Time-based:
o Both the user device (e.g., phone) and the server share a secret key.
o Using this secret key and the current time as inputs, an algorithm generates the same OTP on
both the user's device and the server.
o E.g., Google Authenticator

• Sequence-based:
o Both the server and the user's device maintain a counter along with the secret key.
o Upon each event (e.g., button press), the counter increments, and an algorithm uses it with the
shared secret to generate the OTP.
o E.g., hardware tokens
 n-Factor Authentication (2FA) and
10 Multi-Step Verification
n-factor Authentication

• Require at least two different authentication “factors.”

• Example of factors:
o Something you know: Password, Pin.
o Something you have: Security token, smart card, mobile phone, ATM card.
o Who you are: Biometric.

• It is called a 2-factor authentication if 2 factors are employed (strict definition).

• MAS (Monetary Authority of Singapore) expects all banks in Singapore to provide

2- factor authentication for e-banking.
Example of 2FA (1): Password + Mobile phone(SMS)

• Registration: User gives the server his mobile phone number and password.
• Authentication:
o User sends password and username to server.
o Server verifies that the password is correct.
o Server sends a one-time-password (OTP) to the user through SMS.
o User receives the SMS and enters the OTP.
o Server verifies that the OTP is correct.

• What you know: password

• What you have: unforgeable SIM card in the phone
Example of 2FA (2): Smartcard + Fingerprint (Door
access system)
• Registration: The server issues a smartcard (with secret key) to the user and the user
enrols his/her fingerprint.

• Authentication:
o User inserts smartcard to the reader.
o The reader obtains the user identity and verifies whether the smart card is authentic. If so, continue.
o User presents fingerprint to the reader.
o The reader performs matching to verify that it is authentic. If so, open door.

• What you are: Fingerprint

• What you have: Ownership of the smart card

2-Step Verification

• Many online platforms use email account as the additional factor (e.g. to login,
need a password and a link that is sent to the email account).
• Some may argue that since email account can be accessed using another
password, hence basically it is 2-password authentication method.
• Both are “what-you-know” and thus cannot be called “2-factor”.

• The argument is reasonable, nonetheless, many platforms still call it “2-factor”.

Summary

• Authentication credential. Something (data, device, etc) held by entity for

authenticity verification.
o E.g. Password, biometric.

• Password strength
o Online vs offline dictionary attack.

• Attacks on passwords
• 2-factor vs 2-steps verification.
Optional Slides
Token: ATM Card

• To get authenticated, the user presents (1) a card, and (2) a PIN.
o The card contains a magnetic strip, which stores the user account id.
o The PIN plays the role of password.

• Data are encoded into the magnetic strip using well-known standards.
• Given physical access to a card, anyone (including attackers) can “copy” the card
by reading the info from the card and writing it to the spoofed card.
• So, it is easy to forge the card.
Attack: ATM Skimmer
• A skimmer is a card reader that can be disguised to look like part of an
ATM.
• The skimmer device collects card numbers and PIN codes, which are
then replicated into counterfeit cards.
• For PINS, either a tiny, concealed camera placed near the keypad or
fake keypad is placed over the real one.
• Mitigation: src

o Use of chip-enabled cards, which are more secure than magnetic stripe cards
and harder to skim
o Anti-Skimmer device
o Regular inspection and awareness among users
src
Example of 2FA (3): Password + OTP Token

• Registration: The server issues a hardware OTP token to the user.

o The token contains a “secret key” k that the server knows.
o User registers a password.

• Authentication:
o User “presses” the token.
o The token generates and displays a one-time-password.
o User sends password, username, and OTP to server.
o The server can also compute the OTP and verifies that the OTP and password are correct.

• Password is what-you-know. Ownership of the token is what-you-have.

Example of 2FA (4): Password + OTP Soft Token
• Mobile phone can take the role of “hardware token”. This is also known as “SoftToken”.
• Registration: User installs the authentic Soft Token apps.
o During installation, some form of verification is carried out. Rest is same as the previous case.

• Authentication:
o The Soft token app establishes connection to the server, using the secret key k for authentication.
o User via another apps or browser, send request for a transaction T to the server.
o The apps/browser asked for user password.
o The server contact the Soft-Token and T is displayed on the app. The user confirms the transaction.
o After received confirmation from Soft-Token, carry out the transaction.

• Password is what-you-know. Ownership of the software token is what-you-have.