Computer Security: protection afforded to an automated information system in order to attain the applicable

objectives of preserving the integrity, availability and confidentiality of information system resources
(includes hardware, software, firmware, information/data, and telecommunications).
Key Security Concepts
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means
for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized
disclosure of information.
Integrity: Guarding against improper information modification or destruction, and includes ensuring
information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or
destruction of information.
Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the
disruption of access to or use of information or an information system.
Although the use of the CIA triad to define security objectives is well established, some in the security field
feel that additional concepts are needed to present a complete picture. Two of the most commonly mentioned
are:
Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the
validity of a transmission, a message, or message originator.
Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely
to that entity.
Computer Security Challenges
1. not simple
6. battle of wits between attacker / admin
2. must consider potential attacks
7. not perceived on benefit until fails
3. procedures used counter-intuitive
8. requires regular monitoring
4. involve algorithms and secret info
9. too often an after-thought
5. must decide where to deploy mechanisms
10. regarded as impediment to using system
Computer security is both fascinating and complex. Some of the reasons follow:
1. Computer security is not as simple as it might first appear to the novice. The requirements seem to be
straightforward, but the mechanisms used to meet those requirements can be quite complex and subtle.
2. In developing a particular security mechanism or algorithm, one must always consider potential attacks
(often unexpected) on those security features.
3. Hence procedures used to provide particular services are often counterintuitive.
4. Having designed various security mechanisms, it is necessary to decide where to use them.
5. Security mechanisms typically involve more than a particular algorithm or protocol, but also require
participants to have secret information, leading to issues of creation, distribution, and protection of that secret
information.
6. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the
designer or administrator who tries to close them.
7. There is a natural tendency on the part of users and system managers to perceive little benefit from security
investment until a security failure occurs.
8. Security requires regular monitoring, difficult in today's short-term environment.
9. Security is still too often an afterthought - incorporated after the design is complete.
10. Many users / security administrators view strong security as an impediment to efficient and user-friendly
operation of an information system or use of information.

Adversary (threat agent) - An entity that attacks, or is a threat to, a system.

Attack -An assault on system security that derives from an intelligent threat; a deliberate attempt to evade
security services and violate security policy of a system.
Countermeasure - An action, device, procedure, or technique that reduces a threat, a vulnerability, or an
attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering andreporting it
so that corrective action can be taken.
Risk - An expectation of loss expressed as the probability that a particular threat will exploit a particular
vulnerability with a particular harmful result.
Security Policy - A set of rules and practices that specify how a system or org provides security services to
protect sensitive and critical system resources.
System Resource (Asset) - Data; a service provided by a system; a system capability; an item of system
equipment; a facility that houses system operations and equipment.
Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or
event that could breach security and cause harm.
Vulnerability - Flaw or weakness in a system's design, implementation, or operation and management that
could be exploited to violate the system's security policy.
Vulnerabilities and Attacks
system resource vulnerabilities may
be corrupted (loss of integrity)
become unavailable (loss of
become leaky (loss of confidentiality)
availability)
attacks are threats carried out and may be
passive
insider
active
outsider
In the context of security, our concern is with the vulnerabilities of system resources which [NRC02] shows
may be:
corrupted, so that it does the wrong thing or gives wrong answers. e.g. data stored may be different from
what it should be because it has been improperly modified.
become leaky. e.g. someone who should not have access to some or all of the information available through
the network obtains such access.
become unavailable or very slow. e.g. using the system / network impossible.
These three general types of vulnerability correspond to the concepts of integrity, confidentiality, and
availability, enumerated earlier in this section.
Corresponding to the various types of vulnerabilities to a system resource are threats that are capable of
exploiting those vulnerabilities, which represent a potential security harm to an asset. An attack is a threat
that is carried out. We can distinguish two type of attacks:
Active attack: attempts to alter system resources or affect their operation
Passive attack: attempts to learn or make use of information from the system but does not affect system
resources

We can also classify attacks based on the origin of the attack:

Inside attack: Initiated by an entity inside the security perimeter (an "insider)
Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system
(an "outsider").
Countermeasures
means used to deal with security attacks
prevent
recover
detect
may result in new vulnerabilities
will have residual vulnerability
goal is to minimize risk given constraints
A countermeasure is any means taken to deal with a security attack. Ideally, a countermeasure can be
devised to prevent a particular type of attack from succeeding. When prevention is not possible, or fails
in some instance, the goal is to detect the attack, and then recover from the effects of the attack. A
countermeasure may itself introduce new vulnerabilities. In and case, residual vulnerabilities may remain
after the imposition of countermeasures. Such vulnerabilities may be exploited by threat agents
representing a residual level of risk to the assets. Owners will seek to minimize that risk given other
constraints.
Threat Consequences
unauthorized disclosure
exposure, interception, inference, intrusion
deception
masquerade, falsification, repudiation
disruption
incapacitation, corruption, obstruction
usurpation
misappropriation, misuse
Network Security Attacks
classify as passive or active
passive attacks are eavesdropping
release of message contents
are hard to detect so aim to prevent
traffic analysis
active attacks modify/fake data
masquerade
denial of service
replay
hard to prevent so aim to detect
modification
A useful means of classifying network security attacks is in terms of:
Passive attacks are eavesdropping on, or monitoring of, transmissions to obtain information that is being
transmitted. Two types of passive attacks are:
release of message contents - opponent learns contents of sensitive transmissions
traffic analysis - can occur even when contents of messages are masked, e.g using encryption, but an
opponent can still observe the pattern of messages and determine location and identity of
communicating hosts, frequency and length of messages being exchanged, and hence guess nature of
communications.
Passive attacks are very difficult to detect because they do not involve any alteration of the data. However, it
is feasible to prevent the success of these attacks, usually by means of encryption. Thus, emphasis is on
prevention rather than detection.
Active attacks involve modification of data stream or creation of false data:
masquerade - when one entity pretends to be another.
replay passive capture of data and subsequent retransmission.
modification of messages a legitimate message is altered, delayed or reordered.

denial of service prevents or inhibits the normal use or management of communications facilities, or
the disruption of an entire network
Active attacks present the opposite characteristics of passive attacks. It is quite difficult to prevent active
attacks absolutely. Instead, the goal is to detect them and to recover from any disruption or delays caused by
them.
Security Functional Requirements
technical measures:
access control; identification & authentication; system & communication protection; system &
information integrity
management controls and procedures
awareness & training; audit & accountability; certification, accreditation, & security
assessments; contingency planning; maintenance; physical & environmental protection;
planning; personnel security; risk assessment; systems & services acquisition
overlapping technical and management:
configuration management; incident response; media protection
X.800 Security Architecture
X.800, Security Architecture for OSI
systematic way of defining requirements for security and characterizing approaches to satisfying them
defines:
security attacks - compromise security
security service - counter security
security mechanism - act to detect,
attacks
prevent, recover from attack
The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined
briefly as:
Security attack: Any action that compromises the security of information owned by an organization. cf.
network security attacks slide earlier
Security mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
cf. functional requirements from previous slide or Table 1.6 in text.
Security service: A service that enhances the security of the data processing systems and the information
transfers of an organization. The services are intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service.
Security Taxonomy

The key elements are:

Action: A step taken by a user or process in order to achieve a result
Target: A computer or network logical entity or physical entity
Event: An action directed at a target that is intended to result in a change of state, or status, of the target
Tool: A means of exploiting a computer or network vulnerability
Vulnerability: A weakness in a system allowing unauthorized action
Unauthorized result: An unauthorized consequence of an event
Attack: A series of steps taken by an attacker to achieve an unauthorized result
Attacker: An individual who attempts one or more attacks in order to achieve an objective
Objectives: The purpose or end goal of an incident
Incident: a group of attacks that can be distinguished from other attacks because of the distinctiveness of
the attackers, attacks, objectives, sites, and timing

Over time, the attacks on the Internet and Internet-attached systems have grown more sophisticated while the
amount of skill and knowledge required to mount an attack has declined, as shown here in Figure 1.6 from the
text. Attacks have become more automated and can cause greater amounts of damage. This increase in attacks
coincides with an increased use of the Internet and with increases in the complexity of protocols, applications,
and the Internet itself. Critical infrastructures increasingly rely on the Internet for operations. Individual users
rely on the security of the Internet, email, the Web, and Web-based applications to a greater extent than ever.
Thus, a wide range of technologies and tools are needed to counter the growing threat.
Computer Security Strategy
specification/policy
what is the security scheme supposed to do?
codify in policy and procedures
implementation/mechanisms
how does it do it?
prevention, detection, response, recovery
correctness/assurance
does it really work?
assurance, evaluation
Specification/policy: What is the security scheme supposed to do? A security policy is an informal
description of desired system behavior. In developing a security policy, a security manager needs to consider
the context, in terms of: value of the assets being protected; vulnerabilities of the system; potential threats and
the likelihood of attacks. Further, the manager must consider the following tradeoffs between Ease of use
versus security and Cost of security versus cost of failure and recovery.
Implementation/mechanisms: How does it do it? Security implementation involves four complementary
courses of action: prevention (ideal security scheme is when no attack is successful. Not practical in all cases,

is a reasonable goal), detection (when practical to detect security attacks), response (to halt the attack and
prevent further damage), recovery (from attack consequences, such as using a backup system).
Correctness/assurance: Does it really work? Have the concepts of assurance and evaluation. Assurance as
the degree of confidence one has that the security measures, both technical and operational, work as intended
to protect the system and the information it processes. Evaluation is the process of examining a computer
product or system with respect to certain criteria. Evaluation involves testing, and may also involve formal
analytic or mathematical techniques.
Ch. 2
Cryptographic Tools
cryptographic algorithms important element in security services
review various types of elements
symmetric encryption
digital signatures and key management
public-key (asymmetric) encryption
secure hash functions
example is use to encrypt stored data
Symmetric Encryption
Plaintext: This is the original message or data that is fed into the algorithm as input.
Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the
plaintext.
Secret key: The secret key is also input to the encryption algorithm. The exact substitutions and
transformations performed by the algorithm depend on the key.
Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret
key. For a given message, two different keys will produce two different ciphertexts.
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext
and the secret key and produces the original plaintext.
There are two requirements for secure use of symmetric encryption:
1. We need a strong encryption algorithm.
2. Sender and receiver must have secure obtained, & keep secure, the secret key.
Attacking Symmetric Encryption
cryptanalysis
rely on nature of the algorithm
plus some knowledge of plaintext characteristics
even some sample plaintext-ciphertext pairs
exploits characteristics of algorithm to deduce specific plaintext or key
brute-force attack
try all possible keys on some ciphertext until get an intelligible translation into plaintext
Symmetric Encryption Algorithms
DES and Triple-DES
Data Encryption Standard (DES) is the most widely used encryption scheme
uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block
concerns about algorithm & use of 56-bit key
Triple-DES
repeats basic DES algorithm three times
using either two or three unique keys
much more secure but also much slower
Advanced Encryption Standard (AES)
needed a better replacement for DES
NIST called for proposals in 1997
selected Rijndael in Nov 2001
published as FIPS 197
symmetric block cipher
uses 128 bit data & 128/192/256 bit keys

 now widely available commercially

Message Authentication
protects against active attacks
verifies received message is authentic
contents unaltered
from authentic source
timely and in correct sequence
can use conventional encryption
only sender & receiver have key needed
or separate authentication mechanisms
append authentication tag to cleartext message
Encryption protects against passive attack (eavesdropping). Message authentication protects against active
attacks (falsification of data and transactions), by verifying that received messages are authentic, that is that
the contents of the message have not been altered and that the source is authentic. We may also wish to verify
a message's timeliness and sequence relative to other messages flowing between two parties.
It is possible to perform authentication simply by the use of conventional encryption. If we assume that only
the sender and receiver share a key (which is as it should be), then only the genuine sender would be able to
encrypt a message successfully for the other participant. Furthermore, if the message includes an errordetection code and a sequence number, the receiver is assured that no alterations have been made and that
sequencing is proper. If the message also includes a timestamp, the receiver is assured that the message has
not been delayed beyond that normally expected for network transit.
Alternatively there are several approaches to message authentication that do not rely on encryption. In all of
these approaches, an authentication tag is generated and appended to each message for transmission. The
message itself is not encrypted and can be read at the destination independent of the authentication function
at the destination.
Message Authentication Codes
One authentication technique involves the use of a secret key to generate a small block of data, known as a
message authentication code, that is appended to the message. This technique assumes that two
communicating parties, say A and B, share a common secret key KAB. When A has a message to send to B, it
calculates the message authentication code as a function of the message and the key: MACM = F(KAB, M). The
message plus code are transmitted to the intended recipient. The recipient performs the same calculation on
the received message, using the same secret key, to generate a new message authentication code. The received
code is compared to the calculated code, as shown here in Figure 2.4 from the text. If we assume that only the
receiver and the sender know the identity of the secret key, and if the received code matches the calculated
code, then:
1. The receiver is assured that the message has not been altered.
2. The receiver is assured that the message is from the alleged sender.
3. If the message includes a sequence number, then the receiver can be assured of the proper sequence.
A number of algorithms could be used to generate the code. The NIST specification, FIPS PUB 113,
recommends the use of DES. DES is used to generate an encrypted version of the message, and the last number
of bits of ciphertext are used as the code. A 16- or 32-bit code is typical.
Secure Hash Functions
An alternative to the message authentication code is the one-way hash function. As with the message
authentication code, a hash function accepts a variable-size message M as input and produces a fixed-size
message digest H(M) as output (Figure 2.5). Unlike the MAC, a hash function does not also take a secret key
as input. To authenticate a message, the message digest is sent with the message in such a way that the message
digest is authentic.
Enkripsi Asimetris
Pada algoritma asymmetric, terdapat dua buah kunci yaitu kunci publik untuk encrypt dan kunci private
untuk decrypt. Ketika seseorang (misal Alice) akan mengirimkan pesan ke Bob, maka Alice akan mengenkripsi
pesan tersebut menggunakan kunci publik Bob dan Bob akan membuka pesan yang diterimanya menggunakan

kunci private. Hal tersebut merupakan kelebihan pada sistem asymmetric karena user cukup menyimpan secara
rahasia kunci private miliknya, sedangkan kunci publik dapat disebarkan ke seluruh user yang ingin
berkomunikasi dengannya tanpa perlu khawatir orang yang tidak berhak dapat membuka pesan menggunakan
kunci publik yang telah disebar tersebut.
Pada sistem symmetric, kunci yang digunakan untuk encrypt dan decrypt adalah sama, sehingga user
yang saling berkomunikasi menggunakan sistem symmetric harus saling berkirim kunci yang sama karena jika
mereka tidak menggunakan kunci yang sama maka pesan tidak dapat terbuka di sisi penerima. Jika terdapat
seseorang yang berada di tengah2 proses kirim terima kunci dan berhasil mendapatkan kunci tersebut maka maka
semua pesan dapat terbuka. Berbeda dengan sistem asymmetric, user hanya perlu mengirimkan kunci publik
supaya orang lain dapat berkomunikasi dengan dirinya.

Authentication Asimetris
A user encrypts data using his or her own private key. Anyone who knows the corresponding public key will
then be able to decrypt the message. This is directed toward providing authentication and/or data integrity. If
a user is able to successfully recover the plaintext from Bobs ciphertext using Bobs public key, this indicates
that only Bob could have encrypted the plaintext, thus providing authentication. Further, no one but Bob would
be able to modify the plaintext because only Bob could encrypt the plaintext with Bobs private key. This can
be adapted to provide authentication or data integrity. Suppose that Bob wants to send a message to Alice and,
although it is not important that the message be kept secret, he wants Alice to be certain that the message is
indeed from him. In this case Bob could use his own private key to encrypt the message. Here the entire
message is encrypted, which, although validating both author and contents, requires a great deal of storage
and additional processing cost.
Public Key Requirements
1. computationally easy to create key pairs
2. computationally easy for sender knowing public key to encrypt messages
3. computationally easy for receiver knowing private key to decrypt ciphertext
4. computationally infeasible for opponent to determine private key from public key
5. computationally infeasible for opponent to otherwise recover original message
6. useful if either key can be used for each role
Public Key Algorithms
RSA (Rivest, Shamir, Adleman)
developed in 1977
only widely accepted public-key encryption alg
given tech advances need 1024+ bit keys
Diffie-Hellman key exchange algorithm
only allows exchange of a secret key
Digital Signature Standard (DSS)
provides only a digital signature function with SHA-1
Elliptic curve cryptography (ECC)
new, security like RSA, but with much smaller keys
Random Numbers
random numbers have a range of uses
requirements:
randomness
based on statistical tests for uniform distribution and independence
unpredictability
successive values not related to previous
clearly true for truly random numbers
but more commonly use generator

Random numbers play an important role in the use of encryption for various network security applications,
such as in the generation of: keys for public-key algorithms, stream keys in a stream cipher, for temporary
session keys, and in key distribution scenarios.
Pseudorandom verses Random Numbers
often use algorithmic technique to create pseudorandom numbers
which satisfy statistical randomness tests
but likely to be predictable
true random number generators use a nondeterministic source
e.g. radiation, gas discharge, leaky capacitors
increasingly provided on modern processors
Cryptographic applications typically make use of algorithmic techniques for random number generation.
These algorithms are deterministic and therefore produce sequences of numbers that are not statistically
random. However, if the algorithm is good, the resulting sequences will pass many reasonable tests of
randomness. Such numbers are referred to as pseudorandom numbers.
A true random number generator (TRNG) uses a nondeterministic source to produce randomness. Most
operate by measuring unpredictable natural processes, such as pulse detectors of ionizing radiation events,
gas discharge tubes, and leaky capacitors. Increasingly have true random sources in modern computer
chips.
Practical Application: Encryption of Stored Data
common to encrypt transmitted data
much less common for stored data
which can be copied, backed up, recovered
approaches to encrypt stored data:
back-end appliance
library based tape encryption
background laptop/PC data encryption
Some more recent approaches for doing this include:
Back-end appliance: a hardware device that sits between servers and storage systems and encrypts all data
going from the server to the storage system and decrypts data going in the opposite direction.
Library-based tape encryption: provided by means of a co-processor board embedded in the tape drive
and tape library hardware. The co-processor encrypts data using a nonreadable key configured into the board.
The tapes can then be sent off-site to a facility that has the same tape drive hardware.
Background laptop and PC data encryption: software products that provide encryption that is transparent
to the application and the user. Some encrypt all or designated files and folder,. others create a virtual disk
locally on the hard drive or on a network storage device, with all data on the virtual disk encrypted. Various
key management solutions are offered to restrict access to the owner of the data.
Ch. 3
User Authentication
fundamental security building block
basis of access control & user accountability
is the process of verifying an identity claimed by or for a system entity
has two steps:
identification - specify identifier
verification - bind entity (person) and identifier
distinct from message authentication
The process of verifying an identity claimed by or for a system entity. An authentication process consists of
two steps:
Identification step: Presenting an identifier to the security system. (Identifiers should be assigned
carefully, because authenticated identities are the basis for other security services, such as access
control service.)

Verification step: Presenting or generating authentication information that corroborates the binding
between the entity and the identifier.
In essence, identification is the means by which a user provides a claimed identity to the system; user
authentication is the means of establishing the validity of the claim. Note that user authentication is distinct
from message authentication.
Means of User Authentication
four means of authenticating user's identity
based one something the individual
knows - e.g. password, PIN
possesses - e.g. key, token, smartcard
is (static biometrics) - e.g. fingerprint, retina
does (dynamic biometrics) - e.g. voice, sign
can use alone or combined
all can provide user authentication
all have issues
There are four general means of authenticating a user's identity, which can be used alone or in combination:
Something the individual knows: Examples includes a password, a personal identification number
(PIN), or answers to a prearranged set of questions.
Something the individual possesses: Examples include electronic keycards, smart cards, and physical
keys. This type of authenticator is referred to as a token.
Something the individual is (static biometrics): Examples include recognition by fingerprint, retina,
and face.
Something the individual does (dynamic biometrics): Examples include recognition by voice pattern,
handwriting characteristics, and typing rhythm.
Password Authentication
widely used user authentication method
user provides name/login and password
system compares password with that saved for specified login
authenticates ID of user logging and
that the user is authorized to access system
determines the users privileges
is used in discretionary access control
Password Vulnerabilities
offline dictionary attack
specific account attack
popular password attack
password guessing against single user
workstation hijacking
exploiting user mistakes
exploiting multiple password use
electronic monitoring
We can identify the following attack strategies and countermeasures:
Offline dictionary attack: A determined hacker may bypass access controls and gain access to the system
password file. The attacker then compares the password hashes against hashes of commonly used
passwords.
Specific account attack: The attacker targets a specific account and submits password guesses until the
correct password is discovered.
Popular password attack: The attacker chooses a popular password and try it against a wide range of user
IDs.
Password guessing against single user: The attacker attempts to gain knowledge about the account holder
and system password policies and uses that knowledge to guess the password.

 Workstation hijacking; The attacker waits until a logged-in workstation is unattended.

Exploiting user mistakes: If the system assigns a password, then the user is more likely to write it down
because it is difficult to remember.
Exploiting multiple password use. When different network devices share the same or a similar password
for a given user.
Electronic monitoring: If a password is communicated across a network to log on to a remote system, it
is vulnerable to eavesdropping.
Countermeasures
stop unauthorized access to password file
intrusion detection measures
account lockout mechanisms
policies against using common passwords but rather hard to guess passwords
training & enforcement of policies
automatic workstation logout
encrypted network links
Countermeasures against the listed vulnerabilities include controls to: prevent unauthorized access to the
password file, intrusion detection measures to identify a compromise, rapid re-issuance of passwords
should the password file be compromised; account lockout mechanism which locks out access to the
account after a number of failed login attempts; policies to inhibit the selection by users of common
passwords; training in and enforcement of password policies that make passwords difficult to guess;
automatically logging the workstation out after a period of inactivity; a policy that forbids the same or
similar password on particular network devices; encrypted communications links.
UNIX Implementation
original scheme
8 character password form 56-bit key
12-bit salt used to modify DES encryption into a one-way hash function
0 value repeatedly encrypted 25 times
output translated to 11 character sequence
now regarded as woefully insecure
e.g. supercomputer, 50 million tests, 80 min
sometimes still used for compatibility
Improved Implementations
have other, stronger, hash/salt variants
many systems now use MD5
with 48-bit salt
is hashed with 1000 times inner loop
password length is unlimited
produces 128-bit hash
OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt
uses 128-bit salt to create 192-bit hash value
Password Cracking
dictionary attacks
try each word then obvious variants in large dictionary against hash in password file
rainbow table attacks
precompute tables of hash values for all salts
a mammoth table of hash values
e.g. 1.4GB table cracks 99.9% of alphanumeric Windows passwords in 13.8 secs
not feasible if larger salt values used
The traditional approach to password guessing, or password cracking as it is called, is to develop a large
dictionary of possible passwords and to try each of these against the password file. This means that each
password must be hashed using each available salt value and then compared to stored hash values. If no match
is found, then the cracking program tries variations on all the words in its dictionary of likely passwords. Such
variations include backward spelling of words, additional numbers or special characters, or sequence of

characters, An alternative is to trade off space for time by precomputing potential hash values. In this approach
the attacker generates a large dictionary of possible passwords. For each password, the attacker generates the
hash values associated with each possible salt value.
Password Choices
users may pick short passwords
e.g. 3% were 3 chars or less, easily guessed
system can reject choices that are too short
users may pick guessable passwords
so crackers use lists of likely passwords
e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them
would take about 1 hour on fastest systems to compute all variants, and only need 1 break!
Password File Access Control
can block offline guessing attacks by denying access to encrypted passwords
make available only to privileged users
often using a separate shadow password file
still have vulnerabilities
exploit O/S bug
access from unprotected backup media
accident with permissions making it
sniff passwords in unprotected network
readable
traffic
users with same password on other
systems
One way to thwart a password attack is to deny the opponent access to the password file. If the hashed
password portion of the file is accessible only by a privileged user, then the opponent cannot read it without
already knowing the password of a privileged user. Often, the hashed passwords are kept in a separate file
from the user IDs, referred to as a shadow password file. Special attention is paid to making the shadow
password file protected from unauthorized access. Although password file protection is certainly
worthwhile, there remain vulnerabilities: a hacker may be able to exploit a software vulnerability in the
operating system to bypass the access control system long enough to extract the password file; an accident
of protection might render the password file readable; some users may use the same password on other
less protected or compromised machines; a lack of or weakness in physical security (e.g. of backups) may
provide opportunities for a hacker to access a copy of the file; passwords may be captured by sniffing
network traffic.
Using Better Passwords
clearly have problems with passwords
goal to eliminate guessable passwords
whilst still easy for user to remember
techniques:
user education
reactive password checking
computer-generated passwords
proactive password checking
Four basic techniques are in use:
User education - Users can be told the importance of using hard-to-guess passwords and can be provided
with guidelines for selecting strong passwords. Can be problematic when have a large user population or
a lot of turnover, and because many users will simply ignore the guidelines.
Computer-generated passwords - have a history of poor acceptance by users, if random in nature, users
will not remember them, if pronounceable, the user may still be tempted to write it down.
Reactive password checking - where the system periodically runs its own password cracker to find
guessable passwords.The system cancels any passwords that are guessed and notifies the user. Can be
costly in resources to implement.
Proactive password checking - where user selects own password which the system then checks to see if
it is is allowable and, if not, rejects it. It must strike a balance between user acceptability and strength.
Likely the best solution.

Proactive Password Checking

rule enforcement plus user advice, e.g.
8+ chars, upper/lower/numeric/punctuation
may not suffice
password cracker
time and space issues
Markov Model
generates guessable passwords
hence reject any password it might generate
Bloom Filter
use to build table based on dictionary using hashes
check desired password against this table
The first approach is a simple system for rule enforcement coupled with advice to the user, e.g:
All passwords must be at least eight characters long.
In the first eight characters, the passwords must include at least one each of uppercase, lowercase,
numeric digits, and punctuation marks.
Another method is to compile a large dictionary of possible badpasswords. When a user selects a
password, the system runs a Password Cracker to make sure that it is not on the disapproved list. This still
consumes significant time and space.
Use a Markov Model for the generation of guessable passwords, and reject any passwords likely to be
generated by the model (see text for more details).
Use a Bloom filter, which is a set of k independent hash functions which map a password into a set of hash
values in the range 0 N1. These are used to set bits in a lookup table of size N. When a new password
is presented to the checker, its k hash values are calculated. If all the corresponding bits of the hash table
are equal to 1, then the password is rejected. All passwords in the dictionary will be rejected. But there
will also be some other false positives
Token Authentication
object user possesses to authenticate, e.g.
embossed card
memory card
magnetic stripe card
smartcard
These include:
Embossed - Raised characters only, on front, e.g. Old credit card
Magnetic stripe - Magnetic bar on back, characters on front, e.g. Bank card
Memory - has Electronic memory inside, e.g. Prepaid phone card
Smartcard - has Electronic memory and processor inside, e.g. Biometric ID card
Memory Card
store but do not process data
magnetic stripe card, e.g. bank card
electronic memory card
used alone for physical access
with password/PIN for computer use
drawbacks of memory cards include:
need special reader
user dissatisfaction
loss of token issues
Memory cards can store but not process data. The most common such card is the bank card with a magnetic
stripe on the back. A magnetic stripe can store only a simple security code, which can be read (and
unfortunately reprogrammed) by an inexpensive card reader. There are also memory cards that include an
internal electronic memory. Memory cards can be used alone for physical access, such as a hotel room.
For computer user authentication, such cards are typically used with some form of password or personal
identification number (PIN). A typical application is an automatic teller machine (ATM). The memory
card, when combined with a PIN or password, provides significantly greater security than a password

alone. An adversary must gain physical possession of the card (or be able to duplicate it) plus must gain
knowledge of the PIN. Among the potential drawbacks are the following [NIST95]:
Requires special reader: This increases the cost of using the token and creates the requirement to maintain
the security of the readers hardware and software.
Token loss: A lost token temporarily prevents its owner from gaining system access. Thus there is an
administrative cost in replacing the lost token. In addition, if the token is found, stolen, or forged, then an
adversary now need only determine the PIN to gain unauthorized access.
User dissatisfaction: Although users may have no difficulty in accepting the use of a memory card for
ATM access, its use for computer access may be deemed inconvenient.
Smartcard
credit-card like
has own processor, memory, I/O ports
wired or wireless access by reader
ROM, EEPROM, RAM memory
may have crypto co-processor
executes protocol to authenticate with reader/computer
also have USB dongles
Biometric Authentication
authenticate user based on one of their physical characteristics

A biometric authentication system attempts to authenticate an individual based on unique physical

characteristics.These include static characteristics, such as fingerprints, hand geometry, facial
characteristics, and retinal and iris patterns; and dynamic characteristics, such as voiceprint and signature.
Compared to passwords and tokens, biometric authentication is both technically complex and expensive,
and have yet to mature as a standard tool for user authentication to computer systems. Figure 3.6 from the
text gives a rough indication of the relative cost and accuracy of the most common biometric measures:
Facial characteristics: define characteristics based on relative location and shape of key facial features,
such as eyes, eyebrows, nose, lips, and chin shape.
Fingerprints: the pattern of ridges and furrows on the surface of the fingertip, believed to be unique across
the entire human population. Automated fingerprint systems extract a number of features to use as a
surrogate for the full pattern.
Hand geometry: identify features of hand,: e.g. shape, lengths & widths of fingers.
Retinal pattern: formed by veins beneath the retinal surface is unique and therefore suitable for
identification. Uses a digital image of the retinal pattern by projecting a low-intensity beam of visual or
infrared light into the eye.
Iris: Another unique physical characteristic is the detailed structure of the iris.
Signature: each individual has a unique style of handwriting, esp in signature.
Voice: patterns are more closely tied to physical and anatomical characteristics of the speaker, but still
have a variation from sample to sample over time from the same speaker,complicating the biometric
recognition task.
Biometric Accuracy
never get identical templates

 problems of false match / false non-match

Biometric Accuracy
can plot characteristic curve
pick threshold balancing error rates

The iris system had no false matches in over 2 million cross-comparisons. Note that over a broad range of
false match rates, the face biometric is the worst performer.
Remote User Authentication
authentication over network more complex
problems of eavesdropping, replay
generally use challenge-response
user sends identity
host responds with random number
user computes f(r,h(P)) and sends back
host compares value from user with own computed value, if match user authenticated
protects against a number of attacks
Authentication Security Issues
client attacks
replay
host attacks
trojan horse
eavesdropping
denial-of-service
Client attacks are those in which an adversary attempts to achieve user authentication without access to the
remote host or to the intervening communications path. The adversary attempts to masquerade as a legitimate

user. e.g. in a password-based system, the adversary may attempt to guess the likely user password. Host
attacks are directed at the user file at the host where passwords,token passcodes, or biometric templates are
stored. Eavesdropping refers to an adversarys attempt to learn the password by observing the user, finding a
written copy of the password, keystroke logging, etc. Replay attacks involve an adversary repeating a
previously captured user response. The most common countermeasure to such attacks is the challengeresponse protocol. In a Trojan horse attack, an application or physical device masquerades as an authentic
application or device for the purpose of capturing a user password, passcode, or biometric. The adversary can
then use the captured information to masquerade as a legitimate user. A denial-of-service attack attempts to
disable a user authentication service by flooding the service with numerous authentication attempts.
FMR : Suatu keadaan dimana sistem mengenal imposter sebagai user asli
FNMR : Suatu keadaan dimana sistem tidak dapat menerima user asli