Upload
esther-mavis-young
View
221
Download
0
Tags:
Embed Size (px)
Citation preview
Readings Password Vulnerabilities
Why passwords have never been weaker…
Storing passwords A salt free diet is bad for your security… Threshold Cryptography….
Password Usage An analysis of ID-password usage… Password Composition Policies
Why do we keep doing this? Why it Pays to Submit to Hackers
New kinds of authentication Active Authentication Learn a password subconsciously… Risk-Based Authentication
Solutions to the Common Password Diceware Password Managers (1Password demo)
Password Vulnerabilities
Password Cracking The practice of inputting plaintext through an hashing algorithm and comparing the
result with a compromised hash compromised hash = computed hash You know the password (Input)
Dictionary attacks Comparing known words and their hashes to compromised hashes Exploit becomes 2 step process
Generate word lists Time and storage problem
Table Look-up
Known password lists 60% of newly compromised passwords are already in tables/cracked
100 million known passwords have been published online Exploit becomes a 1 step process
Generating word lists is less necessary Table Loop-up only
Hybrid attack Combines dictionary with intelligence gathered from know passwords
For Example: Gather all names from Facebook and combine with dictionary words
Hacker Password Analysis
Most capitalized letters are at the beginning of a password
Most numbers and special characters are at the end
Quite a lot of first name followed by year
Add number or special characters at the beginning or (usually) end
Mangling Super – sup34 Princess = Prince$$
Mirror images mypassworddrowssapym
SplashData’s25 Most Popular Passwords
for 20141. password (Unchanged) 13. 1234567 (Down 6)
2. 123456 (Unchanged) 14. sunshine (Up 1)
3. 12345678 (Unchanged) 15. master (Down 1)
4. abc123 (Up 1) 16. 123123 (Up 4)
5. qwerty (Down 1) 17. welcome (New)
6. monkey (Unchanged) 18. shadow (Up 1)
7. letmein (Up 1) 19. ashley (Down 3)
8. dragon (Up 2) 20. football (Up 5)
9. 111111 (Up 3) 21. jesus (New)
10. baseball (Up 1) 22. michael (Up 2)
11. iloveyou (Up 2) 23. ninja (New)
12. trustno1 (Down 3) 24. mustang (New)
25. password1 (New)
compiled from files containing millions of stolen passwords posted online by hackers.
Just the facts John…
PC running with 1 AMD Radeon HD7970 GPU Process 8.2 billion password’s per second
The biggest boon to cracking passwords however is Theft of non-secure credential files Rockyou.com
32 million plaintext passwords 14 million after duplicates were removed Now there exists a database of commonly used
passwords If you can “crack” 8.2 billion per second how
fast do you think you can look one up?
Lets look at some numbers
Steven1961 10 characters 52 letters Password length = 10 so,
6210 = 839,299,365,868,340,224* /8 billion second** = 104,912,420.73 (1,748,540.35 minutes; 29,142.34 hours; 1,214.26 days;)
3.33 Years to crack but….
Hackers know our patterns so… 10 character, last 4 are numbers, 1st may be capitalized 52 x 26 x 26 x 26 x 26 x 26 x 10 x 10 x 10 x 10 / 8 billion =
772.29 seconds 12.87 minutes to crack
But what if Hacker goes to my Facebook page? 10 character, last 4 are numbers and they’re probably 1961 so… 52 x 26 x 26 x 26 x 26 x 26 +1961/ 8 billion =
.07 seconds to crack *eight hundred thirty nine quadrillion, two hundred ninety nine trillion, three hundred sixty five billion, eight hundred sixty eight million, three hundred forty thousand, two hundred twenty four
Copyright Pearson Prentice-Hall 2010
Password-Cracking Programs Brute-force password guessing
Try all possible passwords of Length 1, Length 2, etc. Thwarted by passwords that are long and complex
(using all keyboard characters) N is the password length, in characters
Alphabet, no case: N26 possible passwords Alphabet, upper and lower case (N52) Alphanumeric (letters and digits) (N62) All keyboard characters (~N80)
9
Server Password Cracking
GPU Cracking What is it?
Using a graphics card to brute-force passwords
How fast does it work? Millions of attempt per second GPU Bruteforcer 450 million per second, but…
It depends on hash How long would a 12 character password using , U,
l, 0-9, &^% take? 94⌃8 = 6,095,689,385,410,816
MD5 = 166 days? SHA-512 = 5,427 days? ~15 years Even 6 character password would take: ~15 hours
ArsTechnica Breach
What did this article have to say about salting passwords and choosing a hashing algorithm?
Hashing Password Algorithms
PBKDF2 To derive a key PBKDF2 does the following: DK = PBKDF2(PRF, Password, Salt, c, dkLen)
Where DK is the derived key, PRF is the preferred HMAC function (this can be a SHA-1/2 HMAC, the password is used as a key for the HMAC and the salt as text), c is the amount of iterations and dkLen is the length of the derived key.
A salt should, by definition of the standard, be at least 64-bits of length and the minimum amount of iterations should be 1024.
So using PBKDF2 you require the cracker to try 1024 attempts for each hash!
c can be increased making it slower
Hashing Password Algorithms
bcrypt currently the defacto secure standard
for password hashing. It’s derived from the Blowfish block
cipher which, to generate the hash, uses look up tables which are initiated in memory.
This means a certain amount of memory space needs to be used before a hash can be generated. This can be done on CPU
But using a GPU becomes a lot more cumbersome due to memory restrictions.
Hashing Password Algorithms
scrypt Has the same properties as bcrypt,
except that when you increase rounds, it exponentially increases calculation time and memory space required to generate the hash.
Newer then bcrypt so not as much security research vetting has been done
Easy Audit Question for SOX Compliance How are you hashing your passwords
Copyright Pearson Prentice-Hall 2010
Other Password Threats Keystroke Capture Software
Trojan horse displays a fake login screen, reports its finding to attackers
Shoulder Surfing Attacker watches as the victim types a
password Even partial information can be useful
Part of the password: P_ _sw_ _d Length of the password (reduces time to do brute-force
cracking) iPhone/smartphone keylogging (reported
10/18/2011) Decoding Vibrations From Nearby Keyboards Us
ing Mobile Phone Accelerometers Solution, keep smartphone away from your
keyboard15
Server Password Cracking
Storage Problem(For Cracking)
You can run all possible combinations of any size password through any hashing algorithm and store the results but… It takes terabytes of storage space
Hellman/Rainbow tables reduce the space requirement by storing only 1st password and last generated hash
GPU-assisted cracking has reduced the need for rainbow tables Passwords < 6 can be brute forced Passwords > 9 require terabytes of storage Passwords of 7, 8, or 9 are still vulnerable to rainbow
tables
Storing Passwords (Salting Hashes)
Start with the Obvious Passwords should not be stored ‘in the clear’
The LinkedIn Hack over six million passwords belonging to LinkedIn users have been compromised A file containing 6,458,020 SHA-1 unsalted password hashes has been posted on
the internet, and hackers are working together to crack them.
Stored passwords as SHA-1, but without ‘Salt’ So, password123 stored as: cbfdac6008f9cab4083784cbd1874f76618d2a97
Need for Salting Hash Rainbow Tables Salting means appending random characters at the beginning of a password and
than hashing it: So, password123 might be KiJqpassword123 51472f680dc6cc5ce44366d765ca71148f68e36c will be stored as: KiJq51472f680dc6cc5ce44366d765ca71148f68e36c Now any 2 password123 will have unique hashes not found in rainbow tables
Or at least it will be harder to create rainbow tables
Threshold Cyrptography
Complex math but simple idea
Take a password Divide it Hash the pieces Store the pieces on separate servers
Increases the exploits that have to be carried out to get the pieces
Need a way to determine how to put the pieces together again
RSA Distributed Credential Protection
How Does it Work
RSA Video (sometimes it works)
Why all this fuss? An Analysis of ID-password usage (Bank,
Lee, Bae and Ahn, 2012)
What were the highlight of this article?
Analysis of ID-Password
Usage Users are usually the weakest link
Choose weak/simple passwords Password memorability can be difficult Can anyone remember the password from the wiki
cartoon? Reuse the passwords on multiple sites Even if your site has strong security (?) a weaker
site with the same password could compromise your site
Study examines: Re-use of login credentials Creation of Vulnerability Index
Re-useItem Mean
Number of Sites 105.7
Number of Unique IDs 6.6
Number of Unique passwords 4.7
Number of Unique log-in credentials
11.8
ID re-use ratio 19.1
Password re-use ratio 29.2
Log-in credentials re-use 10.5
% of used unique log-in credentials
45.6%
Class Results
How many different websites do you have that require you to authenticate with login credentials (username/password)? Mean = 58.3 (Fall 2014), 30.167 (Spring
2015)
Think of your answer to the previous poll, how many logins (username/passwords) that you are using are unique to each website? Mean = 9.26 (Fall 2014), 10.9 (Spring
2015)
Vulnerability Index
Network Theory Sites with same log-in
credentials (node) Connected nodes use
same log-in credentials (component)
Unique log-in credentials (isolate)
Inclusiveness - # of connected nodes / total nodes (12/14 = 85.7%) Largest:Network (5/14
= 35.7%) 2nd Largest:Network
(28.6%) 3rd Largest:Network
(21.4%)
VI – Result from Study
Item Mean
Inclusiveness 0.94 Use the same log-in credentials
Largest component 0.54
2nd largest component
0.18 0.72 (cumulative)
3rd largest component
0.09 0.81 (cumulative)
Vulnerability Index
0.38
•3 most frequently used log-in combinations use in 81% of sites vs. 11.8 unique log-in credentials•VI = expected proportion of sites subject to potential breaches if a breach at one site occurs• Larger values of VI indicate higher levels of vulnerability
Reducing VI Reducing the number of sites where log-in
credential combinations are used (reduce component size)
Increasing the number of different log-in credentials
Thus, vulnerability can be decreased without increasing: ID’s, PW’s or log-in credential combinations
Implications Firms need a network perspective
Firms can be compromised due to outside company security lapses
Firms should implement different log-in credentials procedures other than (ID/PW)
Policy makes need to enforce log-in credential implementation critical
Public awareness of the problem needs to be improved Discrepancy-enlarging feedback loop
Cybernetic Theory Discrepancy-enlarging feedback
used to explain avoidance behavior Compare your present state to undesired
state
Present
State
Avoidance State
Password Composition
Policies What is a password composition policy?
What is the UCF policy for NIDs?
How do password composition policies effect user behavior?
What is entropy? a measure (in bits) of the expected value of information
contained in the password. Shannon introduced the notion of information entropy, and subsequently developed a method to estimate entropy in printed English using n-grams.
Massey showed that entropy provides a lower bound on the expected number of guesses required to identify information; this result connects the entropy in passwords with an attacker’s ability to guess them using a brute- force attack.
Different Policies Basic8Survey
Password must have a minimum of 8 characters
18 bits of entropy To link your survey response
Basic8 Password must have a
minimum of 8 characters To update from e-mail breach
Basic16 Password must have a
minimum of 16 characters 30 bits of entropy To update from e-mail breach
Dictionary8 Password must have a minimum
of 8 characters Password can NOT be a
dictionary word 24 bits of entropy To update from e-mail breach
Comprehensive8 Password must have a minimum
of 8 characters Password can NOT be a
dictionary word Must have 1 upper, 1 lower, 1
numerical, 1 special character Must not contain a dictionary
word 30 bits of entropy To Update from e-mail breach
Major Findings Entropy Calculation:
we calculate individually the entropy contributed by password length; by number and placement of each class of character (lowercase, uppercase, numbers, symbols); and by the content of each character. The sum of these values is our estimate of the entropy of a password distribution.
Each condition had significantly different entropy Except for Dictionary8 and Basic8 (28.99 vs. 29.43)
16 character minimum provides greatest entropy with relatively low levels of usability issues (44.67)
Dictionary checks reduced cracking of most passwords via a heuristics But made selecting passwords more difficult and annoying to users
Most participants write down or store their passwords electronically
Users created passwords that exceeded the minimum requirements
Why do we choose weak passwords?
We know we need strong passwords
We know we need to back-up our computers
In general We don’t do it, why? Economics:
Cost (Time & Energy) Now
Benefit, sometime in the future – maybe!
Black Swan incident – what is this?
Hyperbolic discounting – what is this?
Fixes: Binding Mechanisms
Allow a new site/app to remind in the future to update my credentials
Secure Defaults I say use a password manger
User Friendliness Make credentials easier for
humans Face recognition vs
character string memorization
Incentives Discount for using strong
passwords Costs for not – Why are CC
companies responsible for your lack of a strong password?
Can we strengthen security of
passwords? Use Password Manager
1Password Roboform
Password Based Key Derivation Function Version 2 (PBKDFV2) Systems using PBKDFV2
Copyright Pearson Prentice-Hall 2010 33
I have two pets named Fred and Alice Ihave2pets:Fred&Alice Looks pretty secure but…
Use Spaces to help you remember I have 2 pets: Fred & Alice
Don’t tell the truth: I have 3 pets: LeBron, Dwane & Chris
Don’t make sense: I have 35 pets: LeBron, Dwane & Chris
Avoid predictable phrases I have 35 pets: Lebron, Dwane & Amy
But this is still predicatable
1Passwords password system
Copyright Pearson Prentice-Hall 2009 34
Introduce randomness into passwords
Roll dice to select word
Roll dice again to select next word
Continue
Diceware Passwords (Arnold Reinhold)
Copyright Pearson Prentice-Hall 2010 35
How Many words? Password vs. Passphrase
Password Usually 4-10 characters (2 Diceware words) Insert random special character between 2 words
Passphrase 20-40 characters (4-5 Diceware words) Entropy
How hard will it be for an attacker to know the passphrase given the method of selection, measured in bits Flip of a coin = 1 bit of entropy
Diceware word = 12.9 bits of entropy 4 words: 51.6 (use at least 11 characters) 5 words: 64.6 6 words:77.5 (use at least 17 characters) 7 words:90.4 (use at least 20 charcters) 10 word: 128
For passphrases for encryption, 6 is recommended
Finally… Even Stronger
Insert your own word into the set of Diceware words P35:LD&A + Diceware words
AA – What is it? Authentication based on how you perform
tasks Distinct Behavioral Characteristics Cognitive fingerprint
Keyboard Dynamics Length of time to hold down a key, and time to
move to another key Mice movement
These repetitive movement are not controlled by deliberate thought and therefore hard to mimic
How do Hacker’s Do with their Passwords
"There [were] a lot of variations of the word pass and root and also hax was used many times, but if I omit one common 4-letter word, the most frequently used word in this dictionary is hack," Hýža wrote. "It is worth mentioning that many PHP shells I analysed had only default passwords like r57, c99, password or yourpass."
http://arstechnica.com/security/2014/06/its-official-malicious-hackers-have-crappy-password-hygiene-too/
Provided Links by Anonymous
Password Manager Reviews http://online-password-manager-review.toptenrev
iews.com
Password Management Guide http://www.makeuseof.com/pages/the-password-
management-guide-fulltext