authentication: the problem that will not go away prof. ravi sandhu chief scientist...
TRANSCRIPT
Authentication: the problem that will not go away
Prof. Ravi Sandhu
Chief Scientist
703 283 3484
Protecting Online Identity™
© Copyright Ravi Sandhu 2008
Page 2
The State of Cyber Security
We are in the midst of big change Nobody knows where we are headed Conventional wisdom on where we are
headed is likely wrong
© Copyright Ravi Sandhu 2008
Page 3
Security Schools of Thought
OLD THINK:
We had it figured out. If the industry had only listened to us our computers and networks today would be secure.
REALITY:
Today’s and tomorrow’s cyber systems and their security needs are fundamentally different from the timesharing era of the early 1970’s.
© Copyright Ravi Sandhu 2008
Page 4
Change Drivers
Stand-alone mainframes and mini-computers
Internet
Enterprise securityMutually suspicious
security with splitresponsibility
Vandals Criminals
Few and standard services
Many and newinnovative services
© Copyright Ravi Sandhu 2008
Page 5
Authentication is fundamental to security is hard
Authentication can enable single sign on (or reduced sign on) digital signatures
Authentication Characterized
© Copyright Ravi Sandhu 2008
Page 6
Something you knowPasswords, Personal facts
Something you haveSmart card, One-Time-Password generator, PC …
Something you areFingerprint, Iris, DNA, Voiceprint, …
Multifactor = 2 or more of theseLeap to 2-factor from 1-factor provides biggest gain2 factors typically from different categories above
Authentication Sliced
© Copyright Ravi Sandhu 2008
Page 7
Shared secrets versus public-private keysShared secrets do not scale, especially across
administrative domainsShared secrets do not facilitate single sign-onThe holy grail of public key infrastructure continues
to offer the best hope for scalability and single sign-on
Mostly true BUT don’t forgetKerberos, symmetric key single sign-on within an
enterpriseATM network
Authentication Sliced Differently: Take 1
© Copyright Ravi Sandhu 2008
Page 8
One-way authentication versus mutual authentication
One-way authentication is the normIt is particularly susceptible to phishingOne-time passwords are susceptible to MITM
attacks due to lack of mutual authentication
Authentication Sliced Differently: Take 2
© Copyright Ravi Sandhu 2008
Page 9
Two-factor (or multi-factor) Mutual authentication
Strong Authentication
© Copyright Ravi Sandhu 2008
Page 10
Existing Authentication Methods & Threats
Strong User Authentication
Weak User Authentication
Transaction Authentication
© Copyright Ravi Sandhu 2008
Page 11
Why Are These Security Measures Vulnerable?
Authentication technologies are vulnerable to MITM Phishing 2.0 attacks when:
They rely on weak, easily spoofable information
They rely on ‘shared secrets’
They use only one-way SSL security
Vulnerable Authentication Technologies :IP Geo, Device Fingerprint, OTP Tokens, Scratch Cards, Grid Cards, Cookies, Text, and Pictures
© Copyright Ravi Sandhu 2008
Page 12
Man-in-the-Middle Attacks Are Happening
A man-in-the-middle attack (MITM): attacker is able to read, insert and modify transactions between two parties without either party knowing that the link between them has been compromised.
CitiBank Attack:July 10th, 2006Defeated OTP Tokens35 MITM Sites in Russia
Amazon Attack:January 3rd, 2007Defeated Username/Password
Bank of America:April 10th, 2007Defeats Sitekey Cookie/Picture (Movie)
ABN AMRO:April 20th, 2007Defeats OTP Token
© Copyright Ravi Sandhu 2008
Page 13
The Citibank Attack Decrypted
Phishing email
Links to fake CitiBusiness login page, hosted in Russia by Tufel-Club.ru and routed through botnet.
Inputs and steals users’ credentials (including Token code) in real time at the actual CitiBusiness.com site
Attacker changes transaction or executes a new transaction
© Copyright Ravi Sandhu 2008
Page 14
IP Spoofing Story
IP Spoofing predicted in Bell Labs report ≈ 1985 1st Generation firewalls deployed ≈ 1992 IP Spoofing attacks proliferate in the wild ≈ 1993 VPNs emerge ≈ late 1990’s Vulnerability shifts to accessing end-point Network Admission Control ≈ 2000’s
© Copyright Ravi Sandhu 2008
Page 15
Evolution of Phishing
Phishing 1.0Attack: Capture reusable passwordsDefense: user education, cookies, pictures
Phishing 2.0Attack: MITM in the 1-way SSL channel, breaks OTPsDefense: 2-way SSL
Phishing 3.0Attack: Browser-based MITB client in front of 2-way SSLDefense: Transaction authentication outside browser
Phishing 4.0Attack: PC-based MIPC client in front of 2-way SSLDefense: Transaction authentication outside PC, PC hardening
© Copyright Ravi Sandhu 2008
Page 16
Sandhu’s Laws of Attackers
1. Attackers existYou will be attacked
2. Attackers have sharply escalating incentiveMoney, terrorism, warfare, espionage, sabotage, …
3. Attackers are lazy (follow path of least resistance)Attacks will escalate BUT no faster than necessary
4. Attackers are innovative (and stealthy)Eventually all feasible attacks will manifest
5. Attackers are copycatsKnown attacks will proliferate widely
6. Attackers have asymmetrical advantageNeed one point of failure
© Copyright Ravi Sandhu 2008
Page 17
Sandhu’s Laws of Defenders
1. Defenses are necessary
2. Defenses have escalating scope
3. Defenses raise barriers for attackers
4. Defenses will require new barriers over time
5. Defenses with better barriers have value
6. Defenses will be breached
© Copyright Ravi Sandhu 2008
Page 18
Sandhu’s Laws of Users
1. Users exist and are necessary
2. Users have escalating exposure
3. Users are lazy and expect convenience
4. Users are innovative and will bypass inconvenient security
5. Users are the weakest link
6. Users expect to be protected
© Copyright Ravi Sandhu 2008
Page 19
Operational Principles
A.Prepare for tomorrow’s attacks, not just yesterday’sGood defenders strive to stay ahead of the curve, bad
defenders forever lag
B.Take care of tomorrow’s attacks before next year’s attacks
Researchers will and should pursue defense against attacks that will manifest far in the future BUT these solutions will deploy only as attacks catch up
C.Use future-proof barriersDefenders need a roadmap and need to make
adjustments
D.It’s all about trade-offsSecurity, Convenience, Cost