Lecture 16 - Class Notes November 4th, 2008 File Protection...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Class Notes November 4th, 2008 File Protection Mechanisms Group Protection Unix: User/group/others (world) Need to share File creation user defined access rights Easy to implement Users are recognized by user id and group id Difficulties 1. Group affiliation a. What if a user wants to be in 2 different groups 2. Multiple Personalities a. What is a user has several accounts belonging to different groups 3. All groups a. What about a super user that has access to all files wherever he is active 4. Can’t share on a per file basis Single permissions Drawbacks: Loss of token/password Inconvenient/time consuming Disclosure Password must be changed periodically Te m p or a rily a c q uir e d p e r mi s sio n s Unix: s e t u s e rid (s ui d) Ca n b e u s e d t o allow o n e u s e r t o s h a r e pr o t e c tio n rig h t s w h e n e x e c u tin g wit h a n o t h e r s u s e r Prot e c tio n r e m ai n s pr o t e c tio n of file o v e r w h a t file e x e c u t e s Eg c h a n g e p a s s w or d pr o gr a m h a s t his pr o t e c tio n Us e r Aut h e n tic a tio n -To pr ovid e t h e c orr e c t pr ot e c tio n, s y s t e m m u s t k n o w w h o t h e u s e r r e ally “is”. -To a c c o m plis h t hi s, t h e s y s t e m a n d t h e u sc omh a r e ecret e r s mon a s -Th er e a r e u s u ally t hr e e t e c h ni q u e s t h a t a n a u t h e n tic a tio n m e c h a ni s m a n u s e : 1. Ba s e d o n s o m e t hi n g t h e u s e r k n o w s (lik e a cl a s sic al p a s s w or d/ pi n n u m b e r) 2. So m e t hi n g t h e u s e r p o s s e s s e s (or h a s) s u c h a s s e c u rity b a d g e , id) 3. Who t h e u s e r is (voic e r e c o g nitio n, bio m e t ric s) Pa s s w or d s: Vuln e r a biliti e s of a u t h e n tic a tio n s y s t e m s t h a t u s e p a s s w or d s: Loos e lipp e d s y s t e m- giv e s a w a y m o r e infor m a tio n t h a n is n e e d e d , for e x a m pl e if t h e u s e r n a m e is incorr e c t it s t a t e s t h e wro n g u s e r n a m e w a s pr o vid e d b ef or e t h e p a s s w or d w a s r e q u e s Rul e s: 1. Do n’t pr ovid e m or e infor m a tio n t h a n n e c e s s a r y 2. Do n o t s e p a r a t e wro n g u s e r n a m e s fro m wro n g p a s s w or d s Att a c k s o n Pa s s w or d s: 1. Pa s s w or d s h a v e a s m all n u m b e r of bit s (whic h m a k e s it e a si e r t o try all p o s si bl e c o m bi n a tio n s of bit s, a n d t h e r ef or e all p o s si bl e p a s s w or d s). Try all p o s si bl e p a s s w or d Co m pl e xity of a b r u t e forc e a t t a c k: -Ass u m e limit e d t o o nly low e r c a s e c h a r a c t e r s (2 6) -Ass u m e limit e d in le n g t h t o 1-8 c h a r a c t e r s Length 1: 26 possibilities Length 2: 676 possibilities Length 3: 16,576 possiblities Length A: 26 +26 +…+26 = 26 ­1 = 5*10 = 5 million million a a-1 1 9 12 So If the system could check one password per millisecond, this approach would take 150 years. If however, it only takes one microsecond, it would only take about 2 months. 2. Try many probable passwords Focus on short passwords. 3. Try many likely passwords 4. Look for the password list on the system 5. Ask the user ...
View Full Document

Ask a homework question - tutors are online