CPE549_L2 - 6/2/2008 CPE 449/549 INFORMATION ASSURANCE...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 6/2/2008 CPE 449/549 INFORMATION ASSURANCE ENGINEERING I Chapter 3: Passwords INFORMATION ASSURANCE TENENTS C.I.A. TRIAD CONFIDENTIALITY INTEGRITY AVAILABILITY 1 6/2/2008 Access Control Credentials Credentials – Something you have – Something you are – Something you know Something You Have Convert Convert logical security to physical security – – – – One-time pad OneStrip card / smart card Dongle Challenge-Response calculator Challenge- Problems: Problems: Cost & token issuing/handling Advantages: Advantages: Physical presence; hard to hack Smart cards for identification Hard Hard to duplicate If If weak protocol and a lot at stake, fakes WILL appear Use zeroUse of zero-knowledge algorithms – Guarantee valid user but preserves privacy Attacks Attacks on smart cards – Power supply – Chemical stripping – Emissions 2 6/2/2008 Something You Are Biometrics: Biometrics: Measure physical characteristic – – – – – – Face geometry Hand geometry Fingerprint Voiceprint Retinal Scan Signature Advantages: Advantages: Physical presence, not easily lost Disadvantages: Disadvantages: Cost, Security, Variation, Handicaps, Success ratio Something You Know Passwords Passwords DILBERT © United Media, used by permission Password Security Computer Computer to Computer authentication can use large keysets and complex encryption while Human to Computer authentication relies on much easier methods 3 6/2/2008 Password Security • Password security depends on ONLY you knowing the password – Secure selection – Secure handling – Secure storage Passwords • • Account - person using the system Username - Identity of account (public) – limited characters, alphanumeric & special characters – typically related to real name of user (not always), certain names reserved – unique on system – fixed at account creation • Passwords – Verification of identity (private) – Less limited length and characters – Fixed until changed – Non-unique passwords – (both users have bad password) Non- • Many Multi-user Operating Systems have same Multischeme Using Passwords • • System has a hashed/encrypted version of the password stored in a file On login attempt– attempt– – system hashes/encrypts the password typed in by using for example crypt() function in linux – Compares hashed/encrypted value to stored hashed/encrypted value – Idea behind password cracking is to get a copy of the hashed/encrypted passwords and then make guesses, hash/encrypt the guess and compare 12 4 6/2/2008 Sample Passwords Passwords that contain only letters • HIJKLMNO Passwords that contain only numbers • 758904 Passwords that contain only special characters • $@$!() Passwords that contain letters and numbers • ax1500g Sample Passwords Passwords that contain only letters and special characters • m@roon$ Passwords that contain only special characters and numbers • @$47 Passwords that contain letters, special characters, and numbers • E1n@8 Password Storage • “trapdoor encrypted” – scrambled in a way that cannot be unscrambled – scrambling folds password over itself - lost bits – different users with same password won’t have same scrambled password – login scrambles entered password and compares against stored scrambled password – original concept: since only scrambled passwords are available, storage is secure (FALSE!) • longpre:br1eXN8 longpre:br1eXN8N3pyAB 5 6/2/2008 Password Changing When? When? – Forced or voluntary – Regularly or event driven Considerations Considerations – Increase security? Fix Fix a stolen password problem However, However, stolen passwords are often used quickly False False sense of security – Too frequent password changes encourage weak weak passwords written written down passwords Password Security Password Password Limitations and why they are in place – Password Expiration Decreases Decreases the chances of your password being cracked – Complex Passwords Requiring Requiring complexity actually increases the possible character combinations required by brute-force cracking brute- – Password Length Requirements The The longer your password the more possible character combinations are present and the harder it is to crack Password Security Dealing Dealing with Password Limitations – Password lockouts If If a certain number of login attempts fail within a given timeframe the account is automatically locked out for a preset amount of time Using Using this limitation stops brute force authentication attempts – Dictionary Checks Simple Simple checks against common dictionaries are used to increase password complexity 6 6/2/2008 Password Security Are Are Password rules too complex? – With the increase of computer hardware speed and the decrease of computer prices, we can use more advanced methods to keep security high – Post-it Notes PostIs Is your computer in a locked room? Who Who has physical access to your system? A majority of system attacks originate through the majority network. Password Security Suggestions Suggestions for Complex Passwords – Think of a phrase and use the first characters of each word, mixing case and adding numbers and special characters It It is good to change your password every 6 months = Iig2cyPe6m Iig2cyPe6 UI UI vandals are number one = UiVdlsR#1 UiVdlsR#1 – Using a favorite word or phrase and breaking it up with numbers and special characters Happy Hap3py1 Happy = Hap3py1 Motorcycle M0tor6 Motorcycle = M0tor6cyc!e Password storage Password Password files have passwords stored in a hashed or encrypted form Hash Hash algorithm example is message digest 4 (MD4 (MD4) Encrypted Encrypted algorithm example is Data Encryption Standard (DES) When When you use your password, it is hashed or encrypted and then compared to the stored value Crackers Crackers use a downloaded local copy of password file on their own machine 21 7 6/2/2008 Storing Passwords • Systems have a file with all hashed/encrypted passwords – Windows – SAM (Security Accounts Manager) database database – UNIX - /etc/passwd or /etc/shadow • Access to these files can make it easy for a hacker to break in 22 Windows Passwords XP/2003 Hashed & DES Encrypted 14 Character String Stored in S.A.M Database LANMAN enabled by default Provides backward compatibility Converts to UPPERCASE Hashed as two 7 character strings No Encryption Windows Passwords Security Security Accounts Manager (SAM) has two versions for each password LanMan LanMan (LM) password version for backward compatibility with windows workgroups NT NT Hash – cryptographic hash for windows NT/2000 NT/2000 (Uses MD4) MD4 SAM SAM file is in \WINNT\system32\config\ directory WINNT\system32\config\ which is a binary file that is hard to read Back Back up copy stored in \WINNT\repair WINNT\ 24 8 6/2/2008 What is LAN Manager Hash? Example: Let’s say that the password is: 123456qwerty When this password is encrypted with the LM algorithm, it is first converted to all uppercase: 123456QWERTY The password is padded with null (blank) characters to make it 14 characters in length: 123456QWERTY_ Before encrypting this password, 14 character string is split in half: 123456Q and WERTY_ Each string is individually encrypted and the results concatenated: 123456Q = 6BF11E04AFAB197F WERTY_ = F1E9FFDCC75575B15 The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15 Note: The first half of the hash contains alphanumeric characters and it will take 24 hrs to crack by Lophtcrack, and the second half only takes 60 seconds. LM hashes are not salted LM Hash 16-byte LM hash 16-byte NTLM hash (md4) 1st 8 bytes of LM hash 2nd 8 bytes of LM hash from first 7 chars from second 7 chars The first 8 bytes are derived from the first 7 characters of the password and the second 8 bytes are derived from characters 8 through 14 of the password If the password is less than 7 characters, then the second half will always be 0xAAD3B435B51404EE Let's assume, for this example, that the user's password has an LM hash of 0xC23413A8A1E7665f AAD3B435B51404EE LC5 will crack the password as "WELCOME" DISABLING LANMAN FOR 2000 Instructions for Windows 2000 To disable LanMan Support on Windows 2000, follow these clicks: Start -> Settings -> Control Panel -> Administrative Tools -> Local Security Policy Expand the “Local Policies” folder and select “Security Options” beneath it. Double click “LAN Manager Authentication Level”. Change the setting to “Send NTLMv2 response only\refuse LM & NTLM”. To disable NULL Sessions: Still in the “Security Options” folder mentioned above, double click “Additional restrictions for anonymous connections”, and choose ‘No access without explicit anonymous permissions”. To prevent the storage of LanMan hashes within Windows 2000: Open the Registry Editor by clicking Start -> Run -> Type in “regedit” -> OK Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. On the Edit menu, click Add Key, type NoLMHash, and then press ENTER. Restart your computer and change the password for all accounts on the computer. OIT Security, 13 Feb 04, www.security/umn.edu/security 9 6/2/2008 DISABLING LANMAN FOR XP To disable LanMan Support on Windows XP, follow these clicks: Start -> Settings -> Control Panel -> Administrative Tools -> Local Security Policy Expand the “Local Policies” folder and select “Security Options” beneath it. Double click “Network security: LAN Manager authentication level”. Change the setting to “Send NTLMv2 response only\refuse LM & NTLM”. To disable NULL Sessions: Still in the “Security Options” folder, double click “Network access: Do not allow anonymous enumeration of SAM accounts and shares”, and choose ‘Enabled”. “Network access: Do not allow anonymous enumeration of SAM accounts” should also be enabled. To prevent the storage of LanMan hashes within Windows XP: Still in the “Security Options” folder, double click “Network security: Do not store LAN Manager hash value on next password change”, and choose ‘Enabled”. Restart your computer and change the password for all accounts on the computer. OIT Security, 13 Feb 04, www.security/umn.edu/security UNIX/Linux Passwords Standard UNIX Maximum 8 Characters UNIX crack routine (DES Encryption) Two Character “salts” Linux Passwords Can be > 8 Characters Uses MD5 Checksum Algorithm Two Character Salts Salt shmat:fURxfg,4hLBX:14510:30:Vitaly:/u/shmat:/bin/csh /etc/passwd entry salt (chosen randomly when password is first set) Password hash(salt,pwd) Basically, encrypt NULL plaintext – Users with the same password have different entries in the password file – Dictionary attack is still possible! 10 6/2/2008 Advantages of Salting Without Without salt, attacker can pre-compute hashes of preall dictionary words once for all password entries – Same hash function on all UNIX machines – Identical passwords hash to identical values; one table of hash values can be used for all password files With With salt, attacker must compute hashes of all dictionary words once for each possible salt value – With 12-bit random salt, same password can hash to 12212 different hash values – Attacker must try all dictionary words for each salt value in the password file PASSWORD Vulnerabilities Default Default passwords Weak Weak passwords One One Way encryption Never Never Changing & Multi use Passwords 11 6/2/2008 PASSWORD Threats Password Password Cracking Software Fake Fake Login prompt Attacks: Attacks: Storage & Audit Trails Social Social Engineering Eavesdropping/Shoulder Eavesdropping/Shoulder Surfing Password Password Sniffing Types of Password Attacks Four types of password attacks Passive online attacks Active online attacks Offline attacks Non-electronic attacks Passive Online Attack: Wire Sniffing Access and record raw network traffic Wait until authentication sequence Brute force credentials Considerations: • Relatively hard to perpetrate • Usually extremely computationally complex • Tools widely available 12 6/2/2008 Password Sniffing Password guessing is a tough task Why not just sniff credentials off the wire as users log in to a server and then replay them to gain access? If an attacker is able to eavesdrop on NT/2000 logins, then this approach can spare lot of random guesswork Passive Online Attack: Man-inthe- Middle and Replay Attacks Somehow get access to communications channel Wait until authentication sequence Proxy authentication-traffic No need to brute force Considerations: • Relatively hard to perpetrate • Must be trusted by one or both sides • Some tools widely available • Can sometimes be broken by invalidating traffic Active Online Attack: Password Guessing Try different passwords until one works Succeeds with: • Bad passwords • Open authentication points Considerations: • Should take a long time • Requires huge amounts of network bandwidth • Easily detected • Core problem: bad passwords 13 6/2/2008 Guess Password Use Use knowledge of user – System information – Personal information – Occupation information Often Often combined with dictionary attack Countermeasures Countermeasures – Password rules – Other authentication Offline Attacks Time consuming LM Hashes much more vulnerable due to smaller key space and shorter length Web services available Distributed password cracking techniques available Mitigations: • Use good passwords Remove LM Hashes Attacker has password database Password representations must be cryptographically secure Considerations: Moore’s law Offline Attacks Dictionary Attack Try different passwords from a list Succeeds only with poor passwords Considerations: • Very fast • Core problem: bad passwords Hybrid Attack Start with dictionary Insert entropy: • Append a symbol • Append a number Considerations: • Relatively fast • Succeeds when entropy is poorly used 14 6/2/2008 Password Cracking Dictionary Dictionary Attack – Hackers steal a copy of the stored password file – Guess a password (may use a dictionary) – Find hash/encrypted value of the guess – Compare hash to entries from stored file – Continue this until success or out of options for password guesses. Brute Brute Force – Guess every possible combination of characters Hybrid Hybrid – Use dictionary but add characters to dictionary entries 43 Offline Attack: Brute-force Attack Try all possible passwords: • More commonly, try a subset thereof Usually implemented with progressive complexity Typically, LM “hash” is attacked first Considerations: • Very slow • All passwords will eventually be found • Attack against NT hash is MUCH harder than LM hash Offline Attack: Pre-Computed Hashes Generate all possible hashes Compare to database values Storing hashes requires huge storage: • LM “Hashes”: 310 Terabytes (= 0.31 exabytes) • NT Hashes < 15 chars: 5,652,897,009 exabytes Rainbow Tables 15 6/2/2008 Non-Technical Attacks Shoulder surfing • Watching someone type his/her password • Common and successful • Mouthing password while typing • • • • Keyboard sniffing Hardware is cheap and hard to detect Software is cheap and hard to detect Both can be controlled remotely Social engineering Cracking Passwords Passwords Passwords that can be guessed easily are a problem Lots Lots of tools available to figure out passwords L0phtcrack windows password cracker “John “John the Ripper” Unix password cracker 47 47 PASSWORD CRACKING Password Password Length Numeric only Alphabetic upperuppercase only AlphaAlpha-numeric Upper and lower AlphaAlpha-numeric + Special Chars. 4 .001 sec .046 sec 1.48 sec 8.49 sec 6 .1 sec 30.9 sec 94.7 min 21.7 hrs 7 1 sec 13.4 min 4.08 days 87 days 8 10 sec 5.80 hrs 253 days 22.9 yrs 10 16.7 min 163 days 26.6 centuries 2110 centuries 12 27.8 hrs 303 yrs 102k centuries 19.5m centuries Note: Table based on being able to generate 10 million cracks per second. Probability = Lifetime * Rate of Login attempts/Size of password (P = LR/S) 16 6/2/2008 Isn’t password cracking bad? Yes, Yes, when the bad guys do it. When When the good guys do it, it’s password auditing. auditing. It’s It’s best practice to do periodic password audits. Why are audits good? They They help to gauge the vulnerability of user accounts. The The more passwords you can discover, the less secure your accounts. They They also reveal the weak links in your accounts. Password retrieval on Windows • • • Sniff the network for passwords being transmitted From Administrator’s emergency repair disk From back-up directory back- 51 17 6/2/2008 PWdump2 and Pwdump3 pwdump2 decrypts a password or password file. It uses an algorithmic approach as well as brute forcing pwdump3 is a Windows NT/2000 remote password hash grabber. Use of this program requires administrative privileges on the remote system Password Cracking on Windows • L0phtCrack – lc5 (Windows) lc5 – Available at www.@stake.com/research/lc/ – Password Auditing and Recovery Application – Default English dictionary 50,000 words 50, – Does “hybrid” attacks – Works on weaker LanMan (LM) as well as NT hashes – Can sniff a network for LanMan hashed passwords – Can download from a local machine or remote computer the hashed password file 53 53 L0phtCrack (lc5) • Some statistics (from the website) – L0phtCrack obtained 18% of the passwords in 18% 10 minutes – 90% of the passwords were recovered within 90% 48 hours on a Pentium II/300 II/300 – The Administrator and most Domain Admin passwords were cracked 54 18 6/2/2008 55 Password Cracking on UNIX John the Ripper Available at http://www.openwall.com/john/ http://www.openwall.com/john/ Supports six hashing schemes including XP Old Unix used /etc/passwd to store passwords Password is stored after cryptographically altered Various algorithms (hash/encrypted) used by various Unix platforms /etc/password is readable by everyone Some Unix store in a shadow password file thus /etc/passwd does not contain the passwords since they are instead in /etc/shadow or /etc/secure, only root can access these files 56 If shadow file used, must have root to copy • • • • • • • • • Password retrieval on Linux • • • • List of login names and usernames in /etc/passwd List of encrypted passwords in /etc/shadow Only /etc/shadow is enough to crack the passwords. Having both files makes it easier 57 19 6/2/2008 John the Ripper A popular open source password popular cracker. Ported Ported to several platforms. Understands Understands common password hashes. (DES, MD5, LM, etc) MD5 Fast. Fast. Free Free – www.openwall.com John’s modes of operation Single Single crack External External Incremental Incremental – Brute force attack Wordlist Wordlist – Dictionary attack Brute force is problematic For For a password of exactly eight characters – 6,634,204,312,890,625 possible passwords, assuming 95 printable characters Assuming Assuming 5000 attempts per second, – Total time: 42,000 years Thorough, Thorough, not fast. 20 6/2/2008 Dictionaries are better A good-sized dictionary has about 3 goodmillion entries. Assuming Assuming 5000 attempts per second – Total time: 10 minutes (vs. 42,000 42, years) Fast, Fast, not very thorough. There is a compromise Word Word variation splits the difference It’s It’s a compromise between speed and thoroughness Word variation is best Users Users routinely create “unguessable” passwords in guessable ways: – reversing words – concatenating phrases – inserting symbols – transliterating characters – 3lit3 spe@k lit3 – etc. Word Word variation attempts to model these strategies. 21 6/2/2008 Wordlist mode = dictionary + rules John John attempts to find matches based on a supporting dictionary. It It also attempts variations on words. The The variations are generated based on a set of rules. John’s rules Rules Rules tell John what variations to attempt Examples: Examples: – Uppercase – Reversed – Vowels removed – Numbers appended Variation examples Root Root word: Variations: Variations: format – FORMAT – tamrof – frmt – FoRmAt – format53 – f0rm@t 22 6/2/2008 Rule examples Variations: Variations: – – – – – – FORMAT tamrof frmt FoRmAt format53 format53 f0rm@t Rules: Rules: – – – – – – u r @?v T0T2T4 $5$3 so0sa@ Good news: rules are cheap Time Time to generate words increases linearly with the addition of new rules. – Wordlist only: 60 minutes – Wordlist + 10 rules: 600 minutes John the Ripper • • • Combine information from /etc/passwd and /etc/shadow into one file Use this file as input for John the Ripper John can create guesses by – Using built-in dictionary built– Using account information – Using brute-force guessing algorithm brute69 23 6/2/2008 John the Ripper • • • • Scrambling used for each guess When a password is cracked, result displayed on screen During execution of this tool, hitting any key will give current guess and status Password complexity determines time needed for cracking them 70 Defenses against Password Cracking • • • • • • • Select good passwords (not dictionary based) Change regularly Use tools to prevent easy passwords Use password cracking tests against own systems Protect system back ups that have password files Unix: activate password shadowing Windows: disable weaker LM authentication if no windows 95/98 machines on network 95/ 71 PASSWORD “DO” GUIDELINES Use a mixture of characters: UPPER CASE lower case Numbers Special Characters Use Wordless Passwords Phraseology Keep you password SECRET Equate Password Maintenance to data importance (Policy) 24 6/2/2008 PASSWORD “DON’T” Guidelines Don’t use account\user IDs Don’t a dictionary word or proper noun Don’t use words with number prefixes or suffixes Don’t use obvious sequence patterns – keyboard rows, phrases Don’t reuse passwords Don’t use the same passwords for different systems Don’t write down your passwords Don’t share your passwords PASSWORD MITIGATION STRATEGIES Policy Policy – – – – Signed by users for accountability Use good passwords Frequency of Change Account Lockout Protect Protect syslogs & event logs Protect oneProtect one-way hashes Test Test Strength of Passwords – LC5, John the Ripper, Cain, PWLCrack, Enum, LC5 Brutus, Lopht Crack Another TEN COMMANDMENTS 1. Thou shall not buy merchandise found in pop-up ads or spam. 2. Thou shall not post thy email address, phone number, address or social security number to the internet, nor shall thou post anyone else's. 3. Thou shall not forget to update thy Windows every second Tuesday. 4. Thou shall not connect to the internet without installing an antivirus, nor shall thou begin a scan without checking for updates. 5. Thou shall not connect to the internet without installing a firewall. 6. Thou shall not covet thy neighbor's credit card number, nor his bank routing number, nor his social security number. 7. Thou shall not enter thy credit card number without seeing the tiny padlock icon on thy status bar. 8. Thou shall not reply to the email from the Nigerian banker. 9. Thou shall not forward chain letters to thy friends and family. 10. Thou shall not use "password" as thy password, nor thy birthday, nor thy children's names. 25 6/2/2008 Password Security Passwords Passwords are like Underwear! – Don’t leave yours lying around – Don’t Share them with friends – The longer the better (cold weather) – Change yours often – Be mysterious 26 ...
View Full Document

Ask a homework question - tutors are online