CS3760 Part 03: Identity verification

1
CS3760 Part 03Identity verification

• Eimear Gallery
• e.m.gallery_at_rhul.ac.uk

2
Outline

• The subject is divided into the following two
  topics
• Identification by something known or possessed
• Passwords and user tokens
• Identification some personal characteristic
• Biometrics

3
Introductory remarks

• Need for identity verification
• computer access,
• entry to secure areas,
• financial security (e.g. ATMs, e-commerce).
• Note difference between identification
  information (unique name) and information to
  verify a claimed identity.

4
Classification

• Classification of identity verification methods
  into four types
• by something known,
• by something possessed,
• by physical characteristic,
• by result of involuntary action.
• We consider first two and last two together.

5
3.1 Verification by something known or possessed

• E.g. passwords (human/human or human/computer),
  PINs.
• Obvious security procedures
• accountability,
• do not write passwords down,
• make them hard to guess.
• Alternative one-time passwords.

6
Password storage

• How should lists of passwords be stored?
• If unencrypted then readable by systems staff.
• Usual solution - hide them using a one-way
  function (easy to compute, difficult to invert).
• Check password by applying function and comparing
  with list entry.

7
Unix password protection

• Unix uses a one-way function to protect its
  password list.
• Two extra features
• slow encryption (25 iterations of DES),
• password salting.
• Salting makes pre-encrypted dictionary attack
  difficult and prevents entire list being attacked
  simultaneously.

8
Unix problems

• Slow encryption not very slow any more!
• Cheap data storage makes pre-encrypted dictionary
  attacks possible.
• Public domain packages exist which can be run
  against password files (they are very
  effective!).
• Hence passwords must not be guessable.

9
Transmission of passwords

• If passwords sent across insecure channel then
  they are vulnerable to interception.
• Simple encipherment is no help.
• One solution is to use a challenge-response
  process.

10
Challenge-response
Login? User name
Challenge random value R
User
Host
Response f(R,P)
11
Properties

• User and system must know password P.
• One-way function f must have property that
  f(R,P), R and f do not reveal P.
• Insecure if not enough passwords.
• Users must have means to compute f reasonably
  quickly.

12
Tokens

• Idea well-established
• keys for doors, cabinets, cars, ...
• magnetic stripe cards - used for ATMs, access
  control to secure sites, ...
• Problems with copying.

13
Magnetic stripe cards

• Very widely used. ISO 7810 specifies card
  dimensions and magnetic stripe format.
• User ID on magnetic stripe.
• Usually used with PIN.
• Off-line systems - PIN check data on card. N.b.
  PIN check data must be salted.
• On-line systems - PINs verified centrally.

14
Layout of magnetic stripe card
15
Using magnetic stripe cards

• Problems arise because of easy forging/copying.
• Hologram (on card) added to prevent changing
  embossed data.
• Many schemes devised to make forging/copying
  difficult.

16
Smart cards (IC cards) I

• Contain micro-processor, RAM and ROM.
• More memory than magnetic stripe cards.
• Communicate with reader via plated areas on card
  (positions/protocols standardised in ISO/IEC
  7816, a multi-part standard).
• Copying much more difficult.
• 1st generation cards had primitive processors and
  limited memory (8 kbytes).

17
Smart cards II

• 2nd generation IC cards - more powerful
  processors and more memory.
• If IC card contains cryptographic function, can
  then be used in an identification process (e.g.
  challenge-response).
• Typically they also require PIN entry.
• Increasing range of applications.

18
Smart card applications

• In some countries (e.g. France) smart cards
  routinely used for credit card transactions.
• In UK, are being piloted for debit/credit.
• Used widely in GSM mobile telephones to store
  user identity and user secret keys.
• Electronic money smart cards.
• IC cards now able to perform digital signatures
  using RSA.

19
Hand-held ID devices

• Alternatives to smart cards for ID verification
  include calculator-like devices with
• key-pad and display,
• key/password storage,
• cryptographic calculation facility.
• Can be used with standard work-stations (no card
  reader required).

20
Watchword

• Example of hand-held device.
• Device contains user key, user PIN and one-way
  function f.

21
Watchword protocol
(1) Challenge R
(2) R user PIN
Communications via hand-held keyboard/display
Communications via workstation keyboard/display
Host
Hand-held device
User
(3) f(K,R,PIN)
(4) f(K,R,PIN)
22
Safe 200

• Another device of Watchword type.
• Not challenge-response but generates a new
  5-digit password for every identification.
• One-time password called a Session PIN (SPIN) - a
  one-way function of a secret register value
  updated for every SPIN generation.
• Any of 3 successive SPINs accepted.

23
Safe 200 system
S200 user device
PIN
5-digit SPIN
1-way function
User
Host
20 decimal digits
20-digit register
update
1-way function
24
S/KEY

• S/KEY is a public domain one-time password scheme
  (Internet RFC 1760).
• Based on repeated application of a one-way
  function of a secret key.
• First apply one-way function N times to secret
  key (to get 1st password), then apply N-1 times
  (to get 2nd password), and so on - giving N
  one-time passwords.

25
S/KEY system
Challenge, N
User
Host
Response, fN(s)
26
Time-based 1-time passwords

• Another well-established idea is to use a clock
  to generate one-time passwords (also using a
  secret key).
• At regular intervals, the clock value and secret
  key are input to a one-way function to generate a
  one-time password.
• The host will accept one password either side
  of the current one.

27
Time-based system
user device
PIN
one-time password
1-way function
Host
User
time-stamp
clock