|
Authentication Security Attack & Defenses |
| Attack | Security Problem | Prevalence | Defense |
| Keystroke confusion A bug found in the timesharing software allowed a peculiar sequence of characters to skip password checking |
Masquerade as someone else | Obsolete | Good software design Design software in an organized way to reuse existing functions; keep procedures simple and comprehensible |
| Password file theft Weak protection of password file allowed its contents to be stolen |
Recover all other user's password | Obsolete | Password file theft Store passwords in a one-way hashed format. Avoid storing or handling the password in its readable, unhashed form. Change password |
| Trojan Horse Attacker writes a program that gets used by the victim. Unknown to the victim, the program copies or modifies the victim's data. A common form of virus. |
Recover hidden information, like a password file or personal information | Common, Sophisticated, or innovative | Virus Scanning Software Keep the detection software up to date to detect the newest viruses.
Education of Users |
| On-line password guessing Interactive trial-and-error attack to try to guess a user's password |
Recover a user's password | Trivial | Password
Audit Trail Keep an audit trail of all attempts to log on, and use the trail to detect password guessing attacks. Limit Password Attempts |
| Password Audit Review Review audit records of a user's mistakes while logging on to make guesses of the user's password. |
Recover a user's password | Common | Limit Password Attempts Track the number of incorrect attempts, and respond to excessive guesses as indicating an attack. |
| Helpful Disclosure Attacker convinces a victim to reveal a password in support of an apparently important task |
Recover a user's password | Trivial | Password Change Policy Establish a policy to change user passwords frequently, and only change the password under verified administrator approval. Password
Nondisclosure Policy |
| Bogus password change Attacker convinces victims to change their passwords to a word selected by the attacker |
Recover a user's password | Trivial | Same as above. |
| Rubber Hose Disclosure Attacker uses threats or physical coercion to recover secret information from the victim. |
Recover hidden information, like a user's password | Trivial | Duress Signal Establish a procedure for users to secretly signal that the login process is taking place under duress. Honey
Pot |
| Shoulder Surfing Attacker watches a user type his password, then uses it himself. |
Recover a user's password | Trivial | Password Blinding Do not print or display the keys typed when the user types a password.
Education of Users |
| Key-stroke Sniffing Software watches keystrokes transmitted from the user to the system for typed-in user names and passwords, saves for later use |
Recover a user's password | Common | Memory Protection Use the CPU's memory protection feature to protect the keyboard input buffer from reading by any software except the OS. Encrypt
Transmitted Passwords Encryption
Incorporates Nonce |
| Trojan Login Run a program that mimics the standard login program, but collects user names and passwords when people try to log on. |
Recover a user's password | Common | Secure attention System assigns a special keystroke to security-related user requests like logging on. |
| van Eck Radiation Use a device to intercept van Eck radiation from the victim's video monitor, and retrieve any secrets the victim displays |
Recover hidden information, like a user's password | Physical | Safe Rooms Use of metallic shielding block the EMR from emanating out of the room or by grounding the signals so that they cannot be intercepted.
New Products |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Off-line Password Search Trial-and-error attack that generates a legal password, hashes it, and compares it against the hash of the victim's password |
Recover a user's password | Physical, Sophisticated |
Force lengthy trials Nonstandard algorithms Increase base secret's entropy Shadow password file
|
| Structured Password Search Ordered trial-and-error search that tries short, lowercase passwords, then capitalized ones, then longer ones, etc. |
Recover a user's password
|
Common | Same as above |
| Weak Encryption Procedure Find or build a procedure that uses a shortcut to crack a weak encryption procedure. |
Recover hidden information | Common, Sophisticated | N/A |
| Precompiled Dictionary Attack Compute hashes for all words in a dictionary. Search the password file for hashes that match any in the dictionary list. |
Recover a user's password | Common
|
Salted password entries Add salt (random data) to each password during hashing and save the salt value in the corresponding password entry. Force good password selection |
| Back Door Execute "secret" command in the server that permits remote command execution. |
Bypass host security and run selected programs |
Trivial
|
Eliminate back doors Disable known back doors, and avoid products with back doors that can't be disabled |
| Buffer Over-run Exploit a bug in an existing server to trick it into executing some downloaded code |
Bypass host security and run selected programs | Common, Sophisticated | Service firewalling Block network services so that outsiders can only reach those that are essential to provide Server encapsulation
|
|
Mutual Trust Attack After penetrating the first host, find another host that trusts it and allows unauthenticated access by the first host's users |
Masquerade as someone else |
Trivial
|
Service firewalling Block network services so that outsiders can only reach those that are essential to provide |
| Dynamic Dictionary Attack Trial-and-error attack that chooses a dictionary word, hashes it with the salt of the targeted victim's password, and compares the result with the victim's password has |
Recover a user's password | Common | Increase base secret's entropy Implement procedures to help maximize the amount of entropy in base secrets used for authentication. Examples: make the base secret larger, establish rules to discourage the choice of secrets from low entropy categories (passwords from dictionaries. Shadow password file Force good password selection |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Abuse by Insider Authorized user uses privileges to access unauthorized resources
|
Bypass host security and run selected programs | Common | Separation of duty Divide critical activities into two or more steps that cannot be performed by a single person Least privilege Log all critical events |
| Abuse by Administrator Administrator uses privileges to perform unauthorized activities |
Bypass host security and run selected programs | Common | Same as above |
| Divided Loyalty Administrator uses privileges to optimize other business duties, to the detriment of overall system operation. |
Bypass host security and run selected programs | Trivial | Log all critical events Ensure that all business application programs and systems software will write entries to the audit log whenever a critical activity takes place that identify the person performing the activity |
| Account Abuse Attacker exploits the lack of password protection on the victim's account |
Masquerade as legitimate user | Trivial | Default passwords Define a default password for all accounts to reduce the risk of outsiders stealing or abusing accounts Enrollment in person Assign initial secret |
| Account Theft Attacker defines a new password for an account that the legitimate owner doesn't know |
Masquerade as legitimate user | Trivial | Same as above |
| Default Password Attacker uses a well-known default password to gain access to an account |
Masquerade as legitimate user | Trivial | Enrollment in person Require new users to enroll in person and provide their distinguishing characteristics directly to the authentication system. Assign initial secret |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| OS substitution Boot a different OS on the workstation that ignores access restrictions instead of the OS installed on the hard disk. Use this OS to access protected files |
Recover or modify hidden information | Physical | BIOS password Requires a password to change the disk drive from which the workstation boots its OS Lock up workstations |
| Default password guessing Perform trial-and-error guessing based on a list of the passwords usually installed by the vendor during manufacturer |
Recover a user's password | Trivial | Reset vendor password Change the initial password installed in the system during its manufacture to a hard-to-guess password |
| Erase the password Either run software that erases the password memory or interrupt the power supply that maintains password memory |
Recover a device's password | Common or Physical | Lock up workstations Install workstations in areas that limit access to a very small number of people including the people authorized to use those workstations |
| I/O bus Connect the workstation's hard drive to a different system that can copy its contents for later analysis |
Recover hidden information | Physical | Special computer enclosures Install the computer inside a tamper-resistant enclosure so that attackers can't easily open the case and attack the peripherals Seals Integrated circuit Lock up workstations |
| Token hardware penetration Remove encapsulation from the token module and probe its electronics to extract secret data |
Recover hidden information, like a base secret | Sophisticated or Innovative | Lock up workstations Install workstations in areas that limit access to a very small number of people including the people authorized to use those workstations |
| Non-destructive analysis Measure variations in the token's power consumption or the timing of cryptographic functions in order to deduce the base secret |
Recover hidden information, like a base secret | Innovative | N/A |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Retrieve original plain text Retrieves the plaintext file used to produce an encrypted file |
Recover hidden information | Trivial | Overwrite original plaintext Write other data over the data in the plaintext file that is to be protected by encryption |
| Magnetic data retrieval Uses laboratory techniques to retrieve overwritten data from a magnetic surface |
Recover hidden information | Sophisticated | Three-step overwriting Use a three-step process to overwrite the data in a plaintext file to make it harder to recover |
| Disk scavenging Uses "undelete" software or browser to locate sensitive data in plaintext form |
Recover hidden information | Trivial | Volume encryption Encrypts all information on a disk volume so that nothing is left in plaintext |
| Home grown encryption
algorithm Find and exploit a weakness in the encryption algorithm to decrypt the data in a practical amount of time |
Recover hidden information | Sophisticated | Open review of encryption
algorithms Use encryption algorithms whose capabilities have been thoroughly analyzed and discussed by the open cryptography community |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Forgotten password Not really an attack, but has the effect of one |
Denial of service | Trivial | Written password Write down a copy of the secret password and store it in a safe place |
| Mouse pad search Attacker searches the vicinity of workstations for passwords written down on paper |
Masquerade as someone else | Trivial | N/A |
| Multiple password
exploitation Attacker finds victim's password from one system, uses same password on others |
Masquerade as someone else | Trivial | Password risk grouping Share a password among sites if sites' usage carries similar risks Forward secrecy |
| Transitive delegation A shared password is inappropriately shared with someone who uses it in an attack |
Masquerade as someone else | Trivial | N/A |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Forged biometric
trait Attacker makes a copy of the user's physical trait and presents the copy to the biometric sensor |
Masquerade as someone else | Physical | Detailed sensing Collect additional biometric measurements from the person since a simple copy of the biometric will not have all of the properties of a live person Varied behavior |
| Replay user
behavior Attacker records the user's behavioral trait and replays it for the biometric sensor |
Masquerade as someone else | Physical | Varied behavior The system requests a different action from the person for each authentication attempt so that a simple recording and replay won't be accepted |
| Biometric
interception Attacker sniffs a victim's biometric sensor reading or signature while being transmitted between devices, invading the user's privacy |
Masquerade as someone else | Common | Biometric data
encryption Encrypt biometric data when it is transmitted between different devices |
| Biometric
signature replay Attacker replays a biometric sensor reading or signature so that it is treated as having been collected from the actual person |
Masquerade as someone else | Common | Biometric
signature authentication Apply authentication measures to biometric data to ensure that it came from a trustworthy source |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley
|
| Attack | Security Problem | Prevalence | Defense |
| Wardialing Software uses an autodial modem to test all phone numbers within a chosen range to locate modem connection |
Recover hidden information (telephone numbers) | Common | Dial-back modem Special device that establishes a remote connection by calling the remote user back with a preestablished phone number Caller ID |
| Dial-back back door Attacker uses built-in back door to bypass the dialback |
Masquerade as a different host computer | Physical | Caller ID Use the "Caller ID" feature of modern phone systems to determine if an incoming connection comes from an authorized location |
| Phone line redirection Attacker uses special knowledge to penetrate the carrier's telephone switch, and redirects the line from within the switching system itself
|
Masquerade as a different host computer | Sophisticated | Message authentication Use a cryptographic protocol like IPSEC's authentication mechanism to validate the source address and contents of messages exchanged on an untrustworthy network. Secure RPC |
| Packet address forgery Construct a message with the forged address instead of the correct one |
Masquerade as a different host computer | Common | TCP synchronization TCP uses a three-way handshake to establish a connection, and the handshake won't generally work unless both hosts successfully exchange the three messages Site forgery filtering Message authentication Secure RPC GPS location authentication |
| IP address theft Attacker takes over the victim's IP address and masquerades as the victim's host |
Masquerade as a different host computer | Common | GPS location authentication Transmit mingled GPS signals to authenticate one' location at a given moment in time |
| TCP splicing Intercept an authenticated TCP connection and redirect it to talk to the attacker's session |
Masquerade as someone else | Common or Sophisticated | Message authentication Use a cryptographic protocol like IPSEC's authentication mechanism to validate the source address and contents of messages exchanged on an untrustworthy network. Secure RPC |
| SYN flooding Send messages to start opening different connections but don't complete the process |
Denial of service | Common | Connection resource
management Manage TCP connection resources so that service is still provided even in the face of a SYN flood |
| Distributed denial of service Penetrate multiple hosts and use them to transmit a flood of traffic at the victim host |
Denial of service | Common | Site forgery filtering Discard all messages that obviously contain forged addresses. Examine messages entering a site and discard any containing a source address belonging to the receiving site. Examine messages leaving the site and discard any containing a source address that doesn't belong to that site. Message authentication |
| IP spoofing Trick the receiving host into believing the incoming message comes from a trusted host |
Masquerade as a different host computer | Common | Site forgery filtering Discard all messages that obviously contain forged addresses. Examine messages entering a site and discard any containing a source address belonging to the receiving site. Examine messages leaving the site and discard any containing a source address that doesn't belong to that site. Message authentication Secure RPC Random TCP sequencing |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Network password sniffing Monitor traffic on a network link, intercept any plaintext passwords seen, and exploit them |
Masquerade as someone else | Common | Encoded password Encrypt or hash a password when it must traverse a public or other untrustworthy network One-time password token |
| Exploit password equivalent Intercept a hashed or otherwise encoded password and use in forged network messages where hashed, not typed, passwords are expected |
Masquerade as someone else | Common | One-time password token Generates a new password for each attempt to log on. An attacker cannot log on by trying to intercept and reuse a password, since passwords only work once. |
| Interception and replay Intercept a one-time password and replay it while blocking the legitimate user from successfully logging on |
Masquerade as someone else | Sophisticated | challenge-response one-time
passwords Use challenge-response one-time passwords instead of synchronous one-time passwords |
| IP hijacking Intercept an established connection and reattach it to a program controlled by the attacker |
Masquerade as someone else | Common or Sophisticated | Check the host OS integrity Check the software components of the host OS to see if they have been modified to insert subverted software |
| Token theft Steal the token belonging to an authorized user |
Masquerade as someone else | Physical | PINs on tokens Require the owner to enter a PIN before the token will generate a valid one-time password |
| PIN guessing Steal a token and manually try every possible value for the token's PIN |
Masquerade as someone else | Trivial | Lock-up after incorrect PINs
entered Disable the token after the user enters too many incorrect PINs, so that attackers can't find the PIN through exhaustive trial and error Increasing delay for incorrect PINs PIN forms part of the token's base
secret |
| Extract PIN from software
token Copy the victim's software token, analyze its contents to identify the encoded PIN, do brute force attack to determine the PIN value, then use it with the software token. |
Masquerade as someone else | Sophisticated | PIN forms part of the token's
base secret Incorporate the PIN into the base secret so that the token will not contain the correct base secret unless the correct PIN is entered. Do not detect the wrong PIN at the token |
| Test PIN against intercepted
passwords Intercept several of the victim's one-time passwords, copy the victim's software token, extract the partial base secret encoded with the PIN, do brute force analysis to find a PIN that matches the generated passwords, then use the PIN |
Masquerade as someone else | Sophisticated | One-time password token Generates a new password for each attempt to log on. An attacker cannot log on by trying to intercept and reuse a password, since passwords only work once.
|
| Subverted token administrator Trusted person who programs tokens also programs extra tokens used for penetrating legitimate accounts |
Masquerade as someone else | Trivial | Separation of duty in token
programming procedure Require the participation of two or more people in the process of programming and enabling tokens for authentication |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Trial-and-error attack on
X9.9 Intercept several one-time passwords from an X9.9 user, crack the base secret using a DES cracker |
Masquerade as someone else | Physical and Sophisticated | Use longer cryptographic keys Replace existing technical measures with mechanism that use longer cryptographic keys so that they better resist trial-and0error attacks |
| Crack passwords in sections Cracks the password in independent parts, so attack is linear by parts instead of geometric |
Recover a user's password | Common | Interdependent hash
computation Every part of the password hash value depends on the value of every part of the password. There is no way to crack part of the password |
| Force use of plaintext
password Forces server to ask the user for a plaintext password so that it can be sniffed on the network |
Recover a user's password | Common | Disable weaker authentication Configure the system to forbid the use of weaker mechanisms provided for backward compatibility |
| Logged in hash substitution Embed a stolen hash in the SAM database and subvert NT so that the user appears logged in |
Masquerade as someone else | Sophisticated | N/A |
| Use LAN-MAIN hash to crack NT
hash Use password cracking software that exploits weaknesses of LAN-MAN hash to crack NT hashes |
Recover a user's password | Common | Database encryption Encrypt the entire password database so that attackers cannot attack the hashes |
| Copy hashes from NT recovery
files Extract password hashes from the NT recovery disk files and use a cracking program on them |
Recover a user's password | Trivial | Same as above |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Forge access acceptance Forge a message that accepts a bogus access request, masquerading as the authentication server |
Masquerade as someone else | Sophisticated | Keyed hash incorporating
nonce Include a nonce when sending a message that needs a reply. After constructing the reply, computer a hash that combines the reply's text, the shared secret, and the nonce from the original message Encrypted connection |
| Convert reject into
acceptance Modify an access-rejection message from the authentication server to say access-accept |
Masquerade as someone else | Sophisticated | Keyed hash incorporating
nonce Include a nonce when sending a message that needs a reply. After constructing the reply, computer a hash that combines the reply's text, the shared secret, and the nonce from the original message |
| Replay attack Retrasmit a legitimate message to trick an agent into repeating its previous response |
Forge a message | Sophisticated | Nonce in messages Requests contain a random nonce, and legitimate messages incorporate the nonce into the response in a hard-to-forge way Encryption incorporates nonce Keyed hash incorporating nonce Sequence numbers for anti-replay |
| Rewrite attack Modify an encrypted message to approve an authentication query sent to a domain controller |
Forge a message | Sophisticated | Keyed hash incorporating
nonce Include a nonce when sending a message that needs a reply. After constructing the reply, computer a hash that combines the reply's text, the shared secret, and the nonce from the original message |
| Duplicated streamcipher
key-stream Combine the encrypted data streams that used the some key and decode the result |
Recover hidden information | Sophisticated | Generate unique encryption
keys Incorporate predefined constraints into the key-generation process to yield different secret keys for different purposes from the same initial secrets and nonces |
| Find keys in high entropy
regions Use entropy-measuring techniques to look for likely places in a computer where base secrets have been stored |
Recover hidden information, like base secrets | Sophisticated | Steganography for keys Encode random secrets so that there are no concentrated storage areas with high entropy |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| KDC request spoof Attacker intercepts a client's KDC request and returns a different set of shared keys whose value is known by the attacker |
Recover or modify hidden information | Common | Nonce shared with KDC A nonce is included in requests sent to the KDC and included in responses |
| Rekey replay Attacker sends an earlier ticket to a server and then replays messages sent earlier by the client encrypted with that key |
Masquerade as someone else | Common | Challenge response by server
in KDC protocol Server sends a use a challenge, which requires a response that depends on the user's encrypting data with the session key |
| Off-line cracking and replay Attacker cracks a session key off-line and uses this knowledge to reuse that key's ticket |
Masquerade as someone else | Common | Time stamps in KDC protocol KDC messages include time-of-day information to detect attempts to reuse tickets later |
| Off-line master key crocking Attacker requests tickets in the victim's name and uses them to brute force crack the victim's master key |
Masquerade as someone else | Sophisticated | KDC preauthentication User must provide personal authentication information when requesting a TGT |
| Forged time change Attacker sends forged time of day messages to a sever so that expired tickets are valid |
Masquerade as someone else | Sophisticated | Authenticated time messages Messages that change a server's time of day must be authenticated |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Shared key misuse for forgery Secret key that was shared with a trusted party is used to forge a message |
Masquerade as someone else | Trivial | Public key encryption Use public key encryption that anyone can verify and associate with the owner of a specific private key |
| Factoring an RSA key Factor the RSA composite and deduce the private key |
Recover hidden information (RSA key) | Sophisticated | Significantly larger RSA key
sizes Generates RSA keys containing thousands of bits; certainly more than 1000 bits |
| Chosen message attack Construct a message with a special mathematical structure. Victim signs it, and result can be transformed into one for a different message |
Recover hidden information (RSA key) | Common | Hashed digital signature Construct digital signatures by encrypting the result of a one-way hash. |
| Duress logon with private key Attacker forces the owner of a private key to log on, then uses the established session. |
Masquerade as someone else | Physical and Sophisticated | Duress signature Construct a special form digital signature indicating that user is under duress |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| Public key forgery If a recipient accepts an unauthenticated public key, the attacker simply substitutes his own key for the right one. |
Recover or modify hidden information | Trivial | Public key certificates Publish the assignment of a given public key to a given owner, and sign this publication with a trustworthy digital signature |
| Man in the middle Attacker substitutes own public key for another, and reencrypts messages between two entities. |
Recover or modify hidden information | Sophisticated | Public key certificates Publish the assignment of a given public key to a given owner, and sign this publication with a trustworthy digital signature |
| Bogus name on certificate Attacker puts the victim's name on the application for a public key certificate |
Masquerade as someone else | Trivial | Key ownership requirement Issue certificates only to the person who owns the requested name |
| Substitute certificate Attacker uses a legitimate certificate to implement SSL on a bogus site that is masquerading as a different site. |
Masquerade as someone else | Trivial | Validate certificate's host
name Compare the name on the certificate against the name of the host computer on the SSL connection |
| Bogus certificate authority Attacker uses a bogus certificate authority to create bogus certificates, and induces browsers to accept his authority key |
Masquerade as someone else | Common | N/A |
| Exploit private key Attacker relies on off-line authentication to exploit a stolen private key |
Masquerade as someone else | Software | Certificate revocation list Issue a periodic list of all certificates that have been revoked On-line certificate revocation Timely certification |
|
Source "Authentication, from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
| Attack | Security Problem | Prevalence | Defense |
| PGP passphrase
cracking Attacker uses a cracking program designed to attack PGP passphrases |
Masquerade as someone else | Common | Private key on
smart card Store the private key on a smart card instead of in an encrypted file |
| Sniff a private
key Attacker inserts a sniffer program in the victim's system and sniffs the private key while in use |
Masquerade as someone else | Common | Public key crypto
functions on smart card Store the private key on a smart card that provides crypto functions so that the private key never needs to leave the card |
| Steal a private
key backup Attacker steals a copy of the private key stored on a back-up diskette or other device |
Masquerade as someone else | Physical | Private key
created on smart card Generate the private key on the smart card so that the key never exists outside of the smart card |
|
Source "Authentication,
from Passwords to Public keys" by Richard E Smith, Addison Wesley |
|
|
