Sunday, July 21, 2019

Password Management System Advantages and Disadvantages

Password Management System Advantages and Disadvantages Project Aim: Passwords management is an important aspect of computer security, it’s the front line of protection for user terminals and it is by far the most common user authentication method within the largest multinational organizations. A poorly chosen password will increase the probability for an information system to be compromised. As such, all organization employees are responsible for taking the appropriate steps, to select good password security policies. Does that happen in reality? No, that’s why software password generators are activated to handle password management problems and enforce password management policies requested from the organization in order to comply with national standards, and undertake problems of selecting strong passwords. So the aim of this project is to analyze and test a standard password generator system and propose a technique for helping people to remember strong passwords easily. Project Objectives: According to the above facts the objectives that must be undertaken and strongly research in this Bachelor project report are the following: Identify the importance of passwords as it concerns the advantages and disadvantages in their daily use in home and corporate environments. Identify the weaknesses raised from these poorly chosen passwords and describe the modern attacking techniques against these passwords. Besides propose possible countermeasures to address and eliminate these attacks. Examine the characteristics of an effective password policy which can be applied in a corporate environment in order to establish and manage the appropriate defenses to eliminate the dangerous posed by insecure passwords systems. Conduct a critical analysis of different techniques used to facilitate users to remember strong passwords easily. Propose a mnemonic system which is based on users’ favorite passphrases. Analyze the operating principles of the Password Mnemonic System (PA.ME.SYS) and the processes that it enforces in order to produce â€Å"safe passwords†. Test this password generator system (PA.ME.SYS) for the strength of all passwords it generates. In order to achieve the above purposes of this project a series of logical steps were taken: In order to achieve the first and second objective of this project, a survey was conducted in the Internet, in books and in the Web application design 1 and Web application design 2 lecture notes. This survey was concerned with the importance of passwords in an organization’s security framework, the reasons they are widely used in today’s businesses and the catastrophic consequences posed by the exposure of insecure passwords to unauthorized people. Another survey in books and in the Internet was necessary to identify the weaknesses raised from these poorly chosen passwords, the attacks which are forced by modern attackers to gain unauthorized access to users passwords and the possible defense mechanisms used to address and eliminate such attacks. For the third objective of this report, a survey was conducted in the Internet and in books. The aim of this survey was to find and understand different password policies which can be applied in an organization’s global security policy to establish and manage the defenses used to eliminate the dangerous posed by insecure passwords. A university password policy analyzed for the rules they apply in order to define the secure creation and storage of strong passwords. In addition the relationship between the users and the password policies was examined together with the risks that businesses face due to the implementation of inadequate password policies. For the fourth objective, which defines the added value of this project report, it was important to conduct a search on the Internet for different techniques used to help users to remember strong passwords easily. These techniques were analyzed for their operation and the disadvantages they have. For fifth objective, it was important to propose a mnemonic system which is based on users’ favorite passphrases. The proposal of this mnemonic system was based on the research we made of different mnemonic techniques described on the previous chapter. For the sixth and seventh objective which also defines the added value of this project report it was to analyze and test the proposed Password Mnemonic System (PA.ME.SYS). After the end of the survey a mnemonic system based on users’ favorite passphrases was developed and implemented. For the development analysis and design data flow diagrams were used to clearly show the processes and data that make up the system. For the implementation and testing visual basic language was used which shows in a graphical environment how this mnemonic system works 1. Introduction to Authentication and â€Å"Something you know† 1.1 Identification and Authentication Techniques Controlling access to system resources is an important aspect of computer security. Access control is about managing which users can access which files or services in an organization’s computer system. All entities involved with receiving, accessing, altering or storing information in a computer system, are separated to active and passive ones. The term â€Å"active entities† is used to describe all subjects (users, processes, threads) that are accessing, receiving or altering information in a system. The term â€Å"passive entities† is used to describe all objects (files, database) that actually hold or store information accessed by subjects. Without having access control mechanisms it is not possible to protect the confidentiality, integrity and availability (CIA triad) of system resources.   Access control is used to force users to provide a valid username and password to gain access to a system resource. The two vital components of access control are the identification and authentication processes. In the identification process the user is obligated to present an identity to a computer system. The information provided by the user trying to log on could be a username or by simply placing his/her hand/face to a scanning device. This action triggers the start of the authentication, authorization and accountability processes.  Ãƒâ€šÃ‚   Today, authentication processes are usually classified according to the distinguishing characteristic they use. These characteristics are classified in terms of the three factors described in the following section. Each factor relies on a different kind of distinguishing characteristic used each time to authenticate people in a system. 1.2 Authentication Factors In a typical system, there are basically three ways for human users to authenticate themselves to a client such as a computer, a mobile phone, a network, or an ATM machine. These three authentication factors are the following. ÃÆ'ËÅ" Anything you know: a password The distinguishing characteristic is private information that only authorized people know. In modern computer systems, this characteristic might be a password, a Personal Identification Number (PIN), lock combination or a pass phrase. It is the least cost effective factor and most popular method that can be employed easily in any modern system to authenticate authorized users within the organization. They are simpler and cheaper than other, secure forms of authentication but also because they do not require to spend large amounts of money for the implementation of them in comparison with other more modern security mechanisms. Additionally, Users don’t have to spend time and effort learning how to use them. The passwords are the only user-friendly way to identify a user in a network or computer system and it is believed that they can provide the same level of strong security as a more modern security mechanism. However the usage of passwords as an authentication technique presents some disadvantages that are directly connected to the way that users are managing these passwords. In more specific the users On the other hand, there are also some disadvantages that need to be taken into consideration such as the need to create complex and strong passwords,, the obligation to change their passwords frequently and the instructions and guidelines on how to keep their passwords secret. ÃÆ'ËÅ" Anything you have: a token The distinguishing characteristic is that authorized people own and present a specific item to be authenticated. This characteristic is enclosed in a token device such as a magnetic card, smart card, a memory card or a password calculator. ÃÆ'ËÅ" Anything you are: a biometric The distinguishing characteristic is some physiological feature (static) that is always present in a person, or a certain behavior pattern (dynamic) that is unique to the person being authenticated, and is measured and recorded once in the enrollment process. When the same person requires access entry the biometric identifier compares the current characteristic provided by the user with the previously collected pattern from the original authentic person. This characteristic could be a voice print, fingerprints, face shape, written signature, iris/retina pattern or hand geometry.   2. Attacks on Passwords 2.1 Introduction Passwords are a very important aspect of computer security. They are the front line of protection for user terminals and it is by far the most common user authentication method within the largest multinational organizations However the usage of passwords as an authentication technique increases the probability for an information system to be compromised. That happens because these passwords are directly connected to the way that users are creating, remembering, storing and distributing them. In fact passwords are the weakest element inside the security chain of an organization’s network system and are susceptible to different types of attacks. The next section presents the weaknesses on users’ passwords and modern attack techniques performed by malicious attackers to gain unauthorized access. 2.2 Attacks on Passwords Easily Guessed Passwords: The first weakness lies in the composition of the password itself. Most attackers rely on the fact that most people do a bad job in creating passwords and keeping them secret. Most passwords that people select depend on the following: Favorite football player and actor names, Simple strings, such as passwords consisting of the same character (e.g. 11111). Job titles and nicknames. Important numbers, such as insurance numbers, home addresses, telephones, credit card numbers, driver license, birthdays, or vehicle tags. Favorite words found in dictionaries. Children, family or relative names. The most common attack on passwords is that where malicious hackers exploit human nature and try to guesswhat passwords people select. In this case, hackers build a list with all information related to the victim and make attempts to log on hoping to find out the victim’s password quickly.  Ãƒâ€šÃ‚   Brute-force Attacks: In cryptography, a brute force attack or exhaustive key search is the strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his task easier. It involves systematically checking all possible keys until the correct key is found. in the worst case, this would involve traversing the entire search space. The key length used in the encryption determines the practical feasibility performing a brute force attack, with longer keys exponentially more difficult to crack than shorter ones. Brute force attack can be made less effective by obfuscating the data to be encoded, something that makets it more difficult for an attacker to recognize when he has cracked the code.one of the measures of the strenth of an encryption system is how long it would theoretically taken an attacker to mount a successful brute force attack against it. Consequence of this attack is that all users cannot use the network recourses and must wait until system administrator reserts or unlock that account. It is obvious that this kind of attack causes confusion and big delays to user’s critical job tasks. Dictionary Attacks: In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. (Shape1.1). Shape1.1 Dictionary attack A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary. In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit. Social Engineering Attacks: Another weakness lies on the fact that people are not capable to remember and keep their passwords secret. In computer security social engineering is described as a non technical intrusion that is based on the psychological characteristics of the human nature. It is the art of persuading people to reveal vital secrets or to perform actions that comply with the hacker’s wishes {Shape 1.2}. Social engineering can be conducted into several forms. Reverse Engineering: In this method, a legitimate user is induced into asking an attacker questions to obtain information. The attacker poses as a person of higher authority and tries to deduce the needed information from the questions, which are asked by the user. [emailprotected]: This mode of social engineering involves sending an e-mail to a user asking confidential information. The e-mail is meant to trigger an emotional response from the user. It makes the user unwittingly participate in the hacking by disclosing the confidential information. Webpage’s: False Webpage’s, that require users to enter e-mail addresses and passwords, are created by attackers. Hackers hope that users will enter the same passwords at the false websites, as they use at their organization’s computer systems. Shoulder surfing: In this type of attack a malicious attacker could look over a user’s shoulder and watch him while he is typing his/her password to grant access to a system. However shoulder surfing attacks are not always successful but can give important information and strength to a malicious attacker to achieve his goal. Dumpster diving: One of the most intelligent techniques to retrieve users’ passwords within large commercial organizations is the dumpster diving attack. In this type of attack malicious attackers search through discarded material to find passwords, credit card numbers, confidential records or other useful information related to security policies and passwords. Sniffing Attacks: Except brute-force guessing, dictionary and social engineering attacks today’s hackers are using more clever programs and methods to retrieve users’ passwords. These methods include software sniffer programs which are used to capture and sniff passwords either a) when they are typed during the authentication phase of a network login session (Trojan Login, Van Eck Sniffing, Keystroke sniffing, hardware key loggers) or b) when they are transmitted across complex networks via email and other document delivery systems (network sniffers). {Shape 1.1}. Shape 1.1 Sniffing Attacks The next paragraphs describe in more detail each of these techniques used to sniff user’s passwords: ÃÆ'ËÅ" 1.Network Sniffing: Net sniffer is a program, who capable of capturing all traffic made available to one or more network adapters. ÃÆ'ËÅ" 2. Trojan Login: A Trojan Login sniffer program is a software tool used to capture users’ passwords during the authentication phase of a network login session. A malicious user who has access to a personal computer connected to a network can easily install a Trojan Login program. The strength of this malicious program is that it has the ability to display perfectly imitations of the operating system’s standard login program. As a consequence the user enters his/her username and password without any knowledge of the situation, while the Trojan login program saves this authentication information in a secret file. ÃÆ'ËÅ" 3. Van Eck Sniffing: These signals, which are called Van Eck radiation, are visible from as far away as 1 kilometer. It is obvious that a malicious hacker using the appropriate    equipment and without specialized skills could easily sit outside a building and eavesdrop passwords and other secrets displayed on any nearby user’s video screens and monitors.   ÃÆ'ËÅ" 4. Keystroke Sniffing: Shape 1.2 shows clearly a classic keystroke sniffing attack associated with most modern operating systems. In this type of attack usernames and passwords are captured directly from the keyboard input buffer. When the user enters the required authentication information in order to gain access to a computer system, this information is stored in a special area of memory RAM.   While the user enters information, another malicious attacker could run a sniffer program and retrieve the contents of the keyboard input buffer. As a result the user’s username and password is obtained by the hacker and can be used for later attacks {Shape 1.2}. Shape 1.2: Keystroke Sniffing ÃÆ'ËÅ" 5.Hardware Key Loggers: A key logger is a hardware device that intercepts and stores strokes of a keyboard. This type of attack can be conducted very easily by a social engineer. The social engineer simply walks into the location of interest and plugs very professionally this small piece of hardware between the keyboard port and the keyboard.Assuming that most users place PC towers under their desks and most of them are unaware of hardware technology, key loggers can record all typed keystrokes and store them to their internal memory without user knowledge.   Attacks on Password Storage: Passwords have often been vulnerable to different kind of attacks when they are stored in huge databases and password files.Most modern operating systems ask from the user trying to grant access to systems resources, to enter his/her valid username and password. Then the operating system searches on the system’s password file for an entry matching the username. If the password in that entry matches the password typed by the user, then the login procedure succeeds and the user is authorized by the system. Shape 1.3 shows clearly how the password checking procedure works [1.3]. Shape1.3 Password Checking The storage of any password immediately breaks one important rule concerned with password security: â€Å"Do not write passwords down†. If the password file containing all users’ passwords is stolen then automatically the intruder has direct access to all system’s passwords. The primary arguments against password storage can be stated as: Single Point of Failure:If the password file is compromised then all passwords are compromised. Compromise of password file can happen due to: Poor encryption mechanisms or use of a weak master password, so its contents are easily accessed by a malicious hacker. Poor protection of the file itself. Poor Audit Trails:Most operating systems keep logs used to review login failed password attempts. Usually these logs contain a large number of wrong usernames and passwords typed by users while they are trying to login on a computer or network system. If these logs are not well protected ,then attacks become easier. For example, a malicious attacker who sees an audit record with a nonexistent username of 7rs or eri67 can be sure that this string is a password or a part of the password for one of the valid users. Software Bugs: One important reason for the success of password attacks is sometimes based on badly designed operating systems and application programs running on them. These badly designed features because software bugs which do all the hard work for malicious hackers and continue to be a major source of many security problems.  Ãƒâ€šÃ‚   One recent software bug was found in the Solaris operating system. Users with low level privileges could force a network application program to end abnormally. As a result this program dumped its memory contents to the hard drive in a file available to all users. This file contained copies of the hashed password values that were normally stored and protected in a shadowed file. As a consequence this file could be used as input to Crack software for an off-line brute-force attack. 2.3 Countermeasures against these Attacks Assuming all the above, it is obvious that attackers use several techniques to capture users’ passwords. In this section countermeasures against all attacks on passwords (describesin section2.2 Attacks on Passwords) are analyzed and listed in order: Countermeasures against brute-force attacks: A possible solution against login guessing attacks (or on-line brute-force attacks) is to have a password policy which specifies the maximum number of login failed attempts. System administrators by configuring the operating system could limit the number of failed login attempts allowed for each user. If the threshold is reached then the account should be locked and users will not be able to log until the system administrator arrives to reactivate the login process for the specific account. It must be mentioned that using such defenses against login guessing attacks will only delay a hacker from accessing a system and gaining access to confidential information. Failed login thresholds will not prevent a brute force attack from occurring but will identify the attacking attempt to the security administrator. This defense method will deter a malicious attacker from initiating a brute force attack and increase the level of difficulty for executing this attack. There is no actual defense mechanism against an off-line brute-force attack. This type of attack can be applied to any given password database. There are many cracking software’s available on the Internet which are capable of generating character sequences and working through all possible character combinations until the user’s password is found. The only defense mechanism against this type of attack is to have users that select and use â€Å"strong† password. Countermeasures against dictionary attacks: This type of attack could be eliminated by having a policy which simply prohibits the use of common words found in dictionaries or attacker’s word lists. If all generated passwords do not appear in such lists, then dictionary attacks will not succeed. Besides system administrators should perform themselves dictionary attacks to test users’ passwords within an organisation. If any passwords are compromised, then they must inform the users directly of the results and obligate them to change their passwords to more secure ones. Countermeasures against Social Engineering attacks: Education and user awareness must be supported by the organization’s global security policy. The users should understand the importance of keeping their passwords secret and be familiar with the different ways that a social engineering attack can be conducted against them. In this case, people are able to take the necessary steps to react accordingly when such a situation occurs. Besides this, companies shouldshred all printouts having usernames, passwords and other similar confidential information in order to prevent dumpster diving attacks. Countermeasures against Network sniffing attacks: Today’s hackers are using many network sniffing programs to retrieve users’ passwords, while they are transmitted over distant networks or inside organization’s corporate network. Most businesses facing this threat and considering the consequences due to this type attack implement and use different network protocols for the secure transmission of confidential information. More often organizations indicate detailed security policies that specify ways, encryption methods and protocols to be used for the secure transmission of any important information. The most important defense mechanism against network sniffing attacks is the use of well-known secure network protocols such as SSL/TLS and IPSec protocols. These protocols have the ability to build secure channels based on cryptographic keys, shared between trusted parties, for the safe transfer of passwords and other confidential information in any system’s network Countermeasures against Trojan Login: A defense mechanism against Trojan Logins is to have a trust path for all functions that require users to enter or present authentication information for purpose of authentication. This trusted path must be established between the user trying to login and the operating system. Secure Attention Sequence (or SAS) is a trusted path mechanism used in many modern operating systems such as Windows 2000. When user requires to log on, by executing the sequence Ctrl+Alt+Del is guaranteed that he is communicating with the operating system and not malicious software such as Trojan Login. Another important countermeasure against this type of attack is the installation of commercial available anti-virus software programs (such as Norton Antivirus and MacAfee Antivirus). These anti-virus softwares have the ability to detect and prevent sniffing attack programs such Trojan Logins to be installed, downloaded and operate in operating systems. 9 Countermeasures against Van Eck sniffing attacks: The types of countermeasures used to protect against Van Eck Sniffing attacks are known as Transient Electromagnetic Pulse Equipment Shielding Techniques (TEMPEST). The U.S TEMPEST standard is one guideline that manufacturers have to follow in order to reduce electromagnetic signals and prevent these types of attacks against passwords and other secrets displayed on video screens and monitors. TEMPEST mechanisms include Faraday cages, white noise and control zones. A Faraday cage is a box, a room or an entire building that is designed with an external metal skin that fully surrounds an area on all six sides. As a result all electromagnetic signals transmitted from PC’s monitors are blocked inside the building, preventing eavesdroppers from revealing users passwords.  Ãƒâ€šÃ‚   Countermeasures against Keystroke sniffing attacks:.   A good defense mechanism against keystroke sniffing attacks is to protect CPU’s memory. In particular the keyboard input buffer is the exact location where keystrokes typed by users are stored. It is clear that this area should be protected using various encryption techniques in order to become impossible for an intruder to retrieve its contents in plaintext form when they are intercepted.   Countermeasures against Hardware Key Loggers: There are not well-known defense mechanisms against Hardware Key Loggers. The only countermeasure against them is to state clearly in the organisation’s password policy that all sides of electronic equipment, and especially computers, should be visible to users and security officers. Moreover system administrators may be obligated to check all hardware and electronic devices plugged on users’ computers, or forced to check all hardware connections in computers rooms periodically.  Ãƒâ€šÃ‚   Countermeasures against Password Storage attacks: The types of defense mechanisms against password storage attacks include the use of various encryption and hashing techniques. These techniques are used to encrypt password files and never leave passwords exposed in plaintext form. Usually modern operating systems (Windows, UNIX) use one-way encryption systems to encrypt users’ passwords. In one-way encryption systems the password is transformed in such a way that the original password can not be recovered. When a user is logging onto such a system, the password that is entered by the user is one-way encrypted and compared with the stored encrypted password. The same encryption method and key must be used to encrypt the valid password before storage and to encrypt the entered password before comparison. Besides the use of one-way encryption, strong access control mechanisms (such as Role-Based and Clark-Wilson access control models) should be enforced and applied to the files that keep system’s hashed passwords. Without implementing tough access control mechanisms, the operating system is unable to check who is accessing these files. As a consequence an adversary could easily copy them and mount different kinds of attacks on them. Countermeasures against Software Bugs: As was mentioned in the previous section (section 2.2 software bugs), sometimes badly designed features in operating systems and applications can lead to software bugs which do all the hard work for malicious hackers. A defense mechanism to prevent such software bugs is to have a good software design. Software should be designed in an organized way keeping procedures simple, reviewed periodically for vulnerabilities and threats, and hardened with the latest patches.   Where a software bug is found in any operating system or application, people discovering it should report this problem directly to the security officer and the correspondent company selling and providing licenses for this specific product should be informed to solve this problem. 3. Password Policies 3.1 Introduction Password policies are necessary to protect the confidentiality of information and the integrity of systems by keeping unauthorized users out of computer systems. Usernames and passwords are the fundamental protection of computers and networks against intruders. Password policies specify rules about the secure administration of usernames, rules used to define valid passwords and the type of protection needed for secure password storage. Α password policy is a good place to start to build the security of a company’s network and protect its assets. The next sections discuss issues related to the secure usage and management of both usernames and passwords. 3.2 Administration of Usernames The front gate within an organization’s network is where the user or the service identifies themselves and presents some type of authentication information only known to them in order to grant access. The failure to have a reliable Login Security Policies activated is like having a big building with the best guards and security mechanisms around it with the main front gate open to anyone. 3.2.1 Login Security Policies and Usernames Within a secure system, the first thing that should be expected for any login attempt is to identify who is the person requesting entry. Regardless of the protocols used, you need to know who is trying to access the network services and who they want the network services to think they are. In high-security military environments the user identifications are assigned based on a random sequence of characters. Other organizations, such as commercial, use something that can uniquely identify the user without worrying about how to create usernames. If the usernames can give away information about the organization, then the implementation of random names could be a good solution. Although by using these random

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.