Information Resource Guide |
3.0 Identification and Authentication
For most systems, identification and authentication (I&A) is the first line of defense. I&A is a technical measure that prevents unauthorized people (or unauthorized processes) from entering a computer system.
I&A is a critical building block of computer security since it is the basis for most types of access control and for establishing user accountability. Access control often requires that the system be able to identify and differentiate among users. For example, access control is often based on least privilege, which refers to the granting to users of only those accesses required to perform their duties. User accountability requires the linking of activities on a computer system to specific individuals and, therefore, requires the system to identify users.
This section explains current I&A technologies and their benefits and drawbacks as they relate to the three means of authentication. Although some of the technologies make use of cryptography because it can significantly strengthen authentication.
3.1.0 I&A Based on Something the User Knows
The most common form of I&A is a user ID coupled with a password. This technique is based solely on something the user knows. There are other techniques besides conventional passwords that are based on knowledge, such as knowledge of a cryptographic key.
In general, password systems work by requiring the user to enter a user ID and password (or passphrase or personal identification number). The system compares the password to a previously stored password for that user ID. If there is a match, the user is authenticated and granted access.
Benefits of Passwords. Passwords have been successfully providing security for computer systems for a long time. They are integrated into many operating systems, and users and system administrators are familiar with them. When properly managed in a controlled environment, they can provide effective security.
Problems With Passwords. The security of a password system is dependent upon keeping passwords secret. Unfortunately, there are many ways that the secret may be divulged. All of the problems discussed below can be significantly mitigated by improving password security, as discussed in the sidebar. However, there is no fix for the problem of electronic monitoring, except to use more advanced authentication (e.g., based on cryptographic techniques or tokens).
Although the authentication derived from the knowledge of a cryptographic key may be based entirely on something the user knows, it is necessary for the user to also possess (or have access to) something that can perform the cryptographic computations, such as a PC or a smart card. For this reason, the protocols used are discussed in the Smart Tokens section of this chapter. However, it is possible to implement these types of protocols without using a smart token. Additional discussion is also provided under the Single Log-in section.
3.1.1 I&A Based on Something the User Possesses
Although some techniques are based solely on something the user possesses, most of the techniques described in this section are combined with something the user knows. This combination can provide significantly stronger security than either something the user knows or possesses alone. Objects that a user possesses for the purpose of I&A are called tokens. This section divides tokens into two categories: memory tokens and smart tokens.
Memory tokens store, but do not process, information. Special reader/writer devices control the writing and reading of data to and from the tokens. The most common type of memory token is a magnetic striped card, in which a thin stripe of magnetic material is affixed to the surface of a card (e.g., as on the back of credit cards). A common application of memory tokens for authentication to computer systems is the automatic teller machine (ATM) card. This uses a combination of something the user possesses (the card) with something the user knows (the PIN). Some computer systems authentication technologies are based solely on possession of a token, but they are less common. Token-only systems are more likely to be used in other applications, such as for physical access.
Benefits of Memory Token Systems. Memory tokens when used with PINs provide significantly more security than passwords. In addition, memory cards are inexpensive to produce. For a hacker or other would-be masquerader to pretend to be someone else, the hacker must have both a valid token and the corresponding PIN. This is much more difficult than obtaining a valid password and user ID combination (especially since most user IDs are common knowledge).
Another benefit of tokens is that they can be used in support of log generation without the need for the employee to key in a user ID for each transaction or other logged event since the token can be scanned repeatedly. If the token is required for physical entry and exit, then people will be forced to remove the token when they leave the computer. This can help maintain authentication.
Problems With Memory Token Systems. Although sophisticated technical attacks are possible against memory token systems, most of the problems associated with them relate to their cost, administration, token loss, user dissatisfaction, and the compromise of PINs. Most of the techniques for increasing the security of memory token systems relate to the protection of PINs. Many of the techniques discussed in the sidebar on Improving Password Security apply to PINs.
A smart token expands the functionality of a memory token by incorporating one or more integrated circuits into the token itself. When used for authentication, a smart token is another example of authentication based on something a user possesses (i.e., the token itself). A smart token typically requires a user also to provide something the user knows (i.e., a PIN or password) in order to "unlock" the smart token for use.
There are many different types of smart tokens. In general, smart tokens can be divided three different ways based on physical characteristics, interface, and protocols used. These three divisions are not mutually exclusive.
Benefits of Smart Tokens
Smart tokens offer great flexibility and can be used to solve many authentication problems. The benefits of smart tokens vary, depending on the type used. In general, they provide greater security than memory cards. Smart tokens can solve the problem of electronic monitoring even if the authentication is done across an open network by using one-time passwords.
Like memory tokens, most of the problems associated with smart tokens relate to their cost, the administration of the system, and user dissatisfaction. Smart tokens are generally less vulnerable to the compromise of PINs because authentication usually takes place on the card. (It is possible, of course, for someone to watch a PIN being entered and steal that card.) Smart tokens cost more than memory cards because they are more complex, particularly challenge-response calculators.
Biometric authentication technologies use the unique characteristics (or attributes) of an individual to authenticate that person's identity. These include physiological attributes (such as fingerprints, hand geometry, or retina patterns) or behavioral attributes (such as voice patterns and hand-written signatures). Biometric authentication technologies based upon these attributes have been developed for computer log-in applications.
Biometric authentication is technically complex and expensive, and user acceptance can be difficult. However, advances continue to be made to make the technology more reliable, less costly, and more user-friendly. Biometric systems can provide an increased level of security for computer systems, but the technology is still less mature than that of memory tokens or smart tokens. Imperfections in biometric authentication devices arise from technical difficulties in measuring and profiling physical attributes as well as from the somewhat variable nature of physical attributes. These may change, depending on various conditions. For example, a person's speech pattern may change under stressful conditions or when suffering from a sore throat or cold.
Due to their relatively high cost, biometric systems are typically used with other authentication means in environments requiring high security.
3.1.3 Implementing I&A Systems
Some of the important implementation issues for I&A systems include administration, maintaining authentication, and single log-in.
Administration of authentication data is a critical element for all types of authentication systems. The administrative overhead associated with I&A can be significant. I&A systems need to create, distribute, and store authentication data. For passwords, this includes creating passwords, issuing them to users, and maintaining a password file. Token systems involve the creation and distribution of tokens/PINs and data that tell the computer how to recognize valid tokens/PINs.
For biometric systems, this includes creating and storing profiles. The administrative tasks of creating and distributing authentication data and tokens can be a substantial. Identification data has to be kept current by adding new users and deleting former users. If the distribution of passwords or tokens is not controlled, system administrators will not know if they have been given to someone other than the legitimate user. It is critical that the distribution system ensure that authentication data is firmly linked with a given individual.
In addition, I&A administrative tasks should address lost or stolen passwords or tokens. It is often necessary to monitor systems to look for stolen or shared accounts.
Authentication data needs to be stored securely, as discussed with regard to accessing password files. The value of authentication data lies in the data's confidentiality, integrity, and availability. If confidentiality is compromised, someone may be able to use the information to masquerade as a legitimate user. If system administrators can read the authentication file, they can masquerade as another user. Many systems use encryption to hide the authentication data from the system administrators. If integrity is compromised, authentication data can be added or the system can be disrupted. If availability is compromised, the system cannot authenticate users, and the users may not be able to work.
3.1.3.1 Maintaining Authentication
So far, this chapter has discussed initial authentication only. It is also possible for someone to use a legitimate user's account after log-in. Many computer systems handle this problem by logging a user out or locking their display or session after a certain period of inactivity. However, these methods can affect productivity and can make the computer less user-friendly.
From an efficiency viewpoint, it is desirable for users to authenticate themselves only once and then to be able to access a wide variety of applications and data available on local and remote systems, even if those systems require users to authenticate themselves. This is known as single log-in. If the access is within the same host computer, then the use of a modern access control system (such as an access control list) should allow for a single log-in. If the access is across multiple platforms, then the issue is more complicated, as discussed below. There are three main techniques that can provide single log-in across multiple computers: host-to-host authentication, authentication servers, and user-to-host authentication.
There are many interdependencies among I&A and other controls. Several of them have been discussed in the section.
In general, passwords are the least expensive authentication technique and generally the least secure. They are already embedded in many systems. Memory tokens are less expensive than smart tokens, but have less functionality. Smart tokens with a human interface do not require readers, but are more inconvenient to use. Biometrics tend to be the most expensive.
For I&A systems, the cost of administration is often underestimated. Just because a system comes with a password system does not mean that using it is free. For example, there is significant overhead to administering the I&A system.
Identification is the means by which a user provides a claimed identity to the system. The most common form of identification is the user ID. In this section of the plan, describe how the major application identifies access to the system. Note: the explanation provided below is an excerpt from NIST Special Publication, Generally Accepted Principles and Practices for Securing Information Technology Systems.
Authentication is the means of establishing the validity of this claim. There are three means of authenticating a user's identity which can be used alone or in combination: something the individual knows (a secret -- e.g., a password, Personal Identification Number (PIN), or cryptographic key); something the individual possesses (a token -- e.g., an ATM card or a smart card); and something the individual is (a biometrics -- e.g., characteristics such as a voice pattern, handwriting dynamics, or a fingerprint).
In this section, describe the major application’s authentication control mechanisms. Below is a list of items that should be considered in the description:
With the advent of newer technologies
like one-time passwords (e.g., S/Key), PGP, and token-based authentication
devices, people are using password-like strings as secret tokens and pins.
If these secret tokens and pins are not properly selected and protected,
the authentication will be easily subverted.
As mentioned above, given today's networked environments, it is recommended that sites concerned about the security and integrity of their systems and networks consider moving away from standard, reusable passwords. There have been many incidents involving Trojan network programs (e.g., telnet and rlogin) and network packet sniffing programs. These programs capture clear text hostname/account name/password triplets. Intruders can use the captured information for subsequent access to those hosts and accounts. This is possible because:
Kerberos is a distributed network security system, which provides for authentication across unsecured networks. If requested by the application, integrity and encryption can also be provided. Kerberos was originally developed at the Massachusetts Institute of Technology (MIT) in the mid 1980s. There are two major releases of Kerberos, version 4 and 5, which are for practical purposes, incompatible.
Kerberos relies on a symmetric key database using a key distribution center (KDC) which is known as the Kerberos server. A user or service (known as "principals") are granted electronic "tickets" after properly communicating with the KDC. These tickets are used for authentication between principals. All tickets include a time stamp, which limits the time period for which the ticket is valid. Therefore, Kerberos clients and server must have a secure time source, and be able to keep time accurately.
The practical side of Kerberos is its integration with the application level. Typical applications like FTP, telnet, POP, and NFS have been integrated with the Kerberos system. There are a variety of implementations which have varying levels of integration. Please see the Kerberos FAQ available at http://www.ov.com/misc/krb- faq.html for the latest information.
3.1.4.2 Choosing and Protecting Secret Tokens and PINs
When selecting secret tokens, take care to choose them carefully. Like the selection of passwords, they should be robust against brute force efforts to guess them. That is, they should not be single words in any language, any common, industry, or cultural acronyms, etc. Ideally, they will be longer rather than shorter and consist of pass phrases that combine upper and lower case character, digits, and other characters.
Once chosen, the protection of these secret tokens is very important. Some are used as pins to hardware devices (like token cards) and these should not be written down or placed in the same location as the device with which they are associated. Others, such as a secret Pretty Good Privacy (PGP) key, should be protected from unauthorized access.
One final word on this subject. When using cryptography products, like PGP, take care to determine the proper key length and ensure that your users are trained to do likewise. As technology advances, the minimum safe key length continues to grow. Make sure your site keeps up with the latest knowledge on the technology so that you can ensure that any cryptography in use is providing the protection you believe it is.
While the need to eliminate the use of standard, reusable passwords cannot be overstated, it is recognized that some organizations may still be using them. While it's recommended that these organizations transition to the use of better technology, in the mean time, we have the following advice to help with the selection and maintenance of traditional passwords. But remember, none of these measures provides protection against disclosure due to sniffer programs.
of system penetration, the intruder
needs to gain access to an
account on the system. One way that goal is typically
accomplished is through guessing the password of a legitimate
user. This is often accomplished by running an automated
password cracking program, which utilizes a very large
dictionary, against the system's password file. The only way to
guard against passwords being disclosed in this manner is
through the careful selection of passwords which cannot be
easily guessed (i.e., combinations of numbers, letters, and
punctuation characters). Passwords should also be as long as
the system supports and users can tolerate.
application programs are installed
with default accounts and
passwords. These must be changed immediately to something that
cannot be guessed or cracked.
wants to protect the encrypted
password portion of the file so
that would-be intruders don't have them available for cracking.
One effective technique is to use shadow passwords where the
password field of the standard file contains a dummy or false
password. The file containing the legitimate passwords are
protected elsewhere on the system.
subject of controversy among the
security community. It is
generally accepted that a password should not be maintained once
an account is no longer in use, but it is hotly debated whether
a user should be forced to change a good password that's in
active use. The arguments for changing passwords relate to the
prevention of the continued use of penetrated accounts.
However, the opposition claims that frequent password changes
lead to users writing down their passwords in visible areas
(such as pasting them to a terminal), or to users selecting very
simple passwords that are easy to guess. It should also be
stated that an intruder will probably use a captured or guessed
password sooner rather than later, in which case password aging
provides little if any protection.
While there is no definitive answer to this dilemma, a password policy should directly address the issue and provide guidelines for how often a user should change the password. Certainly, an annual change in their password is usually not difficult for most users, and you should consider requiring it. It is recommended that passwords be changed at least whenever a privileged account is compromised, there is a critical change in personnel (especially if it is an administrator!), or when an account has been compromised. In addition, if a privileged account password is compromised, all passwords on the system should be changed.
accounts after a predefined number
of failed attempts to
authenticate. If your site decides to employ this mechanism, it
is recommended that the mechanism not "advertise" itself. After
disabling, even if the correct password is presented, the
message displayed should remain that of a failed login attempt.
Implementing this mechanism will require that legitimate users
contact their system administrator to request that their account
be reactivated.
it can display a list of all users currently using a system, or
all the contents of a specific user's .plan file. This
information can be used by would-be intruders to identify
usernames and guess their passwords. It is recommended that
sites consider modifying finger to restrict the information
displayed.
There will be information assets that your site will want to protect from disclosure to unauthorized entities. Operating systems often have built-in file protection mechanisms that allow an administrator to control who on the system can access, or "see," the contents of a given file. A stronger way to provide confidentiality is through encryption. Encryption is accomplished by scrambling data so that it is very difficult and time consuming for anyone other than the authorized recipients or owners to obtain the plain text. Authorized recipients and the owner of the information will possess the corresponding decryption keys that allow them to easily unscramble the text to a readable (clear text) form. We recommend that sites use encryption to provide confidentiality and protect valuable information.
The use of encryption is sometimes
controlled by governmental and site regulations, so we encourage administrators
to become informed of laws or policies that regulate its use before employing
it. It is outside the scope of this document to discuss the various algorithms
and programs available for this purpose, but we do caution against the
casual use of the UNIX crypt program as it has been found to be easily
broken. We also encourage everyone to take time to understand the strength
of the encryption in any given algorithm/product before using it. Most
well-known products are well-documented in the literature, so this should
be a fairly easy task.
As an administrator, you will want to make sure that information (e.g., operating system files, company data, etc.) has not been altered in an unauthorized fashion. This means you will want to provide some assurance as to the integrity of the information on your systems. One way to provide this is to produce a checksum of the unaltered file, store that checksum offline, and periodically (or when desired) check to make sure the checksum of the online file hasn't changed (which would indicate the data has been modified).
Some operating systems come with checksumming programs, such as the UNIX sum program. However, these may not provide the protection you actually need. Files can be modified in such a way as to preserve the result of the UNIX sum program! Therefore, we suggest that you use a cryptographically strong program, such as the message digesting program MD5, to produce the checksums you will be using to assure integrity.
There are other applications where integrity will need to be assured, such as when transmitting an email message between two parties. There are products available that can provide this capability. Once you identify that this is a capability you need, you can go about identifying technologies that will provide it.
Authorization refers to the process of granting privileges to processes and, ultimately, users. This differs from authentication in that authentication is the process used to identify a user. Once identified (reliably), the privileges, rights, property, and permissible actions of the user are determined by authorization. Explicitly listing the authorized activities of each user (and user process) with respect to all resources (objects) is impossible in a reasonable system. In a real system certain techniques are used to simplify the process of granting and checking authorization(s).
One approach, popularized in UNIX systems, is to assign to each object three classes of user: owner, group and world. The owner is either the creator of the object or the user assigned as owner by the super-user. The owner permissions (read, write and execute) apply only to the owner. A group is a collection of users, which share access rights to an object. The group permissions (read, write and execute) apply to all users in the group (except the owner). The world refers to everybody else with access to the system. The world permissions (read, write and execute) apply to all users (except the owner and members of the group).
Another approach is to attach to an object a list, which explicitly contains the identity of all, permitted users (or groups). This is an Access Control List (ACL). The advantage of ACLs are that they are easily maintained (one central list per object) and it's very easy to visually check who has access to what. The disadvantages are the extra resources required to store such lists, as well as the vast number of such lists required for large systems.
Section References
3.1 NIST. An Introduction to Security: The NIST Handbook, Special Publication 800-12. US Dept. of Commerce. Chapter 16.
American Bankers Association. American National Standard for Financial Institution Sign-On Authentication for Wholesale Financial Transactions. ANSI X9.26-1990. Washington, DC,February 28, 1990.
CCITT Recommendation X.509. The Directory - Authentication Framework. November 1988
(Developed in collaboration, and technically aligned, with ISO 9594-8).
Department of Defense. Password Management Guideline. CSC-STD-002-85. April 12, 1985.
Feldmeier, David C., and Philip R. Kam. "UNIX Password Security - Ten Years Later." Crypto'89 Abstracts. Santa Barbara, CA: Crypto '89 Conference, August 20-24, 1989.
Haykin, Martha E., and Robert B. J. Warnar. Smart Card Technology: New Methods for Computer Access Control. Special Publication 500-157. Gaithersburg, MD: National Institute of Standards and Technology, September 1988.
Kay, R. "Whatever Happened to Biometrics?" Infosecurity News. 4(5), 1993. pp. 60-62. National Bureau of Standards. Password Usage. Federal Information Processing Standard Publication 112. May 30, 1985.
National Institute of Standards and Technology. Automated Password Generator. Federal Information Processing Standard Publication 181. October, 1993.
National Institute of Standards and Technology. Guideline for the Use of Advanced Authentication Technology Alternatives. Federal Information Processing Standard Publication
Salamone, S. "Internetwork Security: Unsafe at Any Node?" Data Communications. 22(12), 1993. pp. 61-68.
Sherman, R. "Biometric Futures." Computers and Security. 11(2), 1992. pp. 128-133.
Smid, Miles, James Dray, and Robert B. J. Warnar. "A Token-Based Access Control System for Computer Networks." Proceedings of the 12th National Commuter Security Conference. National Institute of Standards and Technology, October 1989.
Steiner, J.O., C. Neuman, and J. Schiller. "Kerberos: An Authentication Service for Open Network Systems." Proceedings Winter USENIX. Dallas, Texas, February 1988. pp. 191-202.
Troy, Eugene F. Security for Dial-Up Lines. Special Publication 500-137, Gaithersburg, MD:National Bureau of Standards, May 1986.
NIST Computer Security Resource Clearinghouse Web site URL: http://csrc.nist.gov
Office of Management and Budget. Circular A-130, "Management of Federal
Information Resources," Appendix III, "Security of Federal Automated Information Resources." 1996.
Public Law 100-235, "Computer Security Act of 1987."
[Schultz90] Schultz, Eugene. Project Leader, Lawrence Livermore National Laboratory.
CERT Workshop, Pleasanton, CA, 1990.
Swanson, Marianne and Guttman, Barbara . Generally Accepted Principles and Practices for Securing Information Technology Systems. Special Publication 800-14. Gaithersburg, MD: National Institute of Standards and Technology, September 1996.
3.1.4 Fraser, B. ed. RFC 2196. Site
Security Handbook. Network Working Group, September 1997. Chapter 4.1.