1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
# Introduction to Information Security - Lernzettel
## Security
### Security objectives
- Confidentiality
Contents of objects cannot be read by third parties.
- Integrity
Whether or not a message has been modified between origin and receiver.
- Availability
Guaranteed access to the information for permitted parties.
- Access Control
Only permitted parties are allowed to access the information.
- Non-repudiation
Proof that an entity was involved in some event.
### CIA
- Confidentiality
- Integrity
- Availability
### Perkerian hexad
- Confidentiality
- Integrity
- Availability
- Utility
Ensures that the information is useful and insensitive to e.g. lost keys.
- Possession or Control
Be sure that the possessor is in control of the information at all times.
- Authenticity
Verification of claimed identities. Notice: In most cases, this just proves entities (e.g. machines), not humans.
Also, there must be a point in time where authentication starts. If this step is taken automatically by a machine (e.g. session start),
there is no valid inference to the actual human.
### Secrecy
Confidentiality+.
Not only provides hidden contents, but also hides the fact that there is content at all.
### Strategy
1. Prevention
2. Detection
3. Reaction
## Reliability
Reliability addresses consequences of accidential errors. Reliability checks if service interruptions cause low or medium disturbance.
## Safety
Safety addresses catastrophic influences on the environment (e.g. human life). Safety checks if service interruptions cause very high disturbance and even harm.
## Authentication
### Modes
As a user, you can be authenticated on the basis of
- Something you know (e.g. password)
- Something you hold (e.g. ID card)
- Who you are (e.g. biometrics)
- What you do (e.g. behaviour analysis)
- Where you are (e.g. geo-location)
### Passwords
- Assure correct receiver of the initial password. Communication might be intercepted.
- Call back already authenticated entities, which are authorized to hand over the password.
- Force the user to change the password immediately after first login.
- Provide multi-factor authentication to let the user to be able to reset forgotten passwords without costly helpdesks.
### Guessing passwords
- Brute force
- Intelligent search (alphabet limits, length limits)
### Password protection
- No expiry dates
Studies have shown that this results in worse passwords.
- No restrictions in password alphabet
Studies have shown that this leads to less possibilities in exhaustive guessing and therefore leads to worse passwords.
- Set a minimum length instead
Has a higher impact than complexity. Set the maximum to at least 64.
- No hints
- Show passwords while typing
Doing the opposite motivates the user to choose shorter passwords.
- Allow passwords to be pasted
This enables secure password managers to be used.
- Forbid commonly used passwords
Makes dictionary attacks difficult.
- Limit number of failed password attempts
### Biometrics
#### Use cases
| Use case | Cardinality | Description |
| -------- | ----------- | ----------- |
| Identification | 1:n | Identify the user from a set of users in a database. |
| Verification | 1:1 | Verifies the single claimed identity by comparing captured patterns to the stored patterns. |
#### False match rate (FMR)
How often is a false match attempt successful, which it should not be? Best case: $\text{FMR} = 0$.
It can be interpreted as a measure of quality of the specific scheme. The lower the value, the better.
$\text{FMR} = \frac{\text{\# successful false matches}}{\text{\# attempted false matches}}$
#### False non-match rate (FNMR)
How often is a genuine match attempt rejected, which it should not be? Best case: $\text{FNMR} = 0$.
$\text{FNMR} = \frac{\text{\# rejected genuine matches}}{\text{\# attempted genuine matches}}$
#### Fitting Rate
A value (in %) indicating how much the captured pattern fits the stored pattern in the database.
##### Examples
A *Fitting Rate* of 100% indicates that all of the captured pattern data fits the data stored in the database (unlikely, due to noise).
A *Fitting Rate* of 50% indicates that half the pattern data fits the data stored in the database.
#### Matching Threshold
A value (in %) determining the minimum *Fitting Rate* for an matching check to be considered as matching.
A lower *Matching Threshold* raises the amount of false positive matching checks, but lowers the amount of rejected genuine matching checks.
*FMR* increases, *FNMR* decreases.
A higher *Matching Threshold* raises the amount of rejected genuine matching checks, but lowers the amount of false positive matching checks.
*FMR* increases, *FNMR* decreases.
#### Equal Error Rate (EER)
The value of *Matching Threshold*, at which $\text{FMR} = \text{FNMR}$.
#### Failure-To-Capture Rate (FTC)
Frequency of failing to capture a sample.
#### Failure-To-Extract Rate (FTX)
Frequency of failing to extract a feature of a sample.
#### Failure-To-Acquire Rate (FTA)
Frequency of failing to acquire a biometric feature.
$\text{FTA} = \text{FTC} + \text{FTX} \times (1 - \text{FTC})$
#### False Accept Rate (FAR)
$\text{FAR} = \text{FMR} \times (1 - \text{FTA})$
#### False Reject Rate (FRR)
$\text{FRR} = \text{FTA} + \text{FNMR} \times (1 - \text{FTA})$
#### False Positive Identification Rate (FPIR)
Probability of some sample to match at least one of the entries in the database.
$\text{FPIR} = (1 - \text{FTA}) \times (1 - (1 - \text{FMR})^{n})$
#### Biometrics in remote authentication
*FPIR* scales up with increased *n* (database size), which makes it unusable in remote authentication with large databases.
##### Examples
Using a biometric scheme with $\text{FMR} = 0.01\%$ and a database of size $\text{n} = 80000$ results in $\text{FPIR} = (1 - 0) \times (1 - (1 - 0.0001)^{80000}) = 99.97\%$.
## Threat scenarios
No security issues without threat models! E.g. a password is considered safe without any provided threat model.
### Smurf attack
Attacker sends out ICMP ping request with spoofed sender IP address of the victim to the broadcast of some network.
All recipients will answer the ping, and send the answer packets to the IP address they think was the sender, which is the victims IP address.
In a network with 100 nodes, a single broadcast ICMP request results in 100 answers sent to the victim, causing a denial of service.
### Password compromise
Old threat model: One machine, one password. One compromised password means one compromised machine.
New threat model: Multiple machines, one or similar passwords. One compromised machine can cause other compromised passwords.
### Password spoofing attack
Attacker presents a fake login screen to the victim.
Victim enters his password and the attacker captures the data forwarded by the fake login screen.
#### Countermeasures
- System authentication to the user
- Display number of failed logins
Indicates compromised password to the user.
|