Special Publication 800-12: An Introduction to Computer Security - The NIST Handbook |
For most systems, identification and authentication (I&A) is the first line of defense. I&A is a technical measure that prevents unauthorized people (or unauthorized processes) from entering a computer system.
I&A is a critical
building block of computer security since it is the basis for most
types of access control and for establishing user accountability.107
Access control often requires that the system be able to identify
and differentiate among users. For example, access control is often
based on least privilege, which refers to the granting to
users of only those accesses required to perform their duties. User
accountability requires the linking of activities on a computer
system to specific individuals and, therefore, requires the system
to identify users.
A typical user identification could be JSMITH (for Jane Smith). This information can be known by system administrators and other system users. A typical user authentication could be Jane Smith's password, which is kept secret. This way system administrators can set up Jane's access and see her activity on the audit trail, and system users can send her e-mail, but no one can pretend to be Jane. |
Identification is the means by which a user provides a claimed identity to the system. Authentication108 is the means of establishing the validity of this claim.
This chapter discusses the basic means of identification and authentication, the current technology used to provide I&A, and some important implementation issues.
Computer systems recognize people based on the authentication data the systems receive. Authentication presents several challenges: collecting authentication data, transmitting the data securely, and knowing whether the person who was originally authenticated is still the person using the computer system. For example, a user may walk away from a terminal while still logged on, and another person may start using it.
There are three means of authenticating a user's identity, which can be used alone or in combination:
For most applications, trade-offs will have to be made among security, ease of use, and ease of administration, especially in modern networked environments. |
While it may appear that any of these means could provide strong authentication, there are problems associated with each. If people wanted to pretend to be someone else on a computer system, they can guess or learn that individual's password; they can also steal or fabricate tokens. Each method also has drawbacks for legitimate users and system administrators: users forget passwords and may lose tokens, and administrative overhead for keeping track of I&A data and tokens can be substantial. Biometric systems have significant technical, user acceptance, and cost problems as well.
This section explains
current I&A technologies and their benefits and drawbacks as
they relate to the three means of authentication. Although some
of the technologies make use of cryptography because it can significantly
strengthen authentication, the explanations of cryptography appear
in Chapter 19, rather than in this chapter.
The most common form of I&A is a user ID coupled with a password. This technique is based solely on something the user knows. There are other techniques besides conventional passwords that are based on knowledge, such as knowledge of a cryptographic key.
In general, password systems work by requiring the user to enter a user ID and password (or pass phrase or personal identification number). The system compares the password to a previously stored password for that user ID. If there is a match, the user is authenticated and granted access.
Benefits of Passwords. Passwords have been successfully providing security for computer systems for a long time. They are integrated into many operating systems, and users and system administrators are familiar with them. When properly managed in a controlled environment, they can provide effective security.
Problems With Passwords.
The security of a password system is dependent upon keeping passwords
secret. Unfortunately, there are many ways that the secret may be
divulged. All of the problems discussed below can be significantly
mitigated by improving password security, as discussed in the sidebar.
However, there is no fix for the problem of electronic monitoring,
except to use more advanced authentication (e.g., based on cryptographic
techniques or tokens).
Improving
Password Security
Password generators. If users are not allowed to generate their own passwords, they cannot pick easy-to-guess passwords. Some generators create only pronounceable nonwords to help users remember them. However, users tend to write down hard-to-remember passwords. Limits on log-in attempts. Many operating systems can be configured to lock a user ID after a set number of failed log-in attempts. This helps to prevent guessing of passwords. Password attributes. Users can be instructed, or the system can force them, to select passwords (1) with a certain minimum length, (2) with special characters, (3) that are unrelated to their user ID, or (4) to pick passwords, which are not in an on-line dictionary. This makes passwords more difficult to guess (but more likely to be written down). Changing passwords. Periodic changing of passwords can reduce the damage done by stolen passwords and can make brute-force attempts to break into systems more difficult. Too frequent changes, however, can be irritating to users. Technical protection of the password file. Access control and one-way encryption can be used to protect the password file itself. Note:
Many of these techniques are discussed in FIPS 112, Password
Usage and FIPS 181, Automated Password Generator. |
Passwords Used as Access Control. Some mainframe operating systems and many PC applications use passwords as a means of restricting access to specific resources within a system. Instead of using mechanisms such as access control lists (see Chapter 17), access is granted by entering a password. The result is a proliferation of passwords that can reduce the overall security of a system. While the use of passwords as a means of access control is common, it is an approach that is often less than optimal and not cost-effective.
Although the authentication derived from the knowledge of a cryptographic key may be based entirely on something the user knows, it is necessary for the user to also possess (or have access to) something that can perform the cryptographic computations, such as a PC or a smart card. For this reason, the protocols used are discussed in the Smart Tokens section of this chapter. However, it is possible to implement these types of protocols without using a smart token. Additional discussion is also provided under the Single Log-in section.
Although some techniques are based solely on something the user possesses, most of the techniques described in this section are combined with something the user knows. This combination can provide significantly stronger security than either something the user knows or possesses alone.110
Objects that a user possesses
for the purpose of I&A are called tokens. This section
divides tokens into two categories: memory tokens and smart
tokens.
Memory tokens store, but do not process, information. Special reader/writer devices control the writing and reading of data to and from the tokens. The most common type of memory token is a magnetic striped card, in which a thin stripe of magnetic material is affixed to the surface of a card (e.g., as on the back of credit cards). A common application of memory tokens for authentication to computer systems is the automatic teller machine (ATM) card. This uses a combination of something the user possesses (the card) with something the user knows (the PIN).
Some computer systems authentication technologies are based solely on possession of a token, but they are less common. Token-only systems are more likely to be used in other applications, such as for physical access. (See Chapter 15.)
Benefits of Memory Token Systems. Memory tokens when used with PINs provide significantly more security than passwords. In addition, memory cards are inexpensive to produce. For a hacker or other would-be masquerader to pretend to be someone else, the hacker must have both a valid token and the corresponding PIN. This is much more difficult than obtaining a valid password and user ID combination (especially since most user IDs are common knowledge).
Another benefit of tokens is that they can be used in support of log generation without the need for the employee to key in a user ID for each transaction or other logged event since the token can be scanned repeatedly. If the token is required for physical entry and exit, then people will be forced to remove the token when they leave the computer. This can help maintain authentication.
Problems With Memory Token Systems. Although sophisticated technical attacks are possible against memory token systems, most of the problems associated with them relate to their cost, administration, token loss, user dissatisfaction, and the compromise of PINs. Most of the techniques for increasing the security of memory token systems relate to the protection of PINs. Many of the techniques discussed in the sidebar on Improving Password Security apply to PINs.
Attacks on memory-card systems have sometimes been quite creative. One group stole an ATM machine that they installed at a local shopping mall. The machine collected valid account numbers and corresponding PINs, which the thieves used to forge cards. The forged cards were then used to withdraw money from legitimate ATMs. |
A smart token expands the functionality of a memory token by incorporating one or more integrated circuits into the token itself. When used for authentication, a smart token is another example of authentication based on something a user possesses (i.e., the token itself). A smart token typically requires a user also to provide something the user knows (i.e., a PIN or password) in order to "unlock" the smart token for use.
There are many different types of smart tokens. In general, smart tokens can be divided three different ways based on physical characteristics, interface, and protocols used. These three divisions are not mutually exclusive.
Physical Characteristics. Smart tokens can be divided into two groups: smart cards and other types of tokens. A smart card looks like a credit card, but incorporates an embedded microprocessor. Smart cards are defined by an International Standards Organization (ISO) standard. Smart tokens that are not smart cards can look like calculators, keys, or other small portable objects.
Interface. Smart tokens have either a manual or an electronic interface. Manual or human interface tokens have displays and/or keypads to allow humans to communicate with the card. Smart tokens with electronic interfaces must be read by special reader/writers. Smart cards, described above, have an electronic interface. Smart tokens that look like calculators usually have a manual interface.
Protocol. There are many possible protocols a smart token can use for authentication. In general, they can be divided into three categories: static password exchange, dynamic password generators, and challenge-response.
There are other types of protocols, some more sophisticated and some less so. The three types described above are the most common.
Benefits of Smart Tokens
Smart tokens offer great flexibility and can be used to solve many authentication problems. The benefits of smart tokens vary, depending on the type used. In general, they provide greater security than memory cards. Smart tokens can solve the problem of electronic monitoring even if the authentication is done across an open network by using one-time passwords.
Problems with Smart Tokens
Like memory tokens, most of the problems associated with smart tokens relate to their cost, the administration of the system, and user dissatisfaction. Smart tokens are generally less vulnerable to the compromise of PINs because authentication usually takes place on the card. (It is possible, of course, for someone to watch a PIN being entered and steal that card.) Smart tokens cost more than memory cards because they are more complex, particularly challenge-response calculators.
Electronic reader/writers can take many forms, such as a slot in a PC or a separate external device. Most human interfaces consist of a keypad and display. |
Biometric
authentication generally operates in the following manner:
Before any authentication attempts, a user is "enrolled" by creating a reference profile (or template) based on the desired physical attribute. The resulting template is associated with the identity of the user and stored for later use. When attempting
authentication, the user's biometric attribute is measured.
The previously stored reference profile of the biometric attribute
is compared with the measured profile of the attribute taken
from the user. The result of the comparison is then used to
either accept or reject the user. |
Biometric authentication technologies use the unique characteristics (or attributes) of an individual to authenticate that person's identity. These include physiological attributes (such as fingerprints, hand geometry, or retina patterns) or behavioral attributes (such as voice patterns and hand-written signatures). Biometric authentication technologies based upon these attributes have been developed for computer log-in applications.
Biometric authentication is technically complex and expensive, and user acceptance can be difficult. However, advances continue to be made to make the technology more reliable, less costly, and more user-friendly.
Biometric systems can provide an increased level of security for computer systems, but the technology is still less mature than that of memory tokens or smart tokens. Imperfections in biometric authentication devices arise from technical difficulties in measuring and profiling physical attributes as well as from the somewhat variable nature of physical attributes. These may change, depending on various conditions. For example, a person's speech pattern may change under stressful conditions or when suffering from a sore throat or cold.
Due to their relatively
high cost, biometric systems are typically used with other authentication
means in environments requiring high security.
Some of the important implementation issues for I&A systems include administration, maintaining authentication, and single log-in.
Administration of authentication data is a critical element for all types of authentication systems. The administrative overhead associated with I&A can be significant. I&A systems need to create, distribute, and store authentication data. For passwords, this includes creating passwords, issuing them to users, and maintaining a password file. Token systems involve the creation and distribution of tokens/PINs and data that tell the computer how to recognize valid tokens/PINs. For biometric systems, this includes creating and storing profiles.
The administrative tasks of creating and distributing authentication data and tokens can be a substantial. Identification data has to be kept current by adding new users and deleting former users. If the distribution of passwords or tokens is not controlled, system administrators will not know if they have been given to someone other than the legitimate user. It is critical that the distribution system ensure that authentication data is firmly linked with a given individual. Some of these issues are discussed in Chapter 10 under User Administration.
One method of looking for improperly used accounts is for the computer to inform users when they last logged on. This allows users to check if someone else used their account. |
In addition, I&A administrative tasks should address lost or stolen passwords or tokens. It is often necessary to monitor systems to look for stolen or shared accounts.
Authentication data needs to be stored securely, as discussed with regard to accessing password files. The value of authentication data lies in the data's confidentiality, integrity, and availability. If confidentiality is compromised, someone may be able to use the information to masquerade as a legitimate user. If system administrators can read the authentication file, they can masquerade as another user. Many systems use encryption to hide the authentication data from the system administrators.111 If integrity is compromised, authentication data can be added or the system can be disrupted. If availability is compromised, the system cannot authenticate users, and the users may not be able to work.
So far, this chapter has discussed initial authentication only. It is also possible for someone to use a legitimate user's account after log-in.112 Many computer systems handle this problem by logging a user out or locking their display or session after a certain period of inactivity. However, these methods can affect productivity and can make the computer less user-friendly.
From an efficiency viewpoint, it is desirable for users to authenticate themselves only once and then to be able to access a wide variety of applications and data available on local and remote systems, even if those systems require users to authenticate themselves. This is known as single log-in.113 if the access is within the same host computer, then the use of a modern access control system (such as an access control list) should allow for a single log-in. If the access is across multiple platforms, then the issue is more complicated, as discussed below. There are three main techniques that can provide single log-in across multiple computers: host-to-host authentication, authentication servers, and user-to-host authentication.
Host-to-Host Authentication. Under a host-to-host authentication approach, users authenticate themselves once to a host computer. That computer then authenticates itself to other computers and vouches for the specific user. Host-to-host authentication can be done by passing an identification, a password, or by a challenge-response mechanism or other one-time password scheme. Under this approach, it is necessary for the computers to recognize each other and to trust each other.
Kerberos and SPX are examples of network authentication server protocols. They both use cryptography to authenticate users to computers on networks. |
Authentication Servers. When using authentication server, the users authenticate themselves to a special host computer (the authentication server). This computer then authenticates the user to other host computers the user wants to access. Under this approach, it is necessary for the computers to trust the authentication server. (The authentication server need not be a separate computer, although in some environments this may be a cost-effective way to increase the security of the server.) Authentication servers can be distributed geographically or logically, as needed, to reduce workload.
User-to-Host. A user-to-host authentication approach requires the user to log-in to each host computer. However, a smart token (such as a smart card) can contain all authentication data and perform that service for the user. To users, it looks as though they were only authenticated once.
There are many interdependencies among I&A and other controls. Several of them have been discussed in the chapter.
Logical Access Controls. Access controls are needed to protect the authentication database. I&A is often the basis for access controls. Dial-back modems and firewalls, discussed in Chapter 17, can help prevent hackers from trying to log-in.
Audit. I&A is necessary if an audit log is going to be used for individual accountability.
Cryptography.
Cryptography provides two basic services to I&A: it protects
the confidentiality of authentication data, and it provides protocols
for proving knowledge and/or possession of a token without having
to transmit data that could be replayed to gain access to a computer
system.
In general, passwords are the least expensive authentication technique and generally the least secure. They are already embedded in many systems. Memory tokens are less expensive than smart tokens, but have less functionality. Smart tokens with a human interface do not require readers, but are more inconvenient to use. Biometrics tends to be the most expensive.
For I&A systems,
the cost of administration is often underestimated. Just because
a system comes with a password system does not mean that using it
is free. For example, there is significant overhead to administering
the I&A system.
Alexander, M., ed. "Keeping the Bad Guys Off-Line." Infosecurity News. 4(6), 1993. pp. 54-65.
American Bankers Association. American National Standard for Financial Institution Sign-On Authentication for Wholesale Financial Transactions. ANSI X9.26-1990. Washington, D.C., February 28, 1990.
CCITT Recommendation X.509. The Directory - Authentication Framework. November 1988 (Developed in collaboration, and technically aligned, with ISO 9594-8).
Department of Defense. Password Management Guideline. CSC-STD-002-85. April 12, 1985.
Feldmeier, David C., and Philip R. Kam. "UNIX Password Security - Ten Years Later." Crypto '89 Abstracts. Santa Barbara, CA: Crypto '89 Conference, August 20-24, 1989.
Haykin, Martha E., and Robert B. J. Warnar. Smart Card Technology: New Methods for Computer Access Control. Special Publication 500-157. Gaithersburg, MD: National Institute of Standards and Technology, September 1988.
Kay, R. "Whatever Happened to Biometrics?" Infosecurity News. 4(5), 1993. pp. 60-62.
National Bureau of Standards. Password Usage. Federal Information Processing Standard Publication 112. May 30, 1985.
National Institute of Standards and Technology. Automated Password Generator. Federal Information Processing Standard Publication 181. October, 1993.
National Institute of Standards and Technology. Guideline for the Use of Advanced Authentication Technology Alternatives. Federal Information Processing Standard Publication 190. October, 1994.
Salamone, S. "Internetwork Security: Unsafe at Any Node?" Data Communications. 22(12), 1993. pp. 61-68.
Sherman, R. "Biometric Futures." Computers and Security. 11(2), 1992. pp. 128-133.
Smid, Miles, James Dray, and Robert B. J. Warnar. "A Token-Based Access Control System for Computer Networks." Proceedings of the 12th National Computer Security Conference. National Institute of Standards and Technology, October 1989.
Steiner, J.O., C. Neuman, and J. Schiller. "Kerberos: An Authentication Service for Open Network Systems." Proceedings Winter USENIX. Dallas, Texas, February 1988. pp. 191-202.
Troy,
Eugene F. Security for Dial-Up Lines. Special Publication
500-137, Gaithersburg, MD: National Bureau of Standards, May 1986.
|
Footnotes:
107.
Not all types of access control require identification and authentication.
108. Computers also use authentication to verify
that a message or file has not been altered and to verify that a
message originated with a cetain person. This chapter only addresses
user authentication. The other forms of authentication are addressed
in the Chapter 19.
109. One-way encryption algorithms only provide
for the encryption of data. The resulting ciphertext cannot be decrypted.
When passwords are entered into the system they are one-way encrypted,
and the result is compared with the stored ciphertext. (See the
Chapter 19.)
110. For the purpose of understanding how possession-based
I&A works, it is not necessary to distinguish whether possession
of a token in various systems is identification or authentication.
111. Masquerading by system administrators
cannot be prevented entirely. However, controls can be set up so
that improper actions by the system administrator can be detected
in audit records.
112. After a user signs on, the computer treats
all commands originating from the user's physical device (such as
a PC or terminal) as being from the user.
113. Single log-in is somewhat of a misnomer.
It is currently not feasible to have one sign-on for every computer
system a user might wish to access. The types of single log-in described
apply mainly to groups of systems (e.g., within an organization
or a consortium).
Back
to Previous Page | Back
to Special Publication 800-12 Home Page
|
Last
updated:
July 6, 2007
Page created: July 1, 2004