Similarly, authentication services can be relatively simple when they're used on internal, trusted networks but are quite complex when they can't assume a basic level of trust. What happens if you're trying to verify that business card, but the person carrying it actually controls your telephone system, so no matter what number you call, that person can answer the telephone? That's effectively the situation you face when you're trying to authenticate somebody over an untrusted network connection.
Normal Unix password systems, and older Microsoft systems, use authentication methods equivalent to simply accepting business cards and trusting what they say. They use reusable tokens, and any time you give one out, somebody might be storing it away to use later while pretending to be you. Strong authentication services go to considerable lengths to ensure that what is transmitted over the network cannot be used to impersonate you at some point in the future.
Some services that are also sometimes used for authentication have been covered earlier in this book. For information on NIS and LDAP, see Chapter 20, "Naming and Directory Services".
ost computers do not come with devices capable of reading fingerprints, much less retinas. Voiceprint technology is more tempting; it's not unusual for machines these days to have microphones. But it's not universal, either, and you can't guarantee that every machine you'll want to log in from has the high quality microphone, free disk space, and available network bandwidth required for this approach. Finally, if the biometric information has to be communicated from where you are to where it can be checked, you run the risk of an attacker's capturing it and replaying it later, unless you have some way of encrypting or otherwise protecting it.
Even if every machine had all the capabilities it needed, reliable voiceprint identification is surprisingly hard to accomplish. Many people wish to use their computers even when they have head colds, which throw off many voice-recognition systems. You can't use a fixed phrase as a password, or you would be vulnerable to a literal playback attack involving a tape recorder. (These problems have been addressed in dedicated systems, but no authentication systems widely available for general-purpose computers can deal with them, and it's not at all trivial to develop one.) You can't use a different phrase every time because voiceprint comparison on arbitrary text is not a real-time operation -- unless you have a spare supercomputer lying around to do it. Almost everybody wants to log in with a delay measured in seconds, at worst; getting back to the user with an answer in a few hours is not going to work.
Keystroke timing, used to characterize someone's typing pattern, is a surprisingly reliable biometric identification system and requires no special hardware. The computer provides a phrase to type and then times the gaps between characters as you type it. On a phrase of reasonable length, people type in an identifiable pattern, and imitating it is much harder than it looks. Like voiceprints, keystroke timings may change for environmental reasons; in the case of keystroke timings, colds aren't a problem, but people have great difficulty authenticating while drunk (which is not necessarily a disadvantage, of course). The genuine disadvantage is that keystroke timings can be gathered only at the machine to which the keyboard is attached. That means that use of this method across the Internet requires modified clients. In addition, some people, mostly poor typists, have trouble ever authenticating because their typing patterns are inconsistent.
Biometric solutions are slowly improving over time; the cost of the add-on hardware is dropping, and the effectiveness of the software is increasing. However, manufacturers have been promising that biometrics are going to be universally accepted Real Soon Now for many years, and there is no sign that they are likely to overcome the hurdles any time soon. If you have special security needs that warrant adding hardware to every machine that people may need to authenticate from, a biometric solution may be appropriate, but for most sites, biometrics are still in the distant future.
Authentication that depends on something you know relies on that something's being both hard to guess and secret. In order for you to authenticate reliably, you have to know the secret reliably, too. This isn't as easy as it sounds. Most people are bad at making up and remembering unguessable things, and they're worse at keeping secrets. If you use short keys, it's easy to guess them; if you use long keys, it's hard to remember them. If you write them down, you're basically converting to a different type of authentication; now, it's something you have.
System administrators who unblushingly tell their users never to write down passwords probably have a few stashed in their wallets anyway; this is a combination of "what you know" and "what you have". "What you know" is how to read your own handwriting, and which slip of paper contains the passwords, rather than last week's lunch order. "What you have" is the slip of paper itself.
Despite all of the risks of "what you know" systems, it is still practical to use them as long as you aren't revealing the secret to everybody in the near vicinity every time you authenticate. There is a reason why passwords are so popular: they're fast, they're cheap, and, in practice, people don't forget them or lose the pieces of paper all that often. However, it is absolutely impractical to pass them across the Internet in any form that can be used safely.
Is there any way to use a "what you know" system safely on the Internet? Yes -- use passwords but make sure that they are nonreusable (one-time) passwords.
There are two ways to make traditional, memorized passwords nonreusable. One is to include an encrypted timestamp -- this is the method that Kerberos uses. As long as you can't modify the timestamp without knowing the password, it prevents playback. Unfortunately, it requires two things:
In fact, however, challenge-response systems for computers are designed so that instead of memorizing the response to each challenge, you memorize a rule for converting the challenge into a response. This concept has yet to become popular as a pure "what you know" option because it's difficult to apply to a large number of people. A rule like "reverse the first three letters, capitalize the fourth, delete the fifth, and uppercase the rest of them" is easy to program, but it's not necessarily easy to represent so that you can have a different rule for each user. Even if you can remember your own rule, you're apt to follow along the challenge with a finger, muttering the rule to yourself while you try to implement it; someone watching over your shoulder can pretty easily determine the rule.
Some systems that present standard password prompts to the user then use challenge-response systems internally. This is what Windows NT challenge-response authentication does; the user gets a standard password prompt and provides a fixed password, but the dialog between the server and the client uses a challenge-response system.
Both Windows NT challenge/response and Kerberos are vulnerable to password-guessing attacks. If you use this type of system across the Internet, you will need to have both passwords that are hard to guess and good auditing systems to catch attempts to guess them. On most operating systems, including Windows NT and most versions of Unix, you will need additional software to force users to pick good passwords.
The use of electronic cards makes it practical to use challenge-response or time-based encryption. For challenge-response, you encode in the card itself the rule that converts the challenge to the response. For time-based encryption, you encode in the card both the time source and the encryption smarts. Either way, you can do authentication without needing modified clients or users with trick memories.
Using printed lists of passwords is generally referred to as using one-time passwords. This confuses people because all nonreusable passwords are good only one time, by definition. Printed password lists are called that because they resemble a spy device called a one-time pad that consists of a pad of paper with different instructions on each page. You encrypt one message with each page, so that the opposite side doesn't get multiple chances to break the code.
|20.7. Information Lookup Services||21.2. Passwords|
Copyright © 2002 O'Reilly & Associates. All rights reserved.