Password

This book is available as open access through the Bloomsbury Open Access programme and is available on www.bloomsburycollections.com. The open-access edition of this text was made possible by a Philip Leverhulme Prize from The Leverhulme Trust. Object Lessons is a series of short, beautifully designed books about the hidden lives of ordinary things. Where does a password end and an identity begin? A person might be more than his chosen ten-character combination, but does a bank know that? Or an email provider? What’s an ‘identity theft’ in the digital age if not the unauthorized use of a password? In untangling the histories, cultural contexts and philosophies of the password, Martin Paul Eve explores how ‘what we know’ became ‘who we are’, revealing how the modern notion of identity has been shaped by the password. Ranging from ancient Rome and the ‘watchwords’ of military encampments, through the three-factor authentication systems of Harry Potter and up to the biometric scanner in the iPhone, Password makes a timely and important contribution to our understanding of the words, phrases and special characters that determine our belonging and, often, our being. Object Lessons is published in partnership with an essay series in The Atlantic

Evaluation of presentation attack detection under the context of common criteria

Mención Internacional en el título de doctorTHE USE OF Biometrics keeps growing. Every day, we use biometric recognition to unlock our phones or to have access to places such as the gym or the office, so we rely on what security manufacturers offer when protecting our privileges and private life. Moreover, an error in a biometric system can mean that a person can have access to an unintended property, critical infrastructure or cross a border. Thus, there is a growing interest on ensuring that biometric systems work correctly on two fronts: our personal information (smartphones, personal computers) and national security (borders, critical infrastructures). Given that nowadays we store increasing sensitive data on our mobile devices (documents, photos, bank accounts, etc.), it is crucial to know how secure the protection of the phone really is. Most new smartphones include an embedded fingerprint sensor due to its improved comfort, speed and, as manufacturers claim, security. In the last decades, many studies and tests have shown that it is possible to steal a person’s fingerprint and reproduce it, with the intention of impersonating them. This has become a bigger problem as the adoption of fingerprint sensor cell phones have become mainstream. For the case of border control and critical infrastructures, biometric recognition eases the task of person identification and black-list checking. Although the performance rates for verification and identification have dropped in the last decades, protection against vulnerabilities is still under heavy development. There have been cases in the past where fake fingers have been used to surpass the security of such entities. The first necessary step for overcoming these issues is to have a common ground for performing security evaluations. This way, different systems’ abilities to detect and reject fake fingerprints can be measured and compared against each other. This is achieved by standardization and the corresponding certification of biometric systems. The new software and hardware presentation attack detection techniques shall undergo tests that follow such standards. The aim of this Thesis is two-fold: evaluating commercial fingerprint biometric systems against presentation attacks (fake fingers) and developing a new presentation attack detection method for overcoming these attacks. Moreover, through this process, several contributions were proposed and accepted in international ISO standards. On the first matter, a few questions are meant to be answered: it is well known that it is possible to hack a smartphone using fake fingers made of Play-Doh and other easy-to-obtain materials but, to what extent? Is this true for all users or only for specialists with deep knowledge on Biometrics? Does it matter who the person doing the attack is, or are all attackers the same when they have the same base knowledge? Are smartphone fingerprint sensors as reliable as desktop sensors? What is the easiest way of stealing a fingerprint from someone? To answer these, five experiments were performed on several desktop and smartphone fingerprint readers, including many different attackers and fingerprint readers. As a general result, all smartphone capture devices could be successfully hacked by inexperienced people with no background in Biometrics. All of the evaluations followed the pertinent standards, ISO/IEC 30107 Parts 3 and 4 and Common Criteria and an analysis of the attack potential was carried out. Moreover, the knowledge gathered during this process served to make methodological contributions to the above-mentioned standards. Once some expertise had been gathered on attacking fingerprint sensors, it was decided to develop a new method to detect fake fingerprints. The aim was to find a low-cost and efficient system to solve this issue. As a result, a new optical system was used to capture fingerprints and classify them into real or fake samples. The system was tested by performing an evaluation using 5 different fake finger materials, obtaining much lower error rates than those reported in the state of the art at the moment this Thesis was written. The contributions of this Thesis include: • • Improvements on the presentation attack detection evaluation methodology. • • Contributions to ISO/IEC 30107 - Biometric presentation attack detection - Part 3: Testing and reporting and Part 4: Profile for evaluation of mobile devices. • • Presentation attack detection evaluations on commercial desktop and smartphone fingerprint sensors following ISO/IEC 30107-3 and 4. • • A new low-cost and efficient optical presentation attack detection mechanism and an evaluation on the said system.EL USO DE la Biometría está en constante crecimiento. Cada día, utilizamos reconocimiento biométrico para desbloquear nuestros teléfonos o para tener acceso a lugares como el gimnasio o la oficina, por lo que confiamos en lo que los fabricantes ofrecen para proteger nuestros privilegios y nuestra vida privada. Además, un error en un sistema biométrico puede significar que una persona pueda tener acceso a una propiedad no debida, a una infraestructura crítica o a cruzar una frontera. Por lo tanto, existe un interés creciente en asegurar que los sistemas biométricos funcionen correctamente en dos frentes: nuestra información personal (teléfonos inteligentes, ordenadores personales) y la seguridad nacional (fronteras, infraestructuras críticas). Dado que hoy en día almacenamos cada vez más datos sensibles en nuestros dispositivos móviles (documentos, fotos, cuentas bancarias, etc.), es crucial saber cómo de segura es realmente la protección del teléfono. La mayoría de los nuevos teléfonos inteligentes incluyen un sensor de huellas dactilares integrado debido a su mayor comodidad, velocidad y, como afirman los fabricantes, seguridad. En las últimas décadas, muchos estudios y pruebas han demostrado que es posible robar la huella dactilar de una persona y reproducirla, con la intención de hacerse pasar por ella. Esto se ha convertido en un problema mayor a medida que la adopción de los teléfonos celulares con sensor de huellas dactilares se ha ido generalizando. En el caso del control fronterizo y de las infraestructuras críticas, el reconocimiento biométrico facilita la tarea de identificación de las personas y la comprobación de listas negras. Aunque las tasas de rendimiento en materia de verificación e identificación han disminuido en las últimas décadas, la protección antifraude todavía está bajo intenso desarrollo. Existen casos en los que se han utilizado dedos falsos para vulnerar la seguridad de dichas entidades. El primer paso necesario para superar estos problemas es contar con una base común desde la que realizar evaluaciones de seguridad. De esta manera, se pueden medir y comparar las capacidades de los diferentes sistemas para detectar y rechazar huellas dactilares falsas. Esto se consigue mediante la estandarización y la correspondiente certificación de los sistemas biométricos. Las nuevas técnicas de detección de ataques de presentación de software y hardware deben someterse a pruebas que se ajusten a dichas normas. Esta Tesis tiene dos objetivos: evaluar los sistemas biométricos de huellas dactilares comerciales contra ataques de presentación (dedos falsos) y desarrollar un nuevo método de detección de ataques de presentación para disminuir la eficacia de estos ataques. Además, a través de este proceso, se propusieron y aceptaron varias contribuciones en las normas internacionales ISO. Sobre el primer asunto, hay que responder algunas preguntas: es bien sabido que es posible hackear un teléfono inteligente con dedos falsos hechos de Play-Doh y otros materiales fáciles de obtener, pero ¿hasta qué punto? ¿Es esto cierto para todos los usuarios o sólo para los especialistas con un profundo conocimiento de la Biometría? ¿Importa quién es la persona que realiza el ataque, o todos los atacantes son iguales cuando parte de la misma base de conocimiento? ¿Son los sensores de huellas dactilares de los teléfonos inteligentes tan fiables como los de sobremesa? ¿Cuál es la manera más fácil de robar una huella digital a alguien? Para responder estas preguntas, se realizaron cinco experimentos en varios lectores de huellas dactilares de escritorio y de teléfonos inteligentes, incluyendo muchos atacantes y lectores de huellas dactilares diferentes. Como resultado general, todos los dispositivos de captura pudieron ser hackeados con éxito por personas sin experiencia en Biometría. Todas las evaluaciones siguieron las normas pertinentes, ISO/IEC 30107 Partes 3 y 4 y Common Criteria y se llevó a cabo un análisis del potencial de ataque. Además, los conocimientos adquiridos durante este proceso sirvieron para aportar una contribución metodológica a las normas mencionadas. Una vez adquiridos algunos conocimientos sobre ataques a sensores de huellas dactilares, se decidió desarrollar un nuevo método para detectar huellas falsas. El objetivo era encontrar un sistema de bajo coste y eficiente para resolver este problema. Como resultado, se utilizó un nuevo sistema óptico para capturar las huellas dactilares y clasificarlas en muestras reales o falsas. El sistema se probó mediante la realización de una evaluación utilizando 5 materiales de dedos falsos diferentes, obteniendo tasas de error mucho más bajas que las reportadas en el estado del arte en el momento de redactar esta Tesis. Las contribuciones de esta Tesis incluyen: • • Mejoras en la metodología de evaluación de detección de ataques de presentación. • • Contribuciones a “ISO/IEC 30107 - Biometric presentation attack detection - Part 3: Testing and reporting” y “Part 4: Profile for evaluation of mobile devices”. • • Evaluaciones de detección de ataques de presentación en sensores de huellas dactilares comerciales de escritorio y de teléfonos inteligentes siguiendo la norma ISO/IEC 30107-3 y 4. • • Un nuevo y eficiente mecanismo óptico de detección de ataques de presentación, de bajo coste, y una evaluación de dicho sistema.Programa de Doctorado en Ingeniería Eléctrica, Electrónica y Automática por la Universidad Carlos III de MadridPresidente: Enrique Cabello Pardos.- Secretario: Almudena Lindoso Muñoz.- Vocal: Patrizio Campis

Authentication and access issues for electronic library resources at the University of North Carolina-Chapel Hill

A variety of data collection methods were used to identify access and authentication issues faced by remote users of licensed electronic resources at the University of North Carolina-Chapel Hill. Five main components must be addressed by users for successful access from off-campus including: 1) a valid identification number with corresponding library borrower's record, 2) a working Internet connection, 3) a compatible Internet browser properly configured to the proxy server, 4) correctly configured firewall and/or filter software, and 5) properly working electronic resources. Recommendations are made related to support for distance learners in regard to library borrower's database issues, proxy server setup, and usability of online off-campus access instructions. These findings will be helpful to academic libraries that are providing off-campus access for all remote users as well as distance learning students

Access Denied

A study of Internet blocking and filtering around the world: analyses by leading researchers and survey results that document filtering practices in dozens of countries.Many countries around the world block or filter Internet content, denying access to information that they deem too sensitive for ordinary citizens—most often about politics, but sometimes relating to sexuality, culture, or religion. Access Denied documents and analyzes Internet filtering practices in more than three dozen countries, offering the first rigorously conducted study of an accelerating trend. Internet filtering takes place in more than three dozen states worldwide, including many countries in Asia, the Middle East, and North Africa. Related Internet content-control mechanisms are also in place in Canada, the United States and a cluster of countries in Europe. Drawing on a just-completed survey of global Internet filtering undertaken by the OpenNet Initiative (a collaboration of the Berkman Center for Internet and Society at Harvard Law School, the Citizen Lab at the University of Toronto, the Oxford Internet Institute at Oxford University, and the University of Cambridge) and relying on work by regional experts and an extensive network of researchers, Access Denied examines the political, legal, social, and cultural contexts of Internet filtering in these states from a variety of perspectives. Chapters discuss the mechanisms and politics of Internet filtering, the strengths and limitations of the technology that powers it, the relevance of international law, ethical considerations for corporations that supply states with the tools for blocking and filtering, and the implications of Internet filtering for activist communities that increasingly rely on Internet technologies for communicating their missions. Reports on Internet content regulation in forty different countries follow, with each two-page country profile outlining the types of content blocked by category and documenting key findings.ContributorsRoss Anderson, Malcolm Birdling, Ronald Deibert, Robert Faris, Vesselina Haralampieva [as per Rob Faris], Steven Murdoch, Helmi Noman, John Palfrey, Rafal Rohozinski, Mary Rundle, Nart Villeneuve, Stephanie Wang, Jonathan Zittrai

Password

How many passwords do we have to memorize these days? Or more likely, how many passwords must we regularly reset and later be reminded of, only to be again forgotten, lost, or discarded, seemingly ad infinitum? Martin Paul Eve's book takes up the lively history and thingliness of passwords, showing them to be pressing down on us and far more than just neutral gateways or drab data points. Touching on identity theft, the "strength" of passwords, and behavior conditioning, Eve's book gets into the inner workings of this quasi-object, showing how passwords are at once integral and abject parts of modern life

A discretionary model of delegation and revocation

Orientador: Jacques WainerDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Esta dissertação apresenta um modelo discricionário de delegação que permite controlar a formação de cadeias de delegações, tanto através da limitação no comprimento de tais cadeias, como através da definição de condições para utilização e aceitação de novas delegações. Juntamente com o mecanismo de delegação proposto, é apresentado um mecanismo de revogação que considera o máximo comprimento de cada cadeia de delegações, e a relação de força entre delegações, permitindo assim que os sujeitos existentes permaneçam com o maior conjunto de direitos após uma revogação. Uma das principais vantagens em relação à definição de condições associadas à cada delegação é possibilidade de reforçar restrições por conteúdo e contexto. Enquanto o controle de acesso por conteúdo permite que o acesso a determinado objeto, ou recurso, seja controlado com base em atributos e características do próprio objeto em questão, o controle de acesso por contexto considera características de contexto relativas ao sistema como um todo, ou referentes ao contexto em que o usuário solicitou determinado acesso. Será apresentado um mecanismo que permite a utilização deste tipo de informação na definição de condições em delegações. Será apresentado um mecanismo para definição de proibições, que torna possível proibir que usuários utilizem determinadas direitos, mesmo que estes usuários tenham recebido, tais direitos através de delegaçõesde outros usuários do sistema. Através da utilização de condições também é possível a definição de delegações temporais, que são delegações que devem ser consideradas válidas somente durante determinados períodos de tempo, ou enquanto condições de dependência em relação a outras delegações forem atendidas, como será discutido. Finalmente, será apresentado um arcabouço de um servidor de autorizações, que permitiu avaliar o modelo proposto. Neste arcabouço foram implementados os principais algoritmos apresentados, e foi formulada uma arquitetura unificada para criação e revogação de delegações, bem como para verificação de autorizaçõesAbstract: This thesis presents a model of delegation that makes it possible to control the creation of delegation chains, both by limiting the lenght of such chains, and by defining restrictions for the use and acceptance of new delegations. Together with the proposed delegation mechanism, it is presented a revocation mechanism that considers the maximum length of each delegation chain, and the strength relation between delegations, allowing the existing subjects to retain the maximum set of rights after a revocation. One of the biggest advantages regarding the definition of conditions associated with each delegation is the possibility of enforcing context and content based restrictions. While the content based access control allows the access to a specific object to be controlled based on its attributes and characteristics, the context based access control considers context information related to the system as a whole, or regarding the context in which a user made an access request. It will be presented a mechanism that allows the use of this type of information in the definition of conditions in delegations. A prohibition mechanism will be presented, which prevents users from using certain rights, even though these users have received such rights through other users delegations. As it will be discussed, it is also possible, through the use of conditions, to define temporal delegations, which are delegations that must be considered valid only during specific periods of time, or while dependency condition regarding other delegations are met. Finally, it will be presented a prototype of an authorization server, that was used to validate the proposed model. In this prototype, the main algorithms were implemented, and a unified architecture was formulated both for the creation and recation of delegations, as well as for the verification of authorizationsMestradoMestre em Ciência da Computaçã

On Usage Control for Data Grids: Models, Architectures, and Specifications

This thesis reasons on usage control in Data Grids, by presenting models, architectures and specifications. This work is a step toward a continuous monitoring and control of the data access and usage in a Data Grid. First, the thesis presents a background on Grids, security, and security for Grids, by making an abstraction to the current Grid implementations. We argue that usage control in Data Grids should be considered as a process composed by two black boxes. We analysed the requirements for Grid security, and propose a distributed usage control model suitable for Grids and distributed systems alike. Then, we apply such model to a Data Grid abstraction, and present a usage control architecture for Data Grids that uses the functional components of the currents Grids. We also present an abstract specification for an enforcing mechanism for usage control policies. To do so, we use a formal requirement engineering methodology with a bottom-up approach, that proves that the specification is sound and complete. With the methodology, we show formally that such abstract specification can enforce all the different typologies of usage control policies. Finally, we consider how existing prototypes can fit in the proposed architecture, and the advantages derived from using Semantic Grid techologies for the specification of policies subjects and objects

Security plane for data authentication in information-centric networks

Orientadores: Maurício Ferreira Magalhães, Jussi KangasharjuTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: A segurança da informação é responsável pela proteção das informações contra o acesso nãoautorizado, uso, modificação ou a sua destruição. Com o objetivo de proteger os dados contra esses ataques de segurança, vários protocolos foram desenvolvidos, tais como o Internet Protocol Security (IPSEC) e o Transport Layer Security (TLS), provendo mecanismos de autenticação, integridade e confidencialidade dos dados para os usuários. Esses protocolos utilizam o endereço IP como identificador de hosts na Internet, tornando-o referência e identificador no estabelecimento de conexões seguras para a troca de dados entre aplicações na rede. Com o advento da Web e o aumento exponencial do consumo de conteúdos, como vídeos e áudios, há indícios da migração gradual do uso predominante da Internet, passando da ênfase voltada para a conexão entre hosts para uma ênfase voltada para a obtenção de conteúdo da rede, paradigma esse conhecido como information-centric networking. Nesse paradigma, usuários buscam por documentos e recursos na Internet sem se importarem com o conhecimento explícito da localização do conteúdo. Como consequência, o endereço IP que previamente era utilizado como ponto de referência do provedor de dados, torna-se meramente um identificador efêmero do local onde o conteúdo está armazenado, resultando em implicações para a autenticação correta dos dados. Nesse contexto, a simples autenticação de um endereço IP não garante a autenticidade dos dados, uma vez que o servidor identificado por um dado endereço IP não é necessariamente o endereço do produtor do conteúdo. No contexto de redes orientadas à informação, existem propostas na literatura que possibilitam a autenticação dos dados utilizando somente o conteúdo propriamente dito, como a utilização de assinaturas digitais por bloco de dado e a construção de árvores de hash sobre os blocos de dados. A ideia principal dessas abordagens é atrelar uma informação do provedor original do conteúdo nos blocos de dados transportados, por exemplo, uma assinatura digital, possibilitando a autenticação direta dos dados com o provedor, independentemente do host onde o dado foi obtido. Apesar do mecanismo citado anteriormente possibilitar tal verificação, esse procedimento é muito oneroso do ponto de vista de processamento, especialmente quando o número de blocos é grande, tornando-o inviável de ser utilizado na prática. Este trabalho propõe um novo mecanismo de autenticação utilizando árvores de hash com o objetivo de prover a autenticação dos dados de forma eficiente e explícita com o provedor original e, também, de forma independente do host onde os dados foram obtidos. Nesta tese, propomos duas técnicas de autenticação de dados baseadas em árvores de hash, chamadas de skewed hash tree (SHT) e composite hash tree (CHT), para a autenticação de dados em redes orientadas à informação. Uma vez criadas, parte dos dados de autenticação é armazenada em um plano de segurança e uma outra parte permanece acoplada ao dado propriamente dito, possibilitando a verificação baseada no conteúdo e não no host de origem. Além disso, essa tese apresenta o modelo formal, a especificação e a implementação das duas técnicas de árvore de hash para autenticação dos dados em redes de conteúdo através de um plano de segurança. Por fim, esta tese detalha a instanciação do modelo de plano de segurança proposto em dois cenários de autenticação de dados: 1) redes Peer-to-Peer e 2) autenticação paralela de dados sobre o HTTPAbstract: Information security is responsible for protecting information against unauthorized access, use, modification or destruction. In order to protect such data against security attacks, many security protocols have been developed, for example, Internet Protocol Security (IPSec) and Transport Layer Security (TLS), providing mechanisms for data authentication, integrity and confidentiality for users. These protocols use the IP address as host identifier on the Internet, making it as a reference and identifier during the establishment of secure connections for data exchange between applications on the network. With the advent of the Web and the exponential increase in content consumption (e.g., video and audio), there is an evidence of a gradual migration of the predominant usage of the Internet, moving the emphasis on the connection between hosts to the content retrieval from the network, which paradigm is known as information-centric networking. In this paradigm, users look for documents and resources on the Internet without caring about the explicit knowledge of the location of the content. As a result, the IP address that was used previously as a reference point of a data provider, becomes merely an ephemeral identifier of where the content is stored, resulting in implications for the correct authentication data. In this context, the simple authentication of an IP address does not guarantee the authenticity of the data, because a hosting server identified by a given IP address is not necessarily the same one that is producing the requested content. In the context of information-oriented networks, some proposals in the literature proposes authentication mechanisms based on the content itself, for example, digital signatures over a data block or the usage of hash trees over data blocks. The main idea of these approaches is to add some information from the original provider in the transported data blocks, for example, a digital signature, enabling data authentication directly with the original provider, regardless of the host where the data was obtained. Although the mechanism mentioned previously allows for such verification, this procedure is very costly in terms of processing, especially when the number of blocks is large, making it unfeasible in practice. This thesis proposes a new authentication mechanism using hash trees in order to provide efficient data authentication and explicitly with the original provider, and also independently of the host where the data were obtained. We propose two techniques for data authentication based on hash trees, called skewed hash tree (SHT) and composite hash tree (CHT), for data authentication in information-oriented networks. Once created, part of the authentication data is stored in a security plane and another part remains attached to the data itself, allowing for the verification based on content and not on the source host. In addition, this thesis presents the formal model, specification and implementation of two hash tree techniques for data authentication in information-centric networks through a security plane. Finally, this thesis details the instantiation of the security plane model in two scenarios of data authentication: 1) Peer-to-Peer and 2) parallel data authentication over HTTPDoutoradoEngenharia de ComputaçãoDoutor em Engenharia Elétric