Vol: 53(67) No: 4 / December 2008 On the Security of Some Authentication Mechanisms from Windows Bogdan Groza Politehnica University of Timisoara, Faculty of Automatics and Computers, Timisoara, Romania, e-mail: bogdan.groza@aut.upt.ro, web: http://www.aut.upt.ro/~bgroza/ Andrei Alexandroni Pensive S.A., Brussels, Belgium, e-mail: andrei@pensive.eu Ioan Silea Politehnica University of Timisoara, Faculty of Automatics and Computers, Timisoara, Romania, e-mail: ioan.silea@aut.upt.ro, web: http://www.aut.upt.ro/~isilea/ Victor-Valeriu Patriciu Military Technical Academy, Department of Computer Engineering, Bucharest, Romania, e-mail: vip@mta.ro, web: http://www.mta.ro/conducere/victor_patriciu.php Keywords: authentication, cryptography, NTLM, protocol Abstract The paper investigates some authentication mechanisms used in Windows. In particular, the NTLM authentication protocol, which is commonly used in several solutions from Microsoft, is analyzed. The NTLM authentication is completely unsafe in several variants of use and some of its weaknesses previously known. A critical analysis is done, the weaknesses are explained and the safe solutions are underlined. As a practical example it is shown how the NTLM authentication from SharePoint based portals can be exploited to steal passwords and how to configure the NTLM for a safe use. This analysis is relevant as SharePoint becomes widely used and NTLM is still the default option and the only authentication mechanism available when there is no support for Kerberos. Nevertheless, a comparison between the password based authentication from UNIX and Windows OS is done. References [1] M. Bellare, R. Canetti, H. Krawczyk, “Keying Hash Functions for Message Authentication”, Advances in Cryptology – CRYPTO 96, LNCS vol. 1109, Springer-Verlag, 1996. [2] E. Biham, A. Shamir, “Differential cryptanalysis of DES-like cryptosystems”, Technical report CS90-16, Weizmann Institute of Science, CRYPTO\'90 & Journal of Cryptology, Vol. 4, No. 1, pp. 3-72, 1991. [3] Colin Boyd, Anish Mathuria, Protocols for Authentication and Key Establishment, Springer Verlag, 300 pages, ISBN-13: 978-3540431077, 2003. [4] Jesse Burns, Information Security Partners, “NTLM Authentication Un-safe”, http://www.isecpartners.com/files/NTLM_Unsafe_0.pdf, 2004. [5] John A. Clark, Jeremy L. Jacob, “A survey of authentication protocol literature”, available at http://www.cs.york.ac.uk/jac/papers/drareview.ps.gz, 1997. [6] D. Coppersmith, “The Data Encryption Standard (DES) and its strength against attacks”, IBM Journal of Research and Development, 1994. [7] FIPS 46, Data Encryption Standard (DES), National Institute of Standards and Technology (NIST), U.S. Department of Commerce, 1976. [8] FIPS 180-1, (1995), 180-2, Announcing the Secure Hash Standard., National Institute of Standards and Technology (NIST)., U.S. Department of Commerce, 2002. [9] E. Glass, “The NTLM Authentication Protocol and Security Support Provider”, http://davenport.sourceforge.net/ntlm.html. [10] Jesper Johansson, “Security Watch: The Most Misunderstood Windows Security Setting of All Time”, http://technet.microsoft.com/en-us/magazine/cc160954.aspx, 2006 [11] M. Matsui, “Linear Cryptanalysis Method for DES Cipher”, Advaces in cryptology, EUROCRYPT\'03, LNCS 765, 1993. [12] A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996. [13] R. Rivest, “The MD5 Message-Digest Algorithm”, MIT Laboratory for Computer Science and RSA Data Security, RFC 1321, 1992. [14] D. Sanai, H. Seki, \"Optimized Attack for NTLM2 Session Response\", http://www.blackhat.com/presentations/bh-asia-04/bh-jp-04-pdfs/bh-jp-04-seki.pdf, 2004. [15] B. Schneier and Mudge, \"Cryptanalysis of Microsoft\'s Point-to-Point Tunneling Protocol (PPTP),\" Proceedings of the 5th ACM Conference on Communications and Computer Security, ACM Press, pp. 132-141. [16] Schneier, B., Mudge and D. Wagner, “Cryptanalysis of Microsoft\'s PPTP authentication extensions (MS-CHAPv2)”, in: R. Baumgart, editor, CQRE, Lecture Notes in Computer Science 1740 (1999), pp. 192-203. [17] B. Schneier, “Cryptanalysis of MD5 and SHA: Time for a New Standard”, http://schneier.com/essay-074.html, 2004. [18] B. Schneier, “Real-World Passwords”, 2006, http://www.schneier.com/blog/archives/2006/12/realworld_passw.html. [19] X. Wang, Y.L. Yin, H. Yu, “Collision search on SHA1”, http://theory.csail.mit.edu/~yiqun/shanote.pdf, 2005. [20] X. Wang, H. Yu, “How to Break MD5 and Other Hash Functions”, Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 19-35, 2005. [21] G. Zorn, S. Cobb, “Microsoft PPP CHAP Extensions”, RFC 2433, Microsoft Corporation, 1998. [22] G. Zorn, “Microsoft PPP CHAP Extensions, Version 2”, RFC 2759, Microsoft Corporation, 2000. [23] The AVISPA Library of Protocols, CHAPv2, http://avispa-project.org/library/CHAPv2.html. [24] Microsoft, How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases, http://support.microsoft.com/kb/299656, 2007. |