Skip to main content
SpringerLink
Log in

Pluggable Authentication Module Meets Identity-Based Identification

  • Conference paper
  • First Online:
Advances in Cyber Security (ACeS 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1487))

Included in the following conference series:

Abstract

Pluggable authentication modules (PAMs) primarily provide authentication services to system software on a machine. PAM simplifies the job for both software developers and system administrators by providing a unified method to manage user access to the system. Therefore, software developers do not need to write user authentication subroutines because they can safely rely on well-studied and tested modules to provide the required services. The default authentication mechanism provided by PAM is password-based; while this is sufficient, the security is highly dependent on the strength of the password, which can vary based on the individual or the organization setting the associated password policies. To address this problem, we present an identity-based identification (IBI) module that works as a PAM, specifically for Linux-PAM. The security of the authentication mechanism provided by our work is only dependent on the fixed cryptographic strength of the user keys, which is generally much more secure than passwords. In addition, IBI also has comparatively simpler operations and provides easier ways to manage users compared to existing cryptographic alternatives.

Supported by the Ministry of Higher Education of Malaysia through the Fundamental Research Grant Scheme under Grant FRGS/1/2019/ICT04/MMU/02/5.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    GNU/Linux is often referred to as Linux, which is just the kernel of the operating system.

  2. 2.

    An application using PAM for authentication.

  3. 3.

    Libsodium is a fork of the popular NaCL written by Daniel Bernstein.

  4. 4.

    A watched variable to indicate memory access violation or buffer overflow attacks.

  5. 5.

    See Sect. 3.2 “User Matching” on OpenSC’s PAM PKCS#11 operation manual.

  6. 6.

    The module is not mentioned in our survey as the developers maintain it as a demo project rather than an actual authentication use case.

References

  1. Samar, V., Schemers, R.: Unified login with pluggable authentication modules (PAM). RFC 86.0, Open Software Foundation, October 1995. https://opensource.apple.com/source/pam/pam-31/pam/doc/specs/rfc86.0.txt.auto.html

  2. Samar, V.: Unified login with pluggable authentication modules (PAM). In: Proceedings of the 3rd ACM Conference on Computer and Communications Security, CCS 1996, New York, NY, USA, pp. 1–10. Association for Computing Machinery (1996). https://doi.org/10.1145/238168.238177

  3. Garfinkel, S., Spafford, G., Schwartz, A.: Pluggable Authentication Modules, pp. 114–116. O’Reilly (2003)

    Google Scholar 

  4. Kukuk, T., Mráz, T., Levin, D.V., Morgan, A.G.: Pluggable authentication modules for Linux, December 1997. https://www.linuxjournal.com/article/2120. Accessed 1 Dec 1997

  5. Geisshirt, K.: Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers. Packt Publishing, Birmingham (2007)

    Google Scholar 

  6. Morgan, A.G., Kukuk, T.: The Linux-PAM system administrators’ guide, August 2010. http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html

  7. Comparison of the usage statistics of Linux vs. windows for websites. https://w3techs.com/technologies/comparison/os-linux,os-windows. Accessed 27 May 2021

  8. OS/Linux distributions using Apache. https://secure1.securityspace.com/s_survey/data/man.202104/apacheos.html. Accessed 1 May 2021

  9. PADL Software Pty Ltd: pam\(\_\)ldap(1) Linux User’s Manual (2000)

    Google Scholar 

  10. Cusack, F., Salomon, A., Allbery, R.: pam-krb5, March 2021. https://www.eyrie.org/~eagle/software/pam-krb5/

  11. Mantova, V. (2013). http://www1.maths.leeds.ac.uk/~pmtvlm/pam-sasl.html. Accessed 23 July 2013

  12. Kukushkin, A.: pam-oauth2 (2017). https://github.com/CyberDem0n/pam-oauth2

  13. Velissek, O.: pam-oauth2-device (2018). https://github.com/ondrejvelisek/pam_oauth2_device

  14. Motoki, S.: pam-exec-oauth2 (2017). https://github.com/shimt/pam-exec-oauth2

  15. Lindfors, K., Josefsson, S., Thulin, F., S., H., Babioch, K.: pam-yubico (2008). https://github.com/Yubico/yubico-pam

  16. Mauro, A.D., Martelletto, P., Michaelsson, L., Bierbaumer, B.: pam-u2f (2014). https://github.com/Yubico/pam-u2f

  17. Strasser, M., Martinez, J.A.: pam\(\_\)pkcs11(8) Linux User’s Manual (2005)

    Google Scholar 

  18. Moody, P., Harrington, B., Shuffler, S.: pam-ussh (2018). https://github.com/uber/pam-ussh

  19. Witts, J.: The top 5 biggest cyber security threats that small businesses face and how to stop them, May 2021. https://expertinsights.com/insights/the-top-5-biggest-cyber-security-threats-that-small-businesses-face-and-how-to-stop-them/

  20. Tunggal, A.T.: What is an attack vector? 16 common attack vectors in 2021, May 2021. https://www.upguard.com/blog/attack-vector

  21. Password security best practices in 2021, November 2020. https://www.swisscyberforum.com/blog/is-your-password-secure/

  22. Most hacked passwords revealed as UK cyber survey exposes gaps in online security. National Cyber Security Centre, April 2019. https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security

  23. Swinhoe, D.: The 15 biggest data breaches of the 21st century. CSO, January 2021. https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

  24. Srinivas, S., Balfanz, D., Tiffany, E., Czeskis, A.: Universal 2nd factor (U2F) overview, April 2017. https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html

  25. Pkcs #11 v2.20: Cryptographic token interface standard. RSA Laboratories Public Key Cryptography Standards, June 2004

    Google Scholar 

  26. Igoe, K., Stebila, D.: X.509v3 Certificates for Secure Shell Authentication. RFC 6187, March 2011. https://rfc-editor.org/rfc/rfc6187.txt

  27. Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18, 1 (2016)

    Article  Google Scholar 

  28. Kurosawa, K., Heng, S.-H.: From digital signature to ID-based identification/signature. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 248–261. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_18

    Chapter  Google Scholar 

  29. Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 268–286. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_17

    Chapter  Google Scholar 

  30. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5

    Chapter  Google Scholar 

  31. Yang, G., Chen, J., Wong, D.S., Deng, X., Wang, D.: A new framework for the design and analysis of identity-based identification schemes. Theoret. Comput. Sci. 407(1), 370–388 (2008)

    Article  MathSciNet  Google Scholar 

  32. Fujioka, A., Saito, T., Xagawa, K.: Security enhancements by OR-proof in identity-based identification. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 135–152. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31284-7_9

    Chapter  Google Scholar 

  33. Chin, J.-J., Heng, S.-H., Goi, B.-M.: An efficient and provable secure identity-based identification scheme in the standard model. In: Mjølsnes, S.F., Mauw, S., Katsikas, S.K. (eds.) EuroPKI 2008. LNCS, vol. 5057, pp. 60–73. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-69485-4_5

    Chapter  Google Scholar 

  34. Tan, S.-Y., Heng, S.-H., Phan, R.C.-W., Goi, B.-M.: A variant of Schnorr identity-based identification scheme with tight reduction. In: Kim, T., et al. (eds.) FGIT 2011. LNCS, vol. 7105, pp. 361–370. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27142-7_42

    Chapter  Google Scholar 

  35. Chin, J.J., Tan, S.Y., Heng, S.H., Phan, R.: Twin-Schnorr: a security upgrade for the Schnorr identity-based identification scheme. Sci. World J. 2015, 237514 (2015)

    Article  Google Scholar 

  36. Chin, J.J., Tan, S.Y., Heng, S.H., Phan, R.C.W.: Twin-beth: security under active and concurrent attacks for the beth identity-based identification scheme. Cryptogr. Commun. 8(4), 579–591 (2015)

    Article  MathSciNet  Google Scholar 

  37. Chia, J., Chin, J.: An identity based-identification scheme with tight security against active and concurrent adversaries. IEEE Access 8, 61711–61725 (2020)

    Article  Google Scholar 

  38. Chia, J., Chin, J.J., Yip, S.C.: A pairing-free identity-based identification scheme with tight security using modified-Schnorr signatures. Symmetry 13(8) (2021). https://www.mdpi.com/2073-8994/13/8/1330

  39. Fujioka, A., Saito, T., Xagawa, K.: Applicability of OR-proof techniques to hierarchical identity-based identification. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 169–184. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35404-5_14

    Chapter  Google Scholar 

  40. Vangujar, A., Chin, J., Tan, S., Ng, T.: A hierarchical identity-based identification scheme without pairing. Malays. J. Math. Sci. 13, 93–109 (2018)

    MathSciNet  MATH  Google Scholar 

  41. Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. Chapman & Hall/CRC, Boca Raton (2014)

    Book  Google Scholar 

  42. Youngblood, C.: An introduction to identity-based cryptography, March 2005. https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/youngblood_csep590tu_final_paper.pdf

  43. Bai, Q.-H.: Comparative research on two kinds of certification systems of the public key infrastructure (PKI) and the identity based encryption (IBE). In: Cross Strait Quad-Regional Radio Science and Wireless Technology Conference (CSQRWC), pp. 147–150, July 2012

    Google Scholar 

  44. Chia, J., Chin, J.-J., Yip, S.-C.: Evaluating pairing-free identity-based identification using curve25519. In: Anbar, M., Abdullah, N., Manickam, S. (eds.) ACeS 2020. CCIS, vol. 1347, pp. 179–193. Springer, Singapore (2021). https://doi.org/10.1007/978-981-33-6835-4_12

    Chapter  Google Scholar 

  45. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  46. Morgan, A.G., Kukuk, T.: The Linux-PAM module writers’ guide, August 2010. http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_MWG.html

  47. Bernstein, D., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. IACR Cryptology ePrint Archive 2011, 646, January 2011

    Google Scholar 

  48. Ylonen, T.: The secure shell (SSH) protocol architecture. RFC 4521, January 2006. https://www.rfc-editor.org/rfc/rfc4251.txt

  49. Percival, C., Josefsson, S.: The scrypt Password-Based Key Derivation Function. RFC 7914, August 2016. https://rfc-editor.org/rfc/rfc7914.txt

  50. Denis, F.: Secure memory, May 2018. https://libsodium.gitbook.io/doc/memory_management

  51. Hamilton, C., Olmstead, A.: Database multi-factor authentication via pluggable authentication modules. In: 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 367–368 (2017)

    Google Scholar 

  52. Elaine, B.: Recommendation for Key Management, Part 1: General, 5th edn. U.S. Department of Commerce, National Institute of Standards and Technology (2020)

    Google Scholar 

Download references

Acknowledgments

The authors would like to acknowledge the support of the Ministry of Higher Education of Malaysia through the Fundamental Research Grant Scheme under Grant FRGS/1/2019/ICT04/MMU/02/5.

Author information

Authors and Affiliations

  1. Faculty of Engineering, Multimedia University Cyberjaya, 63100, Selangor, Malaysia

    Jason Chia & Sook-Chin Yip

  2. Faculty of Computing and Informatics, Multimedia University Cyberjaya, 63100, Selangor, Malaysia

    Ji-Jian Chin

Authors
  1. Jason Chia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ji-Jian Chin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sook-Chin Yip
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hodeidah University, Hodeidah, Yemen

    Nibras Abdullah

  2. Universiti Sains Malaysia, Penang, Malaysia

    Selvakumar Manickam

  3. Universiti Sains Malaysia, Penang, Malaysia

    Mohammed Anbar

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chia, J., Chin, JJ., Yip, SC. (2021). Pluggable Authentication Module Meets Identity-Based Identification. In: Abdullah, N., Manickam, S., Anbar, M. (eds) Advances in Cyber Security. ACeS 2021. Communications in Computer and Information Science, vol 1487. Springer, Singapore. https://doi.org/10.1007/978-981-16-8059-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-981-16-8059-5_10

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-16-8058-8

  • Online ISBN: 978-981-16-8059-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation