10) chapter 4 - authentication applications
TRANSCRIPT
-
8/8/2019 10) Chapter 4 - Authentication Applications
1/42
11
ChapterChapter 44
Authentication ApplicationsAuthentication Applications
-
8/8/2019 10) Chapter 4 - Authentication Applications
2/42
22
OutlineOutline
Security ConcernsSecurity Concerns
KerberosKerberos
X.X.509509 Authentication ServiceAuthentication ServiceRecommended reading and Web SitesRecommended reading and Web Sites
-
8/8/2019 10) Chapter 4 - Authentication Applications
3/42
33
KERBEROSKERBEROS
In Greek mythology, a many headed dog, theIn Greek mythology, a many headed dog, the
guardian of the entrance of Hadesguardian of the entrance of Hades
-
8/8/2019 10) Chapter 4 - Authentication Applications
4/42
44
KERBEROS: EnvironmentKERBEROS: Environment
Users on workstations wish to access services onUsers on workstations wish to access services onservers distributed over network.servers distributed over network.
Network
Workstations Servers
-
8/8/2019 10) Chapter 4 - Authentication Applications
5/42
55
KERBEROSKERBEROS
Three threats exist:Three threats exist:
User pretend to be another user.User pretend to be another user.
User alter the network address of a
User alter the network address of aworkstation.workstation.
User eavesdrop on exchanges and use aUser eavesdrop on exchanges and use areplay attack.replay attack.
-
8/8/2019 10) Chapter 4 - Authentication Applications
6/42
66
KERBEROSKERBEROS
Provides a centralized authenticationProvides a centralized authenticationserver to authenticate users to serversserver to authenticate users to serversand servers to users.and servers to users.
Relies on conventional encryption, makingRelies on conventional encryption, makingno use of publicno use of public--key encryptionkey encryption
Two versions: versionTwo versions: version 44 andand 55
VersionVersion 44 makes use of DESmakes use of DES
-
8/8/2019 10) Chapter 4 - Authentication Applications
7/42
77
KERBEROS: MotivationKERBEROS: Motivation
Network evolutionNetwork evolution
Dedicated PCDedicated PC no network connectionno network connection
Single Centralized ServerSingle Centralized Server Distributed Servers:Distributed Servers: 33 security approachessecurity approaches
WorkstationWorkstation--basedbased
ServerServer--basedbased
ServiceService--basedbased -->> KERBEROSKERBEROS
-
8/8/2019 10) Chapter 4 - Authentication Applications
8/42
88
KERBEROS: RequirementsKERBEROS: Requirements
SecureSecure
ReliableReliable
TransparentTransparentScalableScalable
Therefore useTherefore use
trustedtrusted 33rdrd party authentication service.party authentication service.
-
8/8/2019 10) Chapter 4 - Authentication Applications
9/42
99
KERBEROSKERBEROS 44: Entities: Entities
Terms:Terms: C = ClientC = Client
AS = authentication serverAS = authentication server V = serverV = server
IDIDcc = identifier ofuser on C= identifier ofuser on C
IDIDvv = identifier of server V= identifier of server V
ADcADc = network address of C= network address of C PPcc = password ofuser on C= password ofuser on C
KKvv = secret encryption key shared by AS an V= secret encryption key shared by AS an V
TS = timestampTS = timestamp
|| = concatenation|| = concatenation
-
8/8/2019 10) Chapter 4 - Authentication Applications
10/42
1010
KERBEROSKERBEROS 44
Building up the full protocol:Building up the full protocol:
Simple authentication dialogueSimple authentication dialogue
More secure a
uthentication dialog
ueMore sec
ure a
uthentication dialog
ue
KERBEROSKERBEROS 44 authentication dialogueauthentication dialogue
-
8/8/2019 10) Chapter 4 - Authentication Applications
11/42
1111
A Simple Authentication DialogueA Simple Authentication Dialogue
Network
Workstations Servers
AuthenticationServer
-
8/8/2019 10) Chapter 4 - Authentication Applications
12/42
1212
Authentication ServerAuthentication Server -- ASAS
AS knows passwordsAS knows passwords
of allu
sersof allu
sers
AS shares a uniqueAS shares a uniquesecret key with eachsecret key with each
serverserver
-
8/8/2019 10) Chapter 4 - Authentication Applications
13/42
1313
A Simple Authentication DialogueA Simple Authentication Dialogue
(1)(1) CC AS: AS: IIDDcc |||| PPcc |||| IIDDvv
(2)(2)ASAS C:C: Ticket Ticket
(3)(3) CC V:V: IIDDcc |||| TicketTicket
Ticket = ETicket = EKKvv[[IIDDcc |||| ADADcc |||| IIDDvv]]
-
8/8/2019 10) Chapter 4 - Authentication Applications
14/42
1414
A Simple Authentication DialogueA Simple Authentication Dialogue
Ticket encrypted to prevent forgeryTicket encrypted to prevent forgery
IDvIDv for server to verify its decryptionfor server to verify its decryption
IDcIDc for verify that this ticket is for Cfor verify that this ticket is for CADcADc to prevent masquerading fromto prevent masquerading fromother workstationother workstation
-
8/8/2019 10) Chapter 4 - Authentication Applications
15/42
1515
A Simple Authentication DialogueA Simple Authentication Dialogue
ProblemsProblems
Users have to enter password every timeUsers have to enter password every timeaccessing the server/serviceaccessing the server/service
Plaintext transmission ofusers passwordPlaintext transmission ofusers password
-
8/8/2019 10) Chapter 4 - Authentication Applications
16/42
1616
A More Secure Authentication DialogueA More Secure Authentication Dialogue
Network
Workstations Servers
AuthenticationServerTicket Granting ServerTicket Granting Server
-
8/8/2019 10) Chapter 4 - Authentication Applications
17/42
1717
Ticket Granting ServerTicket Granting Server -- TGSTGS
TGS grants a ticket for aTGS grants a ticket for a
particular serviceparticular service(Ticket(Ticketvv))
First, user must be authenticated at ASFirst, user must be authenticated at ASand obtain ticketand obtain ticket--granting ticketgranting ticket
(Ticket(Tickettgstgs))
TicketTickettgstgs is saved at workstationis saved at workstation
-
8/8/2019 10) Chapter 4 - Authentication Applications
18/42
1818
A More Secure Authentication DialogueA More Secure Authentication Dialogue
Once per user logon session:Once per user logon session:
((11) C) C AS: IDc AS: IDc || IDtgs|| IDtgs((22)) ASAS C: EC: EKKCC [Ticket[Tickettgstgs]]
Once per type of service:Once per type of service:
((33) C) C TGS: IDTGS: IDCC |||| IDvIDv ||Ticket||Tickettgstgs
((44) TGS) TGS
C:C: TicketTicketvv
Once per service session:Once per service session:
((55) C) CV:V: IDIDCC |||| TicketTicketvv
-
8/8/2019 10) Chapter 4 - Authentication Applications
19/42
1919
A More Secure Authentication DialogueA More Secure Authentication Dialogue
TicketTickettgstgs = E= EKKtgstgs [ID[IDCC||AD||ADCC||ID||IDtgstgs||TS||TS11||||LifetimeLifetime11]]
TicketTicketvv = E= EKKvv[ID[IDCC||AD||ADCC||ID||IDVV||TS||TS22||||LifetimeLifetime22]]
(K(Ktgstgs -- key known only by AS and TGS)key known only by AS and TGS)
(K(Kvv -- key known only by server and TGS)key known only by server and TGS)
-
8/8/2019 10) Chapter 4 - Authentication Applications
20/42
2020
A More Secure Authentication DialogueA More Secure Authentication Dialogue
Users password is not transmitted.Users password is not transmitted.
TicketTickettgstgs is encrypted by key derived fromis encrypted by key derived from
users password.users password.Tickets are reusable but are timestampedTickets are reusable but are timestampedto prevent replay attack.to prevent replay attack.
-
8/8/2019 10) Chapter 4 - Authentication Applications
21/42
2121
A More Secure Authentication DialogueA More Secure Authentication Dialogue
Problems:Problems:
Lifetime associated with the ticketLifetime associated with the ticket--grantinggrantingticketticket
If too shortIf too short repeatedly asked for passwordrepeatedly asked for password
If too longIf too long greater opportunity to replaygreater opportunity to replay
Similarly for serviceSimilarly for service--granting ticketgranting ticket
Opponent masquerades as serverOpponent masquerades as server
-
8/8/2019 10) Chapter 4 - Authentication Applications
22/42
2222
VersionVersion 44 Authentication DialogueAuthentication Dialogue
Authentication Service Exhange: To obtain TicketAuthentication Service Exhange: To obtain Ticket--Granting TicketGranting Ticket
((11) C) C AS: AS: IDcIDc || IDtgs ||TS|| IDtgs ||TS11((22) AS) AS C:C: EEKcKc [K[Kc,tgsc,tgs|| ID|| IDtgstgs || TS|| TS22 || Lifetime|| Lifetime22 || Ticket|| Tickettgstgs]]
TicketTickettgstgs = E= EKKtgstgs[K[Kc,tgsc,tgs||ID||IDcc||AD||ADcc||ID||IDtgstgs||TS||TS22||||LifetimeLifetime22]]
To counter replay attack and prove userTo counter replay attack and prove user
identityidentity AS provides session key to TGS and userAS provides session key to TGS and user
(K(Kc,tgsc,tgs))
Timestamp is also includedTimestamp is also included
-
8/8/2019 10) Chapter 4 - Authentication Applications
23/42
2323
VersionVersion 44 Authentication DialogueAuthentication DialogueTicketTicket--Granting Service Echange: To obtain ServiceGranting Service Echange: To obtain Service--Granting TicketGranting Ticket
((33) C) C TGS: IDvTGS: IDv ||Ticket||Tickettgstgs ||Authenticator||Authenticatorcc
((44) TGS) TGS C: EC: EKcKc [K[Kc,vc,v|| ID|| IDvv || TS|| TS44 || Ticket|| Ticketvv]]
TicketTickettgstgs = E= EKKtgstgs[K[Kc,tgsc,tgs||ID||IDcc||AD||ADcc||ID||IDtgstgs||TS||TS22||||LifetimeLifetime22]]TicketTicketvv = E= EKKvv[K[Kc,vc,v||ID||IDcc||AD||ADcc||ID||IDvv||TS||TS44||||LifetimeLifetime44]]
AuthenticatorAuthenticatorcc = E= EKKc,tgsc,tgs[ID[IDcc||AD||ADcc||TS||TS33]]
Authenticator very short lifetime to prevent replayAuthenticator very short lifetime to prevent replay
KKc,vc,v is session key between user and serveris session key between user and server
-
8/8/2019 10) Chapter 4 - Authentication Applications
24/42
2424
VersionVersion 44 Authentication DialogueAuthentication DialogueClient/Server Authentication Exhange: To Obtain ServiceClient/Server Authentication Exhange: To Obtain Service
((55) C) C V: Ticket V: Ticketvv || Authenticator|| Authenticatorcc
((66) V) V C:C: EEKKc,vc,v[TS[TS55 ++11]]
TicketTicketvv = E= EKKvv[K[Kc,vc,v||ID||IDcc||AD||ADcc||ID||IDvv||TS||TS44||||LifetimeLifetime44]]AuthenticatorAuthenticatorcc = E= EKKc,vc,v[ID[IDcc||AD||ADcc||TS||TS55]]
If also require server to prove itself to user thenIf also require server to prove itself to user then
((66) is used.) is used.
-
8/8/2019 10) Chapter 4 - Authentication Applications
25/42
2525
Overview of KerberosOverview of Kerberos
-
8/8/2019 10) Chapter 4 - Authentication Applications
26/42
2626
Realms and Multiple KerberiRealms and Multiple Kerberi
The KERBEROS environment we had justThe KERBEROS environment we had justcovered is called acovered is called a realmrealm..
There can be multiple realms where userThere can be multiple realms where userin one realm can access services inin one realm can access services inanother realm.another realm.
KERBEROS server in each realm shares aKERBEROS server in each realm shares a
secret key with servers in another realm.secret key with servers in another realm.KERBEROS servers are registered with oneKERBEROS servers are registered with oneanother.another.
-
8/8/2019 10) Chapter 4 - Authentication Applications
27/42
2727
Request for Service in Another RealmRequest for Service in Another Realm
-
8/8/2019 10) Chapter 4 - Authentication Applications
28/42
2828
KERBEROSKERBEROS 44 Environmental LimitationsEnvironmental Limitations
Encryption system dependence (Encryption system dependence (V.V.44 DES)DES)
Internet protocol dependenceInternet protocol dependence
Message byte orderingMessage byte ordering
Ticket lifetimeTicket lifetime
Authentication forwardingAuthentication forwarding
Interrealm authenticationInterrealm authentication
-
8/8/2019 10) Chapter 4 - Authentication Applications
29/42
2929
KERBEROSKERBEROS 44 Technical LimitationsTechnical Limitations
Double encryptionDouble encryption message (message (22) and () and (44))
PCBC encryption (propagating blockPCBC encryption (propagating block
chaining)chaining) has weaknesshas weaknessSession keysSession keys can be used repeatedlycan be used repeatedly
Password attacksPassword attacks
-
8/8/2019 10) Chapter 4 - Authentication Applications
30/42
3030
Kerberos Encryption TechniquesKerberos Encryption TechniquesPasswordPassword--toto--Key TransformationKey Transformation
-
8/8/2019 10) Chapter 4 - Authentication Applications
31/42
3131
Kerberos Encryption TechniquesKerberos Encryption TechniquesPasswordPassword--toto--Key TransformationKey Transformation
-
8/8/2019 10) Chapter 4 - Authentication Applications
32/42
3232
PCBC ModePCBC Mode
-
8/8/2019 10) Chapter 4 - Authentication Applications
33/42
3333
KerberosKerberos -- in practicein practiceCC
urrently have twoK
erberos versionsurrently have twoK
erberos versions:: 44 : restricted to a single realm: restricted to a single realm
55 : allows inter: allows inter--realm authenticationrealm authentication
Kerberos vKerberos v55 is an Internet standardis an Internet standard
specified in RFCspecified in RFC15101510, and used by many utilities, and used by many utilities
TTo use
Kerberoso use
Kerberos::
need to have a KDC on your networkneed to have a KDC on your network
need to have Kerberized applications running on allneed to have Kerberized applications running on allparticipating systemsparticipating systems
major problemmajor problem -- US export restrictionsUS export restrictions
Kerberos cannot be directly distributed outside the US inKerberos cannot be directly distributed outside the US insource format (& binary versions must obscure cryptosource format (& binary versions must obscure cryptoroutine entry points and have no encryption)routine entry points and have no encryption)
else crypto libraries must be implemented locallyelse crypto libraries must be implemented locally
-
8/8/2019 10) Chapter 4 - Authentication Applications
34/42
3434
X.X.509509 Authentication ServiceAuthentication Service
X.X.509509 is a part ofis a part of X.X.500500 directory servicedirectory service Distributed set of servers that maintains aDistributed set of servers that maintains a
database aboutusers.database aboutusers.
Each certificate contains the public key ofEach certificate contains the public key ofa user and is signed with the private keya user and is signed with the private keyof a CA.of a CA.
Isused in S/MIME, IP Sec
urity, SS
L/T
LSIs
used in S/MIME, IP Sec
urity, SS
L/T
LSand SET.and SET.
RSA is recommended for use.RSA is recommended for use.
-
8/8/2019 10) Chapter 4 - Authentication Applications
35/42
3535
-
8/8/2019 10) Chapter 4 - Authentication Applications
36/42
3636
X.X.509509 FormatsFormats
-
8/8/2019 10) Chapter 4 - Authentication Applications
37/42
3737
TypicalTypical Digital Signature ApproachDigital Signature Approach
-
8/8/2019 10) Chapter 4 - Authentication Applications
38/42
3838
Obtaining a Users CertificateObtaining a Users Certificate
Characteristics of certificates generated byCharacteristics of certificates generated byCA:CA:
Any user with access to the public key of theAny user with access to the public key of theCA can recover the user public key that wasCA can recover the user public key that wascertified.certified.
No party other than the CA can modify theNo party other than the CA can modify the
certificate without this being detected.certificate without this being detected.
-
8/8/2019 10) Chapter 4 - Authentication Applications
39/42
3939
X.X.509509 CA HierarchyCA Hierarchy
-
8/8/2019 10) Chapter 4 - Authentication Applications
40/42
4040
Revocation of CertificatesRevocation of Certificates
Reasons for revocation:Reasons for revocation:
The users secret key is assumed to beThe users secret key is assumed to becompromised.compromised.
The user is no longer certified by this CA.The user is no longer certified by this CA.
The CAs certificate is assumed to beThe CAs certificate is assumed to becompromised.compromised.
-
8/8/2019 10) Chapter 4 - Authentication Applications
41/42
4141
Authentication ProceduresAuthentication Procedures
-
8/8/2019 10) Chapter 4 - Authentication Applications
42/42
4242
Recommended Reading andRecommended Reading and
WEB SitesWEB Siteswww.whatis.com (search for kerberos)www.whatis.com (search for kerberos)
Bryant, W. Designing an AuthenticationBryant, W. Designing an AuthenticationSystem: A Dialogue in Four Scenes.System: A Dialogue in Four Scenes.http://web.mit.edu/kerberos/www/dialogue.htmlhttp://web.mit.edu/kerberos/www/dialogue.html
Kohl, J.; Neuman, B. The Evolotion ofKohl, J.; Neuman, B. The Evolotion of
the Kerberos Authentication Servicethe Kerberos Authentication Servicehttp://web.mit.edu/kerberos/www/papers.htmlhttp://web.mit.edu/kerberos/www/papers.html
http://www.isi.edu/gost/info/kerberos/http://www.isi.edu/gost/info/kerberos/