Upload
adela-webb
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
IIIT Security Workshop 1
ChapterChapterAuthentication Applications
ADAPTED FROM THE PRESENTATION by
Henric Johnson
Blekinge Institute of Technology,Sweden
http://www.its.bth.se/staff/hjo/
ATUL NEGI Dept. of CIS, University of Hyderabad
IIIT Security Workshop 2
OutlineOutline
• Security Concerns• Kerberos• X.509 Authentication Service• Recommended reading and Web
Sites
IIIT Security Workshop 3
Security ConcernsSecurity Concerns
• key concerns are confidentiality and timeliness
• to provide confidentiality must encrypt identification and session key info
• which requires the use of previously shared private or public keys
• need timeliness to prevent replay attacks
• provided by using sequence numbers or timestamps or challenge/response
IIIT Security Workshop 4
KERBEROSKERBEROS
In Greek mythology, a many headed dog, the guardian of the entrance of Hades
IIIT Security Workshop 5
KERBEROSKERBEROS
• Users wish to access services on servers.
• Three threats exist:– User pretend to be another user.– User alter the network address of a
workstation.– User eavesdrop on exchanges and
use a replay attack.
IIIT Security Workshop 6
Quick View onQuick View on“What is Kerberos?”“What is Kerberos?”
• Network authentication protocol, software allow OSs(Windows, Mac, etc.) to authenticate users and servers, and manage session-level security and encryption.
• IP-based service. Uses secret-key crytography to provide strong authentication for client/server applications.
• Kerberos is available in several commercial products and is also available as free implementation from MIT.
IIIT Security Workshop 7
KERBEROSKERBEROS
• Provides a centralized authentication server to authenticate users to servers and servers to users.
• Relies on conventional encryption, making no use of public-key encryption
• Two versions: version 4 and 5• Version 4 makes use of DES
IIIT Security Workshop 8
More on KERBEROSMore on KERBEROS• Mutual authentication: identifies
principals (users and services) by requiring them to present proof of identity. Not only do users of a service identify themselves to the service, but users can challenge the service to prove its identity.
• Mechanism: "trusted third-party authentication". This means that the Kerberos server must know who all the parties are and how they prove their identity (their passwords).
IIIT Security Workshop 9
More on KERBEROSMore on KERBEROS• Key Distribution Center This
concentration of secret information makes the Kerberos server (more technically known as the or KDC)
• Assumption: Kerberos protocol assumes that all network traffic is vulnerable to capture, examination and substitution. It also assumes that it needs to work correctly even in the face of these challenging assumptions.
IIIT Security Workshop 10
Summary KERBEROS on Summary KERBEROS on GNU/LinuxGNU/Linux
• KDC server two important Kerberos daemons:
Kadmind: administrative daemon for the Kerberos server.– kadmind is used by kadmin maintain database of principals
and policy configuration. – kadmin allow remotely administer the Kerberos
components of the server, (disallow remote logins via ssh)
krb5kdc responsible for performing the role of the trusted third party arbitrator in Kerberos authentication.– When a user wants to authenticate himself to a system or
service, the user requests a ticket from the KDC. A ticket is a datagram consisting of the client's identity, a session key, a timestamp, and some other information. The datagram is encrypted with the server's secret key.
IIIT Security Workshop 11
Summary KERBEROS on Summary KERBEROS on GNU/Linux Client SideGNU/Linux Client Side
• Fedora derived GNU/Linux, package is krb5-workstation • Configuration involves editing the /etc/krb5.conf file.• In this file, specify the realm, KDC's, administrative
server, logging, default domain, and KDC information.
• Modify the kdc.conf file, specify a location for in the krb5.conf file. The default location is /var/Kerberos/krb5kdc/kdc.conf. The kdc.conf file contains information about the encryption algorithm policy of the realm.
• More details refer to GNU/Linux FAQ Kerberos Infrastructure HOWTO by V. Alex
Brennen
IIIT Security Workshop 12
Kerberos Version 4Kerberos Version 4
• Terms:– C = Client– AS = authentication server– V = server– IDc = identifier of user on C– IDv = identifier of V– Pc = password of user on C– ADc = network address of C– Kv = secret encryption key shared by AS an V– TS = timestamp– || = concatenation
IIIT Security Workshop 13
A Simple A Simple Authentication Authentication
DialogueDialogue(1)C AS: IDc || Pc || IDv
(2) AS C: Ticket
(3) C V: IDc || Ticket
Ticket = EKv[IDc || Pc || IDv]
IIIT Security Workshop 14
Version 4 Version 4 Authentication Authentication
DialogueDialogue• Problems:
– Lifetime associated with the ticket-granting ticket
– If to short repeatedly asked for password– If to long greater opportunity to replay
• The threat is that an opponent will steal the ticket and use it before it expires
IIIT Security Workshop 15
Version 4 Authentication Version 4 Authentication DialogueDialogue
Authentication Service Exhange: To obtain Ticket-Granting Ticket
(1) C AS: IDc || IDtgs ||TS1
(2) AS C: EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs]
Ticket-Granting Service Echange: To obtain Service-Granting Ticket
(3) C TGS: IDv ||Tickettgs ||Authenticatorc
(4) TGS C: EKc [Kc,¨v|| IDv || TS4 || Ticketv]
Client/Server Authentication Exhange: To Obtain Service
(5) C V: Ticketv || Authenticatorc
(6) V C: EKc,v[TS5 +1]
IIIT Security Workshop 16
Overview of KerberosOverview of Kerberos
IIIT Security Workshop 17
Request for Service in Request for Service in Another RealmAnother Realm
IIIT Security Workshop 18
Difference Between Difference Between Version 4 and 5Version 4 and 5
• Encryption system dependence (V.4 DES)
• Internet protocol dependence• Message byte ordering• Ticket lifetime• Authentication forwarding• Interrealm authentication
IIIT Security Workshop 19
Kerberos Encryption Kerberos Encryption TechniquesTechniques
IIIT Security Workshop 20
PCBC ModePCBC Mode
IIIT Security Workshop 21
Kerberos - in practiseKerberos - in practise • Currently have two Kerberos versions:
• 4 : restricted to a single realm • 5 : allows inter-realm authentication, in beta test • Kerberos v5 is an Internet standard • specified in RFC1510, and used by many utilities • To use Kerberos: • need to have a KDC on your network • need to have Kerberised applications running on all participating
systems • major problem - US export restrictions • Kerberos cannot be directly distributed outside the US in source
format (& binary versions must obscure crypto routine entry points and have no encryption)
• else crypto libraries must be reimplemented locally
IIIT Security Workshop 22
Where Kerberos Doesn’t Where Kerberos Doesn’t HelpHelp• "Denial of service" attacks are not solved with Kerberos. System
Adminstrators must deal with such problems• Principals must keep their secret keys secret. If an intruder somehow
steals a principal's key, it will be able to masquerade as that principal or impersonate any server to the legitimate principal.
• "Password guessing" attacks are not solved by Kerberos. If a user chooses a poor password,
• Each host on the network must have a clock which is "loosely synchronized" to the time of the other hosts; this synchronization is used to reduce the bookkeeping needs of application servers when they do replay detection. If the clocks are synchronized over the network, the clock synchronization protocol must itself be secured from network attackers.
• Principal identifiers are not recycled on a short-term basis. A typical mode of access control will use access control lists (ACLs) to grant permissions to particular principals. If a Kohl & Neuman [Page 8] RFC 1510 Kerberos September 1993 stale ACL entry remains for a deleted principal and the principal identifier is reused, the new principal will inherit rights specified in the stale ACL entry. By not re-using principal identifiers, the danger of inadvertent access is removed.
IIIT Security Workshop 23
X.509 Authentication X.509 Authentication ServiceService
• Distributed set of servers that maintains a database about users.
• Each certificate contains the public key of a user and is signed with the private key of a CA.
• Is used in S/MIME, IP Security, SSL/TLS and SET.
• RSA is recommended to use.
IIIT Security Workshop 24
X.509 FormatsX.509 Formats
IIIT Security Workshop 25
Typical Typical Digital Digital Signature ApproachSignature Approach
IIIT Security Workshop 26
Obtaining a User’s Obtaining a User’s CertificateCertificate
• Characteristics of certificates generated by CA:– Any user with access to the public key
of the CA can recover the user public key that was certified.
– No part other than the CA can modify the certificate without this being detected.
IIIT Security Workshop 27
X.509 CA HierarchyX.509 CA Hierarchy
IIIT Security Workshop 28
Revocation of Revocation of CertificatesCertificates
• Reasons for revocation:– The users secret key is assumed to be
compromised.– The user is no longer certified by this
CA.– The CA’s certificate is assumed to be
compromised.
IIIT Security Workshop 29
Authentication Authentication ProceduresProcedures
IIIT Security Workshop 30
Recommended Reading Recommended Reading and WEB Sitesand WEB Sites
• www.whatis.com (search for kerberos)• Bryant, W. Designing an
Authentication System: A Dialogue in Four Scenes. http://web.mit.edu/kerberos/www/dialogue.html
• Kohl, J.; Neuman, B. “The Evolotion of the Kerberos Authentication Service” http://web.mit.edu/kerberos/www/papers.html
• http://www.isi.edu/gost/info/kerberos/