LDAP Directory Services:

Security

Directory Security Overview

Brief Review of Directories and LDAP Brief Review of Security Basic Security Concepts Security as Applied to Directories

Threats LDAP Protocol Security Features Typically Implemented Security Features Futures References

Brief Review of Directories & LDAP

DirectoryDatabase

Network

Directory Service

DirectoryInformation

Tree(DIT)

A

B C

F

D

E G

H I

Client

search “G,C,A”

LDAP

Brief Review of Directories & LDAP

• What directories are…– Object repositories– Typically read more than written– Have explicit access protocols– Support relatively complex queries

• What directories are not…– RDBMSs– Lack notions of..

• Tabular views• JOIN operations• Stored Procedures

Brief Review of Directories & LDAP

• Obligatory, overly-simplified, Protocol Stack Diagram

Directory-based Application

IPEthernet, Cable, Wireless, whatever.

TCP

LDAP

Brief Review of Security

• Notion of Security for a network protocol is comprised of (at least) these axes..– Identity & Authentication

• “Who are you and who says so?”

– Confidentiality • “Tough petunias to eavesdroppers.”

– Integrity• “Did anyone muck with this data?”

– Authorization• “Yes, you can do that, but no, you can’t do that other thing.”

Basic Security Concepts

• Notions...– The notion of Identity– Of Names and Identifiers

• Authentication Identity• Authorization Identity

– Anonymity

Basic Security Concepts

Overall Namespace

Names Identifiers

Basic Security Concepts

• The applicable “science & technology of implementation”...– Ciphers– Encryption– Integrity

• AKA Cryptography [11]

Basic Security Concepts, cont’d

Basic Security Concepts, cont’d

Basic Security Concepts, cont’d

Security as Applied to Directories

• One needs to separately consider each of the four security axes in the context of anticipated threats.

• Also need to consider security from the perspectives of..– the info stored in the directory, and..– attributes of the requesters.

• E.g. how much you trust them.

• Note that..– data security != access security

Example Deployment Scenarios

Anonymous Requesters? Identified Requesters?

Read/Write?

Read/Write?

1 N N Y RO N None2 N N N N/A Y RO Secure Authentication

3 N Y N/A N/A N/A N/AMutual authentication, Connection Integrity-Protection

4 N N Y RO Y RW Secure Authentication

5 Y Y N/A N/A N/A N/A

Mutual authentication, Connection Integrity- and Confidentiality- Protection

Required Directory-Specific Security Mechanisms or

Functions

Connection Hijacking or IP

Spoofing Threats?sc

enar

ios Contains

Sesitive Data?

Directory Security Threats

DirectoryDatabase

Network

LegitimateDirectory

Service

Client

search “G,C,A”

LDAP

1.

2, 3

, 5, 6.4

, 7.

7.

DirectoryDatabase

ImposterDirectory

Service

A

B C

F

D

E G

H I

Threats, cont’d

DirectoryDatabase

Network

Directory Service Host(s)

8.

9.

10.

LDAP Protocol Security Features

• Formal notions of..– Authentication Identifiers [7], and.. – Authorization Identifiers [7]

• Leverages several security mechanisms..– Simple passwords [2, 8]

– SASL [6]

• Kerberos [2]

• Digest [4]

– SSL/TLS [7]

• effectively is a session layer

• The above may be used in various combinations together.

LDAP Protocol Security Features

• Integral-to-the-protocol data integrity and attribution are works-in-progress.

LDAP

LDAP Security Features Illustrated

DirectoryDatabase

NetworkLegitimateDirectory

Service

Client

search “G,C,A”

A

B C

F

D

E G

H I

Authenticated, plus Confidentiality- and Integrity-protected Channel

LDAP

ImposterDirectory

Service

DirectoryDatabase

Brief Intro to Directories and LDAP

Directory-based Application

IPEthernet, Cable, Wireless,Etc.

TCP

TLS

LDAP

Brief Intro to Directories and LDAP

Directory-based Application

IPEthernet, Cable, Wireless, Etc.

TCP

TLS SASLLDAP

Typical Security Features of Impls

• Security Features typically found in LDAP Implementations• Simple password-based Authentication.• SSL on port 636 (aka “LDAPS”)• At least one impl does StartTLS on port 389.• Access control.• Configurability (e.g. Netscape’s DS Plug-ins).

Typical Impl Security Features, cont’d

• Important Notice:– The LDAP protocol is NOT an authentication protocol in and of itself (

IMHO).– One MAY use LDAP itself as an authentication protocol, but one needs to

carefully consider what functionality it does and doesn’t bring to your deployment when used in this manner.

• Deployment configuration is critical • Many server-side knobs

– e.g. requiring client authentication

Example Directory Service Deployment(s)

Desktop ClientsDesktop ClientsClients

LDAPLDAP-based Directory Service

Authentication Service

Auth DB

Directory DB

Registry DB

Auth DB

Directory DB

Behind the Scenes (simplified)

LDAP

TDS

Middleware Event Broker

Registry

TDSSubject’sDesktop(browser)

Web-based User Interface

for Data Maintenance

HTTP (effectively authenticated writes)

Directory Service

LDAP (Reads)

Network-basedApplicationsNetwork-basedApplicationsNetwork-based

ApplicationsDesktops

(Browsers)

SUNetIDSystem

TDS

Security Case Study

• Case Studies of Application of Security– See..

• Access-Controlled White Pages at Stanford. RL “Bob” Morgan, University of Washington, March 1999.

– http://staff.washington.edu/rlmorgan/talk/dir.ac.nac.1999.03/top.html

– See also Refs [16..18].

Futures

• Integral-to-the-protocol Data Integrity • Implementations of Start TLS protocol operation.• Implementations adhering to the Authentication

Methods for LDAP requirements and recommendations.• Hopefully, implementations (in addition to

Microsoft’s Active Directory) utilizing Kerberos out-of-the-box.

• Schema standardization and stabilization will continue.• you too can participate in IETF process

– I encourage deployers to invest in the process!