Module 1 Planning and Configuring an Authentication and Authorization Strategy

Ing. Giuseppe Blacio Abad

Active Directory
What is a directory service? Active Directory is a digital list containing information about network resources, such as: Computers Printers Applications People

Domains, Trees, And Forests

Active Directory Objects

Introduction
Network security is based on three fundamental concepts: authentication, authorization, and the principle of least privilege.

Authentication, Authorization, and Least Privilege

Authentication: the process of verifying the identity of something or someone User is really Ben Smith Authorization: the process of determining whether something or someone has permission to access a resource Ben Smith has permission to access this resource

User

Resource
Least privilege: provide users with the minimum privileges needed to accomplish the tasks they are authorized to perform

Authentication and Authorization

Authentication verifies who you are Authorization specifies what you can do

Least privilege
The principle of least privilege states that you should provide users with the necessary level of privilege to perform their jobs and no more. By restricting access that is not necessary to job performance, you can prevent malicious users from using extraneous privileges to circumvent network security.

Proof of Identity
Something you know: a password Something you have: a smart card Something you are: biometric data

Introducing Encryption
Secret key encryption: One key, protected Public key encryption: Two keys, one distributed and one protected

Windows Server 2003 Authentication Protocols

Authentication Protocols in Windows Server 2003

NTLM
Protocol
LM NTLMv1 NTLMv2

Example
Used in OS2 and Windows for Workgroups, Windows 95, Windows 98, and Windows Me Least secure protocol Used for connecting to servers running Windows NT Service Pack 3 or earlier Used for connecting to servers running Windows 2000, Windows XP, and Windows NT Service Pack 4 or higher

Kerberos
Default authentication protocol for Windows Server 2003, Windows 2000, and Windows XP Professional Most secure

How NTLM Authentication Works

User Name, Domain

1
Nonce

User Password Hash + Nonce

3 4

5
User Password Hash + Nonce

User Password Hash User Password Hash Security Accounts Database

How NTLM Authentication Works

1. The client sends the user name and domain name to the domain controller. 2. The domain controller generates a 16-byte random character string called a nonce. 3. The client encrypts the nonce with a hash of the user password and sends it back to the domain controller. 4. The domain controller retrieves the hash of the user password from the security account database. 5. The domain controller uses the hash value retrieved from the security account database to decrypt the nonce. The value is compared to the value received from the client. If the values match, the client is authenticated.

Kerberos

The Kerberos protocol gets it name from the threeheaded dog in Greek mythology who guards the entrance to Hades

Kerberos
The three components of Kerberos are: The client requesting services or authentication. The server hosting the services requested by the client. A computer that is trusted by the client and server

Kerberos
Kerberos authentication is based on specially formatted data packets known as tickets. In Kerberos, these tickets pass through the network instead of passwords. Transmitting tickets instead of passwords makes the authentication process more resistant to attackers who can intercept the network traffic.

Kerberos
Efficiency. When a server needs to authenticate a client, the server can validate the client s credentials without having to contact a domain controller. Mutual authentication. The client and the server identities are validated to both the client and server. Delegated authentication. Allows services to impersonate clients when accessing resources on their behalf. Simplified trust management. Kerberos can use transitive trusts between domains in the same forest and domains connected with a forest trust. Interoperability. Kerberos is based on the IETF standards, and is therefore compatible with other IETF-compliant Kerberos realms.

Kerberos Key Distribution Center (KDC)

To generate tickets, the KDC use the following two services Authentication Service (AS): Issues ticket-granting tickets (TGTs) Ticket-Granting Service (TGS): Issues service tickets

Authentication Service (AS)

Issues ticket-granting tickets (TGTs) to users who supply valid authentication credentials. A TGT remains valid for a limited length of time (typically 10 hours) and prevents the client from having to re-authenticate each time it requests access to a network resource. Whenever the client requires access to a new network resource, it must present its TGT to the KDC.

Ticket-Granting Service (TGS)

Issues service tickets that provide users with access to specific network resources. Clients requesting access to a network resource must present a valid TGT to the TGS before receiving a service ticket.

Kerberos Key Distribution Center (KDC)

The KDC maintains a database of account information for all security principals in the domain. The KDC stores a cryptographic key known only to the security principal and the KDC. This key is used in exchanges between the security principal and the KDC and is known as a long term key. The long term key is derived from a users logon password.

Kerberos authentication process

In a Kerberos environment, the authentication process begins at logon. The following steps describe the Kerberos authentication process: 1. When a user enters a user name and password, the computer sends the user name to the KDC. The KDC contains a master database of unique long term keys for every principal in its realm.

Kerberos authentication process

2. The KDC looks up the users master key (KA), which is based on the users password. The KDC then creates two items: a session key (SA) to share with the user and a Ticket-Granting Ticket (TGT). The TGT includes a second copy of the SA, the user name, and an expiration time. The KDC encrypts this ticket by using its own master key (KKDC), which only the KDC knows.

Kerberos authentication process

3. The client computer receives the information from the KDC and runs the users password through a one-way hashing function, which converts the password into the users KA. The client computer now has a session key and a TGT so that it can securely communicate with the KDC. The client is now authenticated to the domain and is ready to access other resources in the domain by using the Kerberos protocol.

Kerberos authentication process

Important When a client receives the session key and TGT from the server, it stores that information in volatile memory and not on the hard disk. Storing the information in the volatile memory and not on the hard disk makes the information more secure, because the information would be lost if the server were physically removed.

Kerberos authentication process

4. When a Kerberos client needs to access resources on a server that is a member of the same domain, it contacts the KDC. The client will present its TGT and a timestamp encrypted with the session key that is already shared with the KDC. The KDC decrypts the TGT using its KKDC. The TGT contains the user name and a copy of the SA. The KDC uses the SA to decrypt the timestamp. The KDC can confirm that this request actually comes from the user because only the user can use the SA.

Kerberos authentication process

5. Next, the KDC creates a pair of tickets, one for the client and one for the server on which the client needs to access resources. Each ticket contains the name of the user requesting the service, the recipient of the request, a timestamp that declares when the ticket was created, and a time duration that says how long the tickets are valid. Both tickets also contain a new key (KAB) that will be shared between the client and the server so they can securely communicate.

Kerberos authentication process

6. The KDC takes the servers ticket and encrypts it using the server master key (KB). Then the KDC nests the servers ticket inside the clients ticket, which also contains the KAB. The KDC encrypts the whole thing using the session key that it shares with the user from the logon process. The KDC then sends all the information to the user.

Kerberos authentication process

7. When the user receives the ticket, the user decrypts it using the SA. This exposes the KAB to the client and also exposes the servers ticket. The user cannot read the servers ticket. The user will encrypt the timestamp by using the KAB and send thetimestamp and the servers ticket to the server on which the client wants to access resources. When it receives these two items, the server first decrypts its own ticket by using its KB. This permits access to the KAB, which can then decrypt the timestamp from the client.

Kerberos authentication process

Now both the client and the server have the KAB. The server can be sure that the client has truthfully identified itself because the client used the KAB to encrypt the timestamp. If it is necessary for the server to respond to the user, the server will use the KAB. The client will know that the server has truthfully identified itself because the server had to use its KB to get the KAB.

How Kerberos Authentication Works

Logon credentials TGT+Timestamp TGT+SA KAB KAB

The KDC looks up the users master key (KA), which is based The KDC creates a pair of tickets, one for the client and one for the on the users password. The KDC creates two items, a session When a user enters a user name and password, the To access a wants resource, the client presents its TGT and a also contain server the client to access resources on. Both tickets key (SA) to sharethe with the user, and a Ticket Ticket computer sends logon credentials to the Granting Key timestamp encrypted with the session key a new key (KAB). (TGT). Distribution Centre (KDC).

Cryptography Basics

Encryption Types
Symmetric encryption: The same key is used for encryption and decryption. The key must be exchanged so that both the data sender and the recipient can access the plaintext data.

Encryption Types
Asymmetric encryption: Two mathematically related keys, a key pair consisting of a public key and a private key, are used in the encryption and decryption processes.
If the public key is used for encryption, the associated private key is used for decryption. If the private key is used for encryption, the associated public key is used for decryption.

Algorithms and Keys

When data is encrypted, two inputs are required for encryption: an algorithm and a key.

Algorithms and Keys

Algorithm: defines how data is transformed when original plaintext data is converted into ciphertext and how the ciphertext is transformed back to the original plaintext data. Both the encryption and decryption processes must use the same algorithm.

Algorithms and Keys

Key: Used as an input to the algorithm, along with the plaintext data, so that the algorithm can encrypt plaintext data into ciphertext or decrypt ciphertext back into plaintext data.

Algorithms and Keys

Security depends on the secrecy of the key, not the secrecy of the algorithm

PKI Enabled application

Identify the algorithms that are supported by the aplication Generate a key for use with the algorithm Determine a key distribution method provide a review of verifying and monitoring

Data Encryption
Encryption protects data against inspection by unauthorized people.

Symmetric Encryption
Uses the same key for both encryption and decryption. The algorithms associated are able to encrypt large amounts of data in little time thanks to the use of a single key and the fact that symmetric encryption algorithms are much simpler compared to asymmetric encryption algorithms.

Symmetric Encryption Process

The system generates a random symmetric key. The length of the key, typically expressed in the number of bits, is determined by the algorithm and the application

Symmetric Encryption Process

The symmetric key must be securely transmitted to the recipient before the recipient can decrypt the ciphertext. The transmission of the symmetric key is the biggest security risk when using symmetric encryption algorithms. If the symmetric key is intercepted, attackers can decrypt all data encrypted with that key.

Symmetric Algorithms
Data Encryption Standard (DES): An encryption algorithm that encrypts data with a 56-bit, randomly generated symmetric key.
Triple DES (3DES): A variation on the DES encryption algorithm in which DES encryption is applied three times to the plaintext. The plaintext is encrypted with key A, decrypted with key B, and encrypted again with key C. A common form of 3DES uses only two keys: The plaintext is encrypted with key A, decrypted with key B, and encrypted again with key A.

Symmetric Algorithms
Advanced Encryption Standard (AES): Developed as a successor to DES, rather than using a 56-bit key, AES is able to use 128-bit, 192-bit, and 256-bit keys. AES uses the Rijndael algorithm and can encrypt data in one pass instead of three (as is the case with 3DES).

Average time required for exhaustive key search

Key Size (bits) Number of Alternative Keys Time required at 106 Decryption/s

32 56 128 168

232 = 4.3 x 109 256 = 7.2 x 1016 2128 = 3.4 x 1038 2168 = 3.7 x 1050

2.15 milliseconds 10 hours 5.4 x 1018 years 5.9 x 1030 years

Key Distribution
1. A key could be selected by A and physically delivered to B. 2. A third party could select the key and physically deliver it to A and B. 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.

Key Distribution
Session key: Data encrypted with a one-time session key. At the conclusion of the session the key is destroyed Permanent key: Used between entities for the purpose of distributing session keys.

Asymmetric Encryption
Asymmetric encryption increases the security of the encryption process by utilizing two separate but mathematically related keys known as a public key and a private key. The encryption process is more secure because the private key is possessed only by the user or computer that generates the key pair. The public key can be distributed to any person who wishes to send encrypted data to the private key holder.

Asymmetric Encryption
The complexity of the asymmetric encryption algorithm make the encryption process much slower. Symmetric encryption is at least 100 times faster than asymmetric encryption when using software-based cryptography and can be as much as 10,000 times faster when using hardware-based cryptography.

Asymmetric Encryption Process

Asymmetric Encryption Process

1. The data sender obtains the recipients public key. This can be sent to the data originator by the recipient or retrieved from a directory, such as AD DS. 2. The plaintext data is passed through an asymmetric encryption algorithm, using the recipients public key as the encryption key. The encryption algorithm creates the encrypted ciphertext.

Asymmetric Encryption Process

3. The ciphertext is sent or made available to the recipient. There is no need to send the key because the recipient already has the private key required to decrypt the ciphertext. 4. The recipient decrypts the ciphertext with his or her private key, and the resulting plaintext is the original plaintext created by the data originator.

Use of Symmetric and Asymmetric Encryption

It is very rare for an application to use only an asymmetric encryption algorithm. Typically, the data is encrypted with a symmetric algorithm, and then only the symmetric encryption key is encrypted with the asymmetric encryption algorithm.

Asymmetric Signing Process

Asymmetric signing proves the senders identity and prevents the data from being modified.

Asymmetric Signing Process

1. The plaintext data is passed through an asymmetric encryption algorithm, using the originators private key as the encryption key. The result of the encryption algorithm is the encrypted ciphertext. 2. The ciphertext is sent or made available to the recipient.

Asymmetric Signing Process

3. The data recipient obtains the originators public key. The public key can be sent with the ciphertext, or the recipient can obtain the public key from a trusted source, such as a directory. 4. The recipient decrypts the ciphertext with the originators public key. The resulting plaintext is the original plaintext created by the data originator.

Asymmetric Algorithms
Diffie-Hellman Key Agreement Rivest Shamir Adleman (RSA) Digital Signature Algorithm (DSA)

Diffie-Hellman Key Agreement

This algorithm is not based on encryption and decryption but instead relies on mathematical functions that enable two parties to generate a shared secret key for exchanging information online confidentially.

Rivest Shamir Adleman (RSA)

This algorithm can be used for encrypting and signing data. The encryption and signing processes are performed through a series of modular multiplications. The security of the RSA algorithm can be increased by using longer key lengths, such as 1,024 bits or morethe longer the key length, however, the slower the encryption or signing process.

Digital Signature Algorithm (DSA)

This algorithm can be used only for signing data, it cannot be used for encryption. The DSA signing process is performed through a series of calculations based on a selected prime number. Although intended to have a maximum key size of 1,024 bits, longer key sizes are now supported.

Combining Symmetric and Asymmetric Encryption

In most applications, symmetric and asymmetric encryption are combined to take advantage of each methods strengths.

Combining Symmetric and Asymmetric Encryption

Symmetric encryption is used to convert the plaintext to ciphertext. This takes advantage of the symmetric encryption speed. Asymmetric encryption is used to exchange the symmetric key used for encryption. This takes advantage of the security of asymmetric encryption, ensuring that only the intended recipient can decrypt the symmetric key.

Symmetric and Asymmetric Encryption Process

Symmetric and Asymmetric Encryption Process

1. The sender retrieves the recipients public key. In an AD DS environment, the sender retrieves the public key from a trusted source, such as AD DS. 2. The sender generates a symmetric key and uses this key to encrypt the original data. 3. The symmetric key is encrypted with the recipients public key to prevent the symmetric key from being intercepted during transmission.

Symmetric and Asymmetric Encryption Process

4. The encrypted symmetric key and encrypted data are provided to the intended recipient. 5. The recipient uses his or her private key to decrypt the encrypted symmetric key. 6. The encrypted data is decrypted with the symmetric key, which results in the recipient obtaining the original data.

Digital Signing of Data

The goal of cryptography is three-fold:
Keep data secret, Identify if data has been modified Prove the source of the data.

Although encryption can keep data secret and protect data against modification, only digital signing proves the source of the data in addition to protecting the data from modification.

Digital Signing of Data

The digital signing process uses a hash algorithm to determine whether the original data has been modified in any way. A digital signature applied to the resulting message digest identifies who signed the message digest.

Message Digest

The Hash Process

A hash algorithm takes a plaintext document as input and produces a mathematical result for the two inputs. This mathematical result is referred to as a hash value, message digest, digest, or thumbprint. A digital signature applied to the resulting message digest identifies who signed the message digest.

The Hash Process

A hash function H is a transformation that takes a variable-size input m and returns a fixed-size string, which is called the hash value h

h = H(m)

Hash Algorithms
Message Digest 5 (MD5): This algorithm takes a message of any length and produces a 128-bit message digest. Secure Hash Algorithm 1 (SHA1): This algorithm takes data that is less than 264 bits in length and produces a 160-bit message digest.

Combining Asymmetric Signing and Hash Algorithms

Combining Asymmetric Signing and Hash Algorithms

1. The originator creates a plaintext data file. 2. The originators software runs a hash algorithm against the plaintext message to create a message digest. 3. The digest is encrypted using the originators private key. 4. The plaintext message and the encrypted digest are sent or made available to the recipient.

Combining Asymmetric Signing and Hash Algorithms

5. The recipient decrypts the encrypted digest by using the senders public key. 6. The recipient runs the same hash algorithm used by the sender to create his or her own digest of the message. This digest is created against the plaintext message received from the originator. 7. The two digests are compared. If the digests differ, the message or digest has been modified during transmission.

Combining Asymmetric Signing and Hash Algorithms

Encryption vs Hashing
Encryption is for maintaining data confidentiality and requires the use of a key (kept secret) in order to return to plaintext. Hashing is for validating the integrity of content by detecting all modification thereof via obvious changes to the hash output.