Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Authentication Applications
1
Outline
Security Concerns
Kerberos
X.509 Authentication Service
Recommended reading and Web Sites
2
KERBEROS
Network
Workstations Servers
4
KERBEROS
Three threats exist:
User pretend to be another user.
User alter the network address of a
workstation.
User eavesdrop on exchanges and use a
replay attack.
5
KERBEROS
Provides a centralized authentication
server to authenticate users to servers
and servers to users.
Relies on conventional encryption, making
no use of public-key encryption
Two versions: version 4 and 5
Version 4 makes use of DES
6
KERBEROS: Motivation
Network evolution
Dedicated PC – no network connection
Single Centralized Server
Distributed Servers: 3 security approaches
Workstation-based
Server-based
Service-based -> KERBEROS
7
KERBEROS: Requirements
Secure
Reliable
Transparent
Scalable
Therefore use
8
KERBEROS 4: Entities
Terms:
C = Client
AS = authentication server
V = server
IDc = identifier of user on C
IDv = identifier of server V
ADc = network address of C
Pc = password of user on C
Kv = secret encryption key shared by AS an V
TS = timestamp
|| = concatenation
9
KERBEROS 4
Building up the full protocol:
Simple authentication dialogue
More secure authentication dialogue
KERBEROS 4 authentication dialogue
10
A Simple Authentication Dialogue
Authentication
Server
Network
Workstations Servers
11
Authentication Server - AS
AS knows passwords
of all users
AS shares a unique
secret key with each
server
12
A Simple Authentication Dialogue
(1) C AS: IDc || Pc || IDv
(2) AS C: Ticket
(3) C V: IDc || Ticket
13
A Simple Authentication Dialogue
Ticket encrypted to prevent forgery
IDv – for server to verify its decryption
IDc – for verify that this ticket is for C
ADc – to prevent masquerading from
other workstation
14
A Simple Authentication Dialogue
Problems
Users have to enter password every time
accessing the server/service
Plaintext transmission of user’s password
15
A More Secure Authentication Dialogue
Authentication
Ticket Granting Server Server
Network
Workstations Servers
16
Ticket Granting Server - TGS
17
A More Secure Authentication Dialogue
Once per user logon session:
(1) C AS: IDc || IDtgs
(2) AS C: EK [Tickettgs]
C
18
A More Secure Authentication Dialogue
Ticketv = EKv[IDC||ADC||IDV||TS2||Lifetime2]
19
A More Secure Authentication Dialogue
20
A More Secure Authentication Dialogue
Problems:
Lifetime associated with the ticket-granting
ticket
If too short repeatedly asked for password
If too long greater opportunity to replay
Similarly for service-granting ticket
Opponent masquerades as server
21
Version 4 Authentication Dialogue
Authentication Service Exhange: To obtain Ticket-Granting Ticket
(1) C AS: IDc || IDtgs ||TS1
(2) AS C: EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs]
Tickettgs = EKtgs[Kc,tgs||IDc||ADc||IDtgs||TS2||Lifetime2]
To counter replay attack and prove user
identity
AS provides session key to TGS and user
(Kc,tgs)
Timestamp is also included
22
Version 4 Authentication Dialogue
Ticket-Granting Service Echange: To obtain Service-Granting Ticket
(3) C TGS: IDv ||Tickettgs ||Authenticatorc
(4) TGS C: EKc [Kc,v|| IDv || TS4 || Ticketv]
Tickettgs = EKtgs[Kc,tgs||IDc||ADc||IDtgs||TS2||Lifetime2]
Ticketv = EKv[Kc,v||IDc||ADc||IDv||TS4||Lifetime4]
Authenticatorc = EKc,tgs[IDc||ADc||TS3]
Ticketv = EKv[Kc,v||IDc||ADc||IDv||TS4||Lifetime4]
Authenticatorc = EKc,v[IDc||ADc||TS5]
24
Overview of Kerberos
25
Realms and Multiple Kerberi
The KERBEROS environment we had just
covered is called a realm.
There can be multiple realms where user
in one realm can access services in
another realm.
KERBEROS server in each realm shares a
secret key with servers in another realm.
KERBEROS servers are registered with one
another.
26
Request for Service in Another Realm
27
KERBEROS 4 Environmental Limitations
28
KERBEROS 4 Technical Limitations
29
Kerberos Encryption Techniques
Password-to-Key Transformation
30
Kerberos Encryption Techniques
Password-to-Key Transformation
31
PCBC Mode
32
Kerberos - in practice
Currently have two Kerberos versions :
4 : restricted to a single realm
5 : allows inter-realm authentication
Kerberos v5 is an Internet standard
specified in RFC1510, and used by many utilities
To use Kerberos:
need to have a KDC on your network
need to have Kerberized applications running on all
participating systems
major problem - US export restrictions
Kerberos cannot be directly distributed outside the US in source
format (& binary versions must obscure crypto routine entry
points and have no encryption)
else crypto libraries must be implemented locally
33
X.509 Authentication Service
X.509 is a part of X.500 directory service
Distributed set of servers that maintains a
database about users.
Each certificate contains the public key of
a user and is signed with the private key
of a CA.
Is used in S/MIME, IP Security, SSL/TLS
and SET.
RSA is recommended for use.
34
35
X.509 Formats
36
Typical Digital Signature Approach
37
Obtaining a User’s Certificate
Characteristics of certificates generated by
CA:
Any user with access to the public key of the
CA can recover the user public key that was
certified.
No party other than the CA can modify the
certificate without this being detected.
38
X.509 CA Hierarchy
39
Revocation of Certificates
Reasons for revocation:
The users secret key is assumed to be
compromised.
The user is no longer certified by this CA.
The CA’s certificate is assumed to be
compromised.
40
Authentication Procedures
41
Recommended Reading and
WEB Sites
www.whatis.com (search for kerberos)
Bryant, W. Designing an Authentication
System: A Dialogue in Four Scenes.
http://web.mit.edu/kerberos/www/dialogue.html
Kohl, J.; Neuman, B. “The Evolotion of
the Kerberos Authentication Service”
http://web.mit.edu/kerberos/www/papers.html
http://www.isi.edu/gost/info/kerberos/
42