80 likes | 152 Views
CPS 290.2 Computer Security. SSH Kerberos. SSH v2. Server has a permanent “host” public-private key pair (RSA or DSA) . Public key typically NOT signed by a certificate authority. Client warns if public host key changes. Diffie-Hellman used to exchange session key.
E N D
CPS 290.2 Computer Security SSH Kerberos CPS 290
SSH v2 • Server has a permanent “host” public-private key pair (RSA or DSA) . Public key typically NOT signed by a certificate authority. Client warns if public host key changes. • Diffie-Hellman used to exchange session key. • Server selects g and p (group size) and sends to client. • Client and server create DH private keys a and b. Client sends public DH key ga. • Server sends public DH key gb and signs hash of DH shared secret gab and 12 other values with its private “host” key. • Client verifies signed shared secret using public key. • Symmetric encryption using 3DES, Blowfish, AES, or Arcfour begins. • User can authenticate by sending password or using public-private key pair. Private key has optional passphrase. • If using keys, server sends “challenge” signed with users public key for user to decode with private key. CPS 290
SSH Applications • Secure Shell (SSH): • Replacement for insecure telnet, rlogin, rsh, rexec, which sent plaintext passwords over the network! CPS 290
SSH Applications • Port forwarding (email example): • Log in to linux.cs.duke.edu. Forward anything received locally (phoenix) on port 25 to linux.cs.duke.edu on port25. • Useful if “phoenix” is not a trusted email relayer but “linux” is. • “phoenix” email program configured to use phoenix as relayer CPS 290
Kerberos • A key-serving system based on Private-Keys (DES). • Assumptions • Built on top of TCP/IP networks • Many “clients” (typically users, but perhaps software) • Many “servers” (e.g. file servers, compute servers, print servers, …) • User machines and servers are potentially insecure without compromising the whole system • A kerberos server must be secure. CPS 290
Kerberos (kinit) • Kerberos • Authentication • Server • Request ticket-granting-ticket (TGT) • <TGT> • Request server-ticket (ST) • <ST> • Request service • Ticket Granting Server • (TGS) • 2 • 1 • 3 • 4 • Service Server • Client • 5 CPS 290
Kerberos V Message Formats • C = client S = server K = key or session key • T = timestamp V = time range • TGS = Ticket Granting Service A = Net Address Ticket Granting Ticket: TC,TGS = TGS,{C,A,V,KC,TGS}KTGS Server Ticket: TC,S = S, {C,A,V,KC,S}KS Authenticator: AC,S = {C,T}KC,S • Client to Kerberos: C,TGS • Kerberos to Client: {KC,TGS}KC,TC,TGS • Client to TGS: TC,TGS , S,AC,TGS • TGS to Client: {KC,S}KC,TGS, TC,S • Client to Server: AC,S, TC,S • Possibly repeat CPS 290
Kerberos Notes • All machines have to have synchronized clocks • Must not be able to reuse authenticators • Servers should store all previous and valid tickets • Help prevent replays • Client keys are typically a one-way hash of the password. Clients do not keep these keys. • Kerberos 5 uses CBC mode for encryption Kerberos 4 was insecure because it used a nonstandard mode. CPS 290