160 likes | 387 Views
IT 221: Introduction to Information Security Principles. Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002. Lecture Outline. Outline: Context and Overview Security Concerns: Problem Statement Security Concerns: Network Threats
E N D
IT 221:Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002
Lecture Outline • Outline: • Context and Overview • Security Concerns: Problem Statement • Security Concerns: Network Threats • Kerberos: Background • Kerberos: Basics • Kerberos: Terms • Simple Dialogue: Steps • Simple Dialogue: Steps (Cont) • Version 4 Dialogue Examples • Kerberos: Pictorial • Version 4 Problems • Version 5 Realms • Kerberos in Practice • Resources
Context and Overview • Context [2]: • In today’s distributed computing environment, consisting of dedicated user workstations & servers, three approaches to security can be envisioned: -(1) Rely on each workstation to assure user identities, and rely on each server to enforce a security policy based on user Ids. -(2) Require that client systems authenticate themselves to servers, but trust the client systems concerning the identity of its user. -(3) Require the user to prove identity for each service invoked. Also require that servers prove their identity to clients. • Issues [2]: • In a small, closed environment, in which all systems are owned and operated by one IT group, the first or perhaps second strategy might suffice. • But in a more open environment, the need for the third approach is needed to protect user information and resources housed on the server. • The focus of this lecture will focus on one of the most widely used services to support this third approach - Kerberos.
Security Concerns: Problem Statement • Problem Statement [2]: • Assume an open, distributed environment in which users at workstations wish to access services on servers distributed across the network. • Servers need to restrict access to authorized users, and to authenticate requests for service. • In this environment, a workstation cannot be trusted to identify its users correctly to network services. Specifically, three types of network threats exist:
Security Concerns: Network Threats • Network Threats [2]: • (1) A user may gain access to a particular workstation and pretend to be another user operating from that workstation. • (2) A user may alter the network address of a workstation so that the requests sent from the altered workstation appear to come from the impersonated workstation. • (3) A user may eavesdrop on exchanges and use a replay attack to gain entrance to a server or to disrupt operations. • In any of these cases, an unauthorized user may be able to gain access to services and or data that s/he is not authorized to access.
Kerberos: Background KERBEROS • Background [2]: • (1) Authentication Service developed as part of Project Athena at MIT. Overcomes the aforementioned Security Concerns. • (2) Named after Kerberos – In Greek Mythology, the three headed guard dog of Hades. • (3) Rather than building in elaborate authentication protocols at each server (which is exponentially expensive (labor/costs)), Kerberos provides a centralized authentication server that functions as a broker between users and servers.
Kerberos: Basics • Basics [3]: • Provides a centralized authentication server (AS) to authenticate users to servers and servers to users. • Relies on conventional encryption, making no use of public-key encryption • Two versions: version 4 and 5 • Version 4 makes use of DES
Kerberos: Terms • Terms [2]: • C = Client • AS = Authentication server • V = Server • IDc = identifier of user on C • IDv = identifier of V • Pc = password of user on C • ADc = network address of C • Kv= secret encryption key shared by AS an V • TS = timestamp • || = concatenation
Simple Dialogue: Steps • Steps [2]: • (1) User logs into workstation and requests access to Server (V). • (2) Client module (C) in the workstation requests the user’s password and then sends a message to the Authentication Server (AS) that includes the user’s ID, the server’s ID, and the user’s password. • (3) AS checks it’s database for proper authentication, and whether user has authorization to access Server (V). • (4) If both tests are passed, the AS accepts the user as authentic and must now convince the the Server (V) that the user is authentic. • (4.1) AS creates ticket that includes user’s ID and network address and the server’s ID. Ticket is encrypted and share and the key is shared by AS and V. • (4.2) Encrypted ticket is sent back to Client (C) • (5) With the newly generated ticket, the C can now apply to V for service by sending a message to V containing the C’s ID an the ticket.
Simple Dialogue: Steps (Cont) • Steps [2]: • (6) With the ticket, the C can now apply to V for service by sending a message to V containing the C’s ID and the ticket. (6.1) V decrypts the ticket and verifies that the user ID in the ticket is the same as the unencrypted user ID in the message. (6.2) If the two match, the server considers the user authenticate and grants the requested service. • (7) Simply stated: • (6.1) C AS: IDc || Pc || IDv • (6.2) AS C: Ticket • (6.3) C V: IDc || Ticket
Version 4 Dialogue Examples • Authentication Service Exhange: To obtain Ticket-Granting Ticket [3] • (1) C AS: IDc || IDtgs ||TS1 • (2) AS C: EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs] • Ticket-Granting Service Exchange: To obtain Service-Granting Ticket [3] • (3) C TGS: IDv ||Tickettgs ||Authenticatorc • (4) TGS C: EKc [Kc,¨v|| IDv || TS4 || Ticketv] • Client/Server Authentication Exhange: To Obtain Service • ((5) C V: Ticketv || Authenticatorc • (6) V C: EKc,v[TS5 +1]
Version 4 Problems • Problems [3]: • Lifetime associated with the ticket-granting ticket • If to short repeatedly asked for password • If to long greater opportunity to replay • The threat is that an opponent will steal the ticket and use it before it expires
Version 5 Realms KERBEROS • Realms [2]: • (1) A full-service Kerberos environment consisting of a Kerberos server, a number of clients, and a number of application servers. • (2) User Ids and hashed passwords are store at each Kerberos server. • (3) Authenticated users can access services across realms.
Kerberos in Practice • In Practice [3]: • Currently, two Kerberos versions: -V4 : Restricted to a single realm -V5 : Allows inter-realm authentication and is an Internet standard • To use Kerberos [3]: • Need to have a KDC on your network • Need to have Kerberized apps running on all participating systems • Major problem - US export restrictions. Cannot be directly distributed outside the US in source format (& binary versions must obscure cryptographic routine entry points and have no encryption)
Resources • [1] Pfleeger, Charles. Security In Computing, Prentice Hall, 1997. Chapter 6. • [2] Stallings, William. Cryptography and Network Security, Prentice Hall, 1999. Chapter 11. • [3] Johnson, Hedric. ‘Authentication Applications’. Blekinge Institute of Technology,Sweden. Lecture based on Stallings, William. Cryptography and Network Security, Prentice Hall, 1999. Chapter 11.