Authentication 3: On The Internet

1
Authentication 3On The Internet
2
Readings

• UCSB Browser security paper
• Web security using CGI scripts
  http//www.w3.org/Security/Faq/wwwsf4.html

3
Topics

• Kerberos
• X.509 Certificate Standard

4
Challenges for E-Commerce

• Many clients want services from a number of
  different servers. Servers need to know that the
  client is who he says he is.
• Key concerns are confidentiality and timeliness
• To provide confidentiality must encrypt
  identification and session key info which
  requires the use of previously shared private or
  public keys
• Need timeliness to prevent replay attacks. Can
  be provided by using sequence numbers or
  timestamps or challenge/response

5
Kerberos

• Developed at MIT. Users wish to access services
  on many servers.
• Three threats exist
• User pretend to be another user.
• User alter the network address of a workstation
  to get anothers services.
• User eavesdrop on exchanges and use a replay
  attack to get unauthorized services.

6
Kerberos

• Kerberos provides a centralized authentication
  server to authenticate users to servers and
  servers to users.
• Relies on conventional encryption, making no use
  of public-key encryption
• Two versions version 4 and 5
• Version 4 uses of DES

7
Kerberos

• Terms
• C Client
• AS authentication server
• V server
• IDc identifier of user on C
• IDv identifier of V
• Pc password of user on C
• ADc network address of C
• Kv secret encryption key shared by AS an V
• TS timestamp
• concatenation

8
Simple Authentication Dialog

• C ? AS IDc Pc IDv
• AS ? C Ticket
• C ? V IDc Ticket
• Ticket EKvIDc ADc IDv

9
Problems with Simple Dialog

• Lifetime needs to be associated with the ticket
• If too short ? repeatedly asked for password
• If too long ? greater chance of replay attack
• The threat is that an opponent will steal the
  ticket and use it before it expires
• Client password sent in the clear
• Every time client wants to use a new service (or
  reuse one) he must go to AS.

10
Solution Kerberos Version 4

• Add a Ticket Granting server
• When client logs in at start of session/day, he
  gets a ticket-granting ticket (TGT) from the
  Authentication Server. He supplies his password
  once per session/day.
• TGT is used to get a service ticket from a Ticket
  Granting Server each time service is needed (read
  mail, get a file, use print server).
• Authenticator is Kc,vIDcADcTS

11
Kerberos Version 4

• Authentication Service Exhange To obtain
  Ticket-Granting Ticket
• C ? AS IDc IDtgs TS1
• AS ? C EKc Kc,tgs IDtgs TS2
  Lifetime2 Tickettgs

Tickettgs EKtgsKc,tgs IDc ADc IDtgs
TS2 lifetime

• Ticket-Granting Service Echange To obtain
  Service-Granting Ticket
• (3) C ? TGS IDv Tickettgs
  Authenticatorc
• (4) TGS ? C EKc Kc,v IDv TS4
  Ticketv

Ticketv EKv Kc,v IDc ADc IDv TS
lifetime
Client/Server Authentication Exhange To Obtain
Service (5) C ? V Ticketv
Authenticatorc (6) V ? C EKc,vTS5 1
12
(No Transcript)
13
Kerberos in Use

• Currently have two Kerberos versions
• 4 restricted to a single realm
• 5 allows inter-realm authentication, in beta
  test
• Kerberos v5 is an Internet standard
• specified in RFC1510, and used by many utilities
• To use Kerberos
• need to have Kerberised applications running on
  all participating systems
• US export restrictions Kerberos used to be
  restricted
• Kerberos could not be directly distributed
  outside the US in source format ( binary
  versions must obscure crypto routine entry points
  and have no encryption) until recently

14
X.509 Authentication Standard

• A standard for a distributed set of servers that
  maintains a database about users.
• Based on public key cryptography, digital
  signatures and certificates.
• Each certificate contains the public key of a
  user and is signed with the private key of a CA.
• Used in S/MIME, IP Security, SSL/TLS and SET.
• RSA is recommended.

15
X.509

• A public key certificate is associated with each
  user in the system.
• Certificates are created by some trusted
  certification authority (CA) and placed in the
  directory.
• Any user with the public key of the CA can
  recover a user public key in the directory that
  was certified by the CA.
• No party other than the CA can modify the
  certificate without detection.
• Certificates are unforgeable.

16
Digital Signature Idea

17
Certificate Revocation

• Each certificate has a period of validity.
  Usually a new certificate is issued just before
  the old one expires.
• Sometimes the certificates must be revoked before
  they expire
• The users secret key is assumed to be
  compromised.
• The user is no longer certified by this CA.
• The CAs certificate is assumed to be compromised.

18
Certificate Revocation Lists

• Each CA maintains a list of revoked but not yet
  expired certificates. Each list (CRL) is signed
  by the CA and posted to the directory.
• A user who receives a certificate is responsible
  for checking the CRL to determine its validity.

19
Serial number is unique to a CA
20
For More Info

• General hacking http//www.insecure.org/