Information Security and Management 14. Authentication Applications

1
Information Security and Management 14.
Authentication Applications
X.509 Authentication ServiceKerberos

• Chih-Hung Wang
• Sep. 2008

2
Certificates

• The problems of public key system
• Assume X is an opponent

Ex(M)
3
Certificates

• Forge the signers signature

4
Certificate Authority (CA)

• The participants exchange keys without contacting
  the authority

5
CA

• Encryption using certificates

Directory
CA
Get Bs Certificate
Encrypt the message with Bs public key
Receiver B
Sender A
CertificateB
6
CA

• Verify the signature using certificates

Directory
CA
Get As Certificate
Verify
Sign a message
CertificateA
Receiver B
Sender A
7
X.509 Authentication Service

• ITU-T(International Telecommunication Union
  Telecommunication Standardization Sector)
  recommendation X.509 is part of X.500 series of
  recommendations that define a directory service
• Directory a server or distributed set of servers
  that maintains a database of information about
  users
• X.509 defines a framework for the provision of
  authentication services by the X.500 directory to
  its users

8
X.509 Authentication Service

• X.509 is an important standard because the
  certificate structure and authentication
  protocols defined in X.509 are used in a variety
  contexts. For example , the X.509 certificate
  format is used in S/MIME , IP Security and
  SSL/TLS and SET
• X.509 was initially issued in 1988. A revised
  recommendation was issued in 1993. A third
  version was drafted in 1995

9
X.509 Authentication Service

• X.509 is based on the use of public-key
  cryptography and digital signature
• The heart of the X.509 scheme is the public-key
  certificate associated with each user. These user
  certificates are assumed to be created by some
  trusted certification authority (CA) and placed
  in the directory by the CA or by the user
• The directory server itself is not responsible
  for the creation of public keys or for the
  certification function it merely provides an
  easily accessible location for users to obtain
  certificates
• NIST Homepage for PKI http//csrc.nist.gov/pki/
  

10
General Format of a Certificate
Algorithms Parameters Key
Algorithms Parameters Encrypted
11
General Format of a Certificate
12
Certificates Notation

• The standard uses the following notation to
  define a certificate
• CAltltAgtgtCAV,SN,AI,CA,TA,A,AP
• Where
• YltltXgtgt the certificate of user X issued by
  certification authority Y
• YI the signing of I by Y. It consists of I
  with an encrypted hash code appended.

13
Obtaining Users Certificate

• User certificates generated by a CA have the
  following characteristics
• Any user with access to the public key of the CA
  can recover the user public key that was
  certified
• No party other than the certification authority
  can modify the certificate without this being
  detected.

14
Obtaining Users Certificate

• All users subscribe to the same CA
• All user certificates can be placed in the
  directory for access by all user
• A user can transmit his certificate directly to
  other users

15
Obtaining Users Certificate

• If there is a large community of users, it may
  not be practical for all users to subscribe to
  the same CA
• Suppose A has obtained a certificate from CA-X1
  and B has obtained a certificate from CA-X2.
• A has used a chain of certificates to obtain Bs
  public key
• X1ltltX2gtgt X2ltltBgtgt

16
X.509 Hierarchy
EDU
NCYU
SEC
MC
CSIE Dep.
BM Dep.
Cross Certificate
17
X.509 Hierarchy

• Forward Certificate
• Certificates of X generated by other CA
• Reverse Certificate
• Certificates generated by X that are the
  certificates of other CAs

18
X.509 Hierarchy

• In this example , user A can acquire the
  following certificates from the directory to
  establish a certification path to B
• XltltWgtgtWltltVgtgt VltltYgtgt YltltZgtgt ZltltBgtgt
• When A has obtained these certificates, it can
  unwrap the certification path in sequence to
  recover a trusted copy of Bs public key . Using
  this public key , A can send encrypted messages
  to B.

19
X.509 Hierarchy

• If A wishes to receive encrypted messages back
  from B , or to sign messages sent to B , then B
  will require As key, which can be obtained from
  the following certification path
• ZltltYgtgt YltltVgtgt VltltWgtgt WltltXgtgt XltltAgtgt
• B can obtain this set of certificates from the
  directory, or A can provide them as part of its
  initial message to B.

20
Revocation of Certificates

• Each certificate includes a period of validity.It
  may be desirable on occasion to revoke a
  certificate before it expires , for one of the
  following reasons
• The users secret key is assumed to be
  compromised.
• The user is no longer certified by this CA.
• The CAs certificate is assumed to be compromised

21
Revocation of Certificates

• Each CA must maintain a list consisting of all
  revoked but not expired certificates issued by
  CA, including both those issued to users and to
  other CAs.
• Each certificate revocation list (CRL) posted to
  the directory is signed by the issuer
• When a user receives a certificate in a message,
  the user must determine whether the certificate
  has been revoked. The user could check the
  directory each time a certificate is received.

22
Revocation of Certificates
Certificate Revocation List (CRL)
23
Authentication Procedures

• One-way Authentication

24
Authentication Procedures

• Two-way Authentication

25
Authentication Procedures

• Three-way Authentication

rA
Mutual Authentication
26
Recommended Web Sites

• http//www.pki.gov.tw
• HiTrust http//www.hitrust.com.tw/
• Verisign http//www.verisign.com

27
Public Key Infrastructure (PKI)
28
Certificates Environment
29
KERBEROS

• In Greek mythology, a many headed dog, the
  guardian of the entrance of Hades

30
Whats Kerberos (1/3)

• Kerberos is an authentication service developed
  as part of Project Athena at MIT.
• The problem of Kerberos
• Assume an open distributed environment in which
  users at workstations wish to access services
  distributed throughout the network.
• We would like for servers to be able to restrict
  access to authorized users and to be able to
  authenticate requests for service.

31
Whats Kerberos (1/3)

• Users wish to access services on servers.Three
  threats exist
• A user may gain access to a particular
  workstation and pretend to be another user
  operating from that workstation.
• A user alter the network address of a
  workstation.
• A user eavesdrop on exchanges and use a replay
  attack to gain entrance to a server or to disrupt
  operations.

32
Whats Kerberos(1/3)

• Provides a centralized authentication server to
  authenticate users to servers and servers to
  users.
• Relies on conventional encryption, making no use
  of public-key encryption
• Two versions version 4 (RFC1510) and 5
• Version 4 makes use of DES

33
Requirements for Kerberos

• Secure
• Reliable
• Transparent
• Scalable

34
Overview of Kerberos
35
Kerberos Version 4

• Notations
• C Client
• AS authentication server
• V server
• IDc identifier of user on C
• IDv identifier of V
• Pc password of user on C
• ADc network address of C
• Kv secret encryption key shared by AS and V
• TS timestamp
• concatenation

36
A Simple Authentication Dialogue

• C ? AS IDc Pc IDv
• AS ? C Ticket
• C ? V IDc Ticket
• Ticket EKvIDc ADc IDv

37
Problems of Simple Auth.

• How to minimize the number of times that a user
  has to enter a password
• Plaintext transmission of the password

38
More Secure Auth.

• Once per user logon session
• C -gt AS IDCIDtgs
• (2)AS -gt C EKCTickettgs
• Once per type of service
• (3)C -gt TGS IDCIDVTickettgs
• (4)TGS -gt C TicketV
• Once per service session
• (5)C -gt V IDCTicketV
• Tickettgs EKtgsIDCADCIDtgsTS1lifetime1
  
• TicketV EKVIDCADCIDVTS2lifetime2

Only one password query per user session
39
Version 4 Authentication Dialogue

• Problems
• Lifetime associated with the ticket-granting
  ticket
• If to short ? repeatedly asked for password
• If to long ? greater opportunity to replay
• The threat is that an opponent will steal the
  ticket and use it before it expires

40
Version 4 Authentication Dialogue

• Authentication Service Exhange To obtain
  Ticket-Granting Ticket
• C ? AS IDc IDtgs TS1
• AS ? C EKc Kc,tgs IDtgs TS2
  Lifetime2 Tickettgs

Ticket-Granting Service Echange To obtain
Service-Granting Ticket (3) C ? TGS
IDv Tickettgs Authenticatorc (4) TGS ? C
EKc,tgs Kc,v IDv TS4 Ticketv
Client/Server Authentication Exhange To Obtain
Service (5) C ? V Ticketv
Authenticatorc (6) V ? C EKc,vTS5
1 (for mutual authentication)
41
Version 4 Authentication Dialogue
42
Request for Service in Another Realm
43
Difference Between Version 4 and 5

• Encryption system dependence (V.4 DES)
• Internet protocol dependence
• Message byte ordering
• Ticket lifetime
• Authentication forwarding
• Interrealm authentication

44
Kerberos Encryption Techniques
45
PCBC Mode