Chapter 8.5 AUTHENTICATION AND KEY DISTRIBUTION - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Chapter 8.5 AUTHENTICATION AND KEY DISTRIBUTION

Description:

A contacts S which returns a session key and certificate encrypted with Kbs. ... On the design of authentication protocols for third generation ieeexplore.ieee. ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 23
Provided by: Kart163
Learn more at: https://www.cs.gsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Chapter 8.5 AUTHENTICATION AND KEY DISTRIBUTION


1
Chapter 8.5 AUTHENTICATION AND KEY DISTRIBUTION
  • Prepared by
  • Karthik V Puttaparthi
  • kputtaparthi1_at_student.gs
    u.edu

2
OUTLINE
  • Overview
  • Protocols and Communication Services
  • Design of Authentication Protocols
  • Needham-Schroeder Protocol
  • Denning-Sacco Protocol
  • Kerberos Protocol
  • Kerberos Protocol Version V
  • References

3
PROTOCOLS AND COMMUNICATION SERVICES
  • Authentication is the process of verifying the
    identity of an object entity.
  • Password verification is a simple example of
    one-way user identification.
  • In a distributed environment, there is a greater
    need to authenticate the machine the user
    connects to as well.
  • This type of mutual authentication is even more
    important for communication between autonomous
    principals under different administrative
    authorities in a client/server distributed
    environment.

4
PROTOCOLS AND COMMUNICATION SERVICES
  • Messages being exchanged must also be
    authenticated such that they are free of forgery,
    counterfeiting and repudiation.
  • Forgery could occur when a communication key is
    compromised.
  • A counterfeit is the replay of a secret message
    in the context of communication.
  • Repudiation is the denial of sending what seems
    to be an authenticated message.

5
PROTOCOLS AND COMMUNICATION SERVICES
  • For message authenticity, an irreproducible
    secret message digest can be used to sign the
    message.
  • Secrecy of information can be accomplished by
    encryption using secret keys.

6
Design of Authentication Protocols
  • Connection
    Connectionless
  • Peer processes
  • Client / Server
  • Authentication protocols are all about
    distribution and management of secret keys.
  • Key distribution in a distributed environment is
    an implementation of distributed authentication
    protocols.

Interactive One-way
Session Request / Response
7
Design of Authentication Protocols
  • Design of distributed authentication protocols
    depends on underlying communication service, i.e.
    connectionless or connection-oriented.
  • Most distributed applications follow
    Client/Server programming paradigm and
    Client/Server interaction is viewed as request /
    reply communication.
  • Session key can also be used for Client / Server
    communication. Conceptually similar with
    tickets.
  • A ticket is a signed certificate that contains
    information for authenticating the client.
  • Kerberos Protocol was the first one to use the
    ticket notion.

8
Design of Authentication Protocols
  • All protocols assume that some secret information
    is held initially by each principal.
  • Authentication is achieved by one principal
    demonstrating the other that it holds that secret
    information.
  • All protocols assume that system environment is
    very insecure and is open for attack.

9
Design of Authentication Protocols
  • Message received by a principal must have its
    origin authenticity, integrity and freshness
    verified.
  • To achieve these goals, most protocols need to
    rely on an authentication server.
  • Authentication server delivers good quality
    session keys to requesting principals securely.

10
Design of Authentication Protocols
  • Protocol are divided into two categories to
    verify the freshness of a message.
  • First category uses nonce and challenge/ response
    handshake to verify freshness.
  • Second category uses timestamps and assumes that
    all machines in distributed system are
    clock-synchronized.

11
Needham-Schroeder Protocol (1978)
  • First to use the encryption techniques for
    authentication and key distribution.
  • Five Steps
  • A-gtS A, B, Na
  • S-gtA Na, B, Kab, A, KabKbsKas
  • A-gtB A, KabKbs
  • B-gtA NbKab
  • A-gtB Nb - 1Kab
  • A contacts S which returns a session key and
    certificate encrypted with Kbs.
  • B decrypts it and does a nonce handshake with A
    assure the freshness.
  • Subtracting 1 from Nb in last message ensures
    that its not a replay of the previous message
    from B to A.

12
Needham-Schroeder Protocol (1978)
  • Five Steps
  • A-gtS A, B, Na
  • S-gtA Na, B, Kab, A, KabKbsKas
  • A-gtB A, KabKbs
  • B-gtA NbKab
  • A-gtB Nb - 1Kab
  • Denning and Sacco found a drawback.
  • If session key between A and B is compromised, an
    intruder can impersonate A by carrying out last 3
    steps.
  • Needham-Schroeder responded by requiring A to
    obtain another nonce from B before it contacts S
    and requiring S to put this nonce into
    certificate to be forwarded to B.

13
Denning-Sacco Protocol (1981)
  • Uses timestamps rather than nonce to guarantee
    message freshness.
  • A-gtS A, B
  • S-gtA B, Kab,TsA, Kab, TsKbsKas
  • A-gtB A, Kab, TsKbs
  • A and B can verify the message freshness by
    checking
  • Clock T lt ?t1 ?t2

14
Denning-Sacco Protocol (1981)
  • Clock is the local clock time. ?t1 is normal
    discrepancy between servers clock and local
    clock. ?t2 is expected network delay.
  • So long ?t1 ?t2 is less than the interval
    between two contiguous authentication sessions,
    message freshness is guaranteed.
  • Denning-Sacco has better performance than
    Needham-Schroeder as it eliminates message
    handshake.
  • But drawback is that all machines must be
    clock-synchronized with authentication server.

15
Kerberos Protocol (1980)
  • As a part of project Athena at MIT, Kerberos is
    one of the most promising implementation of
    authentication service.
  • Based on Needham-Schroeder but also uses
    timestamps suggested by Denning-Sacco.
  • Authentication service is divided on two servers
    Kerberos Server and Ticket Granting Server (TGS).

16
Kerberos Protocol (1980)
  • Simplified version of Kerberos that treats
    Kerberos server and TGS as single entity S.
  • 1. A-gtS A, B
  • 2. S-gtA Kab, TicketabKas
  • Where Ticketab B, A, addr, Ts, L, KabKbs
  • 3. A-gtB Authenticatorab, Ticketab
  • Where Authenticatorab A, addr, TaKab
  • 4. B-gtA Ta 1Kab
  • A sends its own identity to S before it connect
    to B.
  • S responds with session key Kab and a ticket for
    B.

17
Kerberos Protocol (1980)
  • 1. A-gtS A, B
  • 2. S-gtA Kab, TicketabKas
  • Where Ticketab B, A, addr, Ts, L, KabKbs
  • 3. A-gtB Authenticatorab, Ticketab
  • Where Authenticatorab A, addr, TaKab
  • 4. B-gtA Ta 1Kab
  • Ticket contains identities of B and A, IP of A,
    timestamp Ts, lifetime L and a session key to
    identify A.
  • A now creates its own authenticator containing
    As identity, its IP and timestamp and sends it
    to B along with the Bs ticket.
  • B decrypts the ticket and authenticator, and
    compares two pieces of information.

18
Kerberos Protocol (1980)
  • First, their identity and address information
    must match.
  • Second, discrepancy between time in authenticator
    and current local time must not exceed a
    predetermined value.
  • If these match, B authenticates the As identity
    and allows the service request to proceed.
  • Drawbacks of Kerberos were identified by Bellovin
    and Merritt.
  • Drawback includes difficulty in adapting to all
    environments, and the need for special purpose
    hardware.
  • To fix some of these problems, Kerberos has been
    upgraded to version V.

19
Kerberos Protocol Version V
1993
Authentication Server Ticket Granting Server
1 Client 2 3 4
Server 5
K
C
S
G
C-gtK C, G, N K-gtC Kcg, NKc, Ticketcg C-gtG Authenticatorcg, Ticketcg G-gtC Kcs, NKcg, Ticketcs C-gtS Authenticatorcs, Ticketcs
20
Kerberos Protocol Version V (cont)
  • This protocol separates the authentication server
    S into Kerberos server (K) for authentication and
    Ticket Granting Server (G).
  • Client (C) first sends identity for itself and
    TGS to Authentication Server K. (Message 1)
  • Authentication Server K does the initial login
    and grants ticket for TGS. (Message 2)
  • Client (C) sends authenticator to TGS to identify
    itself (like simplified Kerberos). (Message 3)

21
Kerberos Protocol Version V
1993
  • Message 4 and 5 are similar to Message 2 and 3
    respectively.
  • Most widely implemented protocol.
  • Implemented in Distributed Computing Environment
    (DCE) security service and SESAME (A Secure
    European System for Application in a Multi-vendor
    Environment).

22
References
  • Distributed Operating Systems and Algorithms by
    Randy Chow and Theodore Johnson
  • On the design of authentication protocols for
    third generation ieeexplore.ieee.org/iel5/8635/273
    71/01217358.pdf
  • Clifford Neumann. The Kerberos Network
    Authentication Service (V5). Internet Draft
    ietf-cat-kerb-kerberos-revision-04.txt, June 1999
  • http//en.wikipedia.org/wiki/Needham-Schroeder
    March 29, 2007
  • http//web.mit.edu/Kerberos/ April 2, 2007
  • http//en.wikipedia.org/wiki/Kerberos_28protocol
    29 April 8, 2007
Write a Comment
User Comments (0)
About PowerShow.com