Title: Authentication 3: On The Internet
1Authentication 3On The Internet
2Readings
- URL attacks http//www.technicalinfo.net/papers/UR
LEmbeddedAttacks.html - Web security using CGI scripts
http//www.w3.org/Security/Faq/wwwsf4.html - Tempest http//www.giac.org/practical/gsec/Cassi_
Goodman_GSEC.pdf
3Topics
- URL Obscuring
- Kerberos
- X.509 Digital Certificate Standard
4URL Obscuring
- Uniform Resource Locator is used to find a web
site. - If you are sent a URL from an untrusted source,
it may be obscured in a number of ways to look
like a familiar, trusted site. - Characters can be put into URLs to change the
meaning.
5URL Obscuring
- For example, you receive an email saying click
on this link - http//www.friendlysite.com_at_129.210.32.1
- You think you are going to friendlysite
however, the _at_ means that everything before it is
the username and you really go to 129.210.32.1
6It Gets Worse
- The _at_ can be replaced by its ASCII encoding 40
and if the email supports colored fonts, the true
destination can be in white! - http//www.google.com40www.cse.scu.edu/jholliday
/index.html - http//www.google.com40www.cse.scu.edu/jholliday
/index.html
7Challenges for E-Commerce
- Many clients want services from a number of
different servers. Servers need to know that the
client is who he says he is. - Key concerns are confidentiality and timeliness
- To provide confidentiality must encrypt
identification and session key info which
requires the use of previously shared private or
public keys - Need timeliness to prevent replay attacks. Can
be provided by using sequence numbers or
timestamps or challenge/response
8Kerberos
- Developed at MIT. Users wish to access services
on many servers. - Three threats exist
- User pretend to be another user.
- User alter the network address of a workstation
to get anothers services. - User eavesdrop on exchanges and use a replay
attack to get unauthorized services.
9Cryptographic Flaw in CR Protocol
- Alice and Bob want to use a challenge-response
protocol to authenticate each other. They can
encrypt and decrypt message with DES and their
shared key, KAB. - Alice sends her identity A and a random number RA
to Bob. Bob responds with the number encrypted
with the key he shares with Alice, KABRA along
with another random number RB. Alice responds by
encrypting Bobs number KABRB and sending it to
Bob.
10Kerberos
- Kerberos provides a centralized authentication
server to authenticate users to servers and
servers to users. - Users can share password with AS, but need not be
known by all servers. - Relies on conventional encryption, making no use
of public-key encryption. - Two versions version 4 and 5. Version 4 uses DES
11Simplified Version
- Client, C, asks authentication server, AS, for a
ticket to identify him to vendor, V. Client
supplies his password which is known by AS. - AS gives C a ticket which can only be read by the
vendor, V. - Client, C, contacts vendor,V, giving him the
ticket which V accepts because he trusts AS.
12Kerberos
- Terms
- C Client
- AS authentication server
- V server or vendor
- IDc identifier of user on C
- IDv identifier of V
- Pc password of user on C
- ADc network address of C
- Kv secret encryption key shared by AS and V
- TS timestamp
- concatenation
13Simple Authentication Dialog
- C ? AS IDc Pc IDv
- AS ? C Ticket
- C ? V IDc Ticket
- Ticket EKvIDc ADc IDv
14Problems with Simple Dialog
- Lifetime needs to be associated with the ticket
- If too short, repeatedly asked for password
- If too long, greater chance of replay attack
- The threat is that an opponent will steal the
ticket and use it before it expires - Client password sent in the clear
- Every time client wants to use a new service (or
reuse one) he must go to AS.
15Solution Kerberos Version 4
- Add a Ticket Granting server
- When client logs in at start of session/day, he
gets a ticket-granting ticket (TGT) from the
Authentication Server. He supplies his password
once per session/day. - TGT is used to get a service ticket from a Ticket
Granting Server each time service is needed (read
mail, get a file, use print server). - Authenticator is Kc,vIDcADcTS
16(No Transcript)
17Kerberos Version 4
- Authentication Service Exhange To obtain
Ticket-Granting Ticket - C ? AS IDc IDtgs TS1
- AS ? C EKc Kc,tgs IDtgs TS2
Lifetime2 Tickettgs
Tickettgs EKtgsKc,tgs IDc ADc IDtgs
TS2 lifetime
- Ticket-Granting Service Echange To obtain
Service-Granting Ticket - (3) C ? TGS IDv Tickettgs
Authenticatorc - (4) TGS ? C EKc Kc,v IDv
TS4 Ticketv
Ticketv EKv Kc,v IDc ADc IDv TS
lifetime
Client/Server Authentication Exhange To Obtain
Service (5) C ? V Ticketv
Authenticatorc (6) V ? C EKc,vTS5
1
18Kerberos in Use
- Currently have two Kerberos versions
- 4 restricted to a single realm
- 5 allows inter-realm authentication
- Kerberos v5 is an Internet standard
- specified in RFC1510, and used by many utilities
- To use Kerberos
- need to have Kerberised applications running on
all participating systems
19X.509 Authentication Standard
- A standard for a distributed set of servers that
maintains a database about users. - Based on public key cryptography, digital
signatures and certificates. - Each certificate contains the public key of a
user and is signed with the private key of a CA. - Used in S/MIME, IP Security, SSL/TLS and SET.
- RSA is recommended.
20X.509
- A public key certificate is associated with each
user in the system. - Certificates are created by some trusted
certification authority (CA) and placed in the
directory. - Any user with the public key of the CA can
recover a user public key in the directory that
was certified by the CA. - No party other than the CA can modify the
certificate without detection. - Certificates are unforgeable.
21Digital Signature Idea
22Certificate Revocation
- Each certificate has a period of validity.
Usually a new certificate is issued just before
the old one expires. - Sometimes the certificates must be revoked before
they expire - The users secret key is assumed to be
compromised. - The user is no longer certified by this CA.
- The CAs certificate is assumed to be compromised.
23Certificate Revocation Lists
- Each CA maintains a list of revoked but not yet
expired certificates. Each list (CRL) is signed
by the CA and posted to the directory. - A user who receives a certificate is responsible
for checking the CRL to determine its validity.
24Serial number is unique to a CA
25For More Info
- General hacking http//www.insecure.org/
- PKI in practice http//www.pki-page.org/
- Government PKI standards http//csrc.nist.gov/pki/