Authentication 3: On The Internet - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Authentication 3: On The Internet

Description:

Web security using CGI scripts http://www.w3.org/Security/Faq/wwwsf4.html ... Authenticator is Kc,v{IDc||ADc||TS} Kerberos Version 4 ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 26
Provided by: joanneh5
Category:

less

Transcript and Presenter's Notes

Title: Authentication 3: On The Internet


1
Authentication 3On The Internet
2
Readings
  • URL attacks http//www.technicalinfo.net/papers/UR
    LEmbeddedAttacks.html
  • Web security using CGI scripts
    http//www.w3.org/Security/Faq/wwwsf4.html
  • Tempest http//www.giac.org/practical/gsec/Cassi_
    Goodman_GSEC.pdf

3
Topics
  • URL Obscuring
  • Kerberos
  • X.509 Digital Certificate Standard

4
URL Obscuring
  • Uniform Resource Locator is used to find a web
    site.
  • If you are sent a URL from an untrusted source,
    it may be obscured in a number of ways to look
    like a familiar, trusted site.
  • Characters can be put into URLs to change the
    meaning.

5
URL Obscuring
  • For example, you receive an email saying click
    on this link
  • http//www.friendlysite.com_at_129.210.32.1
  • You think you are going to friendlysite
    however, the _at_ means that everything before it is
    the username and you really go to 129.210.32.1

6
It Gets Worse
  • The _at_ can be replaced by its ASCII encoding 40
    and if the email supports colored fonts, the true
    destination can be in white!
  • http//www.google.com40www.cse.scu.edu/jholliday
    /index.html
  • http//www.google.com40www.cse.scu.edu/jholliday
    /index.html

7
Challenges for E-Commerce
  • Many clients want services from a number of
    different servers. Servers need to know that the
    client is who he says he is.
  • Key concerns are confidentiality and timeliness
  • To provide confidentiality must encrypt
    identification and session key info which
    requires the use of previously shared private or
    public keys
  • Need timeliness to prevent replay attacks. Can
    be provided by using sequence numbers or
    timestamps or challenge/response

8
Kerberos
  • Developed at MIT. Users wish to access services
    on many servers.
  • Three threats exist
  • User pretend to be another user.
  • User alter the network address of a workstation
    to get anothers services.
  • User eavesdrop on exchanges and use a replay
    attack to get unauthorized services.

9
Cryptographic Flaw in CR Protocol
  • Alice and Bob want to use a challenge-response
    protocol to authenticate each other. They can
    encrypt and decrypt message with DES and their
    shared key, KAB.
  • Alice sends her identity A and a random number RA
    to Bob. Bob responds with the number encrypted
    with the key he shares with Alice, KABRA along
    with another random number RB. Alice responds by
    encrypting Bobs number KABRB and sending it to
    Bob.

10
Kerberos
  • Kerberos provides a centralized authentication
    server to authenticate users to servers and
    servers to users.
  • Users can share password with AS, but need not be
    known by all servers.
  • Relies on conventional encryption, making no use
    of public-key encryption.
  • Two versions version 4 and 5. Version 4 uses DES

11
Simplified Version
  • Client, C, asks authentication server, AS, for a
    ticket to identify him to vendor, V. Client
    supplies his password which is known by AS.
  • AS gives C a ticket which can only be read by the
    vendor, V.
  • Client, C, contacts vendor,V, giving him the
    ticket which V accepts because he trusts AS.

12
Kerberos
  • Terms
  • C Client
  • AS authentication server
  • V server or vendor
  • IDc identifier of user on C
  • IDv identifier of V
  • Pc password of user on C
  • ADc network address of C
  • Kv secret encryption key shared by AS and V
  • TS timestamp
  • concatenation

13
Simple Authentication Dialog
  • C ? AS IDc Pc IDv
  • AS ? C Ticket
  • C ? V IDc Ticket
  • Ticket EKvIDc ADc IDv

14
Problems with Simple Dialog
  • Lifetime needs to be associated with the ticket
  • If too short, repeatedly asked for password
  • If too long, greater chance of replay attack
  • The threat is that an opponent will steal the
    ticket and use it before it expires
  • Client password sent in the clear
  • Every time client wants to use a new service (or
    reuse one) he must go to AS.

15
Solution Kerberos Version 4
  • Add a Ticket Granting server
  • When client logs in at start of session/day, he
    gets a ticket-granting ticket (TGT) from the
    Authentication Server. He supplies his password
    once per session/day.
  • TGT is used to get a service ticket from a Ticket
    Granting Server each time service is needed (read
    mail, get a file, use print server).
  • Authenticator is Kc,vIDcADcTS

16
(No Transcript)
17
Kerberos Version 4
  • Authentication Service Exhange To obtain
    Ticket-Granting Ticket
  • C ? AS IDc IDtgs TS1
  • AS ? C EKc Kc,tgs IDtgs TS2
    Lifetime2 Tickettgs

Tickettgs EKtgsKc,tgs IDc ADc IDtgs
TS2 lifetime
  • Ticket-Granting Service Echange To obtain
    Service-Granting Ticket
  • (3) C ? TGS IDv Tickettgs
    Authenticatorc
  • (4) TGS ? C EKc Kc,v IDv
    TS4 Ticketv

Ticketv EKv Kc,v IDc ADc IDv TS
lifetime
Client/Server Authentication Exhange To Obtain
Service (5) C ? V Ticketv
Authenticatorc (6) V ? C EKc,vTS5
1
18
Kerberos in Use
  • Currently have two Kerberos versions
  • 4 restricted to a single realm
  • 5 allows inter-realm authentication
  • Kerberos v5 is an Internet standard
  • specified in RFC1510, and used by many utilities
  • To use Kerberos
  • need to have Kerberised applications running on
    all participating systems

19
X.509 Authentication Standard
  • A standard for a distributed set of servers that
    maintains a database about users.
  • Based on public key cryptography, digital
    signatures and certificates.
  • Each certificate contains the public key of a
    user and is signed with the private key of a CA.
  • Used in S/MIME, IP Security, SSL/TLS and SET.
  • RSA is recommended.

20
X.509
  • A public key certificate is associated with each
    user in the system.
  • Certificates are created by some trusted
    certification authority (CA) and placed in the
    directory.
  • Any user with the public key of the CA can
    recover a user public key in the directory that
    was certified by the CA.
  • No party other than the CA can modify the
    certificate without detection.
  • Certificates are unforgeable.

21
Digital Signature Idea

22
Certificate Revocation
  • Each certificate has a period of validity.
    Usually a new certificate is issued just before
    the old one expires.
  • Sometimes the certificates must be revoked before
    they expire
  • The users secret key is assumed to be
    compromised.
  • The user is no longer certified by this CA.
  • The CAs certificate is assumed to be compromised.

23
Certificate Revocation Lists
  • Each CA maintains a list of revoked but not yet
    expired certificates. Each list (CRL) is signed
    by the CA and posted to the directory.
  • A user who receives a certificate is responsible
    for checking the CRL to determine its validity.

24
Serial number is unique to a CA
25
For More Info
  • General hacking http//www.insecure.org/
  • PKI in practice http//www.pki-page.org/
  • Government PKI standards http//csrc.nist.gov/pki/
Write a Comment
User Comments (0)
About PowerShow.com