1

Authentication Applications

Ola FlygtVäxjö University, Sweden

http://w3.msi.vxu.se/users/ofl/Ola.Flygt@vxu.se+46 470 70 86 49

2

Outline

Security ConcernsKerberosX.509 Authentication Service

3

Security Concerns

key concerns are confidentiality and timeliness

to provide confidentiality one must encrypt identification and session key info which requires the use of previously shared private or public keys

need timeliness to prevent replay attacks.provided by using sequence numbers or timestamps or challenge/response

4

KERBEROS

In Greek mythology, a many headed dog, the guardian of the entrance of Hades

5

KERBEROS

Users wish to access services on servers.

Three threats exist:User pretend to be another user.User alter the network address of a

workstation.User eavesdrop on exchanges and

use a replay attack.

6

KERBEROS

Provides a centralized authentication server to authenticate users to servers and servers to users.

Relies on conventional encryption, making no use of public-key encryption

Two versions: version 4 and 5Version 4 makes use of DES

7

Kerberos terminologyTerms:

C = clientAS = authentication serverV = serverIDc = identifier of user on CIDv = identifier of VPc = password of user on CADc = network address of CKv = secret encryption key shared by AS an VTS = timestamp|| = concatenation

8

A simple Authentication Dialogue

(1) C AS: IDc || Pc || IDv

(2) AS C: Ticket

(3) C V: IDc || Ticket

Ticket = EKv[IDc || Pc || IDv]

9

Problems with the simple dialogue

Password in clear textSolution: Encrypt the password

Need to authenticate on each requestSolution: Let a ticket have a lifetime

Need to authenticate to each new serverSolution: Split the Kerberos server up in two

parts, one Authentication Server (AS) and one Ticket Granting Server (TGS).

10

A better Authentication Dialogue

Once per user logon session:

(1) C AS: IDc || IDtgs(2) AS C: E [Kc , Tickettgs]

Tickettgs =E(Ktgs, [IDc || ADc || IDtgs || TS1 || Lifetime1])

Once per type of service:

(3) C TGS: IDc || IDv ||Tickettgs

(4) TGS C: Ticketv

Ticketv =E(Kv, [IDc || ADc || IDv || TS2 || Lifetime2])

Once per server session:

(5) C V: IDc || Ticketv

11

Problems with the better dialogue

Problem 1, Lifetime associated with the ticket-granting ticketIf too short repeatedly asked for passwordIf too long greater opportunity to replay

The threat is that an opponent will steal the ticket and use it before it expires.

Problem 2, a rouge server can give incorrect credentials

12

Version 4 Authentication Dialogue

Authentication Service Exchange: To obtain Ticket-Granting Ticket

(1) C AS: IDc || IDtgs ||TS1

(2) AS C: EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs]

Tickettgs =E(Ktgs, [Kc,tgs || IDc || ADc || IDtgs || TS2 || Lifetime2])

Ticket-Granting Service Echange: To obtain Service-Granting Ticket

(3) C TGS: IDv ||Tickettgs ||Authenticatorc

• TGS C: E(Kc,tgs,[Kc,v || IDv || TS4 || Ticketv])

Tickettgs =E(Ktgs, [Kc,tgs || IDc || ADc || IDtgs || TS2 || Lifetime2])

Ticketv =E(Kv, [Kc,v || IDc || ADc || IDv || TS4 || Lifetime4])

Authenticatorc =E(Kc,tgs , [IDc || ADc || TS3])

13

Version 4 Authentication Dialogue

cont.

Client/Server Authentication Exchange to obtain Service

(5) C V: Ticketv || Authenticatorc

(6) V C: EKc,v[TS5 +1]

Ticketv =E(Kv, [Kc,v || IDc || ADc || IDv || TS4 || Lifetime4])

Authenticatorc =E(Kc,v , [IDc || ADc || TS5])

14

Overview of Kerberos

15

Request for Service in Another Realm

16

Difference Between Version 4 and 5

Encryption system independence (v4 DES)

Internet protocol independence (v4 IP)Message byte ordering (v5 ASN.1)Ticket lifetime (v4 max 21 hours)Authentication forwardingInter realm authentication

Kerberos Encryption Techniques

17

18

PCBC Mode

19

Kerberos - in practice

Currently have two Kerberos versions: 4 : restricted to a single realm 5 : allows inter-realm authenticationKerberos v5 is an Internet standard specified in RFC1510, and used by many utilities

To use Kerberos: need to have a KDC on your network need to have Kerberized applications running on

all participating systems

20

X.509 Authentication Service

Distributed set of servers that maintains a database about users.

Each certificate contains the public key of a user and is signed with the private key of a CA.

Is used in e.g. S/MIME, IP Security, SSL/TLS and SET.

RSA is recommended to use.

21

X.509 Formats

22

Typical Typical Digital Digital Signature ApproachSignature Approach

23

Obtaining a User’s Certificate

Characteristics of certificates generated by CA:Any user with access to the public

key of the CA can recover the user public key that was certified.

No part other than the CA can modify the certificate without this being detected.

24

X.509 CA Hierarchy

25

Revocation of Certificates

Reasons for revocation:The users secret key is assumed to

be compromised.The user is no longer certified by this

CA.The CA’s certificate is assumed to be

compromised.

26

Authentication Procedures