Date post: | 31-Mar-2015 |
Category: |
Documents |
Upload: | jabari-warf |
View: | 221 times |
Download: | 0 times |
An Introduction toDistributed Security Concepts and
Public Key Infrastructure (PKI)
Mary Thompson
Local Computing
User sits down in front of the computer Responds to the login prompt with a user id and password. Machine has a list of all the users and their encrypted
passwords Password never goes across the network Passwords are encrypted with a one-way code The crypt alogrithm of Unix has been around since mid 70’s.
Uses a salt to keep identical passwords from having the same encryption. Uses only 8 characters, case sensitive. Uses 25 iterations of DES.
Typically broken by guessing and verifying guess or snooping the password.
Remote Access Computing
User logs in to one or more remote machine(s) Each machine has its own copy of userid and
password for each user Changing a password on one machine does not affect the
other machines Each time a user connects to a different machine, she
must login again
In the standard Unix login or rsh commands, the user’s password is sent in clear text over the network or else hosts trust users on the basis of their IP addresses
Ssh encrypts the password before sending it or uses a user’s key pair for establishing her identity
Single Domain Remote Access Computing
User gets access to many machines in a single administrative domain.
He has a single userid and password for all the machines Can login just once to a central trusted server Examples
Kerberos freeware from MIT Project Athena NIS - Sun software with remote access comands
Kerberos
User - password based authentication based on late-70’s Needham -Schroeder algorithms.
Kerberos Authentication Server aka KDC (Key Distribution Center) shares long-term secret (password) with each authorized user.
User logs in and established a short term session key with the AS which can be used to establish his identity with other entities, e.g. file system, other hosts or services each of which trusts the authority server.
The authorization mechanism needs to be integrated with the each function, e.g. file access, login, telnet, ftp, ...
The central server is a single point of vulnerablity to attack and failure.
Been in use for 20 years. We are now at version 5.
NIS
Central server has all the user ids and passwords, don’t need to store passwords locally.
Facilitates the same user id and passwords on all machines on a network
Then rlogin and rsh allow the user to have access to all the hosts in the hosts.equiv and .rhost files
No real security, depends IP addresses Integrated with NFS to allow access to NFS files from any
host to which they are exported.
Cross Domain Authentication
Holy Grail is to allow a user to login in once and get access to a ticket that will identify him to all machines on which he is allowed to run.
Kerberos supports cross realm authentication, but it is politically difficult to achieve. Used for multiple AFS/DFS cells within a single institution. CMU, DOE weapons labs
X.509 Identity certificates. An IETF standard. Contains a multi-part unique name and a public key. The legitimate owner of the certificate has the matching private key.
Motivation for Universal Identity certificate
Distributed computing environments, collaborative research environments
Resources, stakeholders and users are all distributed
Spanning organizational as well as geographical boundaries, e.g., DOE Collaboratories
Requires a flexible but secure way to identify users
Requires a flexible and secure way to identify stakeholders
Security Levels
Confidentiality
Protection from disclosure to unauthorized persons
Integrity
Maintaining data consistency
Authentication
Assurance of identity of person or originator of data
Non-repudiation
Originator of communications can't deny it later - requires long-term of keys
Authorization Identity combined with an access policy grants the rights to
perform some action
Security Building Blocks
Encryption provides
confidentiality, can provide authentication and integrity protection
Checksums/hash algorithms provide
integrity protection, can provide authentication
Digital signatures provide
authentication, integrity protection, and non-repudiation
Keys
Symetric Keys
Both parties share the same secret key
Problem is securely distributing the key
DES - 56 bit key considered unsafe for financial purposes since 1998
3 DES uses three DES keys
Public/Private keys
One key is the mathematical inverse of the other
Private keys are known only to the owner
Public key are stored in public servers, usually in a X.509 certificate.
RSA (patent expires Sept 2000), Diffie-Hellman, DSA
Hash Algorithms
Reduce variable-length input to fixed-length (128 or 160bit) output
Requirements
Can't deduce input from output
Can't generate a given output
Can't find two inputs which produce the same output
Used to
Produce fixed-length fingerprint of arbitrary-length data
Produce data checksums to enable detection of modifications
Distill passwords down to fixed-length encryption keys
Also called message digests or fingerprints
Message Authentication Code MAC
Hash algorithm + key to make hash value dependant on the key
Most common form is HMAC (hash MAC)
hash( key, hash( key, data ))
Key affects both start and end of hashing process
Naming: hash + key = HMAC-hash
MD5 HMAC-MD5
SHA-1 HMAC-SHA (recommended)
Digital Signatures
Combines a hash with a digital signature algorithm
To sign
hash the data
encrypt the hash with the sender's private key
send data signer’s name and signature
To verify
hash the data
find the sender’s public key
decrypt the signature with the sender's public key
the result of which should match the hash
Elements of PKI
Certificate Authorities (CA)
OpenSSL, Netscape, Verisign, Entrust, RSA Keon
Public/Private Key Pairs - Key management
x.509 Identity Certificates - Certificate management
LDAP servers
X.509 Identity Certificates
Distinguished Name of user
C=US, O=Lawrence Berkely National Laboratory, OU=DSD, CN=Mary R. Thompson
DN of Issuer
C=US, O=Lawrence Berkely National Laboratory, CN=LBNL-CA
Validity dates:
Not before <date>, Not after <date>
User's public key
V3- extensions
Signed by CA
Defined in ANS1 notation - language independent
Certificate Authority
A trusted third party - must be a secure server
Signs and publishes X.509 Identity certificates
Revokes certificates and publishes a Certification Revocation List (CRL)
Many vendors
OpenSSL - open source, very simple
Netscape - free for limited number of certificates
Entrust - Can be run by enterprise or by Entrust
Verisign - Run by Verisign under contract to enterprise
RSA Security - Keon servers
LDAP server
Lightweight Directory Access Protocol (IETF standard)
Evolved from DAP and X.500 Identities
Used by CA's to store user's Identity Certificate
Open source implementations
Standard protocol for lookup, entry, etc.
Access control is implemented by user, password.
SSL - OpenSSL
Secure message passing protocol
Developed by Netscape, now an IETF RFC (TLS Jan '99)
Protocol for using one or two public/private keys
to authenticate a sever to a client
and by requiring a client key to authenticate the client to the server
establish a shared symetric key (the session key)
uses the session key to encypt or MAC all data over the secure channel
Gives you authentication, message integrity and confidentiality
Everything except authorizaton
SSL Handshake
Negotiate the cipher suite
Establish a shared session key
Authenticate the server (optional)
Authenticate the client (optional)
Authenticate previously exhanged data
SSL handshake details
Client hello:
Client challenge, client nonce
Available cipher suites (eg RSA + RC4/40 + MD5)
Server hello:
Server certificate, server nonce
Connection ID
Selected cipher suite
Server adapts to client capabilities
Optional certificate exchange to authenticate server/client
Commercial sites only use server authentication
SSL Handshake - details
Client Server
Generate ChallengeDefine Protocols
Return Server CertificateGenerate connectiion IDConfirm Protocols
Decrypt pre-master session keymaster secret = hash (pre-master secret,
previous messages)Generate server read/write Key pairs
Generates pre-master session keyEncyrpt session keymaster-secret = hash(pre-master secret, previous messages)Generate Client read/write key pairs
Verify server certificate
Encrypt random challenge phraseDecrypt and verify challenge phrase
Challenge
Encryptionprotocols
Server Cert
Encryption protocols
Connection ID
{pre-master session Key}Server's publickey
{Client's Challenge}Server Write Key
SSL Handshake
Client Server
Decrypt challenge
Decrypt Message Digest and Client Certificate
Verify Client certificate andrecompute message digestDone
Calculate message digeston Challenge and Servercertificate
(Challenge phrase)Server write key
[Message Digest &Client Certificate]Client private key
(Session Identifier)Server's write key
Client Authentication
Generate new challengeRequests Client certificate
Status
Single purpose CA’s e.g. Globus (SSLeay) Collaboratory, DOE-Grid (Netscape)
Enterprises slow to run CA’s Many different Vendors - Verisign, Entrust, Netscape, RSA
Security Keon Incompatible Key and Certificate management between
vendors Certificates are not integrated with existing applications that
need authorization Large amount of corporate overhead in running a CA Uncertain legal implications of issuing certificates
Lab is currently looking at the RSA Keon server as it has integration with ssh and NIS authorization
Public Key Cryptography Standards - PKCS
PKCS 7
Cryptographic Message Syntax Standard
PKCS 10
Certification Request Syntax Standard - used by Netscape browser, IE, and SSL libraries
PKCS 11
Cryptographic Token Interface Standard - An API for signing and verifying data by a device that holds the key
PKCS 12
Personal Information Exchange Syntax Standard - file format for storing certificate and private key - used to move private information between browsers
References
Peter Guttman's tutorial
http://www.cs.auckland.ac.nz/~pgut001/tutorial/ about 500 slides covering cryptography, secure connection protocols, PKI, politics and more.
RSA Laboratories PKCS specifications
http://www.rsasecurity.com/rsalabs/pkcs/ SSL/TLS
TLS v 1.0 RFC - http://www.ietf.org/rfc/rfc2246.tx. SSL-v3
http://www.netscape.com/eng/ssl3/draft302.txt openSSL http://www.openssl.org/
Certificates
http://futile.lbl.gov/mecury/cappt/index.html