Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Similar presentations


Presentation on theme: "Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings."— Presentation transcript:

1 Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings

2 Chapter 4 Key Distribution and User Authentication

3 No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman he would fear that some devil might take advantage of his weak state to slip into his body. The Golden Bough, Sir James George Frazer

4 Symmetric Key Distribution using symmetric encryption For symmetric encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by othersFor symmetric encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others Frequent key changes are usually desirable to limit the amount of data compromised if an attacker learns the keyFrequent key changes are usually desirable to limit the amount of data compromised if an attacker learns the key Key distri techniqueKey distribution technique The means of delivering a key to two parties that wish to exchange data, without allowing others to see the keyThe means of delivering a key to two parties that wish to exchange data, without allowing others to see the key

5 Key Distribution For two parties A and B, there are the following options:For two parties A and B, there are the following options: 1 A key can be selected by A and physically delivered to B 2 A third party can select the key and physically deliver it to A and B 3 If A and B have previously and recently used a key, one party could transmit the new key to the other, using the old key to encrypt the new key 4 If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B

6 Kerberos Key distribution and user authentication service developed at MITKey distribution and user authentication service developed at MIT Provides a centralized authentication server whose function is to authenticate users to servers and servers to usersProvides a centralized authentication server whose function is to authenticate users to servers and servers to users Relies exclusively on symmetric encryption, making no use of public-key encryptionRelies exclusively on symmetric encryption, making no use of public-key encryption Two versions are in use Version 4 implementations still exist, although this version is being phased out Version 5 corrects some of the security deficiencies of version 4 and has been issued as a proposed Internet Standard (RFC 4120)

7 A Simple Authentication Dialogue To prevent impersonationTo prevent impersonation C V: ID C ||P CC V: ID C ||P C Burden on each serverBurden on each server Authentication server (AS)Authentication server (AS) 1.C AS: ID C ||P C ||ID V 2.AS C: Ticket 3.C V: ID C ||Ticket Ticket=E(K v, [ID C ||AD C ||ID V ])Ticket=E(K v, [ID C ||AD C ||ID V ])

8 A More Secure Authentication Dialogue Problems with the previous scenarioProblems with the previous scenario A user has to enter a password many timesA user has to enter a password many times Once for every different serviceOnce for every different service Plaintext transmission of the passwordPlaintext transmission of the password

9 Ticket-granting server (TGS)Ticket-granting server (TGS) Once per user logon sessionOnce per user logon session 1.C AS: ID C ||ID tgs 2.AS C: E(K C, Ticket tgs ) Once per type of serviceOnce per type of service 3.C->TGS: ID C ||ID V ||Ticket tgs 4.TGS C: Ticket v Once per server sessionOnce per server session 5.C V: ID C ||Ticket v Ticket tgs =E(K tgs, [ID C ||AD C ||ID tgs ||TS 1 ||Lifetime 1 ])Ticket tgs =E(K tgs, [ID C ||AD C ||ID tgs ||TS 1 ||Lifetime 1 ]) Ticket v =E(K v, [ID C ||AD C ||ID V ||TS 2 ||Lifetime 2 ])Ticket v =E(K v, [ID C ||AD C ||ID V ||TS 2 ||Lifetime 2 ])

10 ProblemsProblems Lifetime of the ticketsLifetime of the tickets A network service must be able to prove that the person using the ticket is the same person to whom the ticket was issuedA network service must be able to prove that the person using the ticket is the same person to whom the ticket was issued Session key in KerberosSession key in Kerberos Servers need to authenticate themselves to usersServers need to authenticate themselves to users Mutual authenticationMutual authentication

11 Kerberos version 4 A basic third-party authentication schemeA basic third-party authentication scheme Authentication Server (AS)Authentication Server (AS) Users initially negotiate with AS to identify selfUsers initially negotiate with AS to identify self AS provides a non-corruptible authentication credential (ticket granting ticket TGT)AS provides a non-corruptible authentication credential (ticket granting ticket TGT) Ticket Granting Server (TGS)Ticket Granting Server (TGS) Users subsequently request access to other services from TGS on basis of users TGTUsers subsequently request access to other services from TGS on basis of users TGT Complex protocol using DESComplex protocol using DES

12 Table 4.1 Summary of Kerberos Version 4 Message Exchanges

13 Authentication service exchange to obtain ticket- granting ticketAuthentication service exchange to obtain ticket- granting ticket 1.C AS: ID C ||ID tgs ||TS 1 2.AS C: E(K C, [K C,tgs ||ID tgs ||TS 2 ||Lifetime 2 ||Ticket tgs ]) Ticket tgs =E(K tgs, [K C,tgs || ID C ||AD C ||ID tgs ||TS 2 ||Lifetime 2 ])Ticket tgs =E(K tgs, [K C,tgs || ID C ||AD C ||ID tgs ||TS 2 ||Lifetime 2 ]) [Session key: K C,tgs ][Session key: K C,tgs ]

14 Ticket-granting service exchange to obtain ticket- granting ticketTicket-granting service exchange to obtain ticket- granting ticket 3.C->TGS: ID V ||Ticket tgs ||Authenticator C 4.TGS C: E(K C,tgs, [K c,v ||ID v ||TS 4 ||Ticket v ]) Ticket tgs =E(K tgs, [K C,tgs || ID C ||AD C ||ID tgs ||TS 2 ||Lifetime 2 ])Ticket tgs =E(K tgs, [K C,tgs || ID C ||AD C ||ID tgs ||TS 2 ||Lifetime 2 ]) Ticket v =E(K v, [K c,v || ID C ||AD C ||ID V ||TS 4 ||Lifetime 4 ])Ticket v =E(K v, [K c,v || ID C ||AD C ||ID V ||TS 4 ||Lifetime 4 ]) Authenticator C = E(K C,tgs, [ID C ||AD C ||TS 3 ])Authenticator C = E(K C,tgs, [ID C ||AD C ||TS 3 ]) [Session key: K C,v ][Session key: K C,v ]

15 Client/Server Authentication Exchange to obtain serviceClient/Server Authentication Exchange to obtain service 5.C V: Ticket v ||Authenticator C 6.V C: E(K c,v, [TS 5 +1]) (for mutual authentication) Ticket v =E(K v, [K c,v || ID C ||AD C ||ID V ||TS 4 ||Lifetime 4 ])Ticket v =E(K v, [K c,v || ID C ||AD C ||ID V ||TS 4 ||Lifetime 4 ]) Authenticator C = E(K C,v, [ID C ||AD C ||TS 5 ])Authenticator C = E(K C,v, [ID C ||AD C ||TS 5 ])

16

17

18

19

20

21 Kerberos Realms Kerberos realmKerberos realm A set of managed nodes that share the same Kerberos databaseA set of managed nodes that share the same Kerberos database The Kerberos database resides on the Kerberos master computer system, which should be kept in a physically secure roomThe Kerberos database resides on the Kerberos master computer system, which should be kept in a physically secure room A read-only copy of the Kerberos database might also reside on other Kerberos computer systemsA read-only copy of the Kerberos database might also reside on other Kerberos computer systems All changes to the database must be made on the master computer systemAll changes to the database must be made on the master computer system Changing or accessing the contents of a Kerberos database requires the Kerberos master passwordChanging or accessing the contents of a Kerberos database requires the Kerberos master password A Kerberos environment consists of: A Kerberos serverA number of clients A number of application servers

22 C AS: ID C ||ID tgs ||TS 1C AS: ID C ||ID tgs ||TS 1 AS C: E(K C, [K C,tgs ||ID tgs ||TS 2 ||Lifetime 2 ||Ticket tgs ])AS C: E(K C, [K C,tgs ||ID tgs ||TS 2 ||Lifetime 2 ||Ticket tgs ]) C->TGS: ID tgsrem ||Ticket tgs ||Authenticator CC->TGS: ID tgsrem ||Ticket tgs ||Authenticator C TGS C: E(K C,tgs, [K c,tgsrem ||ID tgsrem ||TS 4 ||Ticket tgsrem ])TGS C: E(K C,tgs, [K c,tgsrem ||ID tgsrem ||TS 4 ||Ticket tgsrem ]) C->TGS rem : ID Vrem ||Ticket tgsrem ||Authenticator CC->TGS rem : ID Vrem ||Ticket tgsrem ||Authenticator C TGS rem C: E(K C,tgsrem, [K c,vrem ||ID vrem ||TS 6 ||Ticket vrem ])TGS rem C: E(K C,tgsrem, [K c,vrem ||ID vrem ||TS 6 ||Ticket vrem ]) C V rem : Ticket vrem ||Authenticator CC V rem : Ticket vrem ||Authenticator C

23 Kerberos principal A service or user that is known to the Kerberos systemA service or user that is known to the Kerberos system Each Kerberos principal is identified by its principal nameEach Kerberos principal is identified by its principal name A service or user name An instance name A realm name Principal name Principal names consist of three parts

24 Differences between versions 4 and 5 Environmental shortcomings Encryption system dependenceEncryption system dependence Internet protocol dependenceInternet protocol dependence Message byte orderingMessage byte ordering Ticket lifetimeTicket lifetime Authentication forwardingAuthentication forwarding Interrealm authenticationInterrealm authentication Technical deficiencies Double encryptionDouble encryption PCBC encryptionPCBC encryption Session keysSession keys Password attacksPassword attacks

25

26 Key distribution using asymmetric encryption One of the major roles of public-key encryption is to address the problem of key distributionOne of the major roles of public-key encryption is to address the problem of key distribution There are two distinct aspects to the use of public-key encryption in this regard:There are two distinct aspects to the use of public-key encryption in this regard: The distribution of public keysThe distribution of public keys The use of public-key encryption to distribute secret keysThe use of public-key encryption to distribute secret keys Public-key certificatePublic-key certificate Consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third partyConsists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third party Typically, the third party is a certificate authority (CA) that is trusted by the user community, such as a government agency or a financial institutionTypically, the third party is a certificate authority (CA) that is trusted by the user community, such as a government agency or a financial institution A user can present his or her public key to the authority in a secure manner and obtain a certificateA user can present his or her public key to the authority in a secure manner and obtain a certificate The user can then publish the certificateThe user can then publish the certificate Anyone needing this users public key can obtain the certificate and verify that it is valid by way of the attached trusted signatureAnyone needing this users public key can obtain the certificate and verify that it is valid by way of the attached trusted signature

27

28 X.509 Certificates ITU-T recommendation X.509 is part of the X.500 series of recommendations that define a directory serviceITU-T recommendation X.509 is part of the X.500 series of recommendations that define a directory service Defines a framework for the provision of authentication services by the X.500 directory to its usersDefines a framework for the provision of authentication services by the X.500 directory to its users The directory may serve as a repository of public-key certificatesThe directory may serve as a repository of public-key certificates Defines alternative authentication protocols based on the use of public-key certificatesDefines alternative authentication protocols based on the use of public-key certificates Was initially issued in 1988Was initially issued in 1988 Based on the use of public-key cryptography and digital signaturesBased on the use of public-key cryptography and digital signatures The standard does not dictate the use of a specific algorithm but recommends RSAThe standard does not dictate the use of a specific algorithm but recommends RSA

29

30

31 Obtaining a users certificate User certificates generated by a CA have the following characteristics:User certificates generated by a CA have the following characteristics: Any user with access to the public key of the CA can verify the user public key that was certifiedAny user with access to the public key of the CA can verify the user public key that was certified No party other than the certification authority can modify the certificate without this being detectedNo party other than the certification authority can modify the certificate without this being detected Because certificates are unforgeable, they can be placed in a directory without the need for the directory to make special efforts to protect themBecause certificates are unforgeable, they can be placed in a directory without the need for the directory to make special efforts to protect them

32

33 Revocation of certificates Each certificate includes a period of validityEach certificate includes a period of validity Typically a new certificate is issued just before the expiration of the old oneTypically a new certificate is issued just before the expiration of the old one It may be desirable on occasion to revoke a certificate before it expires for one of the following reasons:It may be desirable on occasion to revoke a certificate before it expires for one of the following reasons: The users private key is assumed to be compromisedThe users private key is assumed to be compromised The user is no longer certified by this CA; reasons for this include subjects name has changed, the certificate is superseded, or the certificate was not issued in conformance with the CAs policiesThe user is no longer certified by this CA; reasons for this include subjects name has changed, the certificate is superseded, or the certificate was not issued in conformance with the CAs policies The CAs certificate is assumed to be compromisedThe CAs certificate is assumed to be compromised

34 X.509 Version 3 Includes a number of optional extensions that may be added to the version 2 format Each extension consists of: An extension identifier A criticality indicator An extension value The certificate extensions fall into three main categories: Key and policy information Subject and issuer attributes Certification path constraints

35 Key and policy information These extensions convey additional information about the subject and issuer keys, plus indicators of certificate policyThese extensions convey additional information about the subject and issuer keys, plus indicators of certificate policy A certificate policy is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirementsA certificate policy is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements Includes: Authority key identifier Subject key identifier Key usage Private-key usage period Certificate policies Policy mappings

36 Certificate subject and issuer attributes These extensions support alternative names, in alternative formats, for a certificate subject or certificate issuer and can convey additional information about the certificate subject to increase a certificate users confidence that the certificate subject is a particular person or entityThese extensions support alternative names, in alternative formats, for a certificate subject or certificate issuer and can convey additional information about the certificate subject to increase a certificate users confidence that the certificate subject is a particular person or entity Includes: Subject alternative name Issuer alternative name Subject directory attributes

37 Certification path constraints These extensions allow constraint specifications to be included in certificates issued for CAs by other CAsThese extensions allow constraint specifications to be included in certificates issued for CAs by other CAs The constraints may restrict the types of certificates that can be issued by the subject CA or that may occur subsequently in a certification chainThe constraints may restrict the types of certificates that can be issued by the subject CA or that may occur subsequently in a certification chain Includes: Basic constraints Name constraints Policy constraints

38

39 PKIX Management functions Functions that potentially need to be supported by management protocols:Functions that potentially need to be supported by management protocols: RegistrationRegistration InitializationInitialization CertificationCertification Key pair recoveryKey pair recovery Key pair updateKey pair update Revocation requestRevocation request Cross certificationCross certification Alternative management protocols:Alternative management protocols: Certificate management protocols (CMP)Certificate management protocols (CMP) Designed to be a flexible protocol able to accommodate a variety of technical, operational, and business modelsDesigned to be a flexible protocol able to accommodate a variety of technical, operational, and business models Certificate management messages over CMS (CMC)Certificate management messages over CMS (CMC) Is built on earlier work and is intended to leverage existing implementationsIs built on earlier work and is intended to leverage existing implementations

40 Identity Management A centralized, automated approach to provide enterprise wide access to resources by employees and other authorized individualsA centralized, automated approach to provide enterprise wide access to resources by employees and other authorized individuals Focus is defining an identity for each user (human or process), associating attributes with the identity, and enforcing a means by which a user can verify identityFocus is defining an identity for each user (human or process), associating attributes with the identity, and enforcing a means by which a user can verify identity Central concept is the use of single sign-on (SSO) which enables a user to access all network resources after a single authenticationCentral concept is the use of single sign-on (SSO) which enables a user to access all network resources after a single authentication Principal elements of an identity management system:Principal elements of an identity management system: AuthenticationAuthentication AuthorizationAuthorization AccountingAccounting ProvisioningProvisioning Workflow automationWorkflow automation Delegated administrationDelegated administration Password synchronizationPassword synchronization Self-service password resetSelf-service password reset FederationFederation

41

42

43 Standards Appear similar to HTML documents that are visible as Web pages, but provide greater functionality Includes strict definitions of the data type of each field Provides encoding rules for commands that are used to transfer and update data objects The Extensible Markup Language (XML) Minimal set of conventions for invoking code using XML over HTTP Enables applications to request services from one another with XML-based requests and receive responses as data formatted with XML The Simple Object Access Protocol (SOAP) A set of SOAP extensions for implementing message integrity and confidentiality in Web services Assigns security tokens to each message for use in authentication WS-Security An XML-based language for the exchange of security information between online business partners Conveys authentication information in the form of assertions about subjects Security Assertion Markup Language (SAML)

44

45 Summary Symmetric key distribution using symmetric encryptionSymmetric key distribution using symmetric encryption KerberosKerberos Version 4Version 4 Version 5Version 5 Key distribution using asymmetric encryptionKey distribution using asymmetric encryption Public-key certificatesPublic-key certificates Public-key distribution of secret keysPublic-key distribution of secret keys X.509 certificatesX.509 certificates Certificates X.509 Version 3 Public-key infrastructurePublic-key infrastructure PKIX management functions PKIX management protocols Federated identity managementFederated identity management Identity management Identity federation


Download ppt "Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings."

Similar presentations


Ads by Google