AUTHENTICATION AND KEY DISTRIBUTION

Slides:



Advertisements
Similar presentations
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
Advertisements

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
CS5204 – Operating Systems 1 A Private Key System KERBEROS.
Chapter 10 Real world security protocols
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
KERBEROS LtCdr Samit Mehra (05IT 6018).
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Chapter 14 – Authentication Applications
SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
Authentication & Kerberos
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
8.5 AUTHENTICATION AND KEY DISTRIBUTION Bassam Tork Dr. Yanqing Zhang.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
Chapter 21 Distributed System Security Copyright © 2008.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.
Kerberos Guilin Wang School of Computer Science 03 Dec
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
KERBEROS SYSTEM Kumar Madugula.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
1 Example security systems n Kerberos n Secure shell.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
Cryptography and Network Security
Radius, LDAP, Radius used in Authenticating Users
Authentication Applications
Kerberos Kerberos is a network authentication protocol and it is designed to provide strong authentication for client server applications. It uses secret.
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
Kerberos Part of project Athena (MIT).
KERBEROS.
CDK: Chapter 7 TvS: Chapter 9
Chapter 8.5 AUTHENTICATION AND KEY DISTRIBUTION
Presentation transcript:

AUTHENTICATION AND KEY DISTRIBUTION Xiaoou Zhang

Outline Overview Authentication Protocols Design of Authentication Protocols Needham-Schroeder Protocol Kerberos Protocol Version V References

Overview [1] Authentication is the process of verifying the identity of an object entity. Password verification: one-way verification Two way authentication: both communicating entities verify each other’s identity This type of mutual authentication is important for communication between autonomous principals under different administrative authorities in a client/server or peer-to-peer distributed environment.

Overview [2] Cryptography is used in support of mechanisms for authenticating communication between pairs of principals If a principle can successfully decrypt a message, he can infer that the sender of the message possessed the corresponding encryption key and hence deduce the identity of the sender if the key is known only to two parties. Thus if keys are held in private, a successful decryption authenticates the decrypted message as coming from a particular sender.

Authentication Protocols [1] Authentication protocols are all about distribution and management of secret keys. Key distribution in a distributed environment is an implementation of distributed authentication protocols.

Design of Authentication Protocols [1] Many authentication protocols have been proposed All protocols assume that some secret information is held initially by each principal. Authentication is achieved by one principal demonstrating the other that it holds that secret information. All protocols assume that system environment is very insecure and is open for attack. So any message received by a principal must have its origin authenticity, integrity and freshness verified.

Design of Authentication Protocols [1] To achieve these goals, most protocols need to rely on an authentication server. Capable: Authentication server delivers good-quality session keys and distribute them to the requesting principals securely. Trustworthy: Authentication server maintains a table containing a name and a secret key for each principle. The secret key is used only to authenticate client processes to the authentication server and to transmit messages securely between client processes and the authentication server.

Design of Authentication Protocols [1] Protocol are divided into two categories to verify the freshness of a message. First category uses nonce and challenge/ response handshake to verify freshness. Second category uses timestamps and assumes that all machines in distributed system are clock-synchronized.

Needham-Schroeder Protocol [2] This original work includes secret-key protocol and public key protocol Public-key protocol does not depend on the existence of authentication server and is hence more suitable for use in networks with many independent management domains. Secret-key protocol provides a solution to authentication and key distribution based on an authentication server

Needham-Schroeder Secret-key Protocol [3] The protocol is based on the generation and transmission of ticket by the authentication server. A ticket is an encrypted message containing a secret key for use in communication between A and B

Needham-Schroeder Secret-key Protocol A->S : A, B, NA A requests S to supply a key for communication with B S->A: {NA, B, KAB, {A, KAB} KB } KA S returns a message encrypted in A’s secret key, containing a newly generated key KAB, and a ticket encrypted in B’s secret key A->B: {A, KAB} KB A sends the ticket to B B->A: {NB} KAB B decrypts the ticket and uses the new key KAB to encrypt another nonce NB A->B: {NB - 1} KAB A demonstrates to B that it was the sender of the previous message by returning an agreed transformation of NB

Weakness If session key between A and B is compromised, and the ticket to B is recorded, an intruder can impersonate A by carrying out last 3 steps. The weakness can be remedied by adding a timestamp to message3, so that it becomes. A->B: {A, t, KAB} KB B decrypts this message and checks that t is recent. This is the solution adopted in Kerberos

Kerberos Protocol V [2] Based on Needham-Schroeder but uses timestamps It is included in the OSF Distributed Computing Environment (DCE) and in the windows 2000 as the default authentication service A Kerberos server is known as a Key Distribution Centre (KDC). Each KDC has an authentication service (AS) and a Ticket Granting service (TGS)

Kerberos Protocol V [2] Kerberos deals with three kinds of security object: Ticket: a token issued to a client by the Kerberos ticket-granting service for presentation to a particular server, verifying that the sender has recently been authenticated by Kerberos. Tickets include an expiry time and a newly generated session key for the use by the client and the server Authenticator: a token constructed by a client and sent to a server to prove the identity of the user and the currency of any communication with a server. It contains client’s name and a timestamp and is encrypted in the appropriate session key Session key: a secret key generated by Kerberos and issued to a client for use when communicating with a particular server.

Kerberos Protocol V Briefly, the client authenticates to AS using a secret key and receives a ticket from the AS. Later the client can use this ticket to get additional tickets from TGS for server. A Kerberos ticket has a fixed period of validity starting at time t1 and ending at time t2. A ticket for a client C to access a serve S takes the form: {C,S, t1, t2, Kcs} Ks, which we denote as {ticket(C,S)} Ks The client’s name is included in the ticket to avoid possible use by impostors

Kerberos Protocol V Step A: obtain Kerberos session key and TGS ticket, once per login session C->A: C,T, n Client C requests the Kerberos authentication server A to supply a ticket for communication with the TGS T A->C: {KcT, n, {ticket(C, T)} KT} Kc A returns a message containing a ticket encrypted in its secret key and a session key for C to use with T.

Kerberos Protocol V To obtain a ticket for any server S, C constructs an authenticator encrypted in KcT of the form: {C, t} KcT, which we denote as {auth(C)} KcT Step B: obtain ticket for a server S, once per client-server session C->T: {auth(C)}KcT, {ticket(C, T)} KT, S, n C requests the ticket-granting server T to supply a ticket for communication with another server S T->C: {Kcs, n, {ticket(C,S)} Ks} KcT T checks the ticket. If it is valid T generates a new session key Kcs and returns it with a ticket for S (encrypted in the server’s secret key Ks).

Kerberos Protocol V Step C: issue a server request with a ticket C->S: {auth(C)} Kcs, {ticket(C, S)} Ks, request, n C sends the ticket to S with a generated authenticator for C and a request. Step D: Authenticate server (optional) S->C: {n} Kcs

Drawbacks [5] Single point of failure: It requires continuous availability of a central server. When the Kerberos server is down, no one can log in. This can be mitigated by using multiple Kerberos servers and fallback authentication mechanisms. Kerberos requires the clocks of the involved hosts to be synchronized. The tickets have a time availability period and if the host clock is not synchronized with the Kerberos server clock, the authentication will fail. The default configuration requires that clock times are no more than 10 minutes apart.

References [1] “Distributed Operating Systems and Algorithms” by Randy Chow and Theodore Johnson, addison-wesley, 1997 [2] “DISTRIBUTED SYSTEMS CONCEPTS AND DESIGN” by George Coulouris, Jean Dollimore, Tim Kindberg, addison-wesley, 2001 [3] http://en.wikipedia.org/wiki/Needham-Schroeder_protocol, May 2008 [4] http://web.mit.edu/kerberos/, 2007/10 [5] http://en.wikipedia.org/wiki/Kerberos_(protocol), October 2008