Presentation is loading. Please wait.

Presentation is loading. Please wait.

GSS-API based Authentication and Key Establishment in TLS

Published byDwayne Ryan Modified over 5 years ago

Similar presentations

Presentation on theme: "GSS-API based Authentication and Key Establishment in TLS"— Presentation transcript:

1 GSS-API based Authentication and Key Establishment in TLS
Stefan Santesson Microsoft

2 Problem statement A standard solution to use Kerberos for Client authentication and key establishment is highly desirable Client can be remote (not on KDC network) Proper protection of sensitive authentication and key exchange data Minimum overhead Transparent and generic to accommodate multiple authentication modes and protocols

3 What we have doesn’t work
RFC 2712 Requires the client to have a Kerberos service ticket for the TLS server Not usable when client is remote Need solution where the client can obtain the service ticket within the TLS handshake exchange Not generic

4 Principles of the proposal
Based on GSS-API (RFC 2743) Solution valid for any authentication method with a valid GSS-API profile such as RFC 4121 for Kerberos. New CipherSuites for GSS-API based key establishment Ex. TLS_GSSAPI_WITH_AES_128_CBC_SHA New TLS extension for negotiating GSS exchange profile Client present list of OIDs Server Picks OID or decline GSS exchange by omitting extension

5 GSS-API exchange n Roundtrips of SupplementalData handshake messages (RFC 4680) Each message contains a GSS-API token According to selected CipherSuite According to GSS profile selected through TLS Extensions Possibly adding control bytes for status signaling such as ”Final message”

6 Key derivation Use GSS PRF output as TLS pre-master secret
Conclude standard TLS key derivation Done

7 Flow Client Server ClientHello /* CipherSuite: TLS_GSSAPI_AES_SHA256,... Extensions GSSAPI (OID list) */ -----> ServerHello /* CipherSuite: TLS_GSSAPI_AES_SHA256 Extensions GSSAPI (OID) */ Certificate < ServerHelloDone < SupplementalData > /* multiple iterations with GSS-API tokens */ ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished > [ChangeCipherSpec] < Finished Application Data < > Application Data

8 Identified issues No finite number of roundtrips
Should never exceed 5 handshake messages with GSS-API tokens, but hard to specify due to the generic approach. Multiple roundtrips of SupplementalData Compliance with RFC 4680? Number of roundtrips Placement in the protocol flow Do we need a new handshake message?

9 Next steps A first draft will be provided soon after this meeting
Authors Stefan Santesson Jeffery Altman Protocol open for design proposals and improvements Decision by TLS group to take on this work

Download ppt "GSS-API based Authentication and Key Establishment in TLS"

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs458-658 Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.

Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel: 62932135

Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, 08.05. 2010 University of Palestine Applied and Urban Engineering College Information Security.

11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Secure Socket Layer (SSL)

Secure Socket Layer (SSL)

Similar presentations

Ads by Google