Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Published byKhalid Wilkes Modified over 10 years ago

Similar presentations

Presentation on theme: "Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed."— Presentation transcript:

1 Security Protocols Sathish Vadhiyar http://web.mit.edu/kerberos/www/dialogue.html Sources / Credits: Kerberos web pages and documents contained / pointed thereinhttp://web.mit.edu/kerberos/www/dialogue.html

2 Kerberos Provides authentication and encryption Services and clients in an open networked environment One method is for the service to ask for password, i.e. the server needs to know the password of the user – not scalable Another method – clients have their passwords, services have their passwords, centralized service called authentication service knows both passwords

3 Kerberos architecture A User: Iam serc1. I want to access A. serc1 password Authentication service: 1.serc1 is in my database 2.Password matches. 3.ticket_A = {user} k_server_A 4.send ticket_A to serc1 User -> A: 1.Send {user, ticket_A} A: 1.name1 = Decrypt ticket_A using k_server_A 2.If name1 == user grant access

4 Comments How can a server verify that it has decrypted the ticket correctly? – solution: What happens if the ticket is stolen by someone over the network? - solution: But still some more problems: Ticket = { user, service } k_server Ticket = {user, service, host} k_server 1.Users enter passwords each time they need a ticket to a service 2.Passwords can be stolen Solutions: kinit, TGS, TGT

5 Modified Kerberos architecture A User / kinit: 1.Iam serc1. I need a TGT. Authentication service / TGS 1.serc1 is in my database 2.TGT = {user, TGS, host} k_TGS, k_user 3.send TGT to serc1 User -> A: 1.Send {user,host, ticket_A} A: 1.Name1, service1, host1 = Decrypt ticket_A using k_server_A 2.If name1 == user && service1 == A && host1 == host grant access Kinit / service As client: 1.Decrypt TGT with k_user 2.I need access to service A. 3.Send {TGT, A, user, host} to TGS Authentication service / TGS 1.TGS receives TGT 2.Decrypts TGT 3.Validates TGT 4.ticket_A = {user, A, host} k_server_A 5.Send ticket_A

6 Comments Reusable tickets – once a ticket to a service is obtained, reuse the same ticket Hence tickets can be stored in files What if tickets are stolen and combined with IP spoofing? What if tickets are stolen and used within their lifetimes? Solution – have time stamps on tickets Now ticket = {user, service, host, time when ticket was issued, duration of ticket} k_server

7 Comments contd… Solution – session key provided by AS to both user and the service 2 copies of session key – one within the service ticket and another outside the ticket Client Build authenticator – {username,address} encrypted by session key Build authenticator – {username,address} encrypted by session key Send {authenticator, ticket} to service Send {authenticator, ticket} to serviceService Decrypts ticket, gets session key Decrypts ticket, gets session key Decrypts authenticator with session key Decrypts authenticator with session key Compares tickets {username, address} with authenticators {username, address} AND with sending {username, address} Compares tickets {username, address} with authenticators {username, address} AND with sending {username, address}

8 Comments contd.. What if authenticators are stolen across the network? What if users copy of session keys are copied when propagated from AS to the user? So,… Solution – have timestamps of 2 minutes for authenticators (V4) or only-once authenticators (V5) Solution – use adequate encryption of session keys so that users who snoop around the network will not be able to get to the session key

9 A User / kinit: 1.Iam serc1. I need a TGT. Authentication service / TGS 1.Build k_session_TGS 2.TGT = {username, TGS, host, timestamp, k_session_TGS} k_server_TGS 3.Packet = {k_session_TGS, TGT} k_user 4.Send packet to serc1 User -> A: 1.Decrypt packet with k_session_TGS 2.Authenticator = {user, host} k_session_A 3.Send {authenticator, A, user, host, ticket_A} to A A: 1.Decrypt ticket_A with As password, obtain session key 2.Decrypt authenticator with session key 3.Verify {username, address} across 3 records Kinit / service As client: 1.Decrypt packet with k_user 2.I need access to service A. 3.Authenticator = {username, host} k_session_TGS 4.Send {authenticator, TGT, username, address, service A} to TGS Authentication service / TGS 1.TGS receives TGT 2.Decrypts TGT with its k_server_TGS, obtains k_session_TGS 3.Decrypts authenticator with k_session_TGS 4.Verifies user name, address in ticket, sender and in authenticator 5.Creates k_session_A 6.ticket_A = {user, A, host, k_session_A, time_stamp} k_server_A 7.Packet = {k_session_A, ticket_A} k_session_TGS 8.Send packet to user

10 Comments Above architecture can also be used for mutual authentication Client first authenticates itself Server then sends a reply encrypted with session key If client can decrypt it, then it is the right server In V5, double encryption of tickets are avoided Ticket forwarding and authorization with proxies are also supported in V5. V5 also supports cross-realm and transitive-realm authentication by sharing secrets between KDCs in 2 realms.

11 Kerberos Limitations Assumes running on trusted hosts with an untrusted network Attacker can impersonate users who have tickets stored on a machine If KDC is compromised, entire realm is compromised Offline attack to decrypt TGT with different passwords System clock synchronization is needed

12 GSI Revisited GSI is: GSI uses GSS-API for implementing SSL protocol PKI (CAs and Certificates) SSL Proxies and Delegation PKI for credentials SSL for Authentication And message protection Proxies and delegation (GSI Extensions) for secure single Sign-on PKI: Public Key Infrastructure, SSH: Secure Socket Layer TLS: Transport Level Security Credits: Globus course material

13 Kerberos vs SSL SSL public-key, certificate-based authentication system public-key, certificate-based authentication system An end of the connection need not have a secret key or password An end of the connection need not have a secret key or password Encryption and decryption keys are not identical Encryption and decryption keys are not identical Certificates stored on disks Certificates stored on disks Creation and delegation of proxies by issuers without the involvement of third-party Creation and delegation of proxies by issuers without the involvement of third-partyKerberos private-key, trusted-third-party authentication system private-key, trusted-third-party authentication system Conventional (shared secret-key) cryptography – encryption and decryption keys are identical Conventional (shared secret-key) cryptography – encryption and decryption keys are identical Passwords not stored on disks Passwords not stored on disks Password revocation is easier Password revocation is easier Creation and delegation of TGTs by third party Creation and delegation of TGTs by third party Needs every site to run Kerberos Needs every site to run Kerberos

14 SSL Disadvantages Clients manage each other public key rigorously Clients need to secure their private keys CAs also have scalability problems

15 References http://web.mit.edu/kerberos/www/dialogue. html

16 GSS-API Generic API to support security applications portability IETF standard for adding authentication, delegation, message integrity, and message confidentiality to applications. Some Grids use kerberos GSS-API, others use GSI GSS-API

17 GSS-API Sample API gss_acquire_cred() gss_acquire_cred() gss_init_sec_context() gss_init_sec_context() gss_accept_sec_context() gss_accept_sec_context() gss_indicate_mech() gss_indicate_mech() gss_init_delegation() gss_init_delegation() gss_accept_delegation() gss_accept_delegation()

18 Junk !

19 Kerberos architecture

20 Miscellanious Kerberos applications are called principals KDC = AS + TGS Backup KDCs called slave servers Key salt and kvno Forwardable tickets, renewable tickets, postdatable tickets, proxiable tickets

21 Copyrights Copyright 1988, 1997 Massachusetts Institute of Technology Permission to use, copy, modify, and distribute this documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the documentation without specific, written prior permission. M.I.T. makes no representations about the suitability of this documentation for any purpose. It is provided "as is" without express or implied warranty.

Download ppt "Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Kerberos Mark Sidnam.

Kerberos Mark Sidnam.
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
KERBEROS LtCdr Samit Mehra (05IT 6018).

KERBEROS LtCdr Samit Mehra (05IT 6018).
Authentication Applications

Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
NETWORK SECURITY.

NETWORK SECURITY.
KERBEROS www.unix.org.ua/orelly/networking/puis/ch19_06.htm.

KERBEROS
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google