Post on 05-Jul-2018
transcript
8/16/2019 Kerberos X509
1/31
1
Kerberos and X.509Fourth Edition
by William Stallings
Lecture slides by Lawrie Brown
!hanged by Somesh "ha#
8/16/2019 Kerberos X509
2/31
2
$uthentication $%%lications
& will consider authentication 'unctions
& de(elo%ed to su%%ort a%%lication)le(el
authentication * digital signatures& will consider Kerberos + a %ri(ate),eyauthentication ser(ice
& then X.509 directory authenticationser(ice
8/16/2019 Kerberos X509
3/31
3
Kerberos
& trusted ,ey ser(er system 'rom -/& %ro(ides centralised %ri(ate),ey third)
%arty authentication in a distributednetwor,+ allows users access to ser(ices distributed
through out the networ,
+ without needing to trust all wor,stations
+ rather all trust a central authentication ser(er& two (ersions in use 1 * 5
8/16/2019 Kerberos X509
4/31
4
Kerberos 2e3uirements
& 'irst %ublished re%ort identi'ied itsre3uirements as+ security
+ reliability
+ trans%arency
+ scalability
& im%lemented using an authentication%rotocol based on 4eedham)Schroeder
8/16/2019 Kerberos X509
5/31
5
Kerberos 1 (er(iew
& a basic third)%arty authentication scheme& ha(e an $uthentication Ser(er $S# + users initially negotiate with $S to identi'y
themsel(es
+ $S %ro(ides a non)corru%tible authenticationcredential tic,et granting tic,et /6/#
& ha(e a /ic,et 6ranting ser(er /6S#
+ users subse3uently re3uest access to otherser(ices 'rom /6S on basis o' users /6/
8/16/2019 Kerberos X509
6/31
6
$ Sim%le $uthentication 7ialogue
& 8# ! ) $S 7! :: ;! :: 7<+ ! = client+ $S = authentication ser(er+ 7! = identi'ier o' user on !+ ;! = %assword o' user on !
+ 7
8/16/2019 Kerberos X509
7/31
7
-essage >
& ># $S ) ! /ic,et
& /ic,et = E K
8/16/2019 Kerberos X509
8/31
8
-essage A
& A# ! )
8/16/2019 Kerberos X509
9/31
9
;roblems
& Each time a user needs to access adi''erent ser(ice heCshe needs to entertheir %assword+ 2ead email se(eral times
+ ;rintD mailD or 'ile ser(er
+ $ssume that each tic,et can be used only
once otherwise o%en to re%lay attac,s#& ;assword sent in the clear
8/16/2019 Kerberos X509
10/31
10
$uthentication 7ialogue
& nce %er user logon session
& 8# ! ) $S 7! :: 7/6S
& ># $S ) ! E K!# ?/ic,et/6S@& /ic,et/6S is e3ual to
+ E K/6S# ?7! :: $7! :: 7/6S
:: /S8 :: Li'etime8 @
8/16/2019 Kerberos X509
11/31
11
E%laining the 'ields
& /6S = /ic,et)granting ser(er
& 7/6S = denti'ier o' the /6S
& /ic,et/6S = /ic,et)granting tic,et or/6/
& /S8 = timestam%
& Li'etime8 = li'etime 'or the /6/ & K !# = ,ey deri(ed 'rom users %assword
8/16/2019 Kerberos X509
12/31
12
-essages A# and 1#
& nce %er ty%e o' ser(ice
& A# ! ) /6S 7! :: 7
8/16/2019 Kerberos X509
13/31
13
-essage 5
& nce %er ser(ice session
& 5# ! )
8/16/2019 Kerberos X509
14/31
14
;roblems
& Li'etime o' the /6/ + Short user is re%eatedly as,ed 'or their
%assword
+ Long o%en to re%lay attac,+ scar ca%tures /6/ and waits 'or the user
to logo''
+ Sends message A# with networ, address7! networ, address is easy to 'orge#
& Same %roblem with S6/
8/16/2019 Kerberos X509
15/31
15
What should we doJ
& $ networ, ser(ice /6S or ser(er# should beable to (eri'y that+ %erson using the tic,et is the same as the %erson
that the tic,et was issued to+ 2emedy use an authenticator
& Ser(er should also authenticate to user+ therwise can setu% a G'a,eH ser(er
+ $ G'a,eH tuition %ayment ser(er and ca%ture thestudents credit card
+ 2emedy use a challenge)res%onse %rotocol
8/16/2019 Kerberos X509
16/31
16
Kerberos 2ealms
& a Kerberos en(ironment consists o'+ a Kerberos ser(er+ a number o' clientsD all registered with ser(er
+ a%%lication ser(ersD sharing ,eys with ser(er
& this is termed a realm + ty%ically a single administrati(e domain
& i' ha(e multi%le realmsD their Kerberosser(ers must share ,eys and trust
8/16/2019 Kerberos X509
17/31
17
Kerberos
8/16/2019 Kerberos X509
18/31
18
2eading assignment
& nter)realm authentication in (ersion 1+ ;ages 188)18A
&
8/16/2019 Kerberos X509
19/31
19
X.509 $uthentication Ser(ice
& %art o' !!// X.500 directory ser(icestandards+ distributed ser(ers maintaining some in'o database
& de'ines 'ramewor, 'or authentication ser(ices
+ directory may store %ublic),ey certi'icates+ with %ublic ,ey o' user
+ signed by certi'ication authority
& also de'ines authentication %rotocols
& uses %ublic),ey cry%to * digital signatures+ algorithms not standardisedD but 2S$ recommended
8/16/2019 Kerberos X509
20/31
20
X.509 !erti'icates
& issued by a !erti'ication $uthority !$#D containing+ (ersion 8D >D or A#+ serial number uni3ue within !$# identi'ying certi'icate+ signature algorithm identi'ier
+ issuer X.500 name !$#+ %eriod o' (alidity 'rom ) to dates#+ subect X.500 name name o' owner#+ subect %ublic),ey in'o algorithmD %arametersD ,ey#+ issuer uni3ue identi'ier (>#+ subect uni3ue identi'ier (>#+ etension 'ields (A#+ signature o' hash o' all 'ields in certi'icate#
& notation CA denotes certi'icate 'or $ signed by !$
8/16/2019 Kerberos X509
21/31
21
btaining a !erti'icate
& any user with access to !$ can get anycerti'icate 'rom it
& only the !$ can modi'y a certi'icate& because cannot be 'orgedD certi'icatescan be %laced in a %ublic directory
8/16/2019 Kerberos X509
22/31
22
!$ ierarchy
& i' both users share a common !$ then theyare assumed to ,now its %ublic ,ey
& otherwise !$Ms must 'orm a hierarchy
& use certi'icates lin,ing members o' hierarchyto (alidate other !$Ms+ each !$ has certi'icates 'or clients 'orward# and
%arent bac,ward#
& each client trusts %arents certi'icates& enable (eri'ication o' any certi'icate 'rom
one !$ by users o' all other !$s in hierarchy
8/16/2019 Kerberos X509
23/31
23
!$ ierarchy Nse
8/16/2019 Kerberos X509
24/31
24
!erti'icate 2e(ocation
& certi'icates ha(e a %eriod o' (alidity
& may need to re(o,e be'ore e%iry8. userMs %ri(ate ,ey is com%romised
>. user is no longer certi'ied by this !$
A. !$Ms certi'icate is com%romised
& !$s maintain list o' re(o,ed certi'icates
+ the !erti'icate 2e(ocation List !2L#
& users should chec, certs with !$s !2L
8/16/2019 Kerberos X509
25/31
25
$uthentication ;rocedures
& X.509 includes three alternati(eauthentication %rocedures
&ne)Way $uthentication
& /wo)Way $uthentication
& /hree)Way $uthentication
& all use %ublic),ey signatures
8/16/2019 Kerberos X509
26/31
26
ne)Way $uthentication
& 8 message $)B# used to establish+ the identity o' $ and that message is 'rom
$
+ message was intended 'or B+ integrity * originality o' message
& message must include timestam%D nonceD
BMs identity and is signed by $
8/16/2019 Kerberos X509
27/31
27
/wo)Way $uthentication
& > messages $)BD B)$# which alsoestablishes in addition+ the identity o' B and that re%ly is 'rom B
+ that re%ly is intended 'or $
+ integrity * originality o' re%ly
& re%ly includes original nonce 'rom $Dalso timestam% and nonce 'rom B
8/16/2019 Kerberos X509
28/31
28
/hree)Way $uthentication
& A messages $)BD B)$D $)B# whichenables abo(e authentication withoutsynchroniOed cloc,s
& has re%ly 'rom $ bac, to B containingsigned co%y o' nonce 'rom B
& means that timestam%s need not bechec,ed or relied u%on
& 2eading assignment %ages 1>1)1>P
8/16/2019 Kerberos X509
29/31
29
X.509
8/16/2019 Kerberos X509
30/31
30
!erti'icate Etensions
& ,ey and %olicy in'ormation+ con(ey in'o about subect * issuer ,eysD %lus
indicators o' certi'icate %olicy
& certi'icate subect and issuer attributes+ su%%ort alternati(e namesD in alternati(e
'ormats 'or certi'icate subect andCor issuer
& certi'icate %ath constraints+ allow constraints on use o' certi'icates by
other !$s
8/16/2019 Kerberos X509
31/31
31
Summary
& ha(e considered+ Kerberos trusted ,ey ser(er system
+ X.509 authentication and certi'icates