lecture 9 authentication
play

Lecture 9 - Authentication CSE497b - Spring 2007 Introduction - PowerPoint PPT Presentation

Aug 07, 2023 •24 likes •224 views

Lecture 9 - Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  1. Lecture 9 - Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  2. Implementing Authentication Protocols • Authentication – verifying identity (prove possession of a secret) – mutual authentication – key distribution (secret for secure communication) • Leverage constructions to achieve authenticity, confidentiality, and integrity – Signatures – HMAC • Protocols – Needham-Schoeder 2 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  3. Kerberos • History: from UNIX to Networks (late 80s) – Solves: password eavesdropping – Online authentication • Variant of Needham-Schroeder protocol – Easy application integration API – First single sign-on system (SSO) – Genesis: rsh, rcp • authentication via assertion • Most widely used (non-web) centralized password system in existence (and lately only ..) • Now: part of Windows 2K, XP network authentication – Windows authentication was a joke. CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 3

  4. An aside … • Authentication – Assessing identity of users – By using credentials … • Authorization – Determining if users have the right to perform requested action (e.g., write a file, query a database, etc.) • Kerberos authenticates users, but does not perform any authorization functions … – … beyond identify user as part of Realm – Typically done by application. • Q: Do you use any “ Kerberized ” programs? – How do you know? CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 4

  5. The setup … • The players – Principal - person being authenticated – Service (verifier) - entity requiring authentication (e.g, AFS) – Key Distribution Center (KDC) • Trusted third party for key distribution • Each principal and service has a Kerberos password known to KDC, which is munged to make a password key, e.g., k A – Ticket granting server • Server granting transient authentication • The objectives – Authenticate Alice (Principal) to Bob (Service) – Negotiate a symmetric (secret) session key k AB CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 5

  6. The protocol • A two-phase process – User authentication/obtain session key (and ticket granting ticket) key from Key Distribution Center – Authenticate Service/obtain session key for communication with service • Setup – Every user and service get certified and assigns password CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 6

  7. A Kerberos Ticket • A Kerberos ticket is a token that … – Alice is the only one that can open it – Contains a session key for Alice/Bob (K AB ) – Contains inside it a token that can only be opened by Bob • Bob ’ s Ticket contains Ticket – Alice ’ s identity (K AB ) – The session key (K AB ) Ticket (K AB ) “Locked” by K B “Locked” by K A • Q: What if issuing service is not trusted? CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 7

  8. The simplified Kerberos protocol 1) Ticket? Key Distribution Center 2) Ticket-Granting-Tcket 3) Bob? Ticket Alice Granting Server 4) Ticket (Bob) 5) Ticket (Bob) Bob CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 8

  9. Kerberos Ticket Granting Tickets • Alice requests a Kerberos session – Enters her password • Her workstation forwards a request for a TGT – In clear (w/o password) • KDC generates a TGT – {K AT + TGT + details to prevent replay}K A – The TGT contains session state: Alice, session key, expiration time – All are encrypted with TGS key (KDC master key) • Q: Why is TGT encrypted with Alice’ s key? CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 9

  10. Service Session • Alice wants to establish a session with a service Bob – She uses the TGT for each session • Alice sends – The identity of the service: Bob – The TGT – And an authenticator to prove that her workstation knows the current session key • Authenticators – Encrypted timestamp of the current time: {time}K AT • Receives a service session key and a ticket for Bob CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 10

  11. Cross-Realm Kerberos • Extend philosophy to more servers – Obtain ticket from TGS for foreign Realm – Supply to TGS of foreign Realm – Rinse and repeat as necessary Ohio St. Michigan Penn St. Pitt Purdue • “There is no problem so hard in computer science that it cannot be solved by another layer of indirection.” – David Wheeler, Cambridge University (circa 1950) CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 11

  12. Kerberos Reality • V4 was supposed to be replaced by V5 – But wasn ’ t because interface was ugly, complicated, and encoding was infuriating • Assumes trusted path between user and Kerberos • Widely used in UNIX domains • Robust and stable implementation • Problem : trust ain ’ t transitive, so not so good for large collections of autonomous enterprises CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 12

  13. Kerberos Security • Key storage issues – KDC is the focal point of security – However, user passwords and session keys may be stolen on compromised clients – Password cracking was done on Windows Kerberos messages • Timestamps are an issue (not nonces like NH) – Don ’ t have to track what nonces have been used – Authenticators use timestamps as challenge-responses – However, timestamps are accepted with range of minutes • Some crypto attacks have been proposed • Despite these, Kerberos broadly used – Not the lowest hanging fruit CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 13

  14. Needham-Schroeder Public Key • Did anyone build a public key version of Kerberos? – No • Ill-fated existence – “Proven correct” in 1990 – Flaw found in 1995 – Led to work on protocol analysis tools X.1 A → I A + I + { N a , A } K + I Y.1 I ( A ) → B A + B + { N a , A } K + B Y.2 B → I ( A ) B + A + { N b , N a } K + A X.2 I → A I + A + { N b , N a } K + A X.3 A → I A + I + { N b } K + I Y.3 I ( A ) → B A + B + { N b } K + B CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 14

  15. Secure SHell • Secure login, file transfer, X11, TCP/IP over Internet • Replaces old insecure protocols for such things that used passwords in cleartext • Uses strong cryptography for communication – RSA is used for key exchange and authentication – Symmetric algorithms for data security CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 15

  16. Basic SSH Protocol • (1) Client opens connection to server • (2) Server sends public host key – Enables approval of new hosts – Rejects changed host keys – Notifies on expired host keys • (3) Client generates random number as session key – Encrypts for the server using the host key • (4) Server decrypts the session key – Confirms receipt (authenticating itself to the client) • (5) Client can then authenticate using traditional means – E.g., Password CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 16

  17. SSH Security • Client encrypts session key in server ’ s host key – Q: Does this guarantee integrity? – Q: Can you prove that this is not susceptible to man-in- middle attacks? • In SSH v2, communication is protected via HMAC- SHA1 – You should be able to write these messages CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 17

  18. SSH Services • Value of SSH comes from the services that it runs... – Remote services • scp, sftp, ... – Support for connections • X11 forwarding, TCP forwarding, ... • Over a secure channel... – Using strong crypto • And it ’ s straightforward to setup the server and easy for clients – Has to deal with a modest number of error cases CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 18

  19. SSH Vulnerabilities • The communication is secure, so what to attack... • Several problems: circa 2001-2002 – Buffer Overflows (sshd runs as root) • Several of these – Integer overflows – Confuse the program (ssh-agent on client runs as root) – Also, attack the client side (run as client) – DoS attacks • OpenSSH system has been rearchitectured • Q : We’ ll talk about how to fix these problems later... CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 19

  20. Take Away • Systems for authentication have been constructed – Powerful, broadly used – Cryptography is generally above reproach – System challenges • Kerberos timestamps • Key storage • System security • Communication is probably not not the weakest link CSE497B Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger Page 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago

Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago

Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Baileys ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication Basics

653 views • 42 slides
Lecture 11 Authentication 1 Where are we now? We know a bit of the following:

Lecture 11 Authentication 1 Where are we now? We know a bit of the following:

Lecture 11 Authentication 1 Where are we now? We know a bit of the following: Conventional cryptography Hash functions and MACs Public key cryptography Encryption Signatures Identification (Fiat-Shamir) + Zero

213 views • 9 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2016-01-29 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

683 views • 44 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2019-02-08 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

1.19k views • 102 slides
Message Authentication Codes Digital Signatures Lecture 11 Shafi Goldwasser Authentication

Message Authentication Codes Digital Signatures Lecture 11 Shafi Goldwasser Authentication

Message Authentication Codes Digital Signatures Lecture 11 Shafi Goldwasser Authentication Problem Bob Alice k k message M Eve is Active: Can alter messages Can insert new messages Authentication Problem Secrecy is not the only

553 views • 37 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Lecture 9 Authentication & Key Distribution 1 Where are we now? We know a bit of

Lecture 9 Authentication & Key Distribution 1 Where are we now? We know a bit of

Lecture 9 Authentication & Key Distribution 1 Where are we now? We know a bit of the following: Conventional (symmetric) cryptography Hash functions and MACs Public key (asymmetric) cryptography Encryption

490 views • 33 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Security building blocks: authentication Markus Peuhkuri 2005-03-01 Lecture topics

Security building blocks: authentication Markus Peuhkuri 2005-03-01 Lecture topics

Security building blocks: authentication Markus Peuhkuri 2005-03-01 Lecture topics Authentication Different methods to authenticate Caveats in authentication How one

242 views • 7 slides
Information Security Identification and authentication Advanced User Authentication II and III

Information Security Identification and authentication Advanced User Authentication II and III

Information Security Identification and authentication Advanced User Authentication II and III (somewhat abbreviated ) 2018-02-09 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background

1.24k views • 106 slides
CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,

449 views • 24 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Information Security Identification and authentication Advanced User Authentication III

Information Security Identification and authentication Advanced User Authentication III

Information Security Identification and authentication Advanced User Authentication III 2016-02-02 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture II within this part of the course Background Statistics Statistics in user

1.49k views • 70 slides
Latin square determinants and permanents Ken Johnson Penn State Abington College (Joint work

Latin square determinants and permanents Ken Johnson Penn State Abington College (Joint work

Latin square determinants and permanents Ken Johnson Penn State Abington College (Joint work with D. Donovan and I. Wanless) Outline 1)The basic idea 2) Motivation 3) Summary of the group case 4) Results on latin square

763 views • 15 slides
ADDITION AND COUNTING: THE ARITHMETIC OF PARTITIONS Scott Ahlgren and Ken Ono At first glance the

ADDITION AND COUNTING: THE ARITHMETIC OF PARTITIONS Scott Ahlgren and Ken Ono At first glance the

ADDITION AND COUNTING: THE ARITHMETIC OF PARTITIONS Scott Ahlgren and Ken Ono At first glance the stuff of partitions seems like childs play: 4 = 3 + 1 = 2 + 2 = 2 + 1 + 1 = 1 + 1 + 1 + 1 . Therefore, there are 5 partitions of the number 4.

172 views • 13 slides
Welcome & Opening Remarks Presented by: Ken Grimes , Conference Chair Thank You to Our Event

Welcome & Opening Remarks Presented by: Ken Grimes , Conference Chair Thank You to Our Event

Welcome & Opening Remarks Presented by: Ken Grimes , Conference Chair Thank You to Our Event Sponsors Aline Capital | Womble Bond Dickinson ULI Capital Markets Program Committee Matt Alexander, Auro Hotels Miller Harper, East West Partners

188 views • 5 slides
1 Fractals - Mandelbrot Set Fractals The Mandelbrot Set Plot of a recursive mathematical

1 Fractals - Mandelbrot Set Fractals The Mandelbrot Set Plot of a recursive mathematical

Proceduralism in Computer Graphics Fixed models/primitives not robust enough Quest for extensibility and programmability Procedural Modeling Use a function or procedure to define the surface or structure of an object.

338 views • 11 slides
Kerberos Working Group Internationalization for Extensions Jeffrey Altman PAGE 1 Guiding

Kerberos Working Group Internationalization for Extensions Jeffrey Altman PAGE 1 Guiding

Kerberos Working Group Internationalization for Extensions Jeffrey Altman PAGE 1 Guiding Principles Use Unicode restricted as needed to provide interoperability and future extensibility A single set of string preparation rules for all

173 views • 14 slides
Easing access to Grids using identity federations Daniel Kouil T erena NREN & Grid

Easing access to Grids using identity federations Daniel Kouil T erena NREN & Grid

Easing access to Grids using identity federations Daniel Kouil T erena NREN & Grid Workshop 2008, Dublin PKI & Grids what we learnt The Grid authentication mechanism A lot of achievements Promising principles ...

154 views • 11 slides
A Talk about MS-SFU Kerberos Extensions: Protocol Transition (S4U2Self) & Constrained

A Talk about MS-SFU Kerberos Extensions: Protocol Transition (S4U2Self) & Constrained

A Talk about MS-SFU Kerberos Extensions: Protocol Transition (S4U2Self) & Constrained Delegation (S4U2Proxy). Isaac Boukris SambaXP 2019 Agenda Why S4U2Self is important for Samba. How does it work in local and cross realm.

84 views • 6 slides
Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure

Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure

Kerberos4 1 Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure network: listen, modify secret key login session : from login to logout Version 5: more complex, not just TCP/IP, greater

98 views • 7 slides

More recommend