Computer Security CS477Lecture 10Ching-Hua ChuanOctober 6st2008Administration Homework #2 due October 8th Test #2 October 15th Project proposal due October 20thToday’s Outline Authentication Applications Kerberos (Chap 4.1)Kerberos Kerberos is an authentication service developed as part of Project Athena at MIT. It is developed for a distributed environment, where users wish to access servers through network. Three threats: A user may pretend to be another user A user may alter network address A user may eavesdrop on exchanges and use a replay attackKerberos Kerberos provides a centralized authentication server to authenticate users to servers and servers to users. Kerberos relies on symmetric encryption Two versions: version 4 and 5A Distributed Environmentworkstationserver 1server 2 Does this user have the right to access the workstation? Does this user have the right to access services from server 1? those from server 2? Does this workstation have the right to access servers? Workstation assures the identify of the user Workstation needs to authenticate itself to server User provides identity for each serviceKerberos Requirements Secure Safe from eavesdropping Reliable Always available Transparent Users are not aware of the existence (troublesome) of the authentication Scalable Capable of supporting a large number of clientsKerberos Version 4 Key terms: C = Client AS = authentication server V = server IDc = identifier of user on C IDv = identifier of V Pc= password of user on C ADc = network address of C Kv = secret encryption key shared by AS an VA Simple Authentication Dialogue(1) C Æ AS: IDc || Pc || IDv(2) AS Æ C: Ticket(3) C Æ V: IDc || TicketTicket = E( Kv, [ IDc || ADc || IDv ] )Because Kv is the secrete key shared by AS and V, no one else can create the ticket, which shows the approval of C’s access to V by ASAre all components in the ticket necessary?Problems with the Simple Dialogue Problems with the simple dialogue Ticket can be used only once. Password (Pc) is transmitted in plaintext.Recall: (1) C Æ AS: IDc || Pc || IDvA More Secure Authentication DialogueOnce per user logon session:(1) CÆ AS: IDc || IDtgs(2) AS Æ C: E( Kc, Tickettgs)Once per type of service:(3) C Æ TGS: IDc || IDv || Tickettgs(4) TGS Æ C: TicketvOnce per service session:(5) C Æ V: IDc || TicketvTickettgs= E( Ktgs, [ IDc || ADc || IDtgs || TS1 || Lifefime1 ] )Ticketv = E( Kv, [ IDc || ADc || IDv || TS2 || Lifetime2 ] )TGS: server issues ticketsto users who have beenauthenticated to AS.Where is Pc?Problems with the More Secure Dialogue Problems: Lifetime associated with the ticket-granting ticket If to short ¼ repeatedly asked for password If to long ¼ greater opportunity to replay Servers may need to authenticate themselves to users. Threats: An opponent may steal the ticket and use it before it expires An opponent may sabotage servers.Kerberos Version 4 Kerberos Version 4Kerberos Realms and Multiple Kerberi A full-service Kerberos environment requires The Kerberos server must have the user ID and hash passwords of all participant users. The Kerberos server must share a secrete key with each server. Users and servers need to register at the Kerberos server. The requirement for supporting interrealmauthentication The Kerberos server in each realm shares a secrete key with the server in the other realm. The Kerberos servers are registered with each other.Request for Service in Another Realm1. Req. ticket for local TGS2. Ticket for local TGS3. Req. ticket for remote TGS4. Ticket for remote TGS5. Req. ticket for remove server6. Ticket for remote server7. Req. remote serviceRequest for Service in Another Realm1) CÆ AS: IDc || IDtgs|| TS12) AS Æ C: E( Kc, [Kc,tgs|| IDtgs|| TS2|| Lifetime2|| Tickettgs])3) C Æ TGS: IDtgsrem|| Tickettgs|| AuthenticatorC4) TGS Æ C: E( Kc,tgs, [Kc, tgsrem|| IDtgsrem|| TS4|| Tickettgsrem])5) C Æ TGSrem: IDvrem|| Tickettgsrem|| AuthenticatorC6) TGSremÆC: E(Kc, tgsrem,[ Kc, vrem|| IDvrem|| TS6|| Ticketvrem])7) CÆ Vrem: Ticketvrem|| AuthenticatorCDifferences between Version 4 and 5 Encryption system dependence (Version 4: DES) Internet protocol dependence (Version 4: IP address) Message byte ordering Ticket lifetime Version 4: start time and lifetime (8bit: maximum 1280 minutes) Version 5: start and end time Authentication forwarding Version 5: allows credentials issued to one client to be forwarded to some other host (client or server) Interrealm authenticationToday’s Summary Authentication Applications Kerberos Structure Requirements Several versions of dialogue Tickets Version 4 Authenticator Kerberos