Computer Science CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries CSC/ECE 574 Dr. Peng Ning 1 Computer Science CSC 474 Dr. Peng Ning 2 Trusted Intermediaries • Problem: authentication for large networks • Solution #1 – Key Distribution Center (KDC) • Representative solution: Kerberos – Based on secret key cryptography • Solution #2 – Public Key Infrastructure (PKI) – Based on public key cryptography Computer Science CSC/ECE 574 Computer and Network Security Topic 7.1 Kerberos CSC/ECE 574 Dr. Peng Ning 3Computer Science Outline • Introduction • Version 4: Basics • Additional Capabilities • Version 5 and Inter-Realm Authentication CSC/ECE 574 Dr. Peng Ning 4 Computer Science Introduction CSC/ECE 574 5 Dr. Peng Ning Computer Science Goals of Kerberos 1. User ↔ server mutual authentication 2. Users should only need to authenticate once to obtain services from multiple servers 3. Should scale to large numbers of users and servers – makes use of a Key Distribution Center so servers don’t need to store information about users CSC/ECE 574 6 Dr. Peng NingComputer Science Some Properties • Kerberos uses only secret key (symmetric) encryption – originally, only DES, but now 3DES and AES as well • A stateless protocol – KDCs do not need to remember what messages have previously been generated or exchanged – the state of the protocol negotiation is contained in the message contents CSC/ECE 574 7 Dr. Peng Ning Computer Science Example Scenario • Alice wants to make use of services from X, contacts the KDC to authenticate, gets ticket to present to X • Bob wants to make use of services from X and Y, contacts the KDC, gets tickets to present to X and Y CSC/ECE 574 8 Alice Bob Server X Server Y KDC Dr. Peng Ning Computer Science The KDC • Infrastructure needed (KDC components) 1. the database of user information (IDs, password hash, shared secret key, etc.) 2. an authentication server (AS) 3. a ticket-granting server (TGS) • The KDC of course is critical and should be carefully guarded CSC/ECE 574 9 Dr. Peng NingComputer Science Secrets Managed by the KDC • A personal key used for encrypting/decrypting the database, and for enciphering / deciphering message contents it sends to itself! • A master (semi-permanent) shared key for each user • a master shared key for each server CSC/ECE 574 10 Dr. Peng Ning Computer Science Passwords and Tickets 1. Alice provides a password when she logs into her workstation 2. Alice’s workstation… – derives Alice’s master key from the password – asks the KDC for a temporary session key KA 3. The KDC provides a ticket-granting ticket (TGT) for Alice to use; eliminates need for… – …repeated authentication – …further use of master key CSC/ECE 574 11 Dr. Peng Ning Computer Science Basics of the Kerberos v4 Standard CSC/ECE 574 12 Dr. Peng NingComputer Science Protocol Sketch (Common Case) CSC/ECE 574 13 Alice Alice’s Workstation KDC Server V #1 Login + Password #4 Request service from V #2 Alice wants to authenticate #3 Here’s Alice’s TGT #5 Alice wants service from V #6 Here is key + ticket to use #7 Here is Alice’s ticket for service + key to use #8 Alice’s request for service is granted, using key supplied Dr. Peng Ning Computer Science Msg#1: Enter Password • Alice types in her user ID and password in unencrypted form into her workstation 1 AW: “Alice” | password CSC/ECE 574 14 #1 AW: “Alice” | password Dr. Peng Ning Computer Science Msg#2: Request for Authentication • Workstation sends a message to KDC with Alice’s ID (in unencrypted form) • Many of these messages contain timestamps, for a) liveness, and b) anti-replay • ID includes name and realm (see later) CSC/ECE 574 15 #2. WKDC: IDA | TS2 | IDKDC Dr. Peng NingComputer Science Msg#3: Authentication Success • KDC sends Alice’s workstation a session key and a TGT – encrypted with the master key shared between Alice and the KDC • KA-KDC is derived from Alice’s password, used to decrypt session key KA-KDC CSC/ECE 574 16 #3. KDCW: Dr. Peng Ning Computer Science Msg#3: … (cont’d) • The TGT is what allows the KDC to be stateless – means simpler, more robust KDC design – allows replicated KDCs (see later) • The TGT contains – the session key to be used henceforth – the user ID (Alice) – the valid lifetime for the TGT CSC/ECE 574 17 Dr. Peng Ning Computer Science Msg#4: Alice Requests Service V • Alice enters (to workstation) a request to access the service provided by V CSC/ECE 574 18 #4 AW: ReqServ(V) Dr. Peng NingComputer Science Msg#5: Workstation Requests Service V • Workstation sends to the KDC… – the TGT previously granted (proves Alice’s identity) – the server she wishes to request service from – an authenticator for this message CSC/ECE 574 19 #5 WKDC: Dr. Peng Ning Computer Science Msg#5… (cont’d) • The authenticator is an encrypted timestamp – why needed? – (reminder: timestamps requires user and KDC clocks to be loosely synchronized) CSC/ECE 574 20 Dr. Peng Ning Computer Science Msg#6: KDC Generates Ticket • KDC decrypts the TGT and… – checks that lifetime has not expired – gets the shared key KA-KDC • KDC sends back to workstation – identity of the server – a shared key (KA-V) for Alice and the server – a ticket for Alice to present to V CSC/ECE 574 21 #6 KDCW: Dr. Peng NingComputer Science Msg#6… (cont’d) • The ticket contains – ID of the initiating user – shared key KA-V – lifetime of the ticket CSC/ECE 574 22 Dr. Peng Ning Computer Science Msg#7: Workstation Contacts Server • Message contains – ticket (from the KDC) – authenticator • If server V is replicated, ticket can be used with each server to receive service CSC/ECE 574 23 #7 WV: Dr. Peng Ning Computer Science Msg#7… (cont’d) • Authenticator is valid for 5 minutes – loose synchronization required – replay attack possible for short period if server does not store previous authenticators CSC/ECE 574 24 Dr. Peng NingComputer Science Msg#8: Server Authenticates to Alice • Reply to Alice’s workstation contains –