6.  Authentication Application

6.1.  Kerberos: Info

Info:

• The Kerberos Network Authentication System (RFC4120), July 2005.
• B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks, IEEE Communications, 32(9):33-38. September 1994
• An image by William Blake
• Papers
• Protocol

6.2.  Basics

• how do client/server identify each other: Mac Address IP address DNS
• All individual information can be compromised
• two identical IP adresses can not be used on the same network
• Example: Mount of a file system:

--

export of a file system to: host/group/client

--

mount is based on IP address

• How can you mount a remote FS?
• Pretend you have a different (friendly) IP address

6.3.  Example: Sun Network File System

• The NFS is an implementation and a specification of a softwaresystem for accessing remote files
• Goal: allow some degree of sharing file systems in a transparent manner.
• Sharing is based on a server/client relationship.

Mount Protocol

• Export. See share(1m).

  % hostname
  ilon
  % cat /etc/dfs/dfstab
  
  #       Place share(1M) commands here for automatic execution
   ...
  #       share  -F nfs  -o rw=engineering  -d "home dirs"  /export/home2
  share -F nfs -o ro=altair -d "ilon's home dir" /
  share -F nfs -o rw=altair -d "ilon's home dir" /export/home
  

Use:

ilon% ssh  cs
cs% su -
cs# mount ilon:/export/home/bischof /mnt
cs#

The NFS Protocol

The NFS protocol provides a set of RPCs for remote file operations.

• Searching for a file within a directory.
• Reading a set of directory entries
• Manipulation of links and directories
• Accessing file attributes
• Reading and writing directories

Use of NFS

• % man automount
   ...
  The automount utility installs autofs mount points and asso-
       ciates  an  automount map with each mount point.  The autofs
       file system monitors attempts to access  directories  within
       it  and notifies the automountd(1M) daemon.  The daemon uses
       the map to locate a file system, which it then mounts at the
       point  of  reference within the autofs file system.
   ...
  

See also: automount(1m) and automountd(1m).

% cat /etc/auto_master
# Master map for automounter
#
+auto_master
/net            -hosts          -nosuid,nobrowse
/home           auto_home       -nobrowse
/xfn            -xfn
% niscat auto_home.org_dir | grep bischof
bischof altair:/export/home/bischof

• What is happening if I can 'fake' an existing IP address?

6.4.  Services

• What kind of services can a system provide?

--

Mounting of FS's

--

Mail

--

ftp

--

Web

--

CPU

• What are the consquences if they ressources are 'stoled'?
• How can we protect theses ressources?

--

Qood question; and your answer is?

6.5.  Problems

• How can the service provided be authenticated?
• How can the client machine be authenticated?
• How can the user be authenticated?
• In a network where there is no central sys admin?

6.6.  Motivation:

• Single Machines/single user are protected by doors etc
• Connecteted machines are not protected by default
• Approaches to Security:

--

Each node assures identify of users and each server relies on this (Wer garantiert das die machinen nicht ausgetauscht werden?)

--

What does ssh guarantee you?

--

The clients authenticate themself to the server and the user identification is up to the client.

--

The user proofs her/his identity to the server and the server proofs his identity to the client

• General problem: How can you/a system proof your/its identity?
• Do you have a passport?

6.7.  Threats

For example:

• DNS attacks http://www.securityfocus.com/brief/483
• Person in the middle attack
• access to service by pretending to be somebody else
• modify IP address to come from a 'friedly' computer
• use replay attack to gain access under the use of eavesdropping

6.8.  Kerberos

From http://web.mit.edu/kerberos/

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.

• Look at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt
• Cerberus: is in Greek and Roman mythology, is a multi-headed hound (usually three-headed)which guards the gates of the Underworld, to prevent those who have crossed the river Styx from ever escaping.
• http://www.theoi.com/Gallery/M12.1.html

6.9.  Kerberos: Provides

• Kerberos is an authentication service
• Kerberos can be used over an unprotected network
• Kerberos relies on a third part authentification server
• Kerberos does not rely on the authentication of the host OS system
• Information can not gained by listening into the conversation (Ali Baba's Cage)
• Kerberos relies on symetric key encryption
• Kerberos allows access to a services to a authorized users only, under the assumption you can not trust the environment.

6.10.  The Situation

Past:

Without Kerberos:

With Kerberos:

6.11.  Note: Symetric Key Encryption

• A single, common key that is used to encrypt and decrypt the message
• Trivial Example: shift/stick etc
• Examples: Twofish, Serpent, AES (aka Rijndael), DES, Blowfish, CAST5, RC4, TDES, and IDEA.

6.12.  Kerberos: Is (as the paper describes)

• Secure
• Reliable
• Transparent
• Scalable

What does each requirement entail?

• Kerberos uses a third party protocol (chapter 7/spr)
• client/server trust Kerberos to mediate their mutual authentication

6.13.  Kerberos: Needs

• Database of private keys known in a database

--

private keys are known to kerberos and the client

• Kerberos can

--

derive keys from passwords

--

generate temporary private keyes

--

generate Session Keys

• The AS

--

shares a secret key with each server.

--

can be are distributed

6.14.  Credentials

• Ticket

--

good for single server and a single client

--

{s, c, addr, timestamp, life, K{s,c} ) K{s}

• Authenticator

--

can only be used once

--

can be created by the client

--

{ c, addr, timestamp ) K{s,c}

6.15.  Kerberos: How it Works

Abbreviations (from: Kerberos: An Authentication Service for Open Network Systems, Jennifer G. Steiner, Clifford Neuman, Jeffrey I. Schiller)

• tickets:

--

based on private key encryption

--

are used to securely pass the idenity of the person to whom the ticket was issued between the authentication server and the end server

--

a ticket is good for single server and a single client

--

A ticket is used to securly pass the identity of a user

--

A ticket is good for a single server and a user

• Kerberos ticket

• authenticator:

--

authenticator contains information which, when compared against that in the ticket, proves that the client presenting the ticket is the same one to which the ticket was issued.

--

based on private key encryption

--

can only be used once (time stamp)

--

can be generated by the client

• Kerberos Authenticator

6.16.  Problem

• to authenticate user/machine
• Servers/services

6.17.  Kerberos: Getting the Initial Ticket

• user enters name
• request is sent to authentication server containing the user's name and the name of a special service known as the ticket-granting service
• authentication server checks that it knows the client and generates a random session key
• creates creates a ticket for the ticket-granting server encypted with the derived password.

--

which contains the client's name,

--

the name of the ticket-granting server,

--

the current time,

--

a lifetime for the ticket,.

--

the client's IP address,

--

and the random session key just created.

--

• all encrypted in a key known only to the ticketgranting server and the authentication server.
• 

• Kerberos ticket

  

• Questions:

Is it possible to learn something by listening to the network?

Nein, denn das Packet ist mit verschluesselt, mit den Schluessel the Klienten, welches nur Kerberos vom password ableitet und dem Klienten bekannt ist.

• user enters password

• password converted to DES key
• this key is used to decrypt response from authentification server

• The ticket can now be used to get access to multiple services

6.18.  IS Kerberos?

• Secure
• Reliable
• Transparent
• Scalable

6.19.  Kerberos: Getting a Server Ticket

• Request to Ticket granting server
• TGS builds, if valid

--

new random session key used between client and server

--

ticket for the new server

--

6.20.  Kerberos: Requesting a Service

• Once per service and lifetime
• assumption: client has server ticket
• application builds an authenticator containing the client's name and IP address, and the current time
• client then sends the authenticator along with the ticket to the server
• server decrypts the ticket, uses the session key included in the ticket to decrypt the authenticator
• Note: It is assumed that clocks are synchronized to within several minute.

--

Is this realistic?

--

Time allows to keep track

• request received with the same ticket and timestamp as one already received can be discarded

• Mutual Authentication:

Kerberos Authenticator

6.21.  Kerberos: Database

• What problems do you see?

6.22.  Kerberos: Admin

• Is it possible to overcome the kerberos system?
• What problem do you see?

Vieles muss functionieren

--

Skalierbar sicher

--

Ein einziger Punkt der alles aum Stillstand bringen kann

6.23.  Kerberos: Java API

http://www.cs.rit.edu/~hpb/Jdk5/api/javax/security/auth/kerberos/package-summary.html

6.24.  X.509

• X.509 is an ITU-T (International Telecommunication Union) defines a framework of authentication services to its users

--

See also rfc320

• X.509

--

defines specific formats for Public Key Certificates

--

the algorithm that verifies a given certificate path is valid under a give PKI

6.25.  PKI

• PKI arrangements enable authenticatian to each other without prior communication
• PKI enables the parties

--

to establish confidentiality,

--

message integrity

--

user authentication.

--

without having to exchange any secret information in advance

--

by using a CA

Example

How can we create a secret key without having met before?

• We both know a CA
• I send you

  

• you calculate

  

• How does this help?

6.26.  Digital Signatures

• Digital Signatures provide authentication to a message
• A digital signature must

--

verify author, date and time of signature

--

authenticate content

--

veriviable by a third party

• RSA can be used to create signature keys
• How can this be done?

6.27.  X.509 Certificate

Certificate

--

Version

--

Serial Number

--

Algorithm ID

--

Issuer

--

Validity

--

Not Before

--

Not After

--

Subject Subject Public Key Info

--

Public Key Algorithm

--

Subject Public Key

--

Issuer Unique Identifier (Optional)

--

Subject Unique Identifier (Optional)

--

Extensions (Optional)

--

...

--

Certificate Signature Algorithm

--

Certificate Signature

• Algorithm:

--

User takes unsigned certificate, adds public key, ID

--

Generates Hash Code

--

added to the certificate

--

CA signs certificate with its private key and stores it

--

This can not be forged

--

Decrypted with public key

--

Can be access by anybody to verify users identity

6.28.  Social Networks and Trust

• Facebook
• Linked In
• etc
• How to find you...

6.29.  How do you know it is your friend?

• email other knowledge
• What is this good for?

6.30.  Trust

• how do you know who somebody is in real life?
• You do not.
• Fraud

6.31.  Issues

• secret crush
• Facebook suicide
• Is the network different to real world?

6.32.  Outlook Trust Models

• Direct Trust

it is between two users

• Hierarchical Trust

trust extends from the root

• A Web of Trust

It is a graph - trusr lies in the eye of the beholder

Note: Image from Stalling's book, page 456

6.33.  Addendum

• Phishing (According to Gartner Research/2007)

--

cost: $3.2 Billion

--

3.6 million Americans defrauded

--

Articles

--

@inproceedings{ 1073009, author = {Rachna Dhamija and J. D. Tygar}, title = {The battle against phishing: Dynamic Security Skins}, booktitle = {SOUPS '05: Proceedings of the 2005 symposium on Usable privacy and security}, year = {2005}, isbn = {1-59593-178-3}, pages = {77--88}, location = {Pittsburgh, Pennsylvania}, doi = {http://doi.acm.org/10.1145/1073001.1073009}, publisher = {ACM Press}, address = {New York, NY, USA}, url = {citeseer.ist.psu.edu/748409.html} } the article

--

@article{1290968, author = {Tom N. Jagatic and Nathaniel A. Johnson and Markus Jakobsson and Filippo Menczer}, title = {Social phishing}, journal = {Commun. ACM}, volume = {50}, number = {10}, year = {2007}, issn = {0001-0782}, pages = {94--100}, doi = {http://doi.acm.org/10.1145/1290958.1290968}, publisher = {ACM}, address = {New York, NY, USA}, } Social phishing