Professional Documents
Culture Documents
509
Fourth Edition
by William Stallings
Lecture slides by Lawrie Brown
(Changed by Somesh Jha)
Authentication Applications
will consider authentication functions
developed to support application-level
authentication & digital signatures
will consider Kerberos a private-key
authentication service
then X.509 directory authentication
service
2
Kerberos
trusted key server system from MIT
provides centralised private-key thirdparty authentication in a distributed
network
allows users access to services distributed
through out the network
without needing to trust all workstations
rather all trust a central authentication server
Kerberos Requirements
first published report identified its
requirements as:
security
reliability
transparency
scalability
Kerberos 4 Overview
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify
themselves
AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
C = client
AS = authentication server
IDC = identifier of user on C
PC = password of user on C
IDV = identifier of server V
C asks user for the password
AS checks that user supplied the right
password
6
Message 2
(2) AS -> C : Ticket
Ticket = E K(V) [IDC || ADC || IDV]
K(V) = secret encryption key shared by AS
and V
ADC = network address of C
Ticket cannot be altered by C or an
adversary
Message 3
(3) C -> V: IDC || Ticket
Server V decrypts the ticket and checks
various fields
ADC in the ticket binds the ticket to the
network address of C
However this authentication scheme has
problems
Problems
Each time a user needs to access a
different service he/she needs to enter
their password
Read email several times
Print, mail, or file server
Assume that each ticket can be used only
once (otherwise open to replay attacks)
Authentication Dialogue II
Once per user logon session
(1) C -> AS: IDC || IDTGS
(2) AS -> C: E K(C) [TicketTGS]
TicketTGS is equal to
E
K(TGS)
10
K(V)
TS2 || Lifetime2 ]
K(V): key shared between V and TGS
Is called the service-granting ticket (SGT)
12
Message 5
Once per service session
(5) C -> V: IDC || TicketV
C says to V I am IDC and have a ticket
from the TGS . Let me in!
Seems secure, but..
There are problems
13
Problems
Lifetime of the TGT
Short : user is repeatedly asked for their
password
Long : open to replay attack
Oscar captures TGT and waits for the user
to logoff
Sends message (3) with network address
IDC (network address is easy to forge)
Kerberos Realms
a Kerberos environment consists of:
a Kerberos server
a number of clients, all registered with server
application servers, sharing keys with server
16
Kerberos Version 5
developed in mid 1990s
provides improvements over v4
addresses environmental shortcomings
encryption algorithm, network protocol, byte order,
ticket lifetime, authentication forwarding, interrealm authentication
Reading assignment
Inter-realm authentication in version 4
Pages 411-413
Version 5
Fixes some shortcomings of version 4
Page 413-419
18
X.509 Certificates
issued by a Certification Authority (CA), containing:
version (1, 2, or 3)
serial number (unique within CA) identifying certificate
signature algorithm identifier
issuer X.500 name (CA)
period of validity (from - to dates)
subject X.500 name (name of owner)
subject public-key info (algorithm, parameters, key)
issuer unique identifier (v2+)
subject unique identifier (v2+)
extension fields (v3)
signature (of hash of all fields in certificate)
Obtaining a Certificate
any user with access to CA can get any
certificate from it
only the CA can modify a certificate
because cannot be forged, certificates
can be placed in a public directory
21
CA Hierarchy
if both users share a common CA then they
are assumed to know its public key
otherwise CA's must form a hierarchy
use certificates linking members of hierarchy
to validate other CA's
each CA has certificates for clients (forward) and
parent (backward)
22
CA Hierarchy Use
23
Certificate Revocation
Authentication Procedures
X.509 includes three alternative
authentication procedures:
One-Way Authentication
Two-Way Authentication
Three-Way Authentication
all use public-key signatures
25
One-Way Authentication
1 message ( A->B) used to establish
the identity of A and that message is from
A
message was intended for B
integrity & originality of message
26
Two-Way Authentication
2 messages (A->B, B->A) which also
establishes in addition:
the identity of B and that reply is from B
that reply is intended for A
integrity & originality of reply
27
Three-Way Authentication
3 messages (A->B, B->A, A->B) which
enables above authentication without
synchronized clocks
has reply from A back to B containing
signed copy of nonce from B
means that timestamps need not be
checked or relied upon
Reading assignment: pages 424-427
28
X.509 Version 3
has been recognised that additional
information is needed in a certificate
29
Certificate Extensions
key and policy information
Summary
have considered:
Kerberos trusted key server system
X.509 authentication and certificates
31