CSCE 813 Internet Security Kerberos

Similar documents
CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

Trusted Intermediaries

AIT 682: Network and Systems Security

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

CSCE 813 Internet Security Final Exam Preview

Outline Key Management CS 239 Computer Security February 9, 2004

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

Key distribution and certification

13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.

Lecture 1: Course Introduction

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Cryptographic Checksums

Data Security and Privacy. Topic 14: Authentication and Key Establishment

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

ECEN 5022 Cryptography

CPSC 467b: Cryptography and Computer Security

Information Security CS 526

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Radius, LDAP, Radius, Kerberos used in Authenticating Users

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Lecture 7 - Applied Cryptography

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

CSC 774 Network Security

Security Handshake Pitfalls

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

CS Computer Networks 1: Authentication

CHAPTER 3. ENHANCED KERBEROS SECURITY: An application of the proposed system

Datasäkerhetsmetoder föreläsning 7

Factotum Sep. 24, 2007

CS3235 Seventh set of lecture slides

KEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington

Security Handshake Pitfalls

Authentication and Key Distribution

Cryptography and Network Security

Fall 2010/Lecture 32 1

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Chapter 9: Key Management

CSC/ECE 774 Advanced Network Security

Course Administration

ISSN: EverScience Publications 149

Session Key Distribution

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

CT30A8800 Secured communications

Overview of Kerberos(I)

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Network Security Essentials

AUTHENTICATION APPLICATION

Kerberos MIT protocol

KEY DISTRIBUTION AND USER AUTHENTICATION

Kerberos Introduction. Jim Binkley-

Key Establishment. Chester Rebeiro IIT Madras. Stinson : Chapter 10

Authentication Protocols

Kerberos. Pehr Söderman Natsak08/DD2495 CSC KTH 2008

User Authentication Principles and Methods

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Chapter 4 Authentication Applications

CIS 4360 Secure Computer Systems Applied Cryptography

Authentication Part IV NOTE: Part IV includes all of Part III!

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

CSCE 813 Internet Security Symmetric Cryptography

Security Handshake Pitfalls

UNIT - IV Cryptographic Hash Function 31.1

Introduction and Overview. Why CSCI 454/554?

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 3

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

CSC 482/582: Computer Security. Security Protocols

MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz II

Verteilte Systeme (Distributed Systems)

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Unit-VI. User Authentication Mechanisms.

KEY DISTRIBUTION AND USER AUTHENTICATION

Security issues in Distributed Systems

User Authentication. Modified By: Dr. Ramzi Saifan

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

"When you have crossed the river and have advanced a little further, some aged women weaving at the loom will beg you to lend a hand for a short

Operating Systems Design Exam 3 Review: Spring 2011

EEC-682/782 Computer Networks I

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

What did we talk about last time? Public key cryptography A little number theory

Network Security (NetSec)

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

In any of these cases, an unauthorized user may be able to gain access to services and data that he or she is not authorized to access.

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

CSE Computer Security

Kerberos V5. Raj Jain. Washington University in St. Louis

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Security: Focus of Control. Authentication

Distributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

8.7 Authentication Protocols

Transcription:

CSCE 813 Internet Security Kerberos Professor Lisa Luo Fall 2017

What is Kerberos? An authentication server system from MIT; versions 4 and 5 Provide authentication for a user that works on a workstation Allow users access to services distributed via network workstation workstation Kerberos FS Mail Printer 2

Question Whatisthe ThreatModel? 1. All users and servers trust Kerberos 2. Users trust the workstations 3

User Authentication vs. Message Authentication Alice workstation workstation Bob M FS Mail Printer Ø Message Authentication: o authenticate the origin of Message M o use the session key to authenticate message Ø User Authentication: o verify the identify of the communication entity: the person is indeed Bob o based on something you know; or something you are 4

When to perform each of them? 1. User authentication is usually performed at the beginning of a session 2. Once user s identify is verified, the session key is established 3. Then, message authentication is performed in the subsequence communication 5

Kerberos vs. PKI Both PKI and Kerberos can be used for authentication. But PKI is mainly used to authenticate a service, while Kerberos is to authenticate both services and users PKI mainly builds on asymmetric cryptography, while Kerberos mainly builds on symmetric cryptography PKI is used over the Internet, while Kerberos is typically used within a single organization 6

Kerberos Kerberos consists of Authentication Server (AS) Runs on a physically secure node Kerberos AS Name User 1 Key K C Server 1 K S

How does Kerberos authenticate users (perform user authentication)?

Design #1 Ticket S = K S {C IP C S} C, S, PW C AS Client Ticket S Server C, Ticket S

Question Why IP C is needed? o IP C tries to prevent stolen ticket from being used on another machine. 10

Problems for Design #1 1. Password PW C is send as plaintext 2. A user needs to supply a password every time when he wants to access a server (even the same server) ü Solution: Add a new component into Kerberos: ticket-granting server (TGS) è Design 2

Ticket tgs = K tgs {C IP C TGS} è ticket-granting ticket Ticket Smail = K Smail {C IP C S mail } è service-granting ticket AS workstation Kerberos TGS C, Ticket Smail Mail Printer 12

Problems for Design #2 Replay attack 1. An attacker captures Ticket tgs 2. Waits until the user logs off 3. Configures the attacker s workstation with the same IP address 4. Sends {C, S mail, Ticket tgs } to TGS and getsticket Smail ü Solution: add TimeStamp and LifeTime 13

Ticket tgs = K tgs {C IP C TGS TimeStamp Lifetime} Ticket Smail = K Smail {C IP C S mail TimeStamp Lifetime} AS workstation Kerberos TGS Ticket Smail Mail Printer 14

Problems for Design #3 1. If this lifetime is very short, then the user will be repeatedly asked for a password. 2. If the lifetime is long, then an opponent has a greater opportunity for replay. ü Solution: TGS or Server should check that the person using a ticket is the same person to whom that ticket was issued ü è add Message Authentication Code into ticket 15

The first part talks about how to authenticate users, next we will discuss how to authenticate messages

Question WhatisMessage Authentication Code? o A keyed-hash value M M H(K M) H(K M) MAC 17

What additional info is needed? To add Message Authentication Code into ticket, we need: a shared key 18

Ticket tgs = K tgs {C IP C TGS TimeStamp Lifetime} Ticket Smail = K Smail {C IP C S mail TimeStamp Lifetime} AS workstation Kerberos TGS C, Ticket Smail Auth C Mail 19

Where to get the shared key? To add Message Authentication Code into ticket, we need: a shared key The shared key between Client and TGS is provided by AS 20

Ticket tgs = K tgs {C IP C TGS TimeStamp Lifetime K C, tgs } Ticket Smail = K Smail {C IP C S mail TimeStamp Lifetime K c, S } Auth C = K C, tgs {C IP C TimeStamp} Auth C = K C, S {C IP C TimeStamp} AS workstation Kerberos TGS C, Ticket Smail, Auth C Mail 21

Question What happens if the Kerberos is down? o Cannot log in. o Cannot obtain new tickets. o Can keep using existing (non-expired) tickets. 22

Password-Changing Service If your password is leak, you want to change it. Another component in Kerberos: passwordchanging service 23

Ticket kpw =K kpw {C IP C KPW TimeStamp Lifetime K c, kpw } AS workstation Kerberos KPassword Q: Once you changed your password, could you tell others your old password? o No. Attackers can (1) decrypt K C {Ticket kpw, K c, kpw } and get K c, kpw (2) then decrypt K c, kpw {newpw} and then get your new password. ü Solution: Diffie-Hallman Key exchange (introduced in Kerberos 5) 24

Summary Kerberos is an authentication server system authenticates users authenticates messages 1. User Authentication: o verify the identify of the communication entity: the person to whom I am talking is Bob 2. Message Authentication: o authenticate the origin of Message M 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback