06b4a36eb345d9aee78b409d37997810.ppt
- Количество слайдов: 34
Authentication 3: On The Internet
Readings • URL attacks http: //www. technicalinfo. net/papers/URLEmbedded. Attacks. html • Web security using CGI scripts http: //www. w 3. org/Security/Faq/wwwsf 4. html • Tempest: http: //www. giac. org/practical/gsec/Cassi_Goodman_GSEC. pdf 2
Topics • URL Obscuring • Kerberos • X. 509 Digital Certificate Standard 3
URL Obscuring • Uniform Resource Locator is used to find a web site. • If you are sent a URL from an untrusted source, it may be obscured in a number of ways to look like a familiar, trusted site. • Characters can be put into URLs to change the meaning. 4
URL Obscuring For example, you receive an email saying click on this link: http: //www. friendlysite. com@129. 210. 32. 1 You think you are going to “friendlysite”; however, the @ means that everything before it is the username and you really go to 129. 210. 32. 1 5
Challenges for E-Commerce • Many clients want services from a number of different servers. Servers need to know that the client is who he says he is. • Key concerns are confidentiality and timeliness • To provide confidentiality must encrypt identification and session key info which requires the use of previously shared private or public keys • Need timeliness to prevent replay attacks. Can be provided by using sequence numbers or timestamps or challenge/response 6
Kerberos • Developed at MIT. Users wish to access services on many servers. • Three threats exist: – User pretend to be another user. – User alter the network address of a workstation to get another’s services. – User eavesdrop on exchanges and use a replay attack to get unauthorized services. 7
Problem with CR Protocol • Alice and Bob want to use a challenge-response protocol to authenticate each other. They can encrypt and decrypt message with DES and their shared key, KAB. • Alice sends her identity A and a random number RA to Bob responds with the number encrypted with the key he shares with Alice, KAB{RA} along with another random number RB. Alice responds by encrypting Bob’s number KAB{RB} and sending it to Bob. • If that was Eve pretending to be Alice, she has a plaintext, cypertext pair to crack the key KAB. 8
Kerberos • Kerberos provides a centralized authentication server to authenticate users to servers and servers to users. • Users can share password with AS, but need not be known by all servers. • Relies on conventional encryption, making no use of public-key encryption. • Two versions: version 4 and 5. Version 4 uses DES 9
Simplified Version • Client, C, asks authentication server, AS, for a “ticket” to identify him to vendor, V. Client supplies his password which is known by AS. • AS gives C a ticket which can only be read by the vendor, V. • Client, C, contacts vendor, V, giving him the ticket which V accepts because he trusts AS. 10
Kerberos • Terms: C = Client AS = authentication server V = server or vendor IDc = identifier of user on C IDv = identifier of V Pc = password of user on C ADc = network address of C Kv = secret encryption key shared by AS and V TS = timestamp || = concatenation 11
Simple Authentication Dialog (1) C AS: IDc || Pc || IDv (2) AS C: Ticket (3) C V: IDc || Ticket = EKv[IDc || ADc || IDv] 12
Problems with Simple Dialog • Lifetime needs to be associated with the ticket – If too short, repeatedly asked for password – If too long, greater chance of replay attack – The threat is that an opponent will steal the ticket and use it before it expires • Client password sent in the clear • Every time client wants to use a new service (or reuse one) he must go to AS. 13
Solution: Kerberos Version 4 Add a Ticket Granting server • When client logs in at start of session/day, he gets a ticket-granting ticket (TGT) from the Authentication Server. He supplies his password once per session/day. • TGT is used to get a service ticket from a Ticket Granting Server each time service is needed (read mail, get a file, use print server). • Authenticator is Kc, v{IDc||ADc||TS} 14
15
Kerberos Version 4 Authentication Service Exhange: To obtain Ticket-Granting Ticket (1) C AS: IDc || IDtgs ||TS 1 • AS C: EKc [Kc, tgs|| IDtgs || TS 2 || Lifetime 2 || Tickettgs] Tickettgs = EKtgs[Kc, tgs || IDc || ADc || IDtgs || TS 2 || lifetime] Ticket-Granting Service Echange: To obtain Service-Granting Ticket (3) C TGS: (4) TGS C: IDv ||Tickettgs ||Authenticatorc EKc [Kc, ¨v|| IDv || TS 4 || Ticketv] Ticketv = EKv [Kc, v || IDc || ADc || IDv || TS || lifetime] Client/Server Authentication Exhange: To Obtain Service (5) C (6) V V: C: Ticketv || Authenticatorc EKc, v[TS 5 +1] 16
Kerberos in Use • • • Currently have two Kerberos versions: 4 : restricted to a single realm 5 : allows inter-realm authentication Kerberos v 5 is an Internet standard specified in RFC 1510, and used by many utilities • To use Kerberos: • need to have Kerberised applications running on all participating systems 17
Digital Certificates and PKI
Public Key Encryption • Public key cryptography solves symmetric key encryption problem of having to exchange secret key • Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) • Both keys are used to encrypt and decrypt message • Once key is used to encrypt message, same key cannot be used to decrypt message • For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it 19
20
Hash Signatures • Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data • Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation 21
22
Digital Envelopes • Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) • Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key 23
X. 509 Authentication Standard • A standard for a distributed set of servers that maintains a database about users. • Based on public key cryptography, digital signatures and certificates. • Each certificate contains the public key of a user and is signed with the private key of a CA. • Used in S/MIME, IP Security, SSL/TLS and SET. • RSA is recommended. 24
X. 509 • A public key certificate is associated with each user in the system. • Certificates are created by some trusted certification authority (CA) and placed in the directory. • Any user with the public key of the CA can recover a user public key in the directory that was certified by the CA. • No party other than the CA can modify the certificate without detection. • Certificates are unforgeable. 25
Digital Signature Idea 26
Digital Certificate • Digital document that includes: § § § Name of subject or company Subject’s public key Digital certificate serial number Expiration date Issuance date Digital signature of certification authority (trusted third party (institution) that issues certificate § Other identifying information 27
28
PKI • Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties. • PKI applies mainly to protecting messages in transit. PKI is not effective against insider fraud. • Protection of private keys by individuals may be haphazard. • No guarantee that verifying computer of merchant is secure. • CAs are unregulated, self-selecting organizations. 29
Certificate Revocation • Each certificate has a period of validity. Usually a new certificate is issued just before the old one expires. • Sometimes the certificates must be revoked before they expire: – The users secret key is assumed to be compromised. – The user is no longer certified by this CA. – The CA’s certificate is assumed to be compromised. 30
Certificate Revocation Lists • Each CA maintains a list of revoked but not yet expired certificates. Each list (CRL) is signed by the CA and posted to the directory. • A user who receives a certificate is responsible for checking the CRL to determine its validity. 31
Serial number is unique to a CA 32
Secure Session with SSL 33
For More Info • General hacking http: //www. insecure. org/ • PKI in practice http: //www. pki-page. org/ • Government PKI standards http: //csrc. nist. gov/pki/ 34