2. Overview
β’ Symmetric Key Distribution using Symmetric Encryption
ο§ Kerberos
β’ Key Distribution using Asymmetric Encryption
ο§ X.509 Certificates
2
Raja Khurram Shahzad
3. Symmetric Key Distribution
β’ Two parties must share same key
ο§ Protected from the access of others
ο§ Frequent key exchange to limit amount of data
compromised
β’ Key can be exchanged
1. Physical delivery to B
2. A third party physically deliver it to A and B
3. Re-usage of old key to exchange new key
4. A & B both communicate securely with C, C delivers the key
ο§ For option 1 & 2 require manual delivery
ο§ For option 3 link encryption or end-to-end encryption, What if old key
is compromised
3
Raja Khurram Shahzad
4. Symmetric Key Distribution
ο§ For option 4 two kinds of keys are used
β Session Key: One time key
β Permanent Key: for distributing session key.
β Necessary element, Key Distribution Center (KDC):
determines which systems are allowed to communicate with each
other.
β Operation of KDC
β’ A wish to communicate B, transmits request to KDC.
Communication is encrypted using a master key
β’ KDC approves connection and creates one time session key.
Session key is encrypted with permanent keys of A & B and
delivered to A & B.
β’ A & B set up logical connection and uses session key.
ο§ Most widely application to use this approach is KERBEROS
4
Raja Khurram Shahzad
5. Security Concerns
β’ Key concerns are confidentiality and timeliness
β’ To provide confidentiality must encrypt identification and session
key info which requires the use of previously shared private or
public keys
β’ Need timeliness to prevent replay attacks
β’ Provided by using sequence numbers or timestamps or
challenge/response
5
ET2437 - Network Security
Raja Khurram Shahzad
6. KERBEROS
In Greek mythology, a many headed dog,
the guardian of the entrance of Hades
6
ET2437 - Network Security
Raja Khurram Shahzad
7. KERBEROS
β’ Users wish to access services on servers.
β’ Three threats exist:
ο§ User pretend to be another user.
ο§ User alter the network address of a workstation.
ο§ User eavesdrop on exchanges and use a replay attack.
7
ET2437 - Network Security
Raja Khurram Shahzad
8. KERBEROS
β’ Assumes a distributed client/server architecture
β’ Provides a centralized authentication server to authenticate
users to servers and servers to users.
β’ Relies on conventional encryption, making no use of public-
key encryption
β’ Two versions: version 4 and 5
β’ Version 4 makes use of DES
8
ET2437 - Network Security
Raja Khurram Shahzad
9. Requirements for Kerberos
β’ Secure:
ο§ Eavesdropper should not be able to obtain the necessary
information to impersonate a user
β’ Reliable:
ο§ Kerberos should employ a distributed server architecture, systems
backing up each other
β’ Transparent:
ο§ User should not be aware that authentication is taking place
β’ Scalable:
ο§ The system should be capable of supporting large number of clients
and servers
9
ET2437 - Network Security
Raja Khurram Shahzad
10. Overview of Kerberos
β’ AS = Authentication Server
β’ SS = Service Server
β’ TGS = Ticket-Granting Server
β’ TGT = Ticket Granting Ticket
β’ User Client-based Logon
ο§ A user enters a username and password on the client machine.
ο§ The client performs a one-way function (hash usually) on the entered
password, and this becomes the secret key of the client/user.
10
Raja Khurram Shahzad
11. Overview of Kerberos
β’ Client Authentication
ο§ The client sends a clear text message of the user ID to the AS
requesting services on behalf of the user. (Note: Neither the secret
key nor the password is sent to the AS.)
β The AS generates the secret key by hashing the password of the
user found at the database.
ο§ The AS checks client rights in its database. If valid, the AS sends
back the following two messages to the client:
β Message A: Client/TGS Session Key encrypted using the secret key
of the client/user.
β Message B: Ticket-to Get-Ticket (which includes the client ID, client
network address, ticket validity period, and the client/TGS session
key) encrypted using the secret key of the TGS.
11
Raja Khurram Shahzad
12. Overview of Kerberos
ο§ Client receives messages A and B, and decrypt message A to obtain
the Client/TGS Session Key.
β The session key is used for further communications with the TGS.
(Note: The client cannot decrypt Message B, as it is encrypted using
TGS's secret key.)
12
Raja Khurram Shahzad
13. Overview of Kerberos
β’ Client Service Authorization
ο§ When requesting services, the client sends the following two
messages to the TGS:
β Message C: Composed of the TGT from message B and the ID of the
requested service.
β Message D: Authenticator (which is composed of the client ID and the
timestamp), encrypted using the Client/TGS Session Key.
ο§ TGS retrieves message B out of message C. It decrypts message B
using the TGS secret key to have "client/TGS session key". Using this
key, the TGS decrypts message D (Authenticator) and sends the
following two messages to the client:
β Message E: Client-to-server ticket (which includes the client ID, client
network address, validity period and Client/Server Session Key)
encrypted using the service's secret key.
β Message F: Client/server session key encrypted with the Client/TGS
Session Key.
13
Raja Khurram Shahzad
14. Overview of Kerberos
β’ Client Service Authorization
ο§ For requesting services, the client sends the following two messages
to the TGS:
β Message C: Composed of the TGT from message B and the ID of the
requested service.
β Message D: Authenticator (which is composed of the client ID and
the timestamp), encrypted using the Client/TGS Session Key.
ο§ TGS retrieves message B out of message C.
β It decrypts message B using the TGS secret key. This gives it the
"client/TGS session key". Using this key, the TGS decrypts message
D (Authenticator) and sends the following two messages to the client:
β’ Message E: Client-to-server ticket (which includes the client ID, client
network address, validity period and Client/Server Session Key)
encrypted using the service's secret key.
β’ Message F: Client/server session key encrypted with the Client/TGS
Session Key.
14
Raja Khurram Shahzad
15. Overview of Kerberos
β’ Client Service Request
ο§ Client receives messages E and F from TGS.
ο§ The client connects to the SS and sends the following two messages:
β Message E from the previous step (the client-to-server ticket,
encrypted using service's secret key).
β Message G: a new Authenticator, which includes the client ID,
timestamp and is encrypted using client/server session key.
ο§ The SS decrypts the ticket using its own secret key to retrieve
the Client/Server Session Key. Using the sessions key, SS
decrypts the Authenticator and sends the following message to the
client to confirm its true identity and willingness to serve the client:
β Message H: the timestamp found in client's Authenticator plus 1,
encrypted using the Client/Server Session Key.
ο§ Ζ The client decrypts the confirmation using the Client/Server
Session Key and checks whether the timestamp is correctly updated.
If so, then the client can trust the server and can start issuing service
requests to the server.
15
ο§ The server provides the requested services to the client.
Raja Khurram Shahzad
17. Kerberos Version 4
β’ Terms:
ο§ C = Client
ο§ AS = authentication server
ο§ V = server
ο§ IDc = identifier of user on C
ο§ IDv = identifier of V
ο§ Pc = password of user on C
ο§ ADc = network address of C
ο§ Kv = secret encryption key shared by AS and V
ο§ TS = timestamp
ο§ || = concatenation
17
ET2437 - Network Security
Raja Khurram Shahzad
18. A Simple Authentication Dialogue
(1) C ο AS: IDc || Pc || IDv
(2) AS ο C: Ticket
(3) C ο V: IDc || Ticket
β’ Ticket = EKv[IDc || Pc || IDv]
18
ET2437 - Network Security
Raja Khurram Shahzad
19. Remaining problems
2. Number of times that a user has to enter a password
4. Plain-text transmission of password
19
ET2437 - Network Security
Raja Khurram Shahzad
20. More secure Authentication Dialogue
Once per user logon session:
β’ C ο AS: IDC || IDtgs
β’ AS ο C: EKc [ Tickettgs ]
Once per type of service:
(3) C ο TGS: IDC || IDV ||Tickettgs
(4) TGS ο C: TicketV
Once per service session:
(5) C ο V: IDC || TicketV
20
ET2437 - Network Security
Raja Khurram Shahzad
21. Remaining problems
3. The lifetime associated with the ticket-granting ticket
5. Servers are not able to authenticate themselves
21
ET2437 - Network Security
Raja Khurram Shahzad
22. Version 4 Authentication Dialogue
Authentication Service Exhange: To obtain Ticket-Granting
Ticket
β’ C ο AS: IDc || IDtgs ||TS1
β’ AS ο C: EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs]
Ticket-Granting Service Echange: To obtain Service-Granting
Ticket
(3) C ο TGS: IDv ||Tickettgs ||Authenticatorc
(4) TGS ο C: EKc [Kc,Β¨v|| IDv || TS4 || Ticketv]
Client/Server Authentication Exhange: To Obtain Service
(5) C ο V: Ticketv || Authenticatorc
(6) V ο C: EKc,v[TS5 +1]
22
ET2437 - Network Security
Raja Khurram Shahzad
23. Version 4 Authentication Dialogue
β’ Problems:
ο§ Lifetime associated with the ticket-granting ticket
ο§ If to short ο repeatedly asked for password
ο§ If to long ο greater opportunity to replay
β’ The threat is that an opponent will steal the ticket and use it before
it expires
23
ET2437 - Network Security
Raja Khurram Shahzad
25. Request for Service in Another Realm
25
ET2437 - Network Security
Raja Khurram Shahzad
26. Difference Between Version 4 and 5
β’ Encryption system dependence (V.4 DES)
β’ IP - Internet protocol dependence
β’ Message byte ordering
β’ Ticket lifetime
β’ Authentication forwarding
β’ Inter realm authentication
26
ET2437 - Network Security
Raja Khurram Shahzad
27. Kerberos - in practice
β’ Currently have two Kerberos versions:
ο§ 4 : restricted to a single realm
ο§ 5 : allows inter-realm authentication, in beta test
β’ Kerberos v5 is an Internet standard
β’ Specified in RFC1510, and used by many utilities
β’ To use Kerberos:
ο§ need to have a Key Distribution Center (KDC) on your network
ο§ need to have Kerberised applications running on all participating
systems
ο§ major problem - US export restrictions
ο§ Kerberos cannot be directly distributed outside the US in source format
(& binary versions must obscure crypto routine entry points and have
no encryption)
ο§ else crypto libraries must be re-implemented locally
27
ET2437 - Network Security
Raja Khurram Shahzad
28. Key Distribution using Asymmetric Encryption
β’ Problem : The distribution of Public Keys
ο§ What if a fake user imparsionate to be a legitimate user and distribute his
keys
β’ Solution : Public-Key Certificates
ο§ Consists of a public key + User ID of the key owner with whole block
signed by a trusted third party
ο§ Third party is a Certificate Authority (CA), trusted by user community
ο§ User deliver public key to CA in a secure manner and obtain a certificate
ο§ User publish the certificate
ο§ Anyone needing this userβs public key can obtain the certificate and verify
it by attached trusted signature
ο§ X.509 Certificates
28
Raja Khurram Shahzad
29. Key Distribution using Asymmetric Encryption
29
Public-Key Certificate Use
Raja Khurram Shahzad
30. X.509 Certificates
β’ Standard for a Public Key Infrastructure (PKI)
ο§ Set of hardware, software, people, policies and procedures needed to
create, manage, store, distribute and revoke digital certificates based
on asymmetric cryptography
β’ Distributed set of servers that maintains a database about users.
β’ Assumes a strict hierarchical system of certificate authorities (CAs)
for issuing the certificates
β’ Each certificate contains the public key of a user and is signed with
the private key of a CA.
β’ Is used in S/MIME, IP Security, SSL/TLS and SET.
30
β’ RSA is recommended to use.
Raja Khurram Shahzad
31. X.509 Certificates
β’ A certification authority issues a certificate binding a public key to
a particular distinguished user
ο§ A certificate authority or certification authority (CA) is an entity which
issues digital certificates for use by other parties. It is an example of
a trusted third party. There are many commercial CAs that charge for
their services. Institutions and governments may have their own
CAs, and there are free CAs.
β’ An organization's trusted root certificates can be distributed to all
employees so that they can use the company PKI system
β’ X.509 also includes standards for certificate revocation list (CRL)
implementations
31
Raja Khurram Shahzad
35. Obtaining a Userβs Certificate
β’ Characteristics of certificates generated by CA:
ο§ Any user with access to the public key of the CA can recover the
user public key that was certified.
ο§ No part other than the CA can modify the certificate without this
being detected.
35
ET2437 - Network Security
Raja Khurram Shahzad
36. Revocation of Certificates
β’ Reasons for revocation:
ο§ The users secret key is assumed to be compromised.
ο§ The user is no longer certified by this CA.
ο§ The CAβs certificate is assumed to be compromised.
36
ET2437 - Network Security
Raja Khurram Shahzad
37. 37
ET2437 - Network Security
Raja Khurram Shahzad