Professional Documents
Culture Documents
Outline
Kerberos
X.509 Authentication Service
IP security Architecture
Secure socket layer
Electronic mail security
Pretty Good privacy
S/MIME
Secure Electronic Transactions
Firewalls
KERBEROS
KERBEROS
Is an authentication service
KERBEROS
Users wish to access services on servers.
Three threats exist:
User pretend to be another user.
User alter the network address of a workstation.
User eavesdrop on exchanges and use a replay
attack.
KERBEROS
a centralized authentication server (Kerberos) which
authenticates
Users to servers
Servers to users
Why KERBEROS?
If a set of users is provided with dedicated personal
computers that have no network connections, then a
users resources can be protected by securing each
computer
But now we use distributed architecture consisting
of dedicated user workstation (clients) and
distributed or centralized servers
7
Kerberos Requirements
first published report identified its requirements
as:
secure-an eavesdropper shouldnt be able to get enough
information to impersonate the user
reliable- services using Kerberos would be unusable if
Kerberos isnt available
transparent-users should be unaware of its presence,
beyond the requirement to enter a password
scalable- should support large number of users
Kerberos Version 4
Terms:
C = Client
AS = authentication server
V = server
IDc = identifier of user on C
IDv = identifier of V
Pc = password of user on C
ADc = network address of C
Kv = secret encryption key shared by AS and V
TS = timestamp
|| = concatenation
10
Kerberos
In an unprotected network environment, any
client can apply to any sever for service
Risk is impersonation
To counter this, servers must be able to confirm
the identities of clients who request the service
Each server can be required to undertake this
task for each client/server interaction
11
Kerberos
An alternative is to use an AS that knows
the password of all users and store in a
centralized d/b
AS shares a unique secret key with each
server
12
IDc || Pc || IDv
Ticket
IDc || Ticket
Ticket=Ekv[IDc,ADc,IDv]
Kerberos
A more Secure Authentication Dialogue
Simple authentication dialogues problem
Too many times that user has to enter a password
User need a new ticket for every different service
16
Kerberos
A more Secure Authentication Dialogue
Once per user logon session
4.TGS C : Ticketv
Ticketv = EKv[IDC,ADC,IDV,TS2,Lifetime2]
IDtgs,TS1,LifeTime1 ]
Once per type of
service
4-TicketV
5- TicketV+ IDc
TicketV=EKv[IDc,ADc,IDv,Ts2,Lifetime2]
The threat is that an opponent will steal the ticket and use
it before it expires
TGS or an application service must be able to prove that the person
using a ticket is the same person to whom that ticket was issued
24
IDv || Ticket
(4) TGS C:
tgs
|| aunthenticator
(4)TGS C:
E(Kc,tgs [Kc,v|| IDv || TS4 || Ticketv])
Message is encrypted with session key shared by
TGS and C
includes a session key to be shared between C and
the server V
Id of V and TS
Ticket for V
27
Kerberos
The version4 Authentication Dialogue
1. C -> AS :IDC,IDTGS,TS1
2. AS -> C : Ekc[Kc,tgs,IDtgs,TS2,L-time2,Tickettgs]
Tickettgs = EKtgs[Kc,tgs,IDC,ADC,IDtgs,TS2,L-time2]
3. C -> TGS : IDV,TicketTGS,Authenticatorc
4. TGS -> C : EKc,tgs[Kc,v,IDv,TS4,TicketV]
Ticketv = EKv[Kc,v,IDC,ADC,IDv,TS4,L-time4]
Authenticatorc = EKc,tgs[IDC,ADC,TS3]
5. C -> K : TicketV,Authenticatorc
6. K -> C : EKc,v[TS5 +1]
Authenticatorc = EKc,v[IDC,ADC,TS5]
Ticket Granting
Server
Kerberos
Database
Authentication
Server
Kerberos Key Distribution Service
Server
Server
Server
Server
Workstation
Kerberos
2- E(Kc ,[Kc,tgs,IDtgs,Ts2,
Lifetime2,TicketTGS]
KERBEROS
3- TicketTGS + AuthenticatorC
+ IDv
4-E(kc,tgs[kc,v,IDv,Ts4,Ticketv])
KERBEROS
5- TicketV+ AuthenticatorC
6- E(kc,v[TS5+1])
TicketV=E(Kv [Kv,c, IDc, ADc, IDv, TS4, Lifetime4])
AuthenticatorC=Ekc,v [IDc,ADc,TS5]
35
Tickets:
Contains information which must be considered
private to the user
Allows user to use a service or to access TGS
Reusable for a period of particular time
Used for distribution of keys securely
36
Authenticators
Inter-realm Authentication:
Kerberos server in each realm shares a secret key
with other realms.
It requires
Kerberos server in one realm should trust the one in
other realm to authenticate its users
The second also trusts the Kerberos server in the first
realm
40
41
Realm
Indicates realm of the user
Options
Times
From: the desired start time for the ticket
Till: the requested expiration time
Rtime: requested renew-till time
Nonce
A random value to assure the response is fresh
Times]
Ticket v : EK v [Kc,,v Realmc || IDc ADc Times ]
Authenticator c : EK c,tgs [IDc Realmc TS1]
Ticket lifetime
1280 minutes (maximum time) any length of time
Authentication forwarding
V4 does not allow credentials issued to one client to be
forwarded to some other host and used by some other
client. V5 provides this capability.
i.e server can forward authentication to another server
Inter-realm authentication
Technical deficiencies
Kerberos : Strengths
User's passwords are never sent across the network,
encrypted or in plain text
Secret keys are only passed across the network in
encrypted form
Client and server systems mutually authenticate
It limits the duration of their users' authentication.
Authentications are reusable and durable
Kerberos has been scrutinized by many of the top
programmers, cryptologists and security experts in
the industry
51
Kerberos - in practice
Certificate:
Electronic counterparts to driver licenses,
passports
Verifies authenticity of the public key
Prevents impersonation
Enables individuals and organizations to
secure business and personal transactions
53
Certificate Authorities:
Trusted entity which issue and manage
certificates for a population of public-private
key-pair holders.
A digital certificate is issued by a CA and is
signed with CAs private key.
54
E-Mail Certificates
Browser Certificates
Server (SSL) Certificates
Software Signing Certificates
58
Block Diagrams of
Certification Process
3
Certificate
Authority
CA
Repository
Dbase
Receiving
Party
Subscriber
4
63
X.509 Formats
Serial number
Algorithm
Parameters
Algorithm
identifier
Period of
validity
Subject
Algorithm
Parameter
Key
Signature
where
Y<<X>>= the certificate of user X issued by
certification authority Y
Issuer
Not before
Not after
CA<<A>>=CA{V,SN,AI,CA,Ta,A,Ap}
Subjects
public key
X.509 Certificates
issued by a Certification Authority (CA), containing:
version (1, 2, or 3)
serial number (unique within CA) identifying certificate
signature algorithm identifier algorithm used to sign
the certificate
issuer X.500 name (CA)
period of validity (from - to dates)
subject X.500 name (name of owner-public key holder)
subject public-key info (algorithm, parameters, key)
issuer unique identifier (v2+)
subject unique identifier (v2+)
extension fields (v3)
signature (of hash of all fields in certificate encypted
with CAs private key)
notation CA<<A>> denotes certificate for A signed by CA
Obtaining a Certificate
any user with access to CA can get any
certificate from it
only the CA can modify a certificate
because cannot be forged, certificates can be
placed in a public directory
CA Hierarchy
if both users share a common CA then they are assumed
to know its public key
otherwise CA's must form a hierarchy
use certificates linking members of hierarchy to validate
other CA's
each CA has certificates for clients (forward) and parent
(backward)
69
X.509 CA Hierarchy
A acquires B certificate
using chain:
X<<W>>W<<V>>V<<Y
>>Y<<Z>> Z<<B>>
B acquires A certificate
using chain:
Z<<Y>>Y<<V>>V<<W>
>W<<X>> X<<A>>
72
73
Certificate Revocation
Authentication Procedures
X.509 includes three alternative
authentication procedures:
One-Way Authentication
Two-Way Authentication
Three-Way Authentication
all use public-key signatures
75
Authentication Procedures:
Three alternative authentication procedures:
One-Way Authentication
Two-Way Authentication
Three-Way Authentication
76
One-Way Authentication:
1 message ( A->B) used to establish
the identity of A and that message is from A
message was intended for B
message must include timestamp, nonce, B's
identity and is signed by A
integrity & originality of message
1-A {ta,ra, IDb,sgnData, E[PUb,Kab]}
B
Two-Way Authentication
2 messages (A->B, B->A) which also
establishes in addition:
the identity of B and that reply is from B
that reply is intended for A
integrity & originality of reply
1-A {ta,ra,B,sgnData,E[PUb,Kab]}
A
B
2-B {tb,rb,A,sgnData, E[PUa,Kab]}
78
Three-Way Authentication
3 messages (A->B, B->A, A->B) which
enables above authentication without
synchronized clocks
1- A {ta,ra,B,sgnData, E[PUb,Kab]}
A
2 -B {tb,rb,A,sgnData, E[PUa,Kab]}
3- A{rb}
79
Firewalls
80
Outline
Firewall Design Principles
Firewall Characteristics
Types of Firewalls
Firewall Configurations
81
Firewalls
Effective means of protecting a local system
or network of systems from network-based
security threats while affording access to
the outside world via WAN`s or the Internet
82
Firewall Design
Principles
Information systems undergo a steady evolution
(from small LAN`s to Internet connectivity)
Strong security features for all workstations and
servers not established
83
Firewall Design
Principles
The firewall is inserted between the premises
network and the Internet
Aims:
Establish a controlled link
Protect the premises network from Internet-based
attacks
Provide a single choke point
84
Firewall Characteristics
Design goals:
All traffic from inside to outside must pass
through the firewall (physically blocking all
access to the local network except via the
firewall)
Only authorized traffic (defined by the local
security policy) will be allowed to pass
85
Firewall Characteristics
Design goals:
The firewall itself is immune to penetration
86
Firewall Characteristics
Four general techniques:
Service control
Determines the types of Internet services that can be
accessed
Firewall may filter traffic on the basis of IP address
and TCP port number
Direction control
Determines the direction in which particular service
requests are allowed to flow
87
Firewall Characteristics
User control
Controls access to a service according to which
user is attempting to access it
Behavior control
Controls how particular services are used (e.g.
filter e-mail to eliminate spam)
88
Types of Firewalls
common types of Firewalls:
Application-level gateways
Circuit-level gateways
Packet-filtering routers
Bastion Host
89
Types of Firewalls
Application-level Gateway
Types of Firewalls
Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic
91
Types of Firewalls
Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable
applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each
connection
92
Types of Firewalls
Circuit-level Gateway
93
Types of Firewalls
Circuit-level Gateway
Stand-alone system or
Specialized function performed by an
Application-level Gateway
Sets up two TCP connections
The gateway typically relays TCP segments
from one connection to the other without
examining the contents
94
Types of Firewalls
Circuit-level Gateway
The security function consists of determining
which connections will be allowed
Typically use is a situation in which the system
administrator trusts the internal users
95
Types of Firewalls
Packet-filtering Router
96
Types of Firewalls
Packet-filtering Router
Applies a set of rules to each incoming IP
packet and then forwards or discards the packet
Filter packets going in both directions
The packet filter is typically set up as a list of
rules based on matches to fields in the IP or
TCP header
Two default policies (discard or forward)
97
Types of Firewalls
Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
98
Types of Firewalls
Possible attacks and appropriate countermeasures
IP address spoofing(intruder transmits packets from the
outisde with a source IP address field containing an
address of an internal host)
Counter measure
discard outside packets that contain an inside
source address.
Source routing attacks(Source specifies a route that a
packet should take.)
Counter measure
Discard all packets with this option.
99
Bastion Host
A system identified by the firewall administrator as
a critical strong point in the networks security
The bastion host serves as a platform for an
application-level or circuit-level gateway
102
Firewall Configurations
In addition to the use of simple configuration of
a single system (single packet filtering router or
single gateway), more complex configurations
are possible
Three common configurations
103
Firewall Configurations
Screened host firewall system (singlehomed bastion host)
104
Firewall Configurations
Screened host firewall, single-homed
bastion configuration
Firewall consists of two systems:
A packet-filtering router
A bastion host
105
Firewall Configurations
Configuration for the packet-filtering router:
Only packets from and to the bastion host are
allowed to pass through the router
106
Firewall Configurations
Screened host firewall system (dual-homed
bastion host)
107
Firewall Configurations
Screened host firewall, dual-homed bastion
configuration
The packet-filtering router is not completely
compromised
Traffic between the Internet and other hosts on
the private network has to flow through the
bastion host
108
Firewall Configurations
Screened-subnet firewall system
109
Firewall Configurations
Screened subnet firewall configuration
Most secure configuration of the three
Two packet-filtering routers are used
Creation of an isolated sub-network
110
IP Security
112
Outline
IP Security Overview
IP Security Architecture
Authentication Header
Encapsulating Security Payload
IPsec
Internet Protocol Security (IPsec) is a protocol
suite for securing IP communications by
authenticating and encrypting each IP packet of a
communication session.
IP Security Overview
IP security (IPSec) is a capability that can be added to
either current version of the Internet Protocol (IPv4 or
IPv6), by means of additional headers.
IPSec encompasses three functional areas: authentication,
confidentiality, and key management.
116
IPv4 Header
IPv6 Header
IP Security Overview
IPSec is not a single protocol. Instead, IPSec
provides a set of security algorithms plus a
general framework that allows a pair of
communicating entities to use whichever
algorithms provide security appropriate for
the communication.
119
IP Security Overview
Applications of IPSec
Secure branch office connectivity over the
Internet
Secure remote access over the Internet
Establsihing extranet and intranet connectivity
with partners
Enhancing electronic commerce security
121
IP Security Scenario
IP Security Overview
Benefits of IPSec
Transparent to applications (below transport layer (TCP,
UDP)
Provide security for individual users
IP Security Architecture
IPSec documents:
RFC 2401: An overview of security
architecture
RFC 2402: Description of a packet encryption
extension to IPv4 and IPv6
RFC 2406: Description of a packet emcryption
extension to IPv4 and IPv6
RFC 2408: Specification of key managament
capabilities
124
125
IPSec Services
Access Control
Connectionless integrity
Data origin authentication
Rejection of replayed packets
Confidentiality (encryption)
128
Tunnel mode
In tunnel mode, the entire IP packet is encrypted
and/or authenticated. It is then encapsulated into
a new IP packet with a new IP header
Before applying AH
129
130
Transport mode
In transport mode, only the payload (the data you
transfer) of the IP packet is usually encrypted
and/or authenticated. The routing is intact, since
the IP header is neither modified nor encrypted
131
Transport mode
Tunnel mode
The
Transport Mode
SA
Tunnel Mode
SA
AH
ESP
ESP with
authentication
135
Authentication Header
Provides support for data integrity and authentication of IP
packets.
Guards against replay attacks.
136
Before applying AH
138
139
140
Anti-replay service
A replay attack is one in which an attacker obtains
a copy of an authenticated packet and later
transmits it to the intended destination. The
sequence number field is designed to thwart such
attacks.
Sender initializes sequence number counter to 0
143
Authentication:
HMAC-MD5-96
HMAC-SHA-1-96
147
148
150
152
Outline
Pretty good privacy
S/MIME
153
154
155
Operational Description
Consist of five services:
Authentication
Confidentiality
Compression
E-mail compatibility
Segmentation
156
157
Compression
PGP compresses the message after applying
the signature but before encryption
The placement of the compression
algorithm is critical.
The compression algorithm used is ZIP
158
E-mail Compatibility
The scheme used is radix-64 conversion (see
appendix 5B).
The use of radix-64 expands the message by
33%.
159
Algorithm Used
161
162
163
164
165
166
(W. Stallings)
167
168
169
S/MIME
Secure/Multipurpose Internet Mail
Extension
S/MIME will probably emerge as the
industry standard.
PGP for personal e-mail security
170
171
172
S/MIME Functions
Enveloped Data: Encrypted content and
encrypted session keys for recipients.
Signed Data: Message Digest encrypted with
private key of signer.
Clear-Signed Data: Signed but not encrypted.
Algorithms Used
Message Digesting: SHA-1 and MDS
Digital Signatures: DSS
175
177
WEB Security
178
Outline
Web Security Considerations
Secure Socket Layer (SSL) and Transport
Layer Security (TLS)
Secure Electronic Transaction (SET)
Recommended Reading and WEB Sites
179
180
181
182
SSL Architecture
183
184
185
186
Handshake Protocol
The most complex part of SSL.
Allows the server and client to authenticate
each other.
Negotiate encryption, MAC algorithm and
cryptographic keys.
Used before any application data are
transmitted.
187
188
version number
message authentication code
pseudorandom function
alert codes
cipher suites
client certificate types
certificate_verify and finished message
cryptographic computations
padding
189
190
SET Services
Provides a secure communication channel
in a transaction.
Provides tust by the use of X.509v3 digital
certificates.
Ensures privacy.
191
SET Overview
Key Features of SET:
Confidentiality of information
Integrity of data
Cardholder account authentication
Merchant authentication
192
SET Participants
193
Dual Signature
DS EKRc [ H ( H ( PI ) || H(OI))]
195
Payment processing
Payment processing
Payment processing
Payment Authorization:
Authorization Request
Authorization Response
Payment Capture:
Capture Request
Capture Response
198
199