Ahsan Sadeque PC-359

Question:1 Why we need Kerberos architecture. Do you feel some other easy and more efficient ways to do authentication as proposed by Kerbros? Answer: Kerberos is mature , it has been widely studied and used for security purpose for a long time. Kerberos was developed in response to clearly defined and well thought set of requirements for secure authentication of insecure links in an open environment hence meeting the requirement of modern distributed systems operating over internet and using normal protocols. Kerberos has very sound architecture designed around clear set of architectural and functional abstractions hence these abstractions helped it to evolve over time and enabled kerberos to integrate with other systems i.e. it can effectively be used on any operating system Windows , MAC , Linux. Kerberos provides single sign on for web application which removes many headaches illustrated by modern web development for not meeting the basic requirements. Kerberos does this efficiently by enabling mutual authentication for every communication session the user establishes with the service after the user is authenticated by the kerberos system. In Kerberos the password is never revealed, because the password is never presented to the authentication service. Kerberos uses cryptographic protocols whereby user can prove his or her authenticity without actually revealing it hence making it difficult for attacker to steal. Kerberos provides a system model for authentication and subsequent authorization in peer oriented , distributed computing environment. 1. It symbolizes the environment and the interaction between agents in a way that is well-matched with most distributed system approaches, making it easy to incorporate Kerberos into applications and systems. 2. It concentrates the maintenance of secrets i.e., stored passwords rather than distributing them all over the system. 3. Kerberos separates authentication from the services themselves. The file server does not know, or ask for, the users password. Instead, it gives that job to Kerberos, and to determine the authenticity of a request. 4. All parties establish prior relationships with the Kerberos service and rely upon it to verify credentials and authorize sessions. It does not require that all the communicating parties have existing relationships nor requires to share any previous authentication information with one another.

An efficient Method as compared to Kerberos would be the NTLM protocol NTLM Protocol (NT LAN Manager) NTLM is challenge-response protocol which uses three messages to authenticate aclient NEGOTIATE_MESSAGE CHALLANGE_MESSAGE AUTHENTICATE_MESSAGE

The diagram below shows the sequence of steps

The NTLM protocol uses one or both of two hashed password values, both of which are also stored on the server (or domain controller), and which are password equivalent, meaning that if you grab the hash value from the server, you can authenticate without knowing the actual password. The two are the Lan Manager Hash (a DES-based function applied to the first 14 chars of the password converted to the traditional 8 bit PC charset for the language), and the NT Hash (MD4 of the little endian UTF-16 Unicode password). Both hash values are 16 bytes (128 bits) each

Question:2 What is brief client authentication scheme proposal? Answer: Three Aspects have been characterized in the paper for client authentication scheme Use Cryptography Appropriately Protect Passwords Handle Authenticators Carefully

Use Cryptography Appropriately The paper tells us to use appropriate amount of security by keeping the security design simple because a complex design would hard to implement thus arising the argument of it being secure. An overly complex system will be difficult to manage hence causing security breaches. It discriminates being inventive, gives priority to a system that is built by experts who have experience in their field and not experimenting new ideas because new ideas always have loopholes to be penetrated. Do not rely on the secrecy of a protocol because a secret protocol would be vulnerable to exposure. Understand the properties of cryptographic tools For example, SSL alone does not provide user authentication. Although SSL can authenticate users with X.509 client certicates, commercial Web sites rarely use this feature because of PKI deployment problems. Instead, SSL is used to provide

condentiality for authentication tokens and data. However, condentiality does not ensure authentication. Hence doo not compose Crypt() security schemes whose effects are hard to for see. Protected Password Exposure of the password should be limited , this can be done by designing intelligent forms i.e. use a password type field to avoid peeking user should know its password instead of saving it in the browser. Authentication should be done using SSL as compared to Http. Guessable passwords should be prohibited i.e. words from dictionary or relative names or phone no etc. Re-authenticate before changing passwords to avoid replay attacks Handle authenticators carefully Make authenticators un-forgeable by encrypting secret information using session keys. Using session keys is not sufficient so identifiers should be cryptographically random. Authentication may contain other information that may be important so it should be protected from tampering by using Message Authentication Code requires a secret key which can decrypt the message if only the key is known. Use only strong cryptographic hash functions. Do not use CRC codes or other noncryptographic hashes. Bind authenticators to specific network addresses increases the difficulty of a replay attack. Limit the lifetime of authenticators, encrypt the timestamp secure binding, limits the damage from stolen authenticators. Avoid using persistent cookies. A persistent cookie is written to a le on the users system; an ephemeral or temporary cookie is only stored in the browsers memory and disappears when the user exits the browser.

Question 3: Paper claims more secure scheme against forgeries by the interrogative adversary and in conjunction with SSL, and active adversary. 1. Explain the proof and your comments on justification? 2. Explain interrogative adversaries and active adversaries? Answer1: It is assumed that a client has an account in the server so it sends username and password to the server, the server return with a token that is stored as cookie in the client machine. Whenever the client requests content data from the server, the authentication token is also sent with it, the token is verified by the server and the content is sent back. Now if we add SSl on top of it the certificate of both parties will authenticate each other. The scheme secures against interrogative adversaries, who can make reasonable number queries to web server, because of the authentication token. An attacker who does not have an account would not get an authentication token from the server and hence would not be able to make any request. Plus the scheme uses timestamp to authenticate the life of the cookie. Which would prevent greater damager if the scheme is somehow breached

SSL will secure against the active adversary because the certificates would encrypt the server and user public keys. The personal info and the request sent to the user is encrypted as compared to the http where the info can be easily sniffed on the network. Hence an attack in the middle would be difficult. Plus the scheme uses timestamp to authenticate the life of the cookie. Answer 2 Active Adversary Active adversary can sniff and modify all traffic between user and the server. This type of adversary can attack modifying the traffic in the middle of communication between the two parties, usually a person who controls or has access to the the proxy server between the user and the server. Interrogative Adversary The interrogative adversary as the name implies is the one who could interrogate the server with help of queries. It can choose next query based on the current query. In this way it can retrieve accounts info from the server also forge new accounts and forge the data. An interrogative adversary can carry out an adaptive chosen message attack by repeatedly asking for the server to mint or verify authenticators.