Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Essentials Chapter 4 Fourth Edition by William Stallings (Based on lecture slides by Lawrie Brown.

Published byScott Warner Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security Essentials Chapter 4 Fourth Edition by William Stallings (Based on lecture slides by Lawrie Brown."— Presentation transcript:

1 Network Security Essentials Chapter 4 Fourth Edition by William Stallings (Based on lecture slides by Lawrie Brown

2 Chapter 4 – Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman he would fear that some devil might take advantage of his weak state to slip into his body. —The Golden Bough, Sir James George Frazer

3 Outline  Key distribution (Ref. Chap.14)  User authentication: Kerberos (Ref. Chap.15)  Public-key certificate (Ref. Chap.14)  Public-key infrastructure (Ref. Chap.14)

4 Key Management and Distribution  Topics of cryptographic key management / key distribution are complex Cryptographic, protocol, & management issues Cryptographic, protocol, & management issues  Symmetric schemes require both parties to share a common secret key  Public key schemes require parties to acquire valid public keys  Have concerns with doing both

5 Key Distribution  Symmetric schemes require both parties to share a common secret key  Issue is how to securely distribute this key whilst protecting it from others  Frequent key changes can be desirable  Often secure system failure due to a break in the key distribution scheme

6 Key Distribution  Given parties A and B have various key distribution alternatives: 1. A can select key and physically deliver to B 2. Third party can select & deliver key to A & B 3. Uf A & B have communicated previously can use previous key to encrypt a new key 4. If A & B have secure communications with a third party C, C can relay key between A & B

7 Option 4  Elements in option 4 Key distribution center (KDC) Key distribution center (KDC) Session key: valid for the duration of a logical connection Session key: valid for the duration of a logical connection Permanent key: for distributing session keys Permanent key: for distributing session keys  Steps Connection request: A -> KDC Connection request: A -> KDC Connection approval: KDC generates unique one-time session key, and send to A and B Connection approval: KDC generates unique one-time session key, and send to A and B Data exchange using session key: A B Data exchange using session key: A B

8 Kerberos  Trusted key server system from MIT  Provides centralised private-key third-party authentication in a distributed network Allows users access to services distributed through network Allows users access to services distributed through network Without needing to trust all workstations Without needing to trust all workstations Rather all trust a central authentication server Rather all trust a central authentication server  Two versions in use: 4 & 5 (RFC 4120)

9 Kerberos Requirements  Its first report identified requirements as: Secure Secure Reliable Reliable Transparent Transparent Scalable Scalable  Implemented using an authentication protocol based on Needham-Schroeder

10 A Simple Authentication Dialogue  To prevent impersonation C  V: ID C ||P C C  V: ID C ||P C Burden on each server Burden on each server  Authentication server (AS) 1. C  AS: ID C ||P C ||ID V 2. AS  C: Ticket 3. C  V: ID C ||Ticket Ticket=E(K v, [ID C ||AD C ||ID V ]) Ticket=E(K v, [ID C ||AD C ||ID V ])

11 A More Secure Authentication Dialogue  Problems with the previous scenario A user has to enter a password many times A user has to enter a password many times Once for every different serviceOnce for every different service Plaintext transmission of the password Plaintext transmission of the password

12  Ticket-granting server (TGS) Once per user logon session Once per user logon session 1.C  AS: ID C ||ID tgs 2.AS  C: E(K C, Ticket tgs ) Once per type of service Once per type of service 3.C->TGS: ID C ||ID V ||Ticket tgs 4.TGS  C: Ticket v Once per server session Once per server session 5.C  V: ID C ||Ticket v Ticket tgs =E(K tgs, [ID C ||AD C ||ID tgs ||TS 1 ||Lifetime 1 ]) Ticket tgs =E(K tgs, [ID C ||AD C ||ID tgs ||TS 1 ||Lifetime 1 ]) Ticket v =E(K v, [ID C ||AD C ||ID V ||TS 2 ||Lifetime 2 ]) Ticket v =E(K v, [ID C ||AD C ||ID V ||TS 2 ||Lifetime 2 ])

13  Problems Lifetime of the tickets Lifetime of the tickets A network service must be able to prove that the person using the ticket is the same person to whom the ticket was issuedA network service must be able to prove that the person using the ticket is the same person to whom the ticket was issued Session key in KerberosSession key in Kerberos Servers need to authenticate themselves to users Servers need to authenticate themselves to users Mutual authenticationMutual authentication

14 Kerberos v4 Overview  A basic third-party authentication scheme  Have an Authentication Server (AS) Users initially negotiate with AS to identify self Users initially negotiate with AS to identify self AS provides a non-corruptible authentication credential (ticket granting ticket TGT) AS provides a non-corruptible authentication credential (ticket granting ticket TGT)  Have a Ticket Granting server (TGS) Users subsequently request access to other services from TGS on basis of users TGT Users subsequently request access to other services from TGS on basis of users TGT  Using a complex protocol using DES

15 Kerberos v4 Dialogue

16  Authentication service exchange to obtain ticket-granting ticket 1. C  AS: ID C ||ID tgs ||TS 1 2. AS  C: E(K C, [K C,tgs ||ID tgs ||TS 2 ||Lifetime 2 ||Ticket tgs ]) Ticket tgs =E(K tgs, [K C,tgs || ID C ||AD C ||ID tgs ||TS 2 ||Lifetime 2 ]) Ticket tgs =E(K tgs, [K C,tgs || ID C ||AD C ||ID tgs ||TS 2 ||Lifetime 2 ])  [Session key: K C,tgs ]

17  Ticket-granting service exchange to obtain ticket-granting ticket 3. C->TGS: ID V ||Ticket tgs ||Authenticator C 4. TGS  C: E(K C,tgs, [K c,v ||ID v ||TS 4 ||Ticket v ]) Ticket tgs =E(K tgs, [K C,tgs || ID C ||AD C ||ID tgs ||TS 2 ||Lifetime 2 ]) Ticket tgs =E(K tgs, [K C,tgs || ID C ||AD C ||ID tgs ||TS 2 ||Lifetime 2 ]) Ticket v =E(K v, [K c,v || ID C ||AD C ||ID V ||TS 4 ||Lifetime 4 ]) Ticket v =E(K v, [K c,v || ID C ||AD C ||ID V ||TS 4 ||Lifetime 4 ]) Authenticator C = E(K C,tgs, [ID C ||AD C ||TS 3 ]) Authenticator C = E(K C,tgs, [ID C ||AD C ||TS 3 ])  [Session key: K C,v ]

18  Client/Server Authentication Exchange to obtain service 5. C  V: Ticket v ||Authenticator C 6. V  C: E(K c,v, [TS 5 +1]) (for mutual authentication) Ticket v =E(K v, [K c,v || ID C ||AD C ||ID V ||TS 4 ||Lifetime 4 ]) Ticket v =E(K v, [K c,v || ID C ||AD C ||ID V ||TS 4 ||Lifetime 4 ]) Authenticator C = E(K C,v, [ID C ||AD C ||TS 5 ]) Authenticator C = E(K C,v, [ID C ||AD C ||TS 5 ])

19 Kerberos 4 Overview

20 Kerberos Realms  A Kerberos environment consists of: A Kerberos server A Kerberos server A number of clients, all registered with server A number of clients, all registered with server Application servers, sharing keys with server Application servers, sharing keys with server  This is termed a realm Typically a single administrative domain Typically a single administrative domain  In multiple realms, their Kerberos servers must share keys and trust

21 Kerberos Realms

22 C  AS: ID C ||ID tgs ||TS 1 C  AS: ID C ||ID tgs ||TS 1 AS  C: E(K C, [K C,tgs ||ID tgs ||TS 2 ||Lifetime 2 ||Ticket tgs ]) AS  C: E(K C, [K C,tgs ||ID tgs ||TS 2 ||Lifetime 2 ||Ticket tgs ]) C->TGS: ID tgsrem ||Ticket tgs ||Authenticator C C->TGS: ID tgsrem ||Ticket tgs ||Authenticator C TGS  C: E(K C,tgs, [K c,tgsrem ||ID tgsrem ||TS 4 ||Ticket tgsrem ]) TGS  C: E(K C,tgs, [K c,tgsrem ||ID tgsrem ||TS 4 ||Ticket tgsrem ]) C->TGS rem : ID Vrem ||Ticket tgsrem ||Authenticator C C->TGS rem : ID Vrem ||Ticket tgsrem ||Authenticator C TGS rem  C: E(K C,tgsrem, [K c,vrem ||ID vrem ||TS 6 ||Ticket vrem ]) TGS rem  C: E(K C,tgsrem, [K c,vrem ||ID vrem ||TS 6 ||Ticket vrem ]) C  V rem : Ticket vrem ||Authenticator C C  V rem : Ticket vrem ||Authenticator C

23 Kerberos Version 5  Developed in mid 1990’s (RFC1510)  Specified as Internet standard (RFC 4120)  Provides improvements over v4 Addresses environmental shortcomings Addresses environmental shortcomings Encryption alg, network protocol, byte order, ticket lifetime, authentication forwarding, interrealm authEncryption alg, network protocol, byte order, ticket lifetime, authentication forwarding, interrealm auth And technical deficiencies And technical deficiencies Double encryption, non-std mode of use, session keys, password attacksDouble encryption, non-std mode of use, session keys, password attacks

24 Kerberos v5 Dialogue

25 Key distribution using asymmetric encryption  Distribution of public keys  Use of public-key encryption to distribute secret keys

26 Public-Key Certificates  To send or broadcast public keys to the community is convenient, but Anyone can forge such announcement Anyone can forge such announcement  Public-key certificate CA: certificate authority CA: certificate authority Certificate: (public key + user ID) signed by CA Certificate: (public key + user ID) signed by CA

27 X.509 Certificate Use

28 Public-key distribution of secret keys  How to distribute the secret key between Alice and Bob? Diffie-Hellman key exchange Diffie-Hellman key exchange No authentication of the two communicating partnersNo authentication of the two communicating partners Public-key certificate Public-key certificate Encrypt the message with one-time session keyEncrypt the message with one-time session key Encrypt the session key using public-key encryption with Alice’s public keyEncrypt the session key using public-key encryption with Alice’s public key Attach the encrypted session key to the messageAttach the encrypted session key to the message

29 X.509 Certificates  ITU-T X.509 A part of X.500 directory service A part of X.500 directory service Database of information about usersDatabase of information about users A framework for providing authentication services by X.500 directory to its users A framework for providing authentication services by X.500 directory to its users A repository of public-key certificates A repository of public-key certificates Used in S/MIME (Chap.7), IP security (Chap.8), SSL/TLS (Chap.5) Used in S/MIME (Chap.7), IP security (Chap.8), SSL/TLS (Chap.5) First issued in 1988, revised recommendation in 1993, third version in 1995 and revised in 2000 First issued in 1988, revised recommendation in 1993, third version in 1995 and revised in 2000 Does not dictate the use of a specific alg but recommends RSA Does not dictate the use of a specific alg but recommends RSA

30 X.509 Certificates  Issued by a Certification Authority (CA), containing: version V (1, 2, or 3) version V (1, 2, or 3) serial number SN (unique within CA) identifying certificate serial number SN (unique within CA) identifying certificate signature algorithm identifier AI signature algorithm identifier AI issuer X.500 name CA issuer X.500 name CA period of validity TA (from - to dates) period of validity TA (from - to dates) subject X.500 name A (name of owner) subject X.500 name A (name of owner) subject public-key info Ap (algorithm, parameters, key) subject public-key info Ap (algorithm, parameters, key) issuer unique identifier (v2+) issuer unique identifier (v2+) subject unique identifier (v2+) subject unique identifier (v2+) extension fields (v3) extension fields (v3) signature (of hash of all fields in certificate) signature (of hash of all fields in certificate)  Notation CA > denotes certificate for A signed by CA

31 X.509 Certificates

32 Obtaining a Certificate  Any user with access to CA can get any certificate from it  Only the CA can modify a certificate  Because cannot be forged, certificates can be placed in a public directory

33 CA Hierarchy  If both users share a common CA then they are assumed to know its public key  Otherwise CA's must form a hierarchy  Use certificates linking members of hierarchy to validate other CA's Each CA has certificates for clients (forward) and parent (backward) Each CA has certificates for clients (forward) and parent (backward)  Each client trusts parents certificates  Enable verification of any certificate from one CA by users of all other CAs in hierarchy

34 CA Hierarchy Use

35 Certificate Revocation  Certificates have a period of validity  May need to revoke before expiry, eg: 1. User's private key is compromised 2. User is no longer certified by this CA 3. CA's certificate is compromised  CA’s maintain list of revoked certificates The Certificate Revocation List (CRL) The Certificate Revocation List (CRL)  Users should check certificates with CA’s CRL

36 X.509 Version 3  Has been recognised that additional information is needed in a certificate Email/URL, policy details, usage constraints Email/URL, policy details, usage constraints  Rather than explicitly naming new fields defined a general extension method  Extensions consist of: Extension identifier Extension identifier Criticality indicator Criticality indicator Extension value Extension value

37 Certificate Extensions  Key and policy information Convey info about subject & issuer keys, plus indicators of certificate policy Convey info about subject & issuer keys, plus indicators of certificate policy  Certificate subject and issuer attributes Support alternative names, in alternative formats for certificate subject and/or issuer Support alternative names, in alternative formats for certificate subject and/or issuer  Certificate path constraints Allow constraints on use of certificates by other CA’s Allow constraints on use of certificates by other CA’s

38 Public Key Infrastructure

39 PKIX Management  Functions: Registration Registration Initialization Initialization Certification Certification Key pair recovery Key pair recovery Key pair update Key pair update Revocation request Revocation request Cross certification Cross certification  Protocols: CMP (RFC 2510), CMC (RFC 2797)

40 Federated Identity Management  Use of common identity management scheme Across multiple enterprises & numerous applications Across multiple enterprises & numerous applications Supporting many thousands, even millions of users Supporting many thousands, even millions of users  Principal elements are: Authentication, authorization, accounting, provisioning, workflow automation, delegated administration, password synchronization, self-service password reset, federation Authentication, authorization, accounting, provisioning, workflow automation, delegated administration, password synchronization, self-service password reset, federation  Kerberos contains many of these elements

41 Identity Management

42 Identity Federation

43 Standards Used  Security Assertion Markup Language (SAML) XML-based language for exchange of security information between online business partners XML-based language for exchange of security information between online business partners  Part of OASIS (Organization for the Advancement of Structured Information Standards) standards for federated identity management e.g. WS-Federation for browser-based federation e.g. WS-Federation for browser-based federation  Need a few mature industry standards

44 Federated Identity Examples

Download ppt "Network Security Essentials Chapter 4 Fourth Edition by William Stallings (Based on lecture slides by Lawrie Brown."

Similar presentations

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
NETWORK SECURITY.

NETWORK SECURITY.
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Authentication Applications We cannot enter into alliance with neighbouring princes until we are acquainted with their designs. —The Art of War, Sun Tzu.

Authentication Applications We cannot enter into alliance with neighbouring princes until we are acquainted with their designs. —The Art of War, Sun Tzu.
Network Security Essentials Chapter 4

Network Security Essentials Chapter 4
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)

AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Kerberos versions 4 and 5 X.509 Authentication Service

Kerberos versions 4 and 5 X.509 Authentication Service

Similar presentations

Ads by Google