网络安全课件Chapter 4

HenricJohnson1Chapter4AuthenticationApplicationsHenricJohnsonBlekingeInstituteofTechnology,Sweden@bth.seHenricJohnson2Outline•SecurityConcerns•Kerberos•X.509AuthenticationService•RecommendedreadingandWebSitesHenricJohnson3SecurityConcerns•keyconcernsareconfidentialityandtimeliness•toprovideconfidentialitymustencryptidentificationandsessionkeyinfo•whichrequirestheuseofpreviouslysharedprivateorpublickeys•needtimelinesstopreventreplayattacks•providedbyusingsequencenumbersortimestampsorchallenge/responseHenricJohnson4KERBEROSInGreekmythology,amanyheadeddog,theguardianoftheentranceofHadesHenricJohnson5KERBEROS•Userswishtoaccessservicesonservers.•Threethreatsexist:–Userpretendtobeanotheruser.–Useralterthenetworkaddressofaworkstation.–Usereavesdroponexchangesanduseareplayattack.HenricJohnson6KERBEROS•Providesacentralizedauthenticationservertoauthenticateuserstoserversandserverstousers.•Reliesonconventionalencryption,makingnouseofpublic-keyencryption•Twoversions:version4and5•Version4makesuseofDESHenricJohnson7KerberosVersion4•Terms:–C=Client–AS=authenticationserver–V=server–IDc=identifierofuseronC–IDv=identifierofV–Pc=passwordofuseronC–ADc=networkaddressofC–Kv=secretencryptionkeysharedbyASanV–TS=timestamp–||=concatenationHenricJohnson8ASimpleAuthenticationDialogue(1)CAS:IDc||Pc||IDv(2)ASC:Ticket(3)CV:IDc||TicketTicket=EKv[IDc||Pc||IDv]HenricJohnson9Version4AuthenticationDialogue•Problems:–Lifetimeassociatedwiththeticket-grantingticket–Iftoshortrepeatedlyaskedforpassword–Iftolonggreateropportunitytoreplay•ThethreatisthatanopponentwillstealtheticketanduseitbeforeitexpiresHenricJohnson10Version4AuthenticationDialogueAuthenticationServiceExhange:ToobtainTicket-GrantingTicket(1)CAS:IDc||IDtgs||TS1(2)ASC:EKc[Kc,tgs||IDtgs||TS2||Lifetime2||Tickettgs]Ticket-GrantingServiceEchange:ToobtainService-GrantingTicket(3)CTGS:IDv||Tickettgs||Authenticatorc(4)TGSC:EKc[Kc,¨v||IDv||TS4||Ticketv]Client/ServerAuthenticationExhange:ToObtainService(5)CV:Ticketv||Authenticatorc(6)VC:EKc,v[TS5+1]HenricJohnson11OverviewofKerberosHenricJohnson12RequestforServiceinAnotherRealmHenricJohnson13DifferenceBetweenVersion4and5•Encryptionsystemdependence(V.4DES)•Internetprotocoldependence•Messagebyteordering•Ticketlifetime•Authenticationforwarding•InterrealmauthenticationHenricJohnson14KerberosEncryptionTechniquesHenricJohnson15PCBCModeHenricJohnson16Kerberos-inpractise•CurrentlyhavetwoKerberosversions:•4:restrictedtoasinglerealm•5:allowsinter-realmauthentication,inbetatest•Kerberosv5isanInternetstandard•specifiedinRFC1510,andusedbymanyutilities•TouseKerberos:•needtohaveaKDConyournetwork•needtohaveKerberisedapplicationsrunningonallparticipatingsystems•majorproblem-USexportrestrictions•KerberoscannotbedirectlydistributedoutsidetheUSinsourceformat(&binaryversionsmustobscurecryptoroutineentrypointsandhavenoencryption)•elsecryptolibrariesmustbereimplementedlocallyHenricJohnson17X.509AuthenticationService•Distributedsetofserversthatmaintainsadatabaseaboutusers.•EachcertificatecontainsthepublickeyofauserandissignedwiththeprivatekeyofaCA.•IsusedinS/MIME,IPSecurity,SSL/TLSandSET.•RSAisrecommendedtouse.HenricJohnson18X.509FormatsHenricJohnson19TypicalDigitalSignatureApproachHenricJohnson20ObtainingaUser’sCertificate•CharacteristicsofcertificatesgeneratedbyCA:–AnyuserwithaccesstothepublickeyoftheCAcanrecovertheuserpublickeythatwascertified.–NopartotherthantheCAcanmodifythecertificatewithoutthisbeingdetected.HenricJohnson21X.509CAHierarchyHenricJohnson22RevocationofCertificates•Reasonsforrevocation:–Theuserssecretkeyisassumedtobecompromised.–TheuserisnolongercertifiedbythisCA.–TheCA’scertificateisassumedtobecompromised.HenricJohnson23AuthenticationProceduresHenricJohnson24RecommendedReadingandWEBSites•(searchforkerberos)•Bryant,W.DesigninganAuthenticationSystem:ADialogueinFourScenes.•Kohl,J.;Neuman,B.“TheEvolotionoftheKerberosAuthenticationService”•