![Page 1: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/1.jpg)
Introduction to Computer SecurityIdentification and Authentication
Pavel LaskovWilhelm Schickard Institute for Computer Science
![Page 2: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/2.jpg)
Resource access: a big picture
1. Identification
2. Authentication
3. Authorization
4. Accountability
Which object O requests access to resource R?
Is O indeed what it claims to be?
Is O authorized to access R?
Log the transaction access(O,R)
![Page 3: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/3.jpg)
Simple identification/authentication
Ask for an identity (e.g. user name)Check if an identity is knownAsk for a shared secret (e.g. apassword)Check if the secret matches the identityPassword is stored in an encrypted formusing a one-way hash function:root:!:14118:0:laskov:$1$/et/grJh$xssVNwpdA35TwsSt7Yjvb/:14118:0:
![Page 4: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/4.jpg)
Identity management
A digital identity is a set of properties assigned to a givenobject (e.g. access rights)
Identity management:Creation and deletion of identitiesManagement of properties assigned to identitiesSecure storage of identitiesSecure handling of queries regarding identities and theirproperties.
![Page 5: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/5.jpg)
Lightweight directory access protocol (LDAP)
A directory is a specialized database optimized for searchingand browsing.LDAP entries are collections of attributes identified by aunique distinguished name (dn).Entries are characterized by types that determine theirformat and syntax (e.g. ou = “Organisational Unit”).Entries are stored in a hierarchy. A relative distinguishedname defines a search path to an entry.
![Page 6: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/6.jpg)
LDAP directory example
![Page 7: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/7.jpg)
LDAP applications
User account management (e.g. Apple Open Directory,POSIX Accounts, Microsoft Active Directory Service)Address books (Lotus Notes, Outlook, Thunderbird,Evolution)Authentication (e.g. PAM: Pluggable Authentication Module)User data in email servers and spam filters
![Page 8: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/8.jpg)
Authentication modes
User authentication Entity authenticationObject human being non-human beingApplications login
remote accessremote accesscommunication securityprogram securitykey distribution
Speed low highSecret only no yes
![Page 9: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/9.jpg)
User authentication
Something you know: passwords, passphrases, sharedsecrets (e.g. mother’s maiden name), puzzlesSomething you have: smart cards, security tokensSomething you are: biometrics, signature dynamics,keyboard dynamics, voice print
![Page 10: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/10.jpg)
What is a good password?
Long passwords are harder to break but tedious to type.Random passwords are hard to break but next to impossibleto memorize.Writing down a password on a sticky note doesn’t help.Password expiration reduces the damage but increases therisk of forgetting.Automatic password generation
easily memorizable wordspassphrases: sentences hashed into passwords
Passwords are only usable for services that are often used.
![Page 11: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/11.jpg)
Password generation examples
![Page 12: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/12.jpg)
Password generation examples
![Page 13: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/13.jpg)
Password maintenance
Generation and distributionmanual: physical presenceautomatic: off-band distribution (e.g. per post)
Password synchronizationdistribution of the same password to multiple systems
Forgotten passwords:self-service password resetassisted password reset
![Page 14: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/14.jpg)
Password threats
Brute force searchGuessingDictionary attacksKeylogging“Shoulder surfing”Identity spoofing / phishingSocial engineering
![Page 15: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/15.jpg)
Smart cards
Physical tamper-proof credentialsMemory cards: simple storage of information(e.g. medical insurance)Microprocessor cards:
advanced functionality (e.g. transactions)cryptographic operations (e.g. key validationand key-pair generation)
Java cards: a mini-JVM on a chip (e.g. forcode update).Main problem: theft and loss risk
![Page 16: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/16.jpg)
Biometric identification
Unforgeable features of a given person:fingerprintshand geometryhand topographyiris scanretina scan
...or behavioral characteristics:signature dynamicskeyboard dynamicsvoice print
![Page 17: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/17.jpg)
Disadvantages of biometric authentication
Non-zero probability of erroneous classificationHigh cost and time consumptionImpossibility to revokePrivacy issues and social acceptance
![Page 18: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/18.jpg)
Two-factor authentication
A combination of any two authenticationmodesExample: SecurID
PIN assigned to usertoken automatically generated inhardware every 30 seconds
Clock synchronization between a tokengenerator and an authentication serverrequired
![Page 19: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/19.jpg)
Single sign-on
Motivation:Reduce the need to memorize passwordsReduce the time spent on typing passwordsReducing password maintenance effort
Solutions:Local password containers (e.g. KDE Wallet)Physical authentication devicesClient-server architectures (Kerberos, Active Directory)
![Page 20: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/20.jpg)
Kerberos: a brief history
Development at MIT in the project Athena inthe 1980s, versions 1 – 3 for internal use,version 4 released in 1988.Version 5 released in 1993 fixed somesecurity flaws of the previous version;version 4 withdrawn in 2006.Banned for export by US government until2000 (due to the use of DES);re-implemented in Sweden at KTH.Currently, both implementations – MIT(Athena) and KTH (Heimdal) – support AESas the main encryption instrument.Supported by all major OS (Windows 2000up, Mac OS X, Solaris, Red Hat Enterprize)
![Page 21: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/21.jpg)
Kerberos design criteria
Security against eavesdropping: no password transmissionin clear text.Reliability: every use of a service requires priorauthentication.Transparency: user is not aware of any authenticationbeyond an initial login.Scalability: support for a large number of servers and clients.
![Page 22: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/22.jpg)
Kerberos authentication protocol
Client
Application Server
Key Distribution Center (KDC)
Authentication Server(AS)
Ticket Granting Server(TGS)
Database
AS_REQ
AS_REP
TGS_REQ
TGS_REP
AP_REQ
AP_REP
![Page 23: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/23.jpg)
Kerberos details: user login
User enters his user name U and password P at a clientworkstation.The hash value of his password Ku = h(P) becomes asecret key of the client/user.
![Page 24: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/24.jpg)
Kerberos details: user authentication
The client sends his user ID U and the requested service Sto the authentication server AS:
C→ AS : (U, S)
If the user ID is found in a database, AS generates a TGSsession key kTGS and a ticket-generating ticket TGT:
TGT : (U, S, kTGS)
AS sends TGT encrypted to C:
C← AS : {S, kTGS}Ku{TGT}KTGS
![Page 25: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/25.jpg)
Kerberos details: ticket request
The client generates an authenticator:
A : {U}kTGS
The client sends a ticket granting request to a ticket grantingserver:
C→ TGS : (S, A){TGT}KTGS
TGS verifies that U in A matches U in TGT, generates aservice session key kS and puts it into a service ticket:
TS : (U, S, kS)
TGS sends TS encrypted with the service key KS to C:
C← TGS : {S, kS}kTGS{TS}KS
![Page 26: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/26.jpg)
Kerberos details: service authentication
The client generates an authenticator:
A : {U}kS
The client sends a request to a service:
C→ S : (A){TS}KS
The service checks if U in A matches U in TS and if soaccepts the request.
![Page 27: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/27.jpg)
Kerberos resume
Provides secure authentication in an insecure network.A de-facto standard (at least open-source) in distributedauthentication services.Relatively complex in installation.Single point of failure.
![Page 28: Introduction to Computer Security - uni-tuebingen.de · Introduction to Computer Security ... Solaris, Red Hat Enterprize) Kerberos design criteria Security against eavesdropping:no](https://reader030.vdocument.in/reader030/viewer/2022020316/5b7bf6b37f8b9a9d078b4cd3/html5/thumbnails/28.jpg)
Summary
Identity management and directory tools providemechanisms for maintaining and searching for objectidentities.Passwords and shared secrets are the most common albeitnot sufficiently secure tool for user authentication.Alternative user authentication mechanisms are smartcards, biometric methods and two-factor authentication.Single sign-on methods such as Kerberos provide means forautomating authentication in large distributed environments.