Title: DSI - IP Telecom Security
1(No Transcript)
2IP Cyber Security Unit 4 Access Control
3UNIT 4
Content
- Access and Authentication Technology
- Authentication methods PPP, PAP, CHAP, EAP
- AAA, RADIUS, TACACS, TACACS, Kerberos
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Virtual Private Networks (VPN) VPN Architectures
- Authentication On Wireless LANs
4Access Control Processes
5Access Control (AC)
- Access control is the heart of security
- Definitions
- The ability to allow only authorized users,
programs or processes system or resource access - The granting or denying, according to a
particular security model, of certain permissions
to access a resource - An entire set of procedures performed by
hardware, software and administrators, to monitor
access, identify users requesting access, record
access attempts, and grant or deny access based
on preestablished rules.
6Access Control
- Access Control
- Access control is the policy-driven limitation of
access to systems, data, and dialogs - Prevent attackers from gaining access, stopping
them if they do
7Access Control
- What Access Permissions (Authorizations) Should
They Have? - Access permissions (authorizations) define
whether a role or individual should have any
access at all - If so, exactly what the role or individual should
be allowed to do to the resource. - Usually given as a list of permissions for users
to be able to do things (read, change, execute
program, etc.) for each resource
8Access Control
- How Should Access Control Be Implemented?
- For each resource, need an access protection plan
for how to implement protection in keeping with
the selected control policy - For a file on a server, for instance, limit
authorizations to a small group, harden the
server against attack, use a firewall to thwart
external attackers, etc.
9Access Control
- Policy-Based Access Control and Protection
- Have a specific access control policy and an
access protection policy for each resource - Focuses attention on each resource
- Guides the selection and configuration of
firewalls and other protections - Guides the periodic auditing and testing of
protection plans
10Access control lists (ACL)
- A file used by the access control system to
determine who may access what programs and files,
in what method and at what time - Different operating systems have different ACL
terms - Types of access (locks)
- Read/Write/Create/Execute/Modify/Delete/Rename
11AC is implemented for all IS components including
- Hardware
- Software
- Application
- Protocol (Kerberos, IPSec)
- Physical
- Logical (policies)
12AC protect all IS components including
- Data Unauthorized viewing, modification or
copying - System Unauthorized use, modification or denial
of service - It should be noted that nearly every network
operating system (NT, Unix, Vines, NetWare) is
based on a secure physical infrastructure
13Access Control
- First Steps
- Enumeration of Resources
- Sensitivity of Each Resource
- Next, who Should Have Access?
- Can be made individual by individual
- More efficient to define by roles (logged-in
users, system administrators, project team
members, etc.)
14Access Control
- What Access Permissions (Authorizations) Should
They Have (Keys)? - Access permissions (authorizations) define
whether a role or individual should have any
access at all - If so, exactly what the role or individual should
be allowed to do to the resource. - Usually given as a list of permissions for users
to be able to do things (read, change, execute
program, etc.) for each resource
15Access Control
- How Should Access Control Be Implemented?
- For each resource, need an access protection plan
for how to implement protection in keeping with
the selected control policy - For a file on a server, for instance, limit
authorizations to a small group, harden the
server against attack, use a firewall to thwart
external attackers, etc.
16Access Control
- Policy-Based Access Control and Protection
- Have a specific access control policy and an
access protection policy for each resource - Focuses attention on each resource
- Guides the selection and configuration of
firewalls and other protections - Guides the periodic auditing and testing of
protection plans
17Access Control
- Is the ability to limit and control the access
to - the systems and application.
- Finger Prints.
- Eyes Recognition.
- Voice Identification.
- Smart Card.
18Access Control
19Access Control
20Personnel Identification and Authentication tools
21Access Control
22Password Hashing (or Encryption)
2. Hash My4Bad 11110000
1. User Aly Password My4Bad
3. Hashes Match
Client PC User Ali
Hashed Password File Ahmed 11001100 Ali 11110000 M
ohmd 00110011 Samir 11100010
4. Hashes Match, So User is Authenticated
23One way Hash Function
24Authentication
- Steps
- The user sends a request to the server seeking
for permission to enter the secured website - The server asks for his username and password to
check if that person is who he is declared to be - The user then signs in and sends the request back
to the server - Server will verify his identity and check if he
is an authorized user . - After confirming his identity, the server would
send back an approval or a denial of access to
the website..
25Authentication Forms
1. What a client knows 2. What a client
has 3. Who a client is 4. What a client
produces
26AUTHENTICATION METHODS
- What a client knows This form of authentication
deals with what the client knows. For example
passwords and user IDs. - What a client has The second form of
authentication deals with something that the
client possesses. Such things include tokens and
smart cards. Smart cards are cards that contain a
computer chip to verify the user's identity.
Tokens, on the other hand, are cards equipped
with a computer chip and a liquid crystal display
showing a computer-generated number sequence for
remote login authentication - What a client is The third form of
authentication is related to the characteristics
of the supplicant. Such characteristics are
fingerprint, iris pattern, hand geometry and
retinal print. Because these characteristics are
unique to every individual supplicant, it can be
used by systems to authenticate its users - What a client produces The final form of
authentication that we are covering addresses
what the client produces. Such examples are
technologies on signature or voice recognition,
e.g. credit card payment system.
27Biometric Authentication
28Biometric Authentication
- Biometric Authentication
- Authentication based on body measurements and
motions - Because you always bring your body with you
- Biometric Systems
- Enrollment
- Later access attempts
- Acceptance or rejection
29Biometric Authentication System
1. Initial Enrollment
User Lee Scanning
User Lee Template (01101001)
Processing (Key Feature Extraction) A01, B101,
C001
Template Database Brown 10010010 Lee
01101001 Chun 00111011 Hirota 1101110
3. Match Index Decision Criterion (Close Enough?)
2. Subsequent Access
Applicant Scanning
User Access Data (01111001)
Processing (Key Feature Extraction) A01, B111,
C001
30Biometric Authentication
- Verification Versus Identification
- Verification Are applicants who they claim to
be? (compare with single template) - Identification Who is the applicant? (compare
with all templates) - More difficult than verification because must
compare to many templates - Watch list is this person a member of a specific
group (e.g., known terrorists) - Intermediate in difficulty
31Biometric Authentication
- Verification Versus Identification
- Verification is good for replacing passwords in
logins - Identification is good for door access and other
situations where entering a name would be
difficult
32Biometric Authentication
- Precision
- False acceptance rates (FARs) Percentage of
unauthorized people allowed in - Person falsely accepted as member of a group
- Person allowed through a door who should be
allowed through it - Very bad for security
33Biometric Authentication
- Precision
- False rejection rates (FRRs) Percentage of
authorized people not recognized as being members
of the group - Valid person denied door access or server login
because not recognized - Can be reduced by allowing multiple access
attempts - High FRRs will harm user acceptance because users
are angered by being falsely forbidden
34Biometric Authentication
- Precision
- Vendor claims for FARs and FRRs tend to be
exaggerated because they often perform tests
under ideal circumstances - For instance, having only small numbers of users
in the database - For instance, by using perfect lighting,
extremely clean readers, and other conditions
rarely seen in the real world
35Biometric Authentication
- User Acceptance is Crucial
- Strong user resistance can kill a system
- Fingerprint recognition may have a criminal
connotation - Some methods are difficult to use, such as iris
recognition, which requires the eye to be lined
up carefully. - These require a disciplined group
36Biometric Authentication
- Biometric Methods
- Fingerprint recognition
- Dominates the biometric market today
- Based on a fingers distinctive pattern of
whorls, arches, and loops - Simple, inexpensive, well-proven
- Weak security can be defeated fairly easily with
copies - Useful in modest-security areas
37Biometric Authentication
- Biometric Methods
- Iris recognition
- Pattern in colored part of eye
- Very low FARs
- High FRR if eye is not lined up correctly can
harm acceptance - Reader is a cameradoes not send light into the
eye!
38Biometric Authentication
- Biometric Methods
- Face recognition
- Can be put in public places for surreptitious
identification (identification without citizen
or employee knowledge). More later. - Hand geometry shape of hand
- Voice recognition
- High error rates
- Easy to fool with recordings
39Biometric Authentication
- Biometric Methods
- Keystroke recognition
- Rhythm of typing
- Normally restricted to passwords
- Ongoing during session could allow continuous
authentication - Signature recognition
- Pattern and writing dynamics
40Biometric Authentication
- Biometric Standards
- Almost no standardization
- Worst for user data (fingerprint feature
databases) - Get locked into single vendors
41Biometric Authentication
- Can Biometrics be Fooled?
- Airport face recognition
- Identification of people passing in front of a
camera - False rejection rate rate of not identifying
person as being in the database - Fail to recognize a criminal, terrorist, etc.
- FRRs are bad
42Biometric Authentication
- Can Biometrics be Fooled?
- Airport face recognition
- 4-week trial of face recognition at Palm Beach
International Airport - Only 250 volunteers in the user database
(unrealistically small) - Volunteers were scanned 958 times during the
trial - Only recognized 455 times! (47)
- 53 FRR
43Biometric Authentication
- Can Biometrics be Fooled?
- Airport face recognition
- Recognition rate fell if wore glasses (especially
tinted), looked away - Would be worse with larger database
- Would be worse if photographs were not good
44Biometric Authentication
- Can Biometrics be Fooled?
- DOD Tests indicate poor acceptance rates when
subjects were not attempting to evade - 270-person test
- Face recognition recognized person only 51
percent of time - Even iris recognition only recognized the person
94 percent of the time!
45Biometrics Authentication
- Can Biometrics be Fooled?
- Other research has shown that evasion is often
successful for some methods - German ct magazine fooled most face and
fingerprint recognition systems - Prof. Matsumoto fooled fingerprint scanners 80
percent of the time with a gelatin finger created
from a latent (invisible to the naked eye) print
on a drinking glass
46Password-Based Access Control
47Server Password Cracking
- Reusable Passwords
- A password you use repeatedly to get access to a
resource on multiple occasions - Bad because attacker will have time to learn it
then can use it - Difficulty of Cracking Passwords by Guessing
Remotely - Usually cut off after a few attempts
- However, if can steal the password file, can
crack passwords at leisure
48Server Password Cracking
- Hacking Root
- Super accounts (can take any action in any
directory) - Hacking root in UNIX
- Super accounts in Windows (administrator) and
NetWare (supervisor) - Hacking root is rare usually can only hack an
ordinary user account - May be able to elevate the privileges of the user
account to take root action
49Server Password Cracking
- Physical Access Password Cracking
- l0phtcrack
- Lower-case L, zero, phtcrack
- Password cracking program
- Run on a server (need physical access)
- Or copy password file and run l0phtcrack on
another machine.
50Server Password Cracking
- Physical Access Password Cracking
- Brute-force password guessing
- Try all possible character combinations
- Longer passwords take longer to crack
- Using more characters also takes longer
- Alphabetic, no case (26 possibilities)
- Alphabetic, case (52)
- Alphanumeric (letters and numbers) (62)
- All keyboard characters (80)
51Password Length
Password Length In Characters
Alphanumeric Letters Digits (N62)
All Keyboard Characters (N80)
Alphabetic, Case (N52)
Alphabetic, No Case (N26)
1
62
80
52
26
2 (N2)
3,844
6,400
2,704
676
4 (N4)
14,776,336
40,960,000
7,311,616
456,976
6
56,800,235,584
2.62144E11
19,770,609,664
308,915,776
8
2.1834E14
1.67772E15
5.34597E13
2.08827E11
10
8.39299E17
1.07374E19
1.44555E17
1.41167E14
52Server Password Cracking
- Physical Access Password Cracking
- Brute Force Attacks
- Try all possible character combinations
- Slow with long passwords length
- Dictionary attacks
- Try common words (password, ouch, etc.)
- There are only a few thousand of these
- Cracked very rapidly
- Hybrid attacks
- Common word with single digit at end, etc.
53Server Password Cracking
- Password Policies
- Good passwords
- At least 6 characters long
- Change of case not at beginning
- Digit (0 through 9) not at end
- Other keyboard character not at end
- Example triV6ial
54Server Password Cracking
- Password Policies
- Testing and enforcing password policies
- Run password cracking program against own servers
- Caution requires approval! SysAdmins have been
fired for doing this without permissionand
should be - Password duration policies How often passwords
must be changed
55Server Password Cracking
- Password Policies
- Password sharing policies Generally, forbid
shared passwords - Removes ability to learn who took actions loses
accountability - Usually is not changed often or at all because of
need to inform all sharers
56Server Password Cracking
- Password Policies
- Disabling passwords that are no longer valid
- As soon as an employee leaves the firm, etc.
- As soon as contractors, consultants leave
- In many firms, a large percentage of all accounts
are for people no longer with the firm
57Server Password Cracking
- Password Policies
- Lost passwords
- Password resets Help desk gives new password for
the account - Opportunities for social engineering attacks
- Leave changed password on answering machine
- Biometrics voice print identification for
requestor (but considerable false rejection rate)
58Server Password Cracking
- Password Policies
- Lost passwords
- Automated password resets
- Employee goes to website
- Must answer a question, such as In what city
were you born? - Problem of easily-guessed questions that can be
answered with research
59Server Password Cracking
- Password Policies
- Encrypted (hashed) password files
- Passwords not stored in readable form
- Encrypted with DES or hashed with MD5
- In UNIX, etc/passwd puts x in place of password
- Encrypted or hashed passwords are stored in a
different (shadow) file to which only high-level
accounts have access
60Server Password Cracking
- Password Policies
- Windows passwords
- Obsolete LAN manager passwords (7 characters
maximum) should not be used - Windows NTLM passwords are better
- Option (not default) to enforce strong passwords
61Server Password Cracking
- Shoulder Surfing
- Watch someone as they type their password
- Keystroke Capture Software
- Professional versions of windows protect RAM
during password typing - Consumer versions do not
- Trojan horse throws up a login screen later,
reports its finding to attackers
62Server Password Cracking
- Windows Client PC Software
- Consumer version login screen is not for security
- Windows professional and server versions provide
good security with the login password - BIOS passwords allow boot-up security
- Can be disabled by removing the PCs battery
- But during a battery removal, the attacker will
be very visible - Screen savers with passwords allow away-from-desk
security after boot-up
63UNIT 4
Content
- Access and Authentication Technology
- Authentication methods PPP, PAP, CHAP, EAP
- AAA, RADIUS, TACACS, TACACS, Kerberos
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Virtual Private Networks (VPN) VPN Architectures
- Authentication On Wireless LANs
64AUTHENTICATION METHODS
- Authentication and authorization technologies
(e.g., userID and password with PAP Password
Authentication Protocol and CHAP Challenge
Handshake Authentication Protocol, Kerberos,
etc.) - Token cards
- PPP Extensible Authentication Protocol (EAP)
- Microsoft Point-to-Point Encryption (MPPE)
- Key-management protocols, e.g., Internet Security
Association and Key Management Protocol (ISAKMP),
Internet Key Exchange (IKE), etc. - Digital certificates
- Digital signatures
- Message authentication codes (MACs)
- Wireless Encryption Technologies (e.g., WEP,
802.11i)
65AUTHENTICATION METHODS
- A number of other userID and password
authentication technologies with improved
security have also been designed, primarily to be
employed during a user log-in process. - A good example is Password Challenge Handshake
Authentication Protocol (CHAP). In a network
environment, because the log-in process first
authenticates the user and then establishes a
session (a logical connection) for the user if
the user is indeed authorized
66PPP Authentication
No Authentication Is an Option
Server
Client
- To establish communications over a point-to-point
link, each end of the PPP link must first send
link configuration packets to configure the data
link during the Link Establishment Phase. - After the link has been established, PPP provides
for an optional Authentication Phase before
proceeding to the Network-Layer Protocol Phase. - The authentication protocols are intended for use
by hosts and routers that connect to a PPP
network server via switched circuits, dial-up
lines, or dedicated links.
67PAP Password Authentication Protocol
- PAP is a simple proprietary userID and password
authentication protocol. - With PAP, the password is sent across the network
to be compared against an encrypted password file
on the access server. If the password matches the
associated userID, the connection is established.
- Because the password can potentially be
intercepted by a hacker, PAP is not considered to
be secure.
68PPP Authentication
PAP Authentication
Authentication-Request Messages (Send Until
Response)
Authentication-Response Message
Server
Client
Poor Security Usernames and Passwords Are Sent
in the Clear
69Password Challenge Handshake Authentication
Protocol (CHAP)
- CHAP addresses the PAP deficiencies by having a
server send a randomly generated challenge to
the client along with the hostname. - The hostname is used by the client to look up the
appropriate password, which is then combined with
the challenge and encrypted using a one-way
hashing function to produce a result that is then
sent to the server along with the client userID. - The server performs the same computation using
the password and compares the result with the
result that has been sent back by the client. - If there is a match, the connection will be
established. Because the challenge is different
in every session, a hacker cannot replay the
sequence. - The specific method to be used can be negotiated
by a client when connecting to an RAS. - CHAP allows different types of encryption
algorithms to be used. Most commercial RASs
support Data Encryption Standard (DES) and
Message Digest 5 (MD5).
70(No Transcript)
71MS-CHAP Challenge-Response Authentication Protocol
Note Both the client and the server know the
clients password.
1. Verifier creates Challenge Message
Challenge
2. Verifier sends Challenge Message
72MS-CHAP Challenge-Response Authentication Protocol
- 3.
- Applicant (Supplicant)creates a Response
Message - Adds password toChallenge Message
- (b) Hashes the resultant bitstring (does not
encrypt) - (c) The hash is theResponse Message
Challenge
Password
Hashing (Not Encryption)
Response
73MS-CHAP Challenge-Response Authentication Protocol
4. Applicant sends Response Message without
encryption
Transmitted Response
74MS-CHAP Challenge-Response Authentication Protocol
5. Verifier adds password to theChallenge
Message it sent. Hashes the combination.This is
the expectedResponse Message.
Challenge
Password
Hashing
Expected Response
75MS-CHAP Challenge-Response Authentication Protocol
Expected Response
Transmitted Response
?
6. If the two Response Messages are equal,
the applicant knows the password and is
authenticated. Sever logs Client in.
7. Note that only hashing is involved. There is
no encryption.
76PPP Authentication
CHAP Authentication
Challenge Message
Response Message Hash (Challenge Message Secret)
Server
Client
Server computes hash of challenge message plus
secret If equals the response message,
authentication is successful
77PPP Authentication
MS-CHAP Authentication
Challenge Message
Response Message Hash (Challenge Message
Password)
Server
Client
CHAP, but with password as the secret. Widely
used because allows password authentication Standa
rd on Microsoft Windows client Only as secure as
password strength
78PPP Extensible Authentication Protocol (EAP)
- EAP is a general protocol for PPP authentication
that supports multiple authentication mechanisms.
EAP does not select a specific authentication
mechanism at Link Control Phase, but rather
postpones this until the Authentication Phase.
This allows the authenticator to request more
information before determining the specific
authentication mechanism. This also permits the
use of a back-end server that actually implements
the various mechanisms, whereas the PPP
authenticator merely passes through the
authentication exchange. - The following are the basic steps involved in the
EAP authentication process - After the Link Establishment phase is complete,
the authenticator sends one or more Requests to
authenticate the peer. The Request has a type
field to indicate what is being requested.
Examples of Request types include Identity,
MD5-challenge, One-Time Passwords, Generic Token
Card, etc. The MD5-challenge type corresponds
closely to the CHAP authentication protocol.
Typically, the authenticator will send an initial
Identity Request followed by one or more Requests
for authentication information. An initial
Identity Request is not required, and may be
bypassed in cases where the identity is presumed
(leased lines, dedicated dial-ups, etc.). - The peer sends a Response packet in reply to each
Request. As with the Request packet, the Response
packet contains a type field that corresponds to
the type field of the Request. - The authenticator ends the authentication phase
with a Success or Failure packet.
79PPP Authentication
EAP Authentication
Authenticate
Defer authentication Will provide more
information
Server
Client
EAP defers authentication to a later process Such
as RADIUS authentication
80PPP Encryption
New PPP Header. Plaintext.
Original PPP Frame. Encrypted.
New PPP Trailer. Plaintext.
PPP with EAP Encryption
New PPP Header. Plaintext.
EAP header
New PPP Trailer. Plaintext.
Code
Identifier
Length
81PPP on Direct Links and Internets
PPP Frame
Connection over Direct Link
PPP Provides End-to-End Link
Applicant (Client)
Verifier (Server)
82PPP on Direct Links and Internets
PPP Frame in IP Packet
Connection over Internet
PPP Limited to First Data Link (Network)
Router
Router
Applicant (Client)
Verifier (Server)
83PPP on Direct Links and Internets
- Note
- Tunneling Places the PPP Frame in an IP Packet,
Which Delivers the Frame. - To the Receiver, Appears to be a Direct Link.
- Allows organization to continue using existing
PPP-based security such as encryption and
authentication
84Layer 2 Tunneling Protocol (L2TP)
DSL Access Multiplexer (DSLAM) with L2TP
Client Running PPP
Internal Server
L2TP RAS
DSL
L2TP Tunnel
Local Network
Carrier Network
Note L2TP does not provide security. It
provides only tunneling. L2TP recommends the use
of IPsec for security.
85UNIT 4
Content
- Access and Authentication Technology
- Authentication methods PPP, PAP, CHAP, EAP
- AAA, RADIUS, TACACS, TACACS, Kerberos
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Virtual Private Networks (VPN) VPN Architectures
- Authentication On Wireless LANs
86Point-to-Point Tunneling Protocol (PPP)
RADIUS Server
IP Protocol 47 (GRE) Data Connection
Local ISP Access (Not Secure)
Internet
Remote Corporate PC
RADIUS Server
PPTP RAS
ISP PPTP Access Concentrator
TCP Port 1723 Supervisory Connection (Vulnerable)
Corporate Site A
87Point-to-Point Tunneling Protocol (PPP)
Direct connection between PC And RADIUS Server
IP Protocol 47 (GRE) Data Connection
Internet
Remote Corporate PC
RADIUS Server
PPTP RAS
TCP Port 1723 Supervisory Connection (Vulnerable)
Corporate Site A
88PPTP Encapsulation for Data Frames
Enhanced General Routing Encapsulation (GRE)
Header Information About Encapsulated Packet
New IP Header Protocol47 IP Destination Address
Is That of Remote Access Server
Encapsulated Original IP Packet
89RADIUS for Dial-Up Remote Access
Remote Corporate PC
1. Login Username And Password
2. OK?
Dial-Up Connection
RADIUS Server
RAS 1
Remote Corporate PC
Public Switched Telephone Network
Corporate Site A
Dial-Up Connection
RAS 2
90RADIUS for Dial-Up Remote Access
Remote Corporate PC
Dial-Up Connection
3. OK
4. Welcome
RADIUS Server
RAS 1
Remote Corporate PC
Public Switched Telephone Network
Corporate Site A
Dial-Up Connection
RAS 2
91Kerberos Authentication System
Kerberos Server Key Distribution Center (K)
Abbreviations A Applicant V Verifier K
Kerberos Server
Verifier (V)
Applicant (A)
92Kerberos Authentication System
Kerberos Server Key Distribution Center (K)
TGT (Ticket-Granting Ticket) is encrypted in
a way that only K can decrypt.
Contains information that K will read later.
1. Request for Ticket-Granting Ticket
Key nA (Network Login Key for A) is encrypted
with As Master Key (Key mA). In future
interactions with K, A will use nA to limit the
master keys exposure.
2. Response TGT, Key nA
Verifier (V)
Applicant (A)
93Kerberos Ticket-Granting Service Part 1
Authenticator is As IP address, user name, and
time stamp. This authenticator is encrypted with
Key nA to prove that A sent it.
Kerberos Server Key Distribution Center (K)
1. Request Ticket for V TGT Authenticator encr
ypted with Key nA
Key AV is a symmetric session key that A will
use with V.
2. Response Key AV encrypted with Key
nA Service Ticket
Verifier (V)
Applicant (A)
94Kerberos Ticket-Granting Service Part 2
Authenticator (Auth) encrypted with Key
AV. Service Ticket contains Key AV encrypted
with the Verifiers master key, Key mV.
Kerberos Server Key Distribution Center (K)
3. Request for Connection Auth Service Ticket
5. Ongoing Communication with Key AV
4. V decrypts Service Ticket Uses Key AV to test
Auth
95KERBEROS AUTHENTICATION ALGORITHM
- Kerberos uses a conventional symmetric
cryptography, meaning the encryption and
decryption uses the same key for both processes. - It makes use of a third trusted party, which
stores a database of secret keys, and is called a
Key Distribution Centre (KDC). - It consists of an Authentication Server (AS) and
a Ticket Granting Server (TGS), to verify the
identity of the client. - There are 3 basic steps that are done in order to
authenticate using Kerberos
96- Step 1
- The client sends a request to the authenticating
server (Kerberos). - The server then locates the client in the
database and generates a session key (SK1) to
start a session between the client and the
ticket-granting server. - Using the clients secret key, Kerberos will
encrypt the SK1, after which it will use the
secret key generated by the TGS to create a
ticket- granting ticket (TGT) and send it back to
the client.
97- Step 2
- The client decrypts the message sent by the
authentication server and receives the session
key. - It then uses it to create an authenticator which
includes the users name, IP address and
timestamp, which disallows others to steal the
information from the ticket and the authenticator
for later use, and sends it to the TGS together
with the TGT it received. - The TGS uses the SK1 inside the TGT to decrypt
the authenticator and then verifies the
information it contains, including the ticket. If
all are correct, the request is granted. - The TGS then creates a new session key (SK2) to
start a session between the client and the target
server. Using SK1, it encrypts this message, and
sends it back to the client together with a new
ticket containing the clients name, IP address,
timestamp and an expiration time (all of which
encrypted with the target servers secret key),
as well as the name of the server.
98- Step 3
- The client decrypts the message sent by the TGS
and receives the second session key. - It then creates a new authenticator encrypted
with SK2 and sends it to the target server,
together with the session key encrypted using the
target servers secret key. - The target server decrypts and checks all of the
information received. - Applications that require 2-way authentication
are returned a message with time stamp plus 1,
encrypted with SK2.
99Finally, the clients identity has been verified
by the server, and now both are able to
communicate securely using a shared encryption
key.
100Smart card authentication
- Cryptographic key is stored on the smart card,
which is unlocked by the user using a special key
pair. - In order to authenticate the user, he places his
smart card into a special card reader attached to
the system he is trying to log in to. - The key from the smart card is being read by the
system. - The system asks the user for his password to
unlock the key. - After the user key in the password, the system
performs a cryptographic key exchange with the
central server for verification of the key. The
user is being authenticated when the key is
verified.
101Sender Policy Framework (SPF)
- The Sender Policy Framework (SPF) is an extension
to the Simple Mail Transfer Protocol (SMTP). - It is an e-mail authentication method that
prevents the forgery of the sender address
residing in the return-path of an e-mail.
Malicious spammers tend to disguise their
identity by making use of other e-mail addresses
to send spam e-mails. In this way, these spammers
could avoid being tracked down and get caught. - Secondly, they could avoid having their own
mailbox filled with undelivered bounce e-mails.
SPF helps to reduce such incidences of email
address and domain spoofing by ensuring that
e-mail receivers only receive e-mails from
senders that use a legitimate server of a
particular domain.
102UNIT 4
Content
- Access and Authentication Technology
- Authentication methods PPP, PAP, CHAP, EAP
- AAA, RADIUS, TACACS, TACACS, Kerberos
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Virtual Private Networks (VPN) VPN Architectures
- Authentication On Wireless LANs
103Levels of Access Privilege
- General users in an enterprise should be grouped
at a minimum into the following three privilege
levels - Employees as users with general access privileges
for free access around the network to default
network and systems resources - Partners as users with lower access privileges
for access to some limited, predetermined network
and systems resources - Outside users with authority to access very
limited systems resources (probably only some
pieces of data or applications) through some
proxy servers. - Additional special privilege levels are likely
needed, e.g., for administrators as users with
higher access privileges, which are required to
gain access to and to administer network and
systems components like servers, routers, etc.
104IP-AUTHENTICATION MECHANISMS
- Because IP is by definition a connectionless
transport technology utilizing datagram exchanges
over the network, special facilities are needed
to ensure user authentication for each of the IP
packets transmitted and received. - Two IP authentication mechanisms
- Authentication Header AH which provides
integrity and authentication without
confidentiality. - Encapsulating Security Payload ESP which always
provides confidentiality and optionally also
provides integrity and authentication. - Both AH and ESP use an authentication algorithm
to generate authentication information known as
the Integrity Check Value (ICV), which is placed
in the authentication data field in the
corresponding header.
105Authentication Header AH
- AH defines an Authentication Header that contains
the authentication information for the particular
IP datagram and is used to provide connectionless
data integrity and source identity authentication
for IP datagrams and protection against replays. - This latter, optional service may be selected by
the receiver when a Security Association is
established. (Although the default calls for the
sender to increment the Sequence Number used for
anti-replay, the service is effective only if the
receiver checks the Sequence Number.) - AH provides authentication for as much of the IP
header as possible, as well as for upper-level
protocol data. - However, some IP header fields may change in
transit, and the value of these fields, when the
packet arrives at the receiver, may not be
predictable by the sender. - The values of such fields cannot be protected by
AH. - Thus, the protection provided to the IP header by
AH is somewhat piecemeal.
106Authentication Header AH
- AH may be applied alone, in combination with ESP,
or in a nested fashion through the use of a
tunnel mode. - Security services can be provided between a pair
of communicating hosts, between a pair of
communicating security gateways, or between a
security gateway and a host. - ESP may be used to provide similar security
services as AH, and it also provides an added
confidentiality (encryption) service. - The primary difference between the authentication
capabilities provided by ESP and AH is the extent
of the coverage offered by each. Specifically,
ESP does not protect any IP header fields unless
those with certain authenticating encryption
algorithms. Adding the AH header to an IP
datagram prior to encapsulating the datagram
using ESP might be desirable for users wishing to
have strong integrity, authentication, and
confidentiality, and perhaps also for users who
require strong non-repudiation. - When the two mechanisms are combined, the
placement of the IP AH makes clear which part of
the data is being authenticated.
107Authentication Header AH
AH Header Format The IP protocol header (IPv4,
IPv6, or Extension) immediately preceding AH will
contain the value 51 in its Protocol (IPv4) or
Next Header (IPv6, Extension) field, where
108AUTHENTICATION METHODS
109UNIT 4
Content
- Access and Authentication Technology
- Authentication methods PPP, PAP, CHAP, EAP
- AAA, RADIUS, TACACS, TACACS, Kerberos
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Virtual Private Networks (VPN) VPN Architectures
- Authentication On Wireless LANs
110IPsec ESP and AH Protection
Encapsulating Security Payload
IP Header
ESP Header
Protected
ESP Trailer
Protocol 50
Protocol 51
IP Header
Authentication Header
Protected
Authentication Header
111Modes and Protections
112Digital Signature for Message-by-Message
Authentication
To Create the Digital Signature 1. Hash the
plaintext to create a brief message digest this
is NOT the Digital Signature. 2. Sign (encrypt)
the message digest with the senders private key
to create the digital signature. 3. Transmit the
plaintext digital signature, encrypted
with symmetric key encryption.
Plaintext
Hash
MD
Sign (Encrypt) with Senders Private Key
DS
113Digital Signature for Message-by-Message
Authentication
4. Encrypted with Session Key
Sender
Receiver
114Digital Signature for Message-by-Message
Authentication
To Test the Digital Signature 5. Hash the
received plaintext with the same hashing
algorithm the sender used. This gives the message
digest. 6. Decrypt the digital signature with
the senders public key. This also should give
the message digest. 7. If the two match,
the message is authenticated.
5.
6.
Received Plaintext
DS
Decrypt with True Partys Public Key
Hash
MD
MD
7. Are they equal?
115Public Key Deception
Impostor I am the True Person. Here is TPs
public key. (Sends Impostors public key) Here
is authentication based on TPs private
key. (Really Impostors private key) Decryption
of message from Verifier encrypted with
Imposters public key, so Impostor can decrypt it
Verifier Must authenticate True
Person. Believes now has TPs public
key Believes True Person is authenticated based
on Impostors public key True Person, here is a
message encrypted with your public key.
Critical Deception
116Important X.509 Digital Certificate Fields
Field
Description
Version Number
Version number of the X.509. Most certificates
follow Version 3. Different versions have
different fields. This figure reflects the
Version 3 standard.
Issuer
Name of the Certificate Authority (CA).
Serial Number
Unique serial number for the certificate, set by
the CA.
117Important X.509 Digital Certificate Fields
Field
Description
Subject
The name of the person, organization, computer,
or program to which the certificate has been
issued. This is the true party.
Public Key
The public key of the subjectthe public key of
the true party.
Public Key Algorithm
The algorithm the subject uses to sign messages
with digital signatures.
118Important X.509 Digital Certificate Fields
Field
Description
Valid Period
The period before which and after which the
certificate should not be used. Note Certificate
may be revoked before the end of this period.
Digital Signature
The digital signature of the certificate, signed
by the CA with the CAs own private
key. Provides authentication and certificate
integrity. User must know the CAs public key
independently.
119Important X.509 Digital Certificate Fields
Field
Description
Signature Algorithm Identifier
The digital signature algorithm the CA uses to
sign its certificates.
120Digital Signature and Digital Certificate in
Authentication
Digital Certificate
Digital Signature
Public Key of True Party
Signature to Be Tested with Public Key of True
Party
Authentication
121Public Key Infrastructure (PKI) with a
Certificate Authority
Certificate Authority PKI Server
Verifier (Cheng)
6. Request Certificate Revocation List (CRL)
3. Request Certificate for Lee
7. Copy of CRL
5. Certificate for Lee
4. Certificate for Lee
- Create
- Distribute
- Private Key
- and
- (2) Digital Certificate
Applicant (Lee)
Verifier (Brown)
122Public Key Infrastructure (PKI)
- Goals of PKI
- Authenticate the user/system at the sending end
of a transaction - Authenticate the user/system at the receiving end
of a transaction - Non-repudiation
- PKI components
- Certification Authority (CA)
- Registration Authority (RA)
- Certificate Repository
- Certificate Archive
123Certification Authority (CA) The CA acts like a
trusted third-party which is made up of hardware,
software and the people operating it. It is in
charge of issuing, managing, authenticating,
signing and revoking of digital certificates.
Digital certificates are like evidence that shows
the binding between an entity and its public key.
Every CA is identified by its name and public
key. Therefore, certificates are signed by the CA
using its name and encrypted with its private key
to prove their authenticity. Verification of the
certificates is done by decrypting with the CAs
public key therefore, the CA must adequately
protect its private key. Registration Authority
(RA) Not everyone is entitled to possess a
digital certificate. The RA is set up to assist
the CA in verifying an entitys identity and
determines if it is eligible to have a public key
certificate issued.
124Certificate Repository This is a database that
stores all the active digital certificates
managed by the CA. The repository is publicly
readable, but the CA is the only authorized
entity that can modify or update it. The
certificate repository also consists of a
Certificate Revocation List (CRL) which is
issued, time-stamped and signed by the CA. A CRL
contains unique information about revoked
certificates to enable relying entities to
determine a particular certificates
validity. Certificate Archive It contains old
certificates that were issued by the CA and valid
at that point in time. Therefore, if there are
any verification disputes on signatures of old
documents, archived certificates can be retrieved
to prove the authenticity of these documents.
125Authentication using Public Key Infrastructure
(PKI) In order for authentication to take
place, there must be some sort of cryptography
system to be put in place. PKI supports the
authentication of users and systems by making use
of public key cryptography, which is the
cryptography system that PKI is based on.
126Implementation of PKI
127Cross Certification of PKIs
128Digital Signature for Message-by-Message
Authentication
To Create the Digital Signature 1. Hash the
plaintext to create a brief message digest this
is NOT the Digital Signature. 2. Sign (encrypt)
the message digest with the senders private key
to create the digital signature. 3. Transmit the
plaintext digital signature, encrypted
with symmetric key encryption.
Plaintext
Hash
MD
Sign (Encrypt) with Senders Private Key
DS
129Digital Signature for Message-by-Message
Authentication
4. Encrypted with Session Key
Sender
Receiver
130Digital Signature for Message-by-Message
Authentication
To Test the Digital Signature 5. Hash the
received plaintext with the same hashing
algorithm the sender used. This gives the message
digest. 6. Decrypt the digital signature with
the senders public key. This also should give
the message digest. 7. If the two match,
the message is authenticated.
5.
6.
Received Plaintext
DS
Decrypt with True Partys Public Key
Hash
MD
MD
7. Are they equal?
131Public Key Deception
Impostor I am the True Person. Here is TPs
public key. (Sends Impostors public key) Here
is authentication based on TPs private
key. (Really Impostors private key) Decryption
of message from Verifier encrypted with
Imposters public key, so Impostor can decrypt it
Verifier Must authenticate True
Person. Believes now has TPs public
key Believes True Person is authenticated based
on Impostors public key True Person, here is a
message encrypted with your public key.
Critical Deception
132Important X.509 Digital Certificate Fields
Field
Description
Version Number
Version number of the X.509. Most certificates
follow Version 3. Different versions have
different fields. This figure reflects the
Version 3 standard.
Issuer
Name of the Certificate Authority (CA).
Serial Number
Unique serial number for the certificate, set by
the CA.
133Important X.509 Digital Certificate Fields
Field
Description
Subject
The name of the person, organization, computer,
or program to which the certificate has been
issued. This is the true party.
Public Key
The public key of the subjectthe public key of
the true party.
Public Key Algorithm
The algorithm the subject uses to sign messages
with digital signatures.
134Important X.509 Digital Certificate Fields
Field
Description
Valid Period
The period before which and after which the
certificate should not be used. Note Certificate
may be revoked before the end of this period.
Digital Signature
The digital signature of the certificate, signed
by the CA with the CAs own private
key. Provides authentication and certificate
integrity. User must know the CAs public key
independently.
135Important X.509 Digital Certificate Fields
Field
Description
Signature Algorithm Identifier
The digital signature algorithm the CA uses to
sign its certificates.
136Digital Signature and Digital Certificate in
Authentication
Digital Certificate
Digital Signature
Public Key of True Party
Signature to Be Tested with Public Key of True
Party
Authentication
137Public Key Infrastructure (PKI) with a
Certificate Authority
Certificate Authority PKI Server
Verifier (Cheng)
6. Request Certificate Revocation List (CRL)
3. Request Certificate for Lee
7. Copy of CRL
5. Certificate for Lee
4. Certificate for Lee
- Create
- Distribute
- Private Key
- and
- (2) Digital Certificate
Applicant (Lee)
Verifier (Brown)
138Public Key Infrastructure (PKI)
- Goals of PKI
- Authenticate the user/system at the sending end
of a transaction - Authenticate the user/system at the receiving end
of a transaction - Non-repudiation
- PKI components
- Certification Authority (CA)
- Registration Authority (RA)
- Certificate Repository
- Certificate Archive
139Certification Authority (CA) The CA acts like a
trusted third-party which is made up of hardware,
software and the people operating it. It is in
charge of issuing, managing, authenticating,
signing and revoking of digital certificates.
Digital certificates are like evidence that shows
the binding between an entity and its public key.
Every CA is identified by its name and public
key. Therefore, certificates are signed by the CA
using its name and encrypted with its private key
to prove their authenticity. Verification of the
certificates is done by decrypting with the CAs
public key therefore, the CA must adequately
protect its private key. Registration Authority
(RA) Not everyone is entitled to possess a
digital certificate. The RA is set up to assist
the CA in verifying an entitys identity and
determines if it is eligible to have a public key
certificate issued.
140Certificate Repository This is a database that
stores all the active digital certificates
managed by the CA. The repository is publicly
readable, but the CA is the only authorized
entity that can modify or update it. The
certificate repository also consists of a
Certificate Revocation List (CRL) which is
issued, time-stamped and signed by the CA. A CRL
contains unique information about revoked
certificates to enable relying entities to
determine a particular certificates
validity. Certificate Archive It contains old
certificates that were issued by the CA and valid
at that point in time. Therefore, if there are
any verification disputes on signatures of old
documents, archived certificates can be retrieved
to prove the authenticity of these documents.
141Authentication using Public Key Infrastructure
(PKI) In order for authentication to take
place, there must be some sort of cryptography
system to be put in place. PKI supports the
authentication of users and systems by making use
of public key cryptography, which is the
cryptography system that PKI is based on.
142Implementation of PKI
143Cross Certification of PKIs
144UNIT 4
Content
- Access and Authentication Technology
- Authentication methods PPP, PAP, CHAP, EAP
- AAA, RADIUS, TACACS, TACACS, Kerberos
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Virtual Private Networks (VPN) VPN Architectures
- Authentication On Wireless LANs
145VPN
- VPN is used to provide secure network links
across networks - VPN is constructed on top of existing network
media and protocols - On protocol level IPsec is the first choice
- Other protocols are PPTP, L2TP
146VPN
147VPN? Whats that?
A VPN is a service that simulates a PRIVATE link
over a PUBLIC network (usually a SP).
Ideally
Private Line (leased)
148VPN? Whats that?
149Access VPN Client Initiated
Internet
Encrypted IP
CorporateNetwork
- Encrypted tunnel from the remote clientto the
corporate network - Independent of broadband access technology
- Standards compliant
- IPSec encapsulated tunnel
- IKE key management
150VPN Types Intranet VPN
Remote Office
Main Office
POP
Internet/ IP VPNs
POP
Remote Office
POP
Service Provider
- Extends the connectionlessIP model across a
shared WAN - Reduces application development time
- Reduces support costs
- Reduces line costs
151VPN Types Extranet VPN
Remote Office
Business Partner
POP
Internet/ IP VPNs
POP
Remote Office
Main Office
POP
Service Provider
Supplier
Customer
- Extend connectivity to suppliers, customers, and
business partners - Over a shared infrastructure
- Using dedicated connections
- While ensuring proper level of authorized access
152Requirements for a VPN
3.Data should not be altered (any
change should be detectable) (DATA INTEGRITY)
1.Identify and authenticate the other
party (AUTHENTICATION) 2.Un-authorized person
should not be able to intercept, record or
e