8.5 AUTHENTICATION AND KEY DISTRIBUTION - PowerPoint PPT Presentation

1 / 61
About This Presentation
Title:

8.5 AUTHENTICATION AND KEY DISTRIBUTION

Description:

8.5 AUTHENTICATION AND KEY DISTRIBUTION Bassam Tork Dr. Yanqing Zhang * * * * Similarly, each CA has a local keystore which stores its private/public key pair and the ... – PowerPoint PPT presentation

Number of Views:134
Avg rating:3.0/5.0
Slides: 62
Provided by: Kart163
Learn more at: https://www.cs.gsu.edu
Category:

less

Transcript and Presenter's Notes

Title: 8.5 AUTHENTICATION AND KEY DISTRIBUTION


1
8.5AUTHENTICATION AND KEY DISTRIBUTION
  • Bassam Tork
  • Dr. Yanqing Zhang

2
Outline
  • Concepts
  • Authentication Protocols
  • Design of Authentication Protocols
  • Needham-Schroeder Protocol
  • Kerberos Protocol Version V
  • Research
  • Case Study Key Distribution Framework for a
    Mobile Agent Platform
  • References

3
Overview Randy Chow et al,1997
  • Authentication is the process of verifying the
    identity of an object entity.
  • one-way verificationPassword verification.
  • Two way authentication both communicating
    entities verify each others identity.
  • This type of mutual authentication is important
    for communication between autonomous principals
    in a client/server or peer-to-peer distributed
    environment.

4
Orvveiew George Coulouris et al,2001
  • Cryptography is used for authenticating
    communication between pairs of principals.
  • If keys are held in private, a successful
    decryption authenticates the decrypted message as
    coming from a particular sender.

5
Authentication Protocols Randy Chow et al,1997
  • Authentication protocols are all about
    distribution and management of secret keys.
  • Key distribution in a distributed environment is
    an implementation of distributed authentication
    protocols.

6
Design of Authentication Protocols Randy Chow
et al,1997
  • Many authentication protocols have been proposed
  • All protocols assume that some secret information
    is held initially by each principal.
  • Authentication is achieved by one principal
    demonstrating the other that it holds that secret
    information.
  • All protocols assume that system environment is
    very insecure and is open for attack. So any
    message received by a principal must have its
    origin authenticity, integrity and freshness
    verified.

7
Design of Authentication Protocols Randy Chow
et al,1997
  • To achieve these goals, most protocols need to
    rely on an authentication server.
  • Capable Authentication server delivers
    good-quality session keys and distribute them to
    the requesting principals securely.
  • Trustworthy Authentication server maintains a
    table containing a name and a secret key for each
    principal. The secret key is used only to
    authenticate client processes to the
    authentication server and to transmit messages
    securely between client processes and the
    authentication server.

8
Design of Authentication Protocols Randy Chow
et al,1997
  • Protocols are divided into two categories to
    verify the freshness of a message.
  • First category uses nonce and challenge/ response
    handshake to verify freshness.
  • Second category uses timestamps and assumes that
    all machines in distributed system are
    clock-synchronized.

9
The Evolution of Authentication ProtocolsRandy
Chow et al,1997
  • Needham-Schroeder Protocol.
  • Kerberos protocol.

10
Needham-Schroeder Protocol George Coulouris
et al,2001
  • This original work includes secret-key protocol
    and public key protocol
  • Public-key protocol does not depend on the
    existence of authentication server and is hence
    more suitable for use in networks with many
    independent management domains.
  • Secret-key protocol provides a solution to
    authentication and key distribution based on an
    authentication server.

11
Needham-Schroeder Secret-key Protocol
http//en.wikipedia.org/wiki/Needham-Schroeder_p
rotocol, May 2008
  • The protocol is based on the generation and
    transmission of ticket by the authentication
    server.
  • A ticket is an encrypted message containing a
    secret key for use in communication between A and
    B.
  • The protocol consists of 5 steps.

12
Needham-Schroeder Secret-key Protocol
  • A-gtS A, B, NA
  • A requests S to supply a key for communication
    with B
  • S-gtA NA, B, KAB, A, KAB KB KA
  • S returns a message encrypted in As secret key,
    containing a newly generated key KAB, and a
    ticket encrypted in Bs secret key
  • A-gtB A, KAB KB
  • A sends the ticket to B
  • B-gtA NB KAB
  • B decrypts the ticket and uses the new key KAB
    to encrypt another nonce NB
  • A-gtB NB - 1 KAB
  • A demonstrates to B that it was the sender of
    the previous message by returning an agreed
    transformation of NB

13
Weakness
  • If session key between A and B is compromised,
    and the ticket to B is recorded, an intruder can
    impersonate A by carrying out last 3 steps.
  • The weakness can be remedied by adding a
    timestamp to message3, so that it becomes. A-gtB
    A, t, KAB KB
  • B decrypts this message and checks that t is
    recent. This is the solution adopted in Kerberos

14
Kerberos Protocol V George Coulouris et
al,2001
  • Based on Needham-Schroeder but uses timestamps
  • It is included in the Distributed Computing
    Environment (DCE) and in the windows 2000 as the
    default authentication service.
  • A Kerberos server is known as a Key Distribution
    Centre (KDC).
  • Each KDC has an authentication service (AS) and
    a Ticket Granting service (TGS).

15
Kerberos Protocol V George Coulouris et
al,2001
  • Kerberos deals with three kinds of security
    object
  • Ticket a token issued to a client by the
    Ticket-Granting Service for presentation to a
    particular server, verifying that the sender has
    recently been authenticated by Kerberos. Tickets
    include an expiry time and a newly generated
    session key for the use by the client and the
    server
  • Authenticator a token constructed by a client
    and sent to a server to prove the identity of the
    user.
  • It contains clients name and a timestamp and
    is encrypted in the appropriate session key
  • Session key a secret key generated by Kerberos
    and issued to a client for use when communicating
    with a particular server.

16
Kerberos Protocol V
  • A Kerberos ticket has a fixed period of validity
    starting at time t1 and ending at time t2. A
    ticket for a client C to access a serve S takes
    the form
  • C,S, t1, t2, Kcs Ks, which we denote as
    ticket(C,S) Ks
  • The clients name is included in the ticket to
    avoid possible use by impostors.
  • The protocol consists of 4 steps.

17
Kerberos Protocol V
  • Step A obtain Kerberos session key and TGS
    ticket, once per login session
  • C-gtA C,T, n
  • Client C requests the Kerberos authentication
    server A to supply a ticket for communication
    with the TGS T
  • A-gtC KcT, n, ticket(C, T) KT Kc
  • A returns a message containing a ticket
    encrypted in its secret key and a session key for
    C to use with T.

18
Kerberos Protocol V
  • To obtain a ticket for any server S, C constructs
    an authenticator encrypted in KcT of the form
  • C, t KcT, which we denote as auth(C) KcT
  • Step B obtain ticket for a server S, once per
    client-server session
  • C-gtT auth(C)KcT, ticket(C, T) KT, S, n
  • C requests the ticket-granting server T to
    supply a ticket for communication with another
    server S
  • T-gtC Kcs, n, ticket(C,S) Ks KcT
  • T checks the ticket. If it is valid T generates
    a new session key Kcs and returns it with a
    ticket for S (encrypted in the servers secret
    key Ks).

19
Kerberos Protocol V
  • Step C issue a server request with a ticket
  • C-gtS auth(C) Kcs, ticket(C, S) Ks, request,
    n
  • C sends the ticket to S with a generated
    authenticator for C and a request.
  • Step D Authenticate server (optional)
  • S-gtC n Kcs

20
Drawbacks http//en.wikipedia.org/wiki/Kerberos_
(protocol), October 2009
  • Single point of failure It requires continuous
    availability of a central server. When the
    Kerberos server is down, no one can log in.
  • This can be mitigated by using multiple Kerberos
    servers and fallback authentication mechanisms.
  • Kerberos requires the clocks of the involved
    hosts to be synchronized.
  • The tickets have a time availability period and
    if the host clock is not synchronized with the
    Kerberos server clock, the authentication will
    fail.
  • The default configuration requires that clock
    times are no more than 10 minutes apart.

21
  • Research

22
  • Case Study
  • Key Distribution Framework for a Mobile Agent
    PlatformLeila Ismail et al, 2008

23
OutlineLeila Ismail et al, 2008

1-Definition 2-Security threats in a mobile agent
system. 3-The rationale beyond authentication for
mobile agents. 4-Present the requirements for key
distribution in a mobile agent system. 5-
Describe key distribution mechanisms. 6-Describe
the key distribution protocol for a mobile agent
platform and for the mobile agents. 7-
comparison with related works, conclusion. 8-Futur
e Work
24
Definition
  • A Mobile Agent is a process with its own code
    and data that can migrate in the network from one
    host (called agent server) to another to perform
    a specific task on behalf of their users.
  • Mainly intended to address efficiency problems
    of Distributed applications.
  • They reduce communication costs by moving
    computation to or close
  • to the host on which the target data reside.
  • Can move closer to potential resources for
    access.
  • In addition agents communicate with each others
    either locally or remotely.
  • In these scenarios, protection becomes an urgent
    need.

25
Example

The agent moves from one travel agency to
another. At each travel agency, the agent
compares the prices of the flights got from the
current agency with those got from the previous
agencies, selects the flight with the best price
and moves to the next agency
26
Security Threats
  • Spying and intercepting the agent (Man in the
    Middle Attacks).
  • A competitor travel agency can modify to its
    interest the intermediate results of the cheapest
    price obtained by the mobile agent (agents
    integrity).
  • An attacker can also modify the agents data
    causing an error leading to a Denial of Service
    attack (DOS).
  • This type of attack can be mounted through
    vulnerable communication channels of the system.
    An attack of this nature can happen during an
    agents migration.

27
Security Threats-cont.
  • Spying and intercepting the agents itinerary.
  • The itinerary of an agent is the list of agents
    servers to visit. Knowing the agents itinerary,
    a DOS attack can be mounted against the agent
    itself.
  • A competitor travel agency for instance can
    modify an agents itinerary so that the agent
    would not visit other competitors.
  • The agents itinerary can be also be maliciously
    modified so that to deviate the agent from its
    destination. Thus forcing the agent to move to an
    unknown agent server or to skip certain agents
    server.

28
Security Threats-cont.
  • Masquerading. This type of attack consists of
    bypassing the authentication mechanisms.
  • An agent pretends to be some other uthenticated
    agent to obtain access rights. Gaining access,
    the agent would then compromise the
    confidentiality and the integrity of accessed
    resources.
  • For example, an agent can pretend to be an
    administrative agent so that to gain access to
    flights prices and modify the prices to its
    interest.

29
Security Threats-cont.
  • DOS attack against an agent server by the mobile
    agent.
  • An agent executing on an agents server can clone
    itself to an unlimited number of agents. It can
    consume a huge number of CPU cycles, create a
    huge number of processors, etc.

30
Security Threats-cont.
  • Repudiation The repudiation is the refusal to
    admit responsibility of an action.
  • For instance, an agent (representing a user) can
    refuse to admit a banking transaction which
    involves fund transfer.
  • In case of collaboration between 2 agents, the
    sender of the message can refuse to admit sending
    the message and the receiver of the message can
    refuse to admit of receiving a message.

31
Security Threats-cont.
  • Based on the above threats, we need to achieve
    theses security issues
  • Protecting an agent server from a mobile agent.
    This consists of protecting the receiving hosts
    resources, such as file system, memory, CPU
    cycles, and I/O channels.
  • In particular an agent must not be able to access
    files ,memory for which it does not have access
    rights. Also, an agent must not be able to run
    forever on a receiving host.

32
Security Threats-cont.
  • Protecting cooperating agents. Agents can
    communicate locally within an agents server or
    remotely. Agents must authenticate each others
    before communication takes place.
  • Protecting an agent from an agent server. This
    problem consists of protecting an agent from an
    malicious agents server that is executing it.

33
Mobile Agents Authentication
  • Authentication is the process of verifying the
    identity of a principal for an eventual access
    control.
  • In a mobile agent system, authentication is used
    for 2 main reasons
  • Authenticating agent servers. This consists of
    authenticating both the sender and the receiver,
    so that to establish a mutual trust at the
    platform level.

34
Mobile Agents Authentication-cont.
  • Authenticating mobile agents. It is necessary to
    authenticate mobile agents so that to establish a
    trust at the application level.

35
Key Distribution Requirements.
  • In designing the key distribution protocol, the
    authors took into consideration the following
    requirements
  • Security domain change The Certifiction
    Authority (CA) of the receiving security domain
    must be able to authenticate the agent which
    comes from another security domain.

36
Key Distribution Requirements-cont.
  • Trust establishment The key distribution process
    should start with a very high trust relationship
    with the Certifiction Authority (CA) .
  • Secure key distribution The key distribution
    process should be conducted in a secure manner
    (e.g., trusted path).
  • Efficiency The key distribution process should
    not consume a lot of resources, such as machines
    CPUs and network bandwidth.

37
Key Distribution Requirements-cont.
  • Scalability The key distribution process must be
    scalable enough, so that the mobile agent can
    have the ability to roam widely.
  • Transparency The mobile agents should not
    include a code which is proper to key
    distribution.
  • This will ease programming as agents programmers
    will concentrate on the programming logic rather
    than the key obtaining issues.

38
Key Distribution Requirements-cont.
  • Portability The protocol should not be platform
    specific and should be ported to any mobile agent
    platform.
  • Ease of administration The key distribution
    protocol should not be a burden on the
    administrator. The protocol is an automated
    infrastructure that should require minimum
    administrators intervention.

39
Key Distribution Mechanisms.
  • System Components
  • A key distribution system for mobile agents
    includes the following components
  • Agent An agent is a software component which
    executes on behalf of a particular user who is
    the user of the agent.
  • An agent can be mobile and move from one host
    server to another under its own control to
    achieve tasks on these hosts servers.

40
Key Distribution Mechanisms.
Architecture of Key Distribution System in a
Mobile Agent Transform
41
Key Distribution Mechanisms - cont. -System
Components-
  • Agent Server Each host, as part of the mobile
    agent platform, runs an execution environment,
    the agent server.
  • Messaging System. A messaging system is part of
    an agent execution environment. It provides
    facilities for agents to communicate both locally
    and remotely

42
Key Distribution Mechanisms - cont. -System
Components-
  • The CA. It is a trusted third party which
    provides digital certificates for mobile agents,
    users and agent servers.
  • All digital certificates are signed by the CA
    for further verification of their authenticity
    and validity.

43
Key Distribution Mechanisms - cont. -System
Components-
  • Keystore Each agent server has a local database
    which is used to store and retrieve its own
    private/public key pair and the digital
    certificate.
  • It also stores the digital certificate of the
    trusted CA and other agent severs, mobile agents,
    and CAs with which the agent server has prior
    communication.
  • Similarly, each CA has a local keystore .

44
Key Distribution Mechanisms - cont. -System
Components-
  • Security Domain A security domain consists of a
    group of agent servers which are under one common
    CA. In the security domain, the agent servers
    have the digital certificate of their local CA
    stored in their local keystores.
  • When a mobile agent moves, it can move within the
    same security domain or changes a security domain.

45
Key Distribution Mechanisms - cont. - Key
Authentication-
  • Examples of entity impersonation threat
  • Ex1 when a user agent assumes the identity of
    another already authenticated user agent to
    gain benefit from the communication.
  • Ex2 when an agent server assumes the identity of
    another very credible agent server in order to
    gain advantage over it.

46
Key Distribution Mechanisms - cont. - Key
Authentication-
  • To protect against such threat, public keys of
    both user agents and agent servers must be
    authenticated.
  • The most widely approaches, for solving the key
    authentication problem
  • 1-ones based on the certifying authority model
    (e.g. Secure Socket Layer/Transport layer
    Security(SSL/TLS)) .
  • 2-The web-of-trust (e.g. pretty Good
    Privacy(PGP).
  • The researchers adopted the certifying authority
    model as a key
  • authentication method for trust establishment.
  • They believe that this approach has an advantage
    over the web of trust
  • because the web of trust relies on one to one
    trust establishment between
  • entities, which cannot be achieved in a mobile
    agent environment where
  • prior knowledge between communicating entities
    may not exist.

47
Key Distribution Mechanisms - cont. - Key
Authentication-
  • For key authentication, the authers made the
  • following assumptions
  • Trust must be established between different CAs.
  • Every mobile agent server must be pre-configured
    with the digital certificate of the local CA
    within the same security domain.

48
Key Distribution protocol
Key Distribution Protocol for a Mobile Agent
Platform
49
Key Distribution protocol
  • The proposed key distribution protocol is
    composed of the
  • following phases
  • Pre-configuration Phase A domain administrator
    reconfigures the local keystore of the agent
    server with the digital certificate of the local
    CA.
  • Initialization Phase An administrator starts a
    mobile agent server which leads to the following
    actions
  • 1) An agent server generates a private/public
    key pair locally. 2) An agent server sends a
    request which include the public key to the local
    CA for certification.
  • 3) The local CA sends a response to the agent
    server including the agent server digital
    certificate, signed by the local CA.

50
Key Distribution protocol cont.
  • User Registration Phase An agent user can
    register to an agent platform to be able to
    configure and use its agents.
  • The following actions occur
  • 1) A private/public key pair is generated
    locally for the user.
  • 2) The agent server on which the user is
    registered sends a request which includes the
    user public key to the local CA for
    certification.
  • 3) The local CA sends a response to the agent
    server including the agent user digital
    certificate, signed by the local CA.

51
Key Distribution protocol cont.
  • Agent Mobility Phase This phase details the
    actions that the system takes when an agent moves
    according to two scenarios
  • mobility within the same security domain
  • mobility across domains as follows.

52
Key Distribution protocol cont.- Agent
Mobility within Same Security Domain-
  • Agent Mobility within Same Security Domain. In
    this scenario, all the agent servers are under
    the authority of the same CA.
  • 1) Sender agent server sends a SYNC request which
    includes its identify and certificate to the
    receiver agent server.
  • 2) Receiver agent server verifies the certificate
    (VERIFY operation) using the certificate of the
    CA in the local keystore.
  • 3) Receiver agent server sends an ACK response to
    the sender agent server which includes the
    receiver agent server identity and certificate.
  • 4) Sender agent server verifies the certificate
    (VERIFY operation) using the certificate of the
    CA in the local keystore.
  • 5) Sender agent server sends a message which
    includes the agent, the agent identity and
    certificate, signed by the local CA.
  • 6) Receiver agent server verifies the certificate
    of the agent using the certificate of the CA in
    the local keystore.
  • 7) Receiver agent server accepts or reject the
    agent and informs the sender agent server of the
    acceptance or rejection.

53
Key Distribution protocol cont.- Agent
Mobility Across Security Domain-
  • Agent Mobility across Security Domains. In this
    scenario, agent servers are under the authorities
    of different CAs
  • 1) Sender agent server sends a SYNC request
    which includes its identify and certificate to
    the receiver agent server.
  • 2) VERIFY operation (receiver side) works as
    follows
  • - If the receiver agent server does not have the
    certificate of the CA of the sender agent server,
    then the receiver agent server sends a request to
    its local CA. That message includes the sender
    agent server identity and certificate.
  • -The Local CA of the receiver agent server sends
    a response to the receiver agent server which
    includes the sender certificate signed by the
    receiver CA.
  • -If the receiver local CA does not have the
    certificate of the sender local CA, then the
    receiver local CA forwards the VERIFY request to
    a higher authority CA and so on.

54
Key Distribution protocol cont.- Agent
Mobility Across Security Domain-
  • 3) Receiver agent server sends an ACK response
    which includes its identity and certificate.
  • 4) VERIFY operation (sender side) works as
    follows
  • -If the sender agent server does not have the
    certificate of the CA of the receiver agent
    server, then the sender agent server sends a
    request to its local CA. That message includes
    the receiver agent server certificate.
  • -The Local CA of the sender agent server sends a
    response to the sender which includes the
    receiver certificate signed by the sender CA.
  • -If the sender local CA does not have the
    certificate of the receiver local CA, then the
    sender local CA forwards the VERIFY request to a
    higher authority CA and so on.

55
Key Distribution protocol cont.- Agent
Mobility Across Security Domain-
  • 5) Sender agent server sends to the receiver
    agent server a message which includes the user
    agent, the agent identity and certificate, signed
    by the local CA.
  • 6) VERIFY operation (receiver side) works as
    follows
  • -If the receiver agent server does not have the
    certificate of the CA of the user agent server in
    its local keystore, then the receiver agent
    server sends a request to its local CA. That
    message includes the agent certificate.
  • -The local CA of the receiver agent server sends
    a response to it which includes the agent
    certificate signed by the receiver CA.
  • -If the receiver local CA does not have the
    certificate of the home agent local CA, then the
    receiver local CA forwards the VERIFY request to
    a higher authority CA and so on.
  • 7) Receiver agent server accepts or reject the
    agent and informs the sender agent server of the
    acceptance or rejection.

56
Related Works
  • Literature shows that many proposals have been
    made, to handle how keys are named and bound to
    individuals, and how servers manage key
    distributions
  • Examples
  • 1) Secure Shell(SSH)
  • -Transmits the necessary key information during
    connection setup.
  • -Key exchange is automatically done between a
    client and a server.
  • - The administrator manually generates the
    private/public key pair on the client machine
  • -and manually copy the client public key to all
    the server with which the client will communicate.

57
Related Works-cont.
  • 2)EX2 Secure Socket Layer/Transport Layer
    Security SSL/TLS)
  • -Transmits the necessary key information during
    connection setup.
  • -Key exchange is automatically done between a
    client and a server.
  • - The SSL/TLS uses the Diffie-Hellman key
    exchange that allows 2 peers to exchange a
    communication session (shared secret key) using
    certificates already distributed to clients and
    servers.

58
Related Works-cont.
  • Pretty Good Privacy (PGP)
  • Simple Distributed Security Infrastructure/Simple
    Public Key Infrastructure (SDSI/SPKI) .
  • These mentioned proposals assume that the clients
    have a prior knowledge of the servers.
  • This approach is not applicable to a mobile agent
    system where agents
  • Because agent servers have no prior knowledge of
    each others or their certification authorities.
  • Therefore, the authors believe that the hierarchy
    CA model is a natural choice for a key
    distribution framework for a mobile agent
    platform.
  • This is due to the the scalable nature of the
    hierarchy CA model which makes no assumption
    about the system communicating entities.

59
Conclusion.
  • The proposed a framework for key distribution
  • in a mobile agent platform, took into account
  • the dynamic nature of a mobile agent platform.
  • 2-way authentication between the agent, (running
    on behalf of its user) and the host.
  • the ease of use for both administrators and
    agents users as it is automatically executed by
    the underlying platform.

60
Future Works.
  • Considering the number of mobile agents, agent
    servers, CAs, and the keystore performance based
    on the the number and the sizes of the private
    keys, public keys and certificates in the system,
    for performance metrics.

61
References
  • 1 Randy Chow ,Theodore Johnson,Distributed
    Operating Systems and Algorithms,
    addison-wesley, 1997
  • 2 George Coulouris, Jean Dollimore, Tim
    Kindberg,DISTRIBUTED SYSTEMS CONCEPTS AND
    DESIGN, addison-wesley, 2001
  • 3 http//en.wikipedia.org/wiki/Needham-Schroeder
    _protocol, October 2009
  • 4 http//web.mit.edu/kerberos/, 2007/10
  • 5 http//en.wikipedia.org/wiki/Kerberos_(protoco
    l), October 2009
  • 6 Leila Ismail, Ezedin Barka, Next Generation
    Mobile Applications, Services and Technologies,
    2008. NGMAST '08. The Second International
    Conference on
  • 16-19 Sept. 2008 Page(s)281 287 .
Write a Comment
User Comments (0)
About PowerShow.com