More on AuthenticationCS-4513 D-term 2008 1

More on Authentication

CS-4513Distributed Computing Systems

(Slides include materials from Operating System Concepts, 7th ed., by Silbershatz, Galvin, & Gagne, Distributed Systems: Principles & Paradigms, 2nd ed. By Tanenbaum and Van Steen, and

Modern Operating Systems, 2nd ed., by Tanenbaum)

More on AuthenticationCS-4513 D-term 2008 2

Authentication and Message Integrity

• Both are necessary

• If Bob knows that Alice sent message m what good is it if m could be compromised?

• Encryption for message integrity

• If Bob receives a securely encrypted message, what good is it if he doesn’t know who from?

• Authentication to establish who is speaking to whom

More on AuthenticationCS-4513 D-term 2008 3

Basic Challenge-Response Protocol

• Assume that Alice and Bob share a key KA,B

More on AuthenticationCS-4513 D-term 2008 4

Authentication using Secure Channels

At this

point,

Bob knows he

is talking w

ith

Alice

More on AuthenticationCS-4513 D-term 2008 5

Authentication using Secure Channels

At this

point,

Bob knows he

is talking w

ith

Alice

Not until this point,

does Alice know she

is talking with Bob

More on AuthenticationCS-4513 D-term 2008 6

What is wrong with this “Optimization”?

More on AuthenticationCS-4513 D-term 2008 7

Subject to “Reflection Attack”

• Attacker cons Bob into encrypting RB for him

• “Reflection” attack

More on AuthenticationCS-4513 D-term 2008 8

Reflection Attack

More on AuthenticationCS-4513 D-term 2008 9

Reflection Attack

Bob sends a crucial

piece of information

without knowing to

whom he is sending

More on AuthenticationCS-4513 D-term 2008 10

Challenge-Response Summary

• Method for two principals to mutually establish who they are talking to

• Essential for building up additional protocols

More on AuthenticationCS-4513 D-term 2008 11

Questions?

More on AuthenticationCS-4513 D-term 2008 12

Review – Authentication in Grapevine

More on AuthenticationCS-4513 D-term 2008 13

Grapevine Authentication (continued)

• Every service must authenticate every user with a Registration service every time!

• Services handle all credentials credentials must be secure from theft!

• Lots of network traffic

• Can we do better?

More on AuthenticationCS-4513 D-term 2008 14

Key Distribution Server

• Alice requests secure channel to Bob

• KDC generates session key KA,B

• KDC sends secure messages to both Alice and Bob containing KA,B

More on AuthenticationCS-4513 D-term 2008 15

Key Distribution Server

• Result

– Bob trusts KDC he knows a message encrypted with

KA,B can only come from Alice

– Alices trusts KDC she knows that only Bob can read

her messages encrypted with KA,B

More on AuthenticationCS-4513 D-term 2008 16

Key Distribution Server

• Inconvenient problem

– Alice cannot begin talking with Bob until KDC has

completed its exchange of information with Bob

• Can we do better?

More on AuthenticationCS-4513 D-term 2008 17

Key Distribution Server (continued)

• Result– Alice trusts KDC she knows only Bob can open

ticket

– Bob trusts KDC he knows only Alice could use KA,B

This is

the ticket

More on AuthenticationCS-4513 D-term 2008 18

Needham-Schroeder Protocol

• Nonce – a random number that is never re-used• E.g., RA1, RA2, and RB

• Prevents intruder from replaying old tickets

More on AuthenticationCS-4513 D-term 2008 19

Kerberos

• Single sign-on system• One login used to generate tickets for authenticating

shared services on distributed system

• No passwords maintained by any client

• Two parts• AS – Authentication Service

• TGS – Ticket Granting Service

• Once authenticated, user may ask TGS for a ticket for a session with any service.

More on AuthenticationCS-4513 D-term 2008 20

Kerberos (continued)

More on AuthenticationCS-4513 D-term 2008 21

Kerberos (continued)

• With ticket, Alice can communicate securely with Bob.

• Alice knows it is Bob because only Bob could descript ticket

• Bob knows that it is Alice because TGS said it was

• Timestamp prevents replaying old sessions

More on AuthenticationCS-4513 D-term 2008 22

Key Distribution

• Many variations– Secret (symmetric) keys– Public (asymmetric) keys

• Always based on trust

• Central part of any distributed system that requires authentication

More on AuthenticationCS-4513 D-term 2008 23

Questions?

More on AuthenticationCS-4513 D-term 2008 24

Message Integrity– Problem

• Alice agrees to an online purchase from Bob for $500

• Alice needs to know that Bob cannot increase the agreed price in Alice’s message

• Bob needs to know that Alice cannot renege on previous commitment

More on AuthenticationCS-4513 D-term 2008 25

Solution – Digital Signatures

• Alice encrypts message in her private key Bob knows it is from Alice

• Alice re-encrypts the result in Bob’s public key no one else can read the message

More on AuthenticationCS-4513 D-term 2008 26

Solution – Digital Signatures (continued)

• Bob receives message, descrypts with his private key

• Bob sees that result is from Alice, descripts with her public key

More on AuthenticationCS-4513 D-term 2008 27

Digital Signature

• Many variations

• Used to authenticate important messages• E.g., software update messages from Microsoft

• Used to protect messages from change

• Message may be in the clear with appended signature

More on AuthenticationCS-4513 D-term 2008 28

Questions