Authentication Applications

Kerberos And X.509

Kerberos
Motivation
Secure against eavesdropping Reliable distributed architecture Transparent almost invisible to user Scalable to many users and servers

Two versions
Version 4 basic ideas Version 5 fixes and more variety of algorithms

Kerberos Version 4
Protocol is complex so
Simplified approach
Client asks authentication server for ticket AS grants ticket Client sends ticket to server

Weaknesses
Big load on AS (Provide secondary ticket-granting servers) Repeated password entry (Password to AS seldom, tickets from TGS when needed, based on AS authentication)

Strategies and Countermoves

What opponents of 4 can do
Wait for long-lived ticket-granting tickets and then reuse Capture service-granting tickets and then use remaining time

Antitheft of ticket-granting tickets

AS provides both client with a secret, securely Done by sending a session key

This procedure also makes service-granting tickets reusable

Kerberos Organization
Called a realm, it includes:
Kerberos server, which includes:
UID and hashed password for each user Shared secret key with each user

Kerberos server includes both AS and TGS

Inter-realm issues
Kerberos servers in each realm are registered with each other (share a secret key) TGS in server realm issues tickets to client on other realm

Version 5
Avoids DES suspicion by specifying algorithm and key length Avoids IP dependence by specifying net address type and length Allows specifying message byte ordering Tickets contain start and end time Authentication forwarding server can forward authentication to another server Inter-realm authentication

Version 5 Continued
Avoids double encryptions Avoids PCBC (vulnerable to a cipher block exchange attack) Session and subsession keys Preauthentication makes password attacks more difficult (but not impossible)

X.509 Service
Uses public-key certificates from a CA (certification authority) Kerberos uses privately distributed keys Obtaining certificate requires access to public key of a CA X.509 service is free-form hierarchical does this by using forward and reverse certificates Also provides for certificate revocation
Each CA contains a list of revoked but still in-date keys

X.509 Service (Continued)

Authentication procedures
One-way
Single transfer of information from user to user

Two-way
Authenticates each to the other

Three-way
Detects replay attacks using nonces (rather than clock synchronization)

New versions more of the same