Scribd
Upload
558 views32 pages

CNS Chapter 4

This document discusses key distribution and user authentication. It describes symmetric key distribution using a shared key between two parties. It also discusses key distribution techniques including physical delivery of keys, use of a third party, and encryption of new keys with old keys. It then covers Kerberos, a centralized authentication system that relies on symmetric encryption for key distribution and user authentication between clients and servers. Kerberos versions 4 and 5 are compared, noting improvements in version 5. Public key encryption is also discussed for key distribution using digital certificates and a certification authority.

Uploaded by

daniel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
558 views32 pages

CNS Chapter 4

This document discusses key distribution and user authentication. It describes symmetric key distribution using a shared key between two parties. It also discusses key distribution techniques including physical delivery of keys, use of a third party, and encryption of new keys with old keys. It then covers Kerberos, a centralized authentication system that relies on symmetric encryption for key distribution and user authentication between clients and servers. Kerberos versions 4 and 5 are compared, noting improvements in version 5. Public key encryption is also discussed for key distribution using digital certificates and a certification authority.

Uploaded by

daniel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

Chapter 4

Key Distribution and User


Authentication
Symmetric Key Distribution
using symmetric encryption
For symmetric encryption to work, the two parties to
an exchange must share the same key, and that key
must be protected from access by others

Frequent key changes are usually desirable to limit the


amount of data compromised if an attacker learns the
key

Key distribution technique


The means of delivering a key to two parties that wish to
exchange data, without allowing others to see the key
Key Distribution

For two parties A and B, there are the following


options:
A key can be selected by A and physically delivered to B
1

A third party can select the key and physically deliver it to A and
B
2
If A and B have previously and recently used a key, one party
could transmit the new key to the other, using the old key to
3 encrypt the new key

If A and B each have an encrypted connection to a third party C,


C could deliver a key on the encrypted links to A and B
4
Exercise 2

Consider a one-way authentication technique based on


asymmetric encryption:

1) 2)
A B: IDA A B: IDA
B A: R1 B A: E(PUa, R2)
A B: E(PRa, R1) A B: R2

a) Explain the protocol.


b) What type of attack is this protocol susceptible to?

a) In both case authenticating A to B

A b) Case 1: An adversary can get A to sign a message


Case 2: An adversary can use this mechanism to get A to decrypt a
message
Kerberos
Key distribution and user authentication service
developed at MIT

Provides a centralized authentication server whose


function is to authenticate users to servers and servers to
users

Relies exclusively on symmetric encryption, making no


use of public-key encryption

Two versions are in use


Version 4 implementations still exist, although this version is being
phased out
Version 5 corrects some of the security deficiencies of version 4
and has been issued as a proposed Internet Standard (RFC 4120)
Kerberos version 4

A basic third-party authentication scheme

Authentication Server (AS)


Users initially negotiate with AS to identify self
AS provides a non-corruptible authentication credential
(ticket granting ticket TGT)

Ticket Granting Server (TGS)


Users subsequently request access to other services from
TGS on basis of users TGT

Complex protocol using DES


Table 4.1
Summary of Kerberos Version 4 Message
Exchanges
Exercise
Consider the following protocol:
A KDC: IDA ||IDB || N1
KDC A: E(Ka, [KS || IDB || N1 || E(Kb, [KS || IDA]))
A B: E(Kb, [KS || IDA])
B A: E(KS, N2)
A B: E(KS, f(N2))
a. Explain the protocol.
b. Can you think of a possible attack on this protocol? Explain how it can be
done.
c. Mention a possible technique to get around the attacknot a detailed
mechanism, just the basics of the idea.

a) A requests a session key for use between A and B from the KDC. A

A nonce is used for challenge-response.


b. If someone manages to get an old Ks, they can replay the message
from step 3 to B and communicate with B, pretending to be A.
c. Timestamps included with the message can counter this vulnerability
Kerberos Realms
Kerberos realm
A Kerberos environment consists of:
A set of managed nodes that share
the same Kerberos database
The Kerberos database resides on
the Kerberos master computer
system, which should be kept in a A Kerberos server
physically secure room
A read-only copy of the Kerberos
database might also reside on other
Kerberos computer systems
A number of clients
All changes to the database must be
made on the master computer
system
Changing or accessing the contents A number of application
of a Kerberos database requires the servers
Kerberos master password
Kerberos principal

A service or user that is known to the Kerberos system

Each Kerberos principal is identified by its principal


name

A service An
A realm Principal
or user instance
name name
name name

Principal names consist of three parts


Differences between
versions 4 and 5
Environmental Technical
shortcomings deficiencies

Encryption system Double encryption


dependence
PCBC encryption
Internet protocol
dependence Session keys
Message byte ordering Password attacks
Ticket lifetime

Authentication forwarding

Interrealm authentication
:
Key distribution using
asymmetric encryption
One of the major roles of public-key encryption is to address the
problem of key distribution

There are two distinct aspects to the use of public-key encryption in


this regard:
The distribution of public keys
The use of public-key encryption to distribute secret keys

Public-key certificate
Consists of a public key plus a user ID of the key owner, with the whole
block signed by a trusted third party
Typically, the third party is a certificate authority (CA) that is trusted by
the user community, such as a government agency or a financial institution
A user can present his or her public key to the authority in a secure
manner and obtain a certificate
The user can then publish the certificate
Anyone needing this users public key can obtain the certificate and verify
that it is valid by way of the attached trusted signature
X.509 Certificates
ITU-T recommendation X.509 is part of the X.500 series of
recommendations that define a directory service

Defines a framework for the provision of authentication services


by the X.500 directory to its users

The directory may serve as a repository of public-key certificates

Defines alternative authentication protocols based on the use of


public-key certificates
Was initially issued in 1988
Based on the use of public-key cryptography and digital signatures

The standard does not dictate the use of a specific algorithm but
recommends RSA
Obtaining a users
certificate
User certificates generated by a CA have the following
characteristics:
Any user with access to the public key of the CA can
verify the user public key that was certified
No party other than the certification authority can
modify the certificate without this being detected

Because certificates are unforgeable, they can be placed


in a directory without the need for the directory to
make special efforts to protect them
Exercise

Establish a certification path to C that users A and B


need to acquire.

X<<C>>

Z<<Y>>Y<<V>>V<<W>>W<<X>>X<<C>>
Revocation of
certificates
Each certificate includes a period of validity

Typically a new certificate is issued just before the


expiration of the old one

It may be desirable on occasion to revoke a certificate


before it expires for one of the following reasons:
The users private key is assumed to be compromised
The user is no longer certified by this CA; reasons for this
include subjects name has changed, the certificate is
superseded, or the certificate was not issued in conformance
with the CAs policies
The CAs certificate is assumed to be compromised
TOP Certificate Providers
X.509 Version 3

Includes a number of optional extensions that may be


added to the version 2 format

Each extension consists of:


An extension identifier
A criticality indicator
An extension value

The certificate extensions fall into three main


categories:
Key and policy information
Subject and issuer attributes
Certification path constraints
Key and policy
information
These extensions convey additional information about the
subject and issuer keys, plus indicators of certificate policy
A certificate policy is a named set of rules that indicates the
applicability of a certificate to a particular community
and/or class of application with common security
requirements

Includes:
Authority key identifier
Subject key identifier
Key usage
Private-key usage period
Certificate policies
Policy mappings
Certificate subject
and issuer attributes
These extensions support alternative names, in
alternative formats, for a certificate subject or
certificate issuer and can convey additional
information about the certificate subject to increase a
certificate users confidence that the certificate subject
is a particular person or entity

Includes:
Subject alternative name
Issuer alternative name
Subject directory attributes
Certification path
constraints
These extensions allow constraint specifications to be
included in certificates issued for CAs by other CAs

The constraints may restrict the types of certificates


that can be issued by the subject CA or that may occur
subsequently in a certification chain

Includes:
Basic constraints
Name constraints
Policy constraints
Summary
Symmetric key distribution X.509 certificates
using symmetric encryption Certificates
X.509 Version 3
Kerberos
Version 4
Version 5

Key distribution using


asymmetric encryption
Public-key certificates
Public-key distribution of
secret keys

You might also like