Computer Security: Principles and

Practice
Chapter 23: Internet Authentication
Applications

1
 Internet Authentication Applications
• Internet authentication functions: Developed to support
network-based authentication & digital signatures
• Will consider
– Kerberos: secure networked servers and hosts
– X.509 public-key directory authentication
– Public-key infrastructure (PKI)
 Kerberos Overview
• Initially developed at MIT
• Software utility available in both the public domain and in
commercially supported versions
• Issued as an Internet standard and is the defacto standard for
remote authentication
• Provides centralised private-key third-party authentication
in a distributed network
– Requires that a user prove his or her identity for each service
invoked
– requires servers to prove their identity to clients
• https://web.mit.edu/kerberos/
 Kerberos Protocol
Involves clients, application servers, and a Kerberos server
• Designed to counter a variety of threats to the security of a client/server
dialogue
• Obvious security risk is impersonation
• Servers must be able to confirm the identities of clients who request
service

Use an Authentication Server (AS)

• User initially negotiates with AS for identity verification
• AS verifies identity and then passes information on to an application
server which will then accept service requests from the client

Need to find a way to do this in a secure way

• If client sends user’s password to the AS over the network an opponent
could observe the password
• An opponent could impersonate the AS and send a false validation
Overview of Kerberos
 Kerberos Realms
• A Kerberos environment consists of:
– A Kerberos server
– A number of clients, all registered with server
– A number of application servers, sharing keys with server
• This is termed a realm
– Networks of clients and servers under different administrative
organizations generally constitute different realms

• If multiple realms:
– Their Kerberos servers must share a secret key and trust the
Kerberos server in the other realm to authenticate its users
– Participating servers in the second realm must also be willing to
trust the Kerberos server in the first realm
 Kerberos Realms(Service Areas)
Kerberos servers in each realm
may share a secret key with the
server in other realm; the two
Kerberos are registered with each
other

Server in one realm must trust the

Kerberos in the other realm
 Kerberos Version 5
• The first version of Kerberos that was widely used was
version 4, published in the late 1980s
• Improvements found in version 5:
• An encrypted message is tagged with an encryption algorithm
identifier
• This enables users to configure Kerberos to use an algorithm other than
DES
• Supports authentication forwarding
• Enables a client to access a server and have that server access another
server on behalf of the client
• Supports a method for interrealm authentication that requires fewer secure
key exchanges than in version 4
 Certificate Authorities (CA)
• Certificate consists of:
– A public key plus a User ID of the key owner
– Signed by a third party trusted by community
– Typically the third party is a CA that is trusted by the user
community (such as a government agency, telecommunications
company, financial institution, or other trusted peak organization)
• User can present his or her public key to the authority in a
secure manner and obtain a certificate
– User can then publish the certificate or send it to others
– Anyone needing this user’s public key can obtain the certificate
and verify that it is valid by way of the attached trusted signature
 X.509

• Specified in RFC 5280

• The most widely accepted format for public-key certificates
• Certificates are used in most network security applications,
including:
− IP security (IPSEC)
− Secure sockets layer (SSL)
− Secure electronic transactions (SET)
− S/MIME
− eBusiness applications
A number of specialized variants also exist, distinguished by
particular element values or the presence of certain
extensions:
• Conventional (long-lived) certificates
• CA and “end user” certificates
• Typically issued for validity periods of months to years
• Short-lived certificates
• Used to provide authentication for applications such as grid computing,
while avoiding some of the overheads and limitations of conventional
certificates
• They have validity periods of hours to days, which limits the period of
misuse if compromised
• Because they are usually not issued by recognized CA’s there are issues
with verifying them outside their issuing organization
A number of specialized variants also exist, distinguished by
particular element values or the presence of certain
extensions:
• Proxy certificates
• Widely used to provide authentication for applications such as grid computing,
while addressing some of the limitations of short-lived certificates
• Defined in RFC 3820
• Identified by the presence of the “proxy certificate” extension
• They allow an “end user” certificate to sign another certificate
• Allow a user to easily create a credential to access resources in some
environment, without needing to provide their full certificate and right
• Attribute certificates
• Defined in RFC 5755
• Use a different certificate format to link a user’s identity to a set of attributes that
are typically used for authorization and access control
• A user may have a number of different attribute certificates, with different set of
attributes for different purposes
• Defined in an “Attributes” extension
X.509 Formats

To revoke before expiration (in case

the key has been compromised)
 PKI X.509 (PKIX) Management
• RFC 4949 (Internet Security Glossary, Version 2, 2007): Public-key
infrastructure (PKI) is the set of hardware, software, people, policies,
and procedures needed to create, manage, store, distribute, and
revoke digital certificates based on asymmetric cryptography
• PKI was developed to enable secure, convenient, and efficient
acquisition of public keys
• X.509 PKI implementations came with a large list of CAs and their
public keys, known as a “trust store”
 Problems of PKI X.509 (PKIX)
• First, the reliance on the user to make an informed decision when
there is a problem verifying a certificate.
– Unfortunately, it is clear that most users do not understand what a certificate is and why
there might be a problem. Hence they choose to accept a certificate, or not, for reasons
that have little to do with their security, which may result in the compromise of their
systems.
• Second, the assumption that all of the CAs in the “trust store” are
equally trusted, equally well managed, and apply equivalent policies.
– This was dramatically illustrated by the compromise of the DigiNotar CA in 2011 that
resulted in the fraudulent issue of certificates for many well-known organizations. As a
consequence, the DigiNotar CA keys were removed from the “trust store” in many
systems, and the company was declared bankrupt later that year.
– Another CA, Comodo, was also compromised in 2011, with a small number of fraudulent
certificates issued.
• Third, the various web browsers and operating systems, use different
“trust stores,” and hence present different security views to users.
 PKIX Architecture Model
• Interrelationship among the key elements of the PKIX model
 End entity for which the
certificate for and the
Certificate authority that
issues the certificates. Users, servers
 Registration authority
(RA) that handles end entity
registration Certain admin func of CA
 The (certificate revocation
list) CRL issuer and
Repository that manage Issues
CRLs. of CA

PKI: HW, SW, people,

policies, and procedures Issues cert revocation lists
to create, manage, distribute,
and revoke DCs based
on asymmetric cryptography
 Summary
• reviewed network authentication using:
– Kerberos private-key authentication service
– X.509 public-key directory authentication
– public-key infrastructure (PKI)