User Authentication

 Something the individual knows : (passwords, pin , tokens, patterns, etc.

 Something the individual have (static biometrics): e.g. fingerprint, retina ,face

 Something the individual does (dynamic biometrics): e.g. voice, handwriting

 These All can be used alone or combined.

 All can provide user authentication.

 All have issues.

 Note that user authentication is different from message authentication.

 Message authentication is the procedure that allows two parties to verify that
contents of received message have not been changed and source is authentic.
 Authentication Protocols
 An important application area of authentication is authentication
protocols.

 It may be one-way authentication protocol or mutual

authentication protocol

 Mutual Authentication :
 Mutual Authentication Protocols used to satisfy or convince
communicating parties about each others identity and to exchange
session keys

 Two key issues are :

 Confidentiality – to protect session keys.
 Timeliness – to prevent replay attacks.
 Authentication Protocols
 Replay Attacks :
– Simple replay (Opponent copy the message and replay it later)

– Repetition that can be logged

– Repetition that cannot be detected

– Backward replay without modification

• The countermeasures include :

– Use of sequence numbers (generally impractical)

– Timestamps (needs synchronized clocks)

– Challenge/Response (using unique nonce)

 Authentication Protocols
 One-Way Authentication :
 It is required when sender & receiver are not in communications at
same time

 (e.g. email) because it is not necessary for the sender and receiver
be online at the same time

 The message is forwarded to the receiver ‘s mailbox , where it is

buffered till the receiver read it

 Header will deliver by store and forward email protocol , like SMTP

 It want contents to be protected & sender authenticated .

 Kerberos
 Kerberos is authentication protocol or service or key distribution center
KDC

 Designed at MIT in 1980. Systems ,including windows use Kerberos.

 The Kerberos is a Greek word that signify a three- headed dog (used to
keep outsiders away)

 It is a trusted key server system.

 Provides centralized third-party authentication in distributed network.

 Kerberos is designed for open distributed environment.

 Means it is a network authentication protocol that provides

authentication for client/server applications.
 Kerberos
 Users at workstations want to access the services on servers that are
distributed throughout the network.

 Following threats from Attacker exist & servers should not allow :

 1. Attacker can use particular workstation and act as a valid user working
from that workstation.

 2. Attacker can alter the network address of a workstation.

 So any request sent from altered workstation appears to come from valid
workstation

 3. Attacker use a replay attack to gain entrance to server.

 Note : In the above cases, an attacker may use services and data that he is
not authorized to use.
 Kerberos
 To solve these problems , instead of using authentication protocol
at each server, Kerberos provides a centralized authentication
server that authenticate users to servers and servers to users

 Unlike other authentication technique, Kerberos makes use of

symmetric i.e. secret key cryptography

 It does not use public- key encryption

 The two commonly used versions of Kerberos are :

 1. Kerberos version 4 (implementation still exist)
 2. Kerberos version 5 (corrects security deficiencies of version 4 and
issued as internet standard )
 Kerberos Requirements
 Motivation of Kerberos come from following requirement:
 Users must prove their identity to the servers for each services.

 Servers also must prove their identity to the clients or users.

 First Report on Kerberos identified following requirements :

 1. Secure : Attacker should not obtain information appear like user.

 Means Kerberos should be strong enough that opponent does not find weak link.

 2. Reliable : Kerberos should be highly reliable and should employ the

distributed server architecture with one system able to back up other

 3. Transparent : Users should not be know that authentication is taking place.

 4. Scalable: Should be capable of supporting large number of clients and

 Kerberos Requirements
 To satisfy these requirements, Kerberos is Implemented as a third
party authentication service using an authentication protocol.

 Kerberos is trusted because both client and server trust Kerberos to

mediate their mutual authentication.
 Kerberos Version 4
Kerberos version 4 Overview :
 It is a basic third-party authentication scheme.
 Version 4 of Kerberos makes use of DES algorithm.

 In distributed client/server architecture, Kerberos provides user

authentication by using one or more Kerberos server.

 Different approaches for security are as following :

 1. Simple Authentication Dialogue :
 In this approach an Authentication Server (AS) is used that maintains the
username and password of all users and store in a centralized database.

 The AS shares a unique secret key with each server and these keys
distributed in secure manner.
 Kerberos Version 4
 When any client makes a request from its workstation to some
server for service, the following process takes place :
 C = Client , AS = Authentication Server , V = Server , IDc = Identifier of user
on client C.

 IDv = identifier of server V ,Pc = password of user on Client C,

ADc = network address of C.

 Kv = secret encryption key shared by AS and V.

 1. Client C log on to workstation and requests access to server V for service.

 2. C in the client workstation requests for the user’s password and then
sends a message to the AS that contains user’s ID, user’s password and
server’s ID.
 Kerberos Version 4
 Message from client to AS = (IDc ,Pc, IDv)
 3. AS now checks the pair IDc and Pc in it’s database to see whether
user has given proper password and whether user is permitted to use
server V.

 4. If both tests are passed , then AS accepts the user as authentic and
then tell the server that user is authentic.

 To do this, AS creates the ticket that contains user’s ID , network

address of user’s and server’s ID.

 5. The ticket is encrypted using secret key shared by AS and this server.
 So, Ticket = E[ IDc , ADc, IDv]

 6. AS now send this encrypted ticket to client C.

 Neither client nor opponent can alter ticket because it is encrypted.
 Kerberos Version 4
 7. With this ticket ,C can now apply to server V for using service.

 8 .For this, the Client C sends a message to server V containing ID of

client C and ticket.
 Message = [IDc, Ticket]

 9.The server V decrypts the message and verifies that user’s ID in

ticket is same as the unencrypted user ID in the message.

 10. If these two matches, then the server is assured that user is
authenticated.

 11. Now server allow the requested service to client.

 Kerberos Version 4
 The first problem with this scheme is that each time client request
for a new service ,he needs to have new ticket from AS

 Second problem is that this scheme sends the plaintext passwords

hence its security is vulnerable.

 Consider the following dialogues :

 1 . C →AS : IDc, Pc, IDv
 2. AS→C : Ticket
 3. C→V : IDc ,Ticket
 Ticket = E[ IDc , ADc, IDv]
 Kerberos Version 4
 More secure Authentication Dialogue :
 This scheme uses the Ticket Granting Server (TGS).

 Function of TGS is to issue tickets to the users who are authenticated by AS.

 The user requests the AS for ticket granting ticket (Tickettgs)

 The client saves this ticket in the user’s works station.

 Whenever the user wants to access a new service , he requests the TGS
using the ticket to authenticate itself.

 The TGS then grants the ticket for the particular service.

 Client saves each service – granting ticket issued by TGS for later use to
authenticate it’s user to server whenever the user requests for particular
 Kerberos Version 4
 The new message dialogues are as :
 1. Request from client to AS C → AS : IDc, IDtgs
 2. Response from AS to C AS→ C : Ek (Tickettgs)
 3. Request from client to TGS C→TGS : IDc, IDv, Tickettgs
 4. Response from TGS to client TGS→C : Tickettgs
 5. Message from client to server C→ V : IDc, Ticketv

 Here, Tickettgs = E( Ktgs, [IDc,ADc,IDtgs, TS1,Lifetime1])

 Ticketv = E( Kv, [IDc,ADc,IDv, TS2,Lifetime2])
Kerberos v4 Dialogue
 Kerberos Realms
• A full service Kerberos environment consists of a Kerberos server ,a
number of clients, and number of application servers requires the
following :
• Kerberos server must have the user ID
• It must have hashed password for all participating users.
• Kerberos must share secret key with all participant users.
• All users are registered with Kerberos sever.
• All servers are registered with Kerberos server.
• Such an environment which provides all of these is called as
“Kerberos Realm”.
• Typically a single administrative domain.
• If have multiple realms means connection between two realms, their
Kerberos servers must share keys and trust.
Kerberos Realms
 Kerberos Version 5
• developed in mid 1990’s
• specified as Internet standard RFC 1510
• provides improvements over v4
– addresses environmental shortcomings
• encryption alg, network protocol, byte order, ticket
lifetime, authentication forwarding, interrealm auth
– and technical deficiencies
• double encryption, non-std mode of use, session keys,
password attacks
Kerberos v5 Dialogue
 X.509 Authentication Service
 It is a part of CCITT X.500 directory service standards.
 Distributed servers maintaining user information database.

 It defines framework for authentication services by X.500 directory to

its users.

 Directory may store public-key certificates.

 Each certificates contains public key of user signed by private key of
certification authority.

 Also defines authentication protocols .

 X.509 is an important standard because the certificate structure and

authentication protocol defined in X.509 are used in various contexts
Has 3 versions. X.509 was initially issued in 1988 and version 2 issued in
1993.

Then third version was issued in 1995 and again revised in 2000.

Version 3 resolves some security concerns and limited flexibility in

version 1 and 2.

It is based on public-key cryptography & digital signatures.

The standard not dictate specific algorithms , but RSA recommended.

The digital signature use hash function which is not specific.

X.509 certificates are widely used.

 X.509
Certificate
Use
 X.509 Certificates
• CA has created a side effect that each certificate may have different
format .

• So certificates that need to be used universally, must have universal

format.

• Heart of X.509 scheme is public –key certificates associated with user.

• X.509 is the way to describe certificate in structured way.

• These user certificates issued by a trusted Certification Authority

(CA), and placed in a directory by the CA.
 X.509 Certificates
• All X.509 certificate has format which contains the following
elements :
– 1. Version V (1, 2, or 3) : This field specifies version of the
certificate format.
– Default version is 1. If issuer unique identifier are present , version
2.

– 2. Serial Number: Integer number that is unique with CA identifies

the certificate

– 3. Signature algorithm identifier AI : This field consists of an

algorithm , that is used by the CA to sign the certificates.
4. Issuer X.500 name (CA) : This field consists of name of the certification
Authority who created and signed the certificate.

5. Period of validity (TA) : This field consists of two dates ,the first and
last on which the certificate is valid.

6. Subject(User) name (Name of owner) : This field consists of the name

of user whose public key certified by this certificate.

7. Subject(User) public-key information : (algorithm, parameters, key)

This field consists the public – key of the user with identifier of the
algorithm for which this key is used with associated parameters.

8. Issuer unique identifier (v2,v3):This field is optional present in version

2 ,3.

This is an unique integer number used to identify an issuer i.e. to identify

CA.
 X.509 Certificates
– 9. Subject(User) unique identifier (v2+v3) :
– It is also an optional field present in version 2 and 3.
– It is an unique integer number used to identify a user.

– 10. Extension fields (v3) : This field is present in version 3. A set of

one or more extension fields.

– 11. Signature : It covers all other fields of certificate. It contains

hash code of other fields encrypted with CA’s private key.
– This field includes the signature algorithm identifier.
• The standard use the following notation to define a certificate :
• CA<<A>> = CA [V, SN, AI, CA, UCA, A, UA, Ap, Ta]
Notation : CA<<A>> denotes certificate of user A signed and issued by
Certification authority CA.
CA[I] = the signing of I by CA .
It consists of I with an encrypted hash code appended

V = version of the certificate

SN = serial number of the certificate
AI = identifier of the algorithm used to sign the certificate
CA = name of the certificate of authority
UCA = optional unique identifier of the CA
A = name of the user A
UA = Optional unique identifier of the user A
Ap = public key of user A
Ta = period of validity of the certificate.

The CA signs the certificate with its private key.

If the corresponding public key is known to user , then user can verify that
certificate is signed by the CA is valid.
X.509 Certificates
 Certificate Revocation
• In some cases certificates must be revoked before
its expiration.
• Certificates have a period of validity
• May need to revoke before expiry, eg:
1. user's private key is compromised
2. user is no longer certified by this CA
3. CA's certificate is compromised
• CA’s maintain list of revoked certificates.
– the Certificate Revocation List (CRL)
• Users should check certificates with CA’s CRL