Post on 24-Dec-2015
ITA, 14.11.2011, 10-IAM.pptx 1
Internet Security 1 (IntSi1)
Prof. Dr. Peter HeinzmannProf. Dr. Andreas Steffen
Dr. Nathalie Weiler*
Institute for Internet Technologies and Applications (ITA)
10 Identity and AccessManagement (IAM)
* 2002-2004 Zürcher Hochschule Winterthur, currently with Credit Suisse
ITA, 14.11.2011, 10-IAM.pptx 2
Controlled Access is needed to ...
• One Computer (Sign-On, Logon)
• Many Computers (Single Sign-On, SSO)
• Applications (Telnet, Secure Shell, ftp, library catalog)
• Mailbox (POP3, IMAP)
• Web-Editing (FrontPage)
• Web-Pages (.htaccess)
• ....
• Rooms, areas, ...
ITA, 14.11.2011, 10-IAM.pptx 3
2. Authorization (Access)
3. Accounting
Username:
Password:
Authentication, Authorization, Accounting (AAA)
User
0. Identificatio
nI am: "Username"
asteffen
1. AuthenticationProve, that I am
"Username"
********
ITA, 14.11.2011, 10-IAM.pptx 4
Internet Security 1 (IntSi1)
10.1 Basic Authentication Schemes
ITA, 14.11.2011, 10-IAM.pptx 5
Authentication is based on ...
• What you know (password, PIN, shared secret)• ask for something only the authorized user knows
Username:
aznHu4UmPassword:
asteffen
FaceIris/Retina Scanning
Fingerprint Voice
• What you have (Certificate, Token, Scratch List)• test for the presence of something only the authorized user
has
• What you are (biological pattern, e.g. fingerprint)• non-forgeable biological or behavioral characteristics of the
user
01 Z4GH 06 IKDX02 67TS 07 9PL703 UR2A 08 NFLB04 TIQV 09 K91D05 3Z5P 10 HA85
ITA, 14.11.2011, 10-IAM.pptx 6
asteffenUsername:
********Password:
localDomain:
Username PW-Hash
Password-File
PW-Hash
H(PW)One-Way Function
Username Password
WinXP: \WINDOWS\system32\config\SAM
SAM = Security Account Manager (permanent file lock)
Unix: /etc/passwd (User IDs)/etc/shadow (Password
Hashes)
Local Windows/Unix Logon Process
ITA, 14.11.2011, 10-IAM.pptx 7
NT and LANmanager Password Schemes
NTLM Password HashHash function: MD4
LM Password HashesHash function: DES
14 characters with 14 Bit per character (Unicode characters)
Two times 7 characters with 8 Bit per character,capital characters only
16 bytes NTLM Hash first 8 bytes of LM hash (Characters 1 .. 7)
second 8 bytes of LM hash (Characters 8 .. 14)
= 0xAAD3B435B51404EE
if password has lessthan 8 characters
ITA, 14.11.2011, 10-IAM.pptx 8
Offline Attacks on LM & NTLM Hashes
ITA, 14.11.2011, 10-IAM.pptx 9tpw:$1$Or6ur$eUbm5V2.meW3v7xkBtA77.:
/etc/shadowPassword File IDID PasswordPassword
Unix Password Schemes
PasswordPassword SaltSalt
DES Hash FunctionDES Hash Function
HashHash
HashHash
DES Hash FunctionDES Hash Function
User
IDID PasswordPassword
• Salt helps against precomputed tables.UNIX uses 12 bits of salt, resulting in 4096 hashed password variants.
• Optional MD5 hash allows passwords and passphrases > 8 characters.
SaltSalt
SaltSaltIDID PasswordPassword
Host
andi:zM0qKKIURkwh.:12739:0:99999:7:0::
ITA, 14.11.2011, 10-IAM.pptx 10
Typical Attacks on Passwords
• Social engineering• Password guessing
• Check for „well known“ passwords
• Password cracking (systematic password trying)• Dictionary attack based on word lists (several languages,
LOTR, etc.)• Words with permutations and some special characters (rules)• Exhaustive search (brute force)• Precomputed Tables (Rainbow)• Tools: Cain & Abel, John the Ripper
• Password sniffing• Sniffing and setting triggers (e.g. on „login“ or „password“)
• Keystroke monitoring• TTY watcher, keystroke recorder (HW/SW)• Trojan horse „faked login screen“• Phishing (Redirection to malicious host)
ITA, 14.11.2011, 10-IAM.pptx 11
Internet Security 1 (IntSi1)
10.2 Challenge / ResponseProtocols
ITA, 14.11.2011, 10-IAM.pptx 12
Secure Authentication based onChallenge/Response Protocols
Insecure ChannelUser Server
Keyed Hash Function
Keyed Hash Function
MACMAC
IDUIDU RU
RU
KeyKey
RURUIDU
IDU IDUIDU RU
RU
Response
MACMAC
• No secrets are openly transmitted
• The random valuesRS and RU must notbe repeated !
RSRS
KeyKey Keyed Hash Function
Keyed Hash Function
MACMAC
RSRSRS
RS
Challengerandom value
(Nonce)
ITA, 14.11.2011, 10-IAM.pptx 13
Challenge/Response Protocol based onDigital Signatures
Insecure ChannelUser Server
RSRSRS
RS
Challengerandom value
(Nonce)IDUIDU RU
RU
HashHash
SigSig
Encryption withPrivate Key
Encryption withPrivate Key
RSRS
HashHash
IDUIDU RU
RU
Response
SigSig
IDUIDU RU
RU
Decryption withPublic Key
Decryption withPublic Key
HashHash
ITA, 14.11.2011, 10-IAM.pptx 14
Internet Security 1 (IntSi1)
10.3 Windows NT LAN Manager NTLM
ITA, 14.11.2011, 10-IAM.pptx 15
Windows Domain Authentication
• A Domain is a collection of Services (Email, File-Shares, Printers, ...) administered by a Domain Controller (DC).
• Centralized Administration:• Each user has only one account per Domain managed by the Domain
Controller.• Thus there is no need for individual Server accounts.
• Flexibility:• Assignment of Users to Groups• Multiple Domains possible (Master-Domains, Trust Relationships)
• All users and servers must trust the Domain Controller.
User A
PrinterServer 1
Server 3 Server 2User B
DomainController (DC)
Domain
ITA, 14.11.2011, 10-IAM.pptx 16
NTLM – Protocol
• Windows NT LAN Manager is a proprietary Microsoft scheme.
• Typical example of a Challenge-Response protocol.
User Alice Server DomainController (DC)
Domain: WonderlandUsername: AlicePassword: 2Uh7&
Alice
51ff1d83
f68ba0537 OK
H: Hash functionE(x, k): Encryption of x with key k
H(2Uh7&) = KeyA
E(f68ba0537, KeyA) = 51ff1d83
User Alice: KeyA
Alice, f68ba0537, 51ff1d83
Challenge: f68ba0537 E(f68ba0537, KeyA) = 51ff1d83Comparison with 51ff1d83 – ok?
ITA, 14.11.2011, 10-IAM.pptx 17
NTLM Security Analysis
• User key is known to the user and DC only• The user key is derived from the user's login password.
• Only the entitled user can correctly encrypt the challenge.• Non-recurring challenge values (nonces) prevent replay-
attacks.• Pros:
• Password is never transmitted in the clear.• Simple and secure protocol if strong user passwords are used.
• Cons:• The authentication process must be repeated for every use of
a server DC can become a bottleneck.• Weak or short NTLM passwords can be cracked offline with a
dictionary or brute force attack.
ITA, 14.11.2011, 10-IAM.pptx 18
Internet Security 1 (IntSi1)
10.4 KerberosKey Distribution System
ITA, 14.11.2011, 10-IAM.pptx 19
Historical Background
• Developed in 1983 as part of MIT's Athena project.
• Motivation:• Many MIT students „sniffed“ the network and thus got hold of
root passwords which they used to reboot the servers.
• Requirements:• Authentication in UNIX-based TCP/IP networks• Use of symmetrical cryptography (DES)
• Characteristics:• Relies on the mediation services of a trusted referee or
notary. • Based on the work by Needham and Schroeder on trusted
third-party protocols as well as Denning and Sacco's modifications of these.
• Kerberos Releases• Current release is Kerberos v5 (RFC 1510, September 1993).• V5 supports additional encryption ciphers besides DES.
ITA, 14.11.2011, 10-IAM.pptx 20
Alice
BobJack
Jip
Mary
Paul
Peter Harry
Dick
Tom
Kbob Kalice
KDC
Mediated Authentication by means of aKey Distribution Center (KDC)
ITA, 14.11.2011, 10-IAM.pptx 21
Kerberos Tickets
• Each Kerberos participant (Alice, Bob, etc.) – called a Principal – shares a common secret with the Key Distribution Center (KDC) – the Principal’s Master Key.
• Each secured communication or secured access is "mediated"by means of a Kerberos Ticket.
How is Alice going to talk to Bob?
ITA, 14.11.2011, 10-IAM.pptx 22
User Alice KDC
Server Bob
H(2Uh7&) = MKeyA
E(time, MKeyA) = a5F113de
Simplified Kerberos Protocol
H: Hash functionE(x, k): Encryption of x with key kD(x, k): Decryption of x with key k
Realm: WonderlandUsername: AlicePassword: 2Uh7&
Alice, Bob, a5F113de
User Alice: MKeyA
Server Bob: MKeyB
9abc571a, Ticket
D(a5F113de, MKeyA) = time, valid?Session key Alice-Bob: SAB
E(SAB, MKeyA) = 9abc571aE({ Alice, SAB }, MKeyB) = Ticket
D(9abc571a, MKeyA) = SAB
E({ Alice, time }, SAB) = 5cc10981
5cc10981, Ticket
MKeyB
D(Ticket, MKeyB) = { Alice, SAB }D(5cc10981, SAB) = { Alice, time } correct?
ITA, 14.11.2011, 10-IAM.pptx 23
User Alice KDC
H(2Uh7&) = MKeyA
E(time, MKeyA) = a5F113de
Kerberos Protocol – Authentication ServiceSession Key and Ticket-Granting Ticket (TGT)
Realm: WonderlandUsername: AlicePassword: 2Uh7&
AS_REQ [Alice, a5F113de]
User Alice: MKeyA
Server Bob: MKeyB
AS_REP [27LnZ8vU]
D(a5F113de, MKeyA) = time, valid?Session key for Alice: SA
E({ Alice, SA }, MKeyKDC) = TGTA E({ SA, TGTA }, MKeyA) = 27LnZ8vUD(27LnZ8vU, MKeyA) = { SA, TGTA }
H: Hash functionE(x, k): Encryption of x with key kD(x, k): Decryption of x with key k
ITA, 14.11.2011, 10-IAM.pptx 24
User Alice KDC
E({ Alice, time }, SA) = qR71htp9
Kerberos Protocol – Ticket Granting ServiceRequesting a ticket for accessing server Bob
TGS_REQ [Bob, TGTA, qR71htp9]Server Bob: MKeyB
TGS_REP [b22sYG1k]
D(TGTA, MKeyKDC) = { Alice, SA } D(qR71htp9, SA) = { Alice, time }, valid?Session key for Alice-Bob: SAB
E({ Alice, SAB }, MKeyB) = TAB
E({ SAB, TAB }, SA) = b22sYG1k
D(b22sYG1k, SA) = { SAB, TAB }
H: Hash functionE(x, k): Encryption of x with key kD(x, k): Decryption of x with key k
Session Key: SA
Ticket: TGTA
ITA, 14.11.2011, 10-IAM.pptx 25
User Alice Server Bob
Kerberos Protocol – Client/Server AuthenticationAccessing server Bob
H: Hash functionE(x, k): Encryption of x with key kD(x, k): Decryption of x with key k
E({ Alice, timeA }, SAB) = w86EQa55
MKeyB
Session Key: SAB
Ticket: TAB
AP_REQ [TAB, w86EQa55]
AP_REP [4tMJs73c]
D(TAB, MKeyB) = { Alice, SAB } D(w86EQa55, SAB) = { Alice, time }, valid?E({ Bob, timeB }, SAB) = 4tMJx73cD(4tMJx73c, SAB) = { Bob, timeB }, valid?
ITA, 14.11.2011, 10-IAM.pptx 26
{db; MKeyKDC}
Realm
KDC Replication
MasterKDC
SlaveKDC
Host
SlaveKDC
SlaveKDC
SlaveKDC
SlaveKDC
Host
HostHost
Host
Host
Host
Host
Host
Host
Host
Host Host
Host
Host
Host
Host
Host
HostHostHost
HostHostHost
Host
Host
Host
Host Host
ITA, 14.11.2011, 10-IAM.pptx 27
Inter-Realm Authentication
Alice
Wonderland
KDC
LionsKDC
2. TGS_REP[credentials for Lions KDC]
Carol
4. TGS_REP[credentials for Carol@Lions]
1. TGS_REQ[Alice@Wonderland, Carol@Lions]
3. TGS_REQ[Alice@Wonderland, Carol@Lions]
5. AP_REQ[Alice, KA{KBA, “Alice”,...}]
RealmWonderland
RealmLions
ITA, 14.11.2011, 10-IAM.pptx 28
Summary
KerberosAuthenticati
on
TicketGrantingService
Client Server
1. authenticate user 2. access control for server
3. communication
ITA, 14.11.2011, 10-IAM.pptx 29
Internet Security 1 (IntSi1)
10.5 Single Sign-On
ITA, 14.11.2011, 10-IAM.pptx 30
Single Sign-On (SSO)
• 80% of helpdesk calls are password-related. Single sign-on systems could enable a company to reduce its helpdesk by 40% savings of nearly $4.4 million for company with 20'000 users.Forrester Research
ITA, 14.11.2011, 10-IAM.pptx 31
Workflow-Based User Provisioning
ITA, 14.11.2011, 10-IAM.pptx 32
Example: Novell Identity Manager
ITA, 14.11.2011, 10-IAM.pptx 33
Synchronized Data View using a Meta-Directory
ITA, 14.11.2011, 10-IAM.pptx 34
Meta Directories
Meta Directory
LDAP
Sync
Flat File
Sync
DB
Sync
• Meta directories contain information replicated from varioussource directories.
• Constant synchronization with the source directories guarantees the consistency between original and copy.
CustomizedConnectors
Standardized,consistent view
ITA, 14.11.2011, 10-IAM.pptx 35
Virtual Directories
• Virtual directories provide access to the existing data sources without moving the data out of the original repository.
• Virtual directories act as a proxy between an LDAP server and a client. Configurable modules allow data to be manipulated during the transfer.
LDAPBrokerAgent
LDAPBrokerAgent
Modified LDAP
requestLDAP request
Modified LDAP
response
LDAP response
ClientLDAP
ServerVirtual Directory
ITA, 14.11.2011, 10-IAM.pptx 36
Identity and Access Management (IAM)
• Enterprise Information Architecture• Identify key business processes and determine the applications,
information assets and transactions critical to meeting its business goals.
• Define which users need what resources and at what level of security.
• Permission and Policy Management• Establish and enforce policies governing the access control rights
of users. Single sign-on (SSO) procedures facilitate the access to all applications a user is entitled to use.
• Entreprise Directory Services• Use the Lightweight Directory Access Protocol (LDAP) to access
an organization's central repository of user identies and access privileges,as well as applications, information, network resources and more.
• User Authentication• The use of a Public key infrastructure (PKI) is the preferred
mechanism.
• Workflow-Based User Provisioning• Provisioning deploys access rights for employees, customers and
business partners. Automated workflow systems reduce tedious manual tasks.