Introduction to Kerberos Kerberos and Domain Authentication.
Content : Access and Authentication Technology Authentication methods: PPP, PAP, CHAP, EAP AAA,...
Transcript of Content : Access and Authentication Technology Authentication methods: PPP, PAP, CHAP, EAP AAA,...
Content :Content :
• Access and Authentication Technology
• Authentication methods: PPP, PAP, CHAP, EAP
• AAA, RADIUS, TACACS, TACACS, Kerberos
• Authentication Header (AH)
UNIT 4UNIT 4
• Virtual Private Networks (VPN): VPN Architectures
• Encapsulating Security Payload (ESP)
• Authentication On Wireless LANs
Access Control Processes
Access control is the heart of security Definitions:
The ability to allow only authorized users, programs or processes system or resource access
The granting or denying, according to a particular security model, of certain permissions to access a resource
An entire set of procedures performed by hardware, software and administrators, to monitor access, identify users requesting access, record access attempts, and grant or deny access based on preestablished rules.
Access Control (AC)
Access Control
Access Control
Access control is the policy-driven limitation of access to systems, data, and dialogs
Prevent attackers from gaining access, stopping them if they do
Access Control
What Access Permissions (Authorizations) Should They Have?
Access permissions (authorizations) define whether a role or individual should have any access at all
If so, exactly what the role or individual should be allowed to do to the resource.
Usually given as a list of permissions for users to be able to do things (read, change, execute program, etc.) for each resource
Access Control How Should Access Control Be Implemented?
For each resource, need an access protection plan for how to implement protection in keeping with the selected control policy
For a file on a server, for instance, limit authorizations to a small group, harden the server against attack, use a firewall to thwart external attackers, etc.
…
Access Control
Policy-Based Access Control and Protection
Have a specific access control policy and an access protection policy for each resource
Focuses attention on each resource
Guides the selection and configuration of firewalls and other protections
Guides the periodic auditing and testing of protection plans
Access control lists (ACL)
A file used by the access control system to determine who may access what programs and files, in what method and at what time
Different operating systems have different ACL terms
Types of access (locks): Read/Write/Create/Execute/Modify/Delete/Rename
AC is implemented for all IS components including:
Hardware Software
Application Protocol (Kerberos, IPSec)
Physical Logical (policies)
AC protect all IS components including:
Data: Unauthorized viewing, modification or copying
System: Unauthorized use, modification or denial of service
It should be noted that nearly every network operating system (NT, Unix,
Vines, NetWare) is based on a secure physical infrastructure
Access Control
First Steps
Enumeration of Resources
Sensitivity of Each Resource
Next, who Should Have Access?
Can be made individual by individual
More efficient to define by roles (logged-in users, system administrators, project team members, etc.)
Access Control
What Access Permissions (Authorizations) Should They Have (Keys)?
Access permissions (authorizations) define whether a role or individual should have any access at all
If so, exactly what the role or individual should be allowed to do to the resource.
Usually given as a list of permissions for users to be able to do things (read, change, execute program, etc.) for each resource
Access Control How Should Access Control Be Implemented?
For each resource, need an access protection plan for how to implement protection in keeping with the selected control policy
For a file on a server, for instance, limit authorizations to a small group, harden the server against attack, use a firewall to thwart external attackers, etc.
…
Access Control
Policy-Based Access Control and Protection
Have a specific access control policy and an access protection policy for each resource
Focuses attention on each resource
Guides the selection and configuration of firewalls and other protections
Guides the periodic auditing and testing of protection plans
Is the ability to limit and control the access to the systems and application.
Access ControlAccess Control
Tools:Physical access control
Finger Prints. Eyes Recognition. Voice Identification. Smart Card.
Password. Firewalls.
Logical access control:
Access ControlAccess Control
Smart Cards
Access ControlAccess Control
Password
Personnel Identification and Authentication tools
Access ControlAccess Control
Finger Prints.
Token Ring
Password Hashing (or Encryption)
Client PCUser Ali
Server
1.User = Aly
Password = My4Bad
2.Hash
My4Bad=
11110000
3.Hashes Match
Hashed Password FileAhmed 11001100Ali 11110000Mohmd 00110011Samir 11100010
4. Hashes Match,
So User isAuthenticated
One way Hash One way Hash Function Function
Password
Host
Hash value
Passwords File……….………..………..
A’s Password………..………..
Compare
Hash Function
No
User A
Insert Password
AuthenticationAuthentication
Steps1. The user sends a request to the
server seeking for permission to enter the secured website
2. The server asks for his username and password to check if that person is who he is declared to be
3. The user then signs in and sends the request back to the server
4. Server will verify his identity and check if he is an authorized user .
After confirming his identity, the server would send back an approval or a denial of access to the website..
1. What a client knows2. What a client has3. Who a client is4. What a client produces
Authentication FormsAuthentication Forms
1. What a client knows: This form of authentication deals with what the client knows. For example: passwords and user IDs.
2. What a client has: The second form of authentication deals with something that the client possesses. Such things include tokens and
smart cards. Smart cards are cards that contain a computer chip to verify the user's identity. Tokens, on the other hand, are cards
equipped with a computer chip and a liquid crystal display showing a computer-generated number sequence for remote login
authentication 3. What a client is: The third form of authentication is related to the
characteristics of the supplicant. Such characteristics are fingerprint, iris pattern, hand geometry and retinal print. Because these characteristics are unique to every individual supplicant, it
can be used by systems to authenticate its users 4. What a client produces: The final form of authentication that we are covering addresses what the client produces. Such examples are
technologies on signature or voice recognition, e.g. credit card payment system.
AUTHENTICATION METHODS
Biometric Authentication
Biometric Authentication
Biometric Authentication Authentication based on body
measurements and motions Because you always bring your body with
you
Biometric Systems Enrollment Later access attempts
Acceptance or rejection
Biometric Authentication System
1. Initial Enrollment
2. Subsequent Access
User LeeScanning
ApplicantScanning
Template DatabaseBrown 10010010Lee 01101001Chun 00111011Hirota 1101110… …
3. Match IndexDecision Criterion(Close Enough?)
Processing(Key Feature Extraction)
A=01, B=101, C=001
User LeeTemplate
(01101001)
UserAccess Data(01111001)
Processing(Key Feature Extraction)
A=01, B=111, C=001
Biometric Authentication
Verification Versus Identification
Verification: Are applicants who they claim to be? (compare with single template)
Identification: Who is the applicant? (compare with all templates)
More difficult than verification because must compare to many templates
Watch list: is this person a member of a specific group (e.g., known terrorists)
Intermediate in difficulty
Biometric Authentication
Verification Versus Identification
Verification is good for replacing passwords in logins
Identification is good for door access and other situations where entering a name would be difficult
Biometric Authentication
Precision False acceptance rates (FARs):
Percentage of unauthorized people allowed in
Person falsely accepted as member of a group
Person allowed through a door who should be allowed through it
Very bad for security
Biometric Authentication
Precision False rejection rates (FRRs): Percentage of
authorized people not recognized as being members of the group
Valid person denied door access or server login because not recognized
Can be reduced by allowing multiple access attempts
High FRRs will harm user acceptance because users are angered by being falsely forbidden
Biometric Authentication
Precision Vendor claims for FARs and FRRs tend to be
exaggerated because they often perform tests under ideal circumstances
For instance, having only small numbers of users in the database
For instance, by using perfect lighting, extremely clean readers, and other conditions rarely seen in the real world
Biometric Authentication
User Acceptance is Crucial Strong user resistance can kill a system Fingerprint recognition may have a criminal
connotation Some methods are difficult to use, such as iris
recognition, which requires the eye to be lined up carefully.
These require a disciplined group
Biometric Authentication
Biometric Methods Fingerprint recognition
Dominates the biometric market today Based on a finger’s distinctive pattern of
whorls, arches, and loops Simple, inexpensive, well-proven Weak security: can be defeated fairly easily
with copies Useful in modest-security areas
Biometric Authentication
Biometric Methods Iris recognition
Pattern in colored part of eye
Very low FARs
High FRR if eye is not lined up correctly can harm acceptance
Reader is a camera—does not send light into the eye!
Biometric Authentication
Biometric Methods Face recognition
Can be put in public places for surreptitious identification (identification without citizen or employee knowledge). More later.
Hand geometry: shape of hand Voice recognition
High error rates Easy to fool with recordings
Biometric Authentication
Biometric Methods Keystroke recognition
Rhythm of typing Normally restricted to passwords Ongoing during session could allow
continuous authentication
Signature recognition Pattern and writing dynamics
Biometric Authentication
Biometric Standards Almost no standardization Worst for user data (fingerprint feature
databases) Get locked into single vendors
Biometric Authentication
Can Biometrics be Fooled? Airport face recognition
Identification of people passing in front of a camera
False rejection rate: rate of not identifying person as being in the database
Fail to recognize a criminal, terrorist, etc.
FRRs are bad
Biometric Authentication
Can Biometrics be Fooled? Airport face recognition
4-week trial of face recognition at Palm Beach International Airport
Only 250 volunteers in the user database (unrealistically small)
Volunteers were scanned 958 times during the trial
Only recognized 455 times! (47%)
53% FRR
Biometric Authentication
Can Biometrics be Fooled? Airport face recognition
Recognition rate fell if wore glasses (especially tinted), looked away
Would be worse with larger database
Would be worse if photographs were not good
Biometric Authentication
Can Biometrics be Fooled? DOD Tests indicate poor acceptance
rates when subjects were not attempting to evade
270-person test
Face recognition recognized person only 51 percent of time
Even iris recognition only recognized the person 94 percent of the time!
Biometrics Authentication
Can Biometrics be Fooled? Other research has shown that evasion
is often successful for some methods
German c’t magazine fooled most face and fingerprint recognition systems
Prof. Matsumoto fooled fingerprint scanners 80 percent of the time with a gelatin finger created from a latent (invisible to the naked eye) print on a drinking glass
Password-Based Access Control
Server Password Cracking:
Reusable Passwords A password you use repeatedly to get
access to a resource on multiple occasions
Bad because attacker will have time to learn it; then can use it
Difficulty of Cracking Passwords by Guessing Remotely Usually cut off after a few attempts However, if can steal the password file,
can crack passwords at leisure
Server Password Cracking
Hacking Root Super accounts (can take any action in any
directory) Hacking root in UNIX Super accounts in Windows (administrator) and
NetWare (supervisor) Hacking root is rare; usually can only hack an
ordinary user account May be able to elevate the privileges of the user
account to take root action
Server Password Cracking
Physical Access Password Cracking l0phtcrack
Lower-case L, zero, phtcrack
Password cracking program
Run on a server (need physical access)
Or copy password file and run l0phtcrack on another machine.
Server Password Cracking
Physical Access Password Cracking Brute-force password guessing
Try all possible character combinations Longer passwords take longer to crack Using more characters also takes longer
Alphabetic, no case (26 possibilities) Alphabetic, case (52) Alphanumeric (letters and numbers) (62) All keyboard characters (~80)
Password Length
PasswordLength In
Characters
1
2 (N2)
4 (N4)
6
8
10
Alphanumeric:Letters &
Digits (N=62)
62
3,844
14,776,336
56,800,235,584
2.1834E+14
8.39299E+17
All KeyboardCharacters
(N=~80)
80
6,400
40,960,000
2.62144E+11
1.67772E+15
1.07374E+19
Alphabetic,Case
(N=52)
52
2,704
7,311,616
19,770,609,664
5.34597E+13
1.44555E+17
Alphabetic,No
Case (N=26)
26
676
456,976
308,915,776
2.08827E+11
1.41167E+14
Server Password Cracking
Physical Access Password Cracking Brute Force Attacks
Try all possible character combinations Slow with long passwords length
Dictionary attacks Try common words (“password”, “ouch,”
etc.) There are only a few thousand of these Cracked very rapidly
Hybrid attacks Common word with single digit at end, etc.
Server Password Cracking
Password Policies Good passwords
At least 6 characters long
Change of case not at beginning
Digit (0 through 9) not at end
Other keyboard character not at end
Example: triV6#ial
Server Password Cracking
Password Policies
Testing and enforcing password policies Run password cracking program against own
servers
Caution: requires approval! SysAdmins have been fired for doing this without permission—and should be
Password duration policies: How often passwords must be changed
Server Password Cracking
Password Policies Password sharing policies: Generally,
forbid shared passwords Removes ability to learn who took actions;
loses accountability
Usually is not changed often or at all because of need to inform all sharers
Server Password Cracking
Password Policies Disabling passwords that are no longer
valid
As soon as an employee leaves the firm, etc.
As soon as contractors, consultants leave
In many firms, a large percentage of all accounts are for people no longer with the firm
Server Password Cracking
Password Policies Lost passwords
Password resets: Help desk gives new password for the account
Opportunities for social engineering attacks
Leave changed password on answering machine
Biometrics: voice print identification for requestor (but considerable false rejection rate)
Server Password Cracking
Password Policies Lost passwords
Automated password resets
Employee goes to website
Must answer a question, such as “In what city were you born?”
Problem of easily-guessed questions that can be answered with research
Server Password Cracking
Password Policies Encrypted (hashed) password files
Passwords not stored in readable form
Encrypted with DES or hashed with MD5
In UNIX, etc/passwd puts x in place of password
Encrypted or hashed passwords are stored in a different (shadow) file to which only high-level accounts have access
Server Password Cracking
Password Policies Windows passwords
Obsolete LAN manager passwords (7 characters maximum) should not be used
Windows NTLM passwords are better
Option (not default) to enforce strong passwords
Server Password Cracking
Shoulder Surfing Watch someone as they type their password
Keystroke Capture Software Professional versions of windows protect
RAM during password typing Consumer versions do not Trojan horse throws up a login screen later,
reports its finding to attackers
Server Password Cracking
Windows Client PC Software Consumer version login screen is not for
security Windows professional and server versions provide
good security with the login password BIOS passwords allow boot-up security
Can be disabled by removing the PC’s battery But during a battery removal, the attacker will be very
visible Screen savers with passwords allow away-from-
desk security after boot-up
Content :Content :
• Access and Authentication Technology
• Authentication methods: PPP, PAP, CHAP, EAP
• AAA, RADIUS, TACACS, TACACS, Kerberos
• Authentication Header (AH)
UNIT 4UNIT 4
• Virtual Private Networks (VPN): VPN Architectures
• Encapsulating Security Payload (ESP)
• Authentication On Wireless LANs
1. Authentication and authorization technologies (e.g., userID and password with PAP [Password Authentication
Protocol] and CHAP [Challenge Handshake Authentication Protocol], Kerberos, etc.)
2. Token cards3. PPP Extensible Authentication Protocol (EAP)
4. Microsoft Point-to-Point Encryption (MPPE)5. Key-management protocols, e.g., Internet Security
Association and Key Management Protocol (ISAKMP), Internet Key Exchange (IKE), etc.
6. Digital certificates7. Digital signatures
8. Message authentication codes (MACs)9. Wireless Encryption Technologies (e.g., WEP, 802.11i)
AUTHENTICATION METHODS
1.A number of other userID and password authentication technologies with improved security
have also been designed, primarily to be employed during a user log-in process.
2.A good example is Password Challenge Handshake Authentication Protocol (CHAP). In a network environment, because the log-in process first authenticates the user and then establishes a
session (a logical connection) for the user if the user is indeed authorized
AUTHENTICATION METHODS
PPP Authentication
No AuthenticationIs an Option
ClientServer
To establish communications over a point-to-point link, each end of the PPP link must first send link configuration packets to configure the data link during the Link
Establishment Phase. After the link has been established, PPP provides for an optional Authentication
Phase before proceeding to the Network-Layer Protocol Phase.The authentication protocols are intended for use by hosts and routers that connect to
a PPP network server via switched circuits, dial-up lines, or dedicated links.
PAP is a simple proprietary userID and password authentication protocol.
With PAP, the password is sent across the network to be compared against an encrypted password file on the
access server. If the password matches the associated userID, the connection is established.
Because the password can potentially be intercepted by a hacker, PAP is not considered to be secure.
PAP [Password Authentication Protocol]
PPP Authentication
PAP Authentication
Authentication-Request Messages(Send Until Response)
Authentication-Response MessageClientServer
Poor Security: Usernames and PasswordsAre Sent in the Clear
CHAP addresses the PAP deficiencies by having a server send a randomly generated “challenge” to the client along with the hostname.
The hostname is used by the client to look up the appropriate password, which is then combined with the challenge and encrypted using a one-way hashing
function to produce a result that is then sent to the server along with the client userID.
The server performs the same computation using the password and compares the result with the result that has been sent back by the client.
If there is a match, the connection will be established. Because the challenge is different in every session, a hacker cannot replay the sequence.
The specific method to be used can be negotiated by a client when connecting to an RAS.
CHAP allows different types of encryption algorithms to be used. Most commercial RASs support Data Encryption Standard (DES) and Message Digest
5 (MD5).
Password Challenge Handshake Authentication Protocol (CHAP)
MS-CHAP Challenge-Response Authentication Protocol
2.Verifier sends Challenge Message
Challenge
Applicant(Client)
Verifier(Server)
1.Verifier creates
Challenge Message
Note: Both the client and the serverknow the client’s password.
MS-CHAP Challenge-Response Authentication Protocol
3.
Applicant (Supplicant)creates a Response Message:
(a) Adds password toChallenge Message
(b) Hashes the resultant bitstring (does not encrypt)
(c) The hash is theResponse Message
ChallengePassword
Response
Hashing(Not Encryption)
MS-CHAP Challenge-Response Authentication Protocol
4.Applicant sends Response Message without encryption
Transmitted Response
MS-CHAP Challenge-Response Authentication Protocol
ChallengePassword
Expected Response
Hashing
5.
Verifier adds password to theChallenge Message it sent.
Hashes the combination.This is the expectedResponse Message.
MS-CHAP Challenge-Response Authentication Protocol
Expected ResponseTransmitted Response =?
6.If the two Response Messages are equal, the
applicant knows the password and is authenticated.Sever logs Client in.
7.Note that only hashing is involved.
There is no encryption.
PPP Authentication
CHAP Authentication
Challenge Message
Response MessageHash (Challenge Message + Secret) ClientServer
Server computes hash of challenge message plus secretIf equals the response message, authentication is successful
PPP Authentication
MS-CHAP Authentication
Challenge Message
Response MessageHash (Challenge Message + Password) ClientServer
CHAP, but with password as the secret.Widely used because allows password authentication
Standard on Microsoft Windows clientOnly as secure as password strength
EAP is a general protocol for PPP authentication that supports multiple authentication mechanisms. EAP does not select a specific authentication mechanism at Link
Control Phase, but rather postpones this until the Authentication Phase. This allows the authenticator to request more information before determining the specific authentication mechanism. This also permits the use of a back-end server that
actually implements the various mechanisms, whereas the PPP authenticator merely passes through the authentication exchange.
The following are the basic steps involved in the EAP authentication process:1) After the Link Establishment phase is complete, the authenticator sends one or more
Requests to authenticate the peer. The Request has a type field to indicate what is being requested. Examples of Request types include Identity, MD5-challenge, One-
Time Pass words, Generic Token Card, etc. The MD5-challenge type corresponds closely to the CHAP authentication protocol. Typically, the authenticator will send
an initial Identity Request followed by one or more Requests for authentication information. An initial Identity Request is not required, and may be bypassed in
cases where the identity is presumed (leased lines, dedicated dial-ups, etc.).2) The peer sends a Response packet in reply to each Request. As with the Request packet, the Response packet contains a type field that corresponds to the type field
of the Request.3) The authenticator ends the authentication phase with a Success or Failure packet.
PPP Extensible Authentication Protocol (EAP)
PPP Authentication
EAP Authentication
Authenticate
Defer authentication;Will provide more information ClientServer
EAP defers authentication to a later processSuch as RADIUS authentication
PPP Encryption
New PPP Header.Plaintext.
Original PPP Frame.Encrypted.
New PPP Trailer.Plaintext.
New PPP Header.Plaintext.
EAP headerNew PPP Trailer.
Plaintext.
CodeIdentifierLength
PPP with EAP Encryption
PPP on Direct Links and Internets
Connection over Direct Link
PPP Provides End-to-End Link
PPP Frame
Verifier(Server)
Applicant(Client)
PPP on Direct Links and Internets
Connection over Internet
PPP Frame inIP Packet
PPPLimitedto First
Data Link(Network)
Verifier(Server)
Applicant(Client)
RouterRouter
PPP on Direct Links and Internets
Note: Tunneling Places the PPP Frame in an IP
Packet, Which Delivers the Frame. To the Receiver, Appears to be a Direct
Link. Allows organization to continue using
existing PPP-based security such as encryption and authentication
Layer 2 Tunneling Protocol (L2TP)
InternalServer
L2TPRAS
DSL AccessMultiplexer(DSLAM)with L2TP
ClientRunning
PPP
Carrier Network
LocalNetwork
L2TP Tunnel DSL
Note: L2TP does not provide security. It provides only tunneling.L2TP recommends the use of IPsec for security.
Content :Content :
• Access and Authentication Technology
• Authentication methods: PPP, PAP, CHAP, EAP
• AAA, RADIUS, TACACS, TACACS, Kerberos
• Authentication Header (AH)
UNIT 4UNIT 4
• Virtual Private Networks (VPN): VPN Architectures
• Encapsulating Security Payload (ESP)
• Authentication On Wireless LANs
Point-to-Point Tunneling Protocol (PPP)
RADIUSServer
PPTPRAS
ISPPPTP
AccessConcentrator
CorporateSite A
IP Protocol 47 (GRE) Data Connection
TCP Port 1723SupervisoryConnection(Vulnerable)
InternetRemote
CorporatePC
LocalISP Access
(Not Secure)
RADIUS Server
Point-to-Point Tunneling Protocol (PPP)
RADIUSServer
PPTPRAS
CorporateSite A
IP Protocol 47 (GRE) Data Connection
TCP Port 1723SupervisoryConnection(Vulnerable)
InternetRemote
CorporatePC
Direct connection between PCAnd RADIUS Server
PPTP Encapsulation for Data Frames
Enhanced GeneralRouting
Encapsulation(GRE) Header;
Information AboutEncapsulated
Packet
New IP Header;Protocol=47;
IP DestinationAddress Is That ofRemote Access
Server
EncapsulatedOriginal
IP Packet
RADIUS for Dial-Up Remote Access
RADIUSServer
RAS 1
RAS 2
RemoteCorporate PC
RemoteCorporate PCPublic Switched
TelephoneNetwork
CorporateSite A
2. OK?
1. LoginUsername
And Password
Dial-UpConnection
Dial-UpConnection
RADIUS for Dial-Up Remote Access
RADIUSServer
RAS 1
RAS 2
RemoteCorporate PC
RemoteCorporate PCPublic Switched
TelephoneNetwork
CorporateSite A
3. OK 4. WelcomeDial-Up
Connection
Dial-UpConnection
Kerberos Authentication System
Applicant (A)
Kerberos ServerKey Distribution Center
(K)
Verifier (V)
Abbreviations:A = ApplicantV = VerifierK = Kerberos Server
Kerberos Authentication System
Applicant (A)
Kerberos ServerKey Distribution Center
(K)
Verifier (V)
1. Request forTicket-Granting
Ticket
2. Response:TGT*, Key nA**
*TGT (Ticket-GrantingTicket) is encrypted in away that only K can decrypt. Containsinformation that Kwill read later.
**Key nA (NetworkLogin Key for A) isencrypted with A’sMaster Key (Key mA).In future interactionswith K, A will use nAto limit the masterkey’s exposure.
Kerberos Ticket-Granting Service: Part 1
Applicant (A)
Kerberos ServerKey Distribution Center
(K)
Verifier (V)
1. Request Ticket for V; TGT;
Authenticator*encrypted with
Key nA
2. Response:Key AV** encrypted
with Key nA;Service Ticket
*Authenticator is A’sIP address, user name,and time stamp. Thisauthenticator is encryptedwith Key nA to prove thatA sent it.
**Key AV is a symmetric session key that A will usewith V.
Kerberos Ticket-Granting Service: Part 2
Applicant (A)
Kerberos ServerKey Distribution Center
(K)
Verifier (V)
*Authenticator (Auth) encrypted with Key AV.
**Service Ticket containsKey AV encrypted with theVerifier’s master key, Key mV.
3. Request for Connection:Auth*; Service Ticket**
4. V decrypts Service Ticket;Uses Key AV to test Auth
5. Ongoing Communication with Key AV
1.Kerberos uses a conventional symmetric cryptography, meaning the encryption and
decryption uses the same key for both processes. 2. It makes use of a third trusted party, which stores a
database of secret keys, and is called a Key Distribution Centre (KDC).
3. It consists of an Authentication Server (AS) and a Ticket Granting Server (TGS), to verify the identity
of the client. 4.There are 3 basic steps that are done in order to
authenticate using Kerberos
KERBEROS AUTHENTICATION ALGORITHM
Step 1: The client sends a request to the authenticating server (Kerberos).
The server then locates the client in the database and generates a session key (SK1) to start a session between the client and the
ticket-granting server. Using the client’s secret key, Kerberos will encrypt the SK1, after
which it will use the secret key generated by the TGS to create a ticket- granting ticket (TGT) and send it back to the client.
Step 2: The client decrypts the message sent by the authentication server and receives
the session key. It then uses it to create an authenticator which includes the user’s name, IP
address and timestamp, which disallows others to steal the information from the ticket and the authenticator for later use, and sends it to the TGS together with
the TGT it received. The TGS uses the SK1 inside the TGT to decrypt the authenticator and then
verifies the information it contains, including the ticket. If all are correct, the request is granted.
The TGS then creates a new session key (SK2) to start a session between the client and the target server. Using SK1, it encrypts this message, and sends it back to the client together with a new ticket containing the client’s name, IP address, timestamp and an expiration time (all of which encrypted with the
target server’s secret key), as well as the name of the server.
Step 3: The client decrypts the message sent by the TGS and receives the
second session key. It then creates a new authenticator encrypted with SK2 and sends it
to the target server, together with the session key encrypted using the target server’s secret key.
The target server decrypts and checks all of the information received. Applications that require 2-way authentication are returned a
message with time stamp plus 1, encrypted with SK2.
Finally, the client’s identity has been verified by the server, and now both are able to communicate
securely using a shared encryption key.
Cryptographic key is stored on the smart card, which is unlocked by the user using a special key pair.
In order to authenticate the user, he places his smart card into a special card reader attached to the system he is trying to log in to.
The key from the smart card is being read by the system. The system asks the user for his password to unlock the key.
After the user key in the password, the system performs a cryptographic key exchange with the central server for verification
of the key. The user is being authenticated when the key is verified.
Smart card authentication
1. The Sender Policy Framework (SPF) is an extension to the Simple Mail Transfer Protocol (SMTP).
2. It is an e-mail authentication method that prevents the forgery of the sender address residing in the return-path of an e-mail. Malicious spammers tend to disguise their
identity by making use of other e-mail addresses to send spam e-mails. In this way, these spammers could avoid being tracked down and get caught.
3. Secondly, they could avoid having their own mailbox filled with undelivered bounce e-mails. SPF helps to reduce such incidences of email address and domain spoofing by ensuring that e-mail receivers only receive e-mails from senders that
use a legitimate server of a particular domain.
Sender Policy Framework (SPF)
Content :Content :
• Access and Authentication Technology
• Authentication methods: PPP, PAP, CHAP, EAP
• AAA, RADIUS, TACACS, TACACS, Kerberos
• Authentication Header (AH)
UNIT 4UNIT 4
• Virtual Private Networks (VPN): VPN Architectures
• Encapsulating Security Payload (ESP)
• Authentication On Wireless LANs
General users in an enterprise should be grouped at a minimum into the following three privilege levels:
1. Employees as users with general access privileges for free access around the network to default network and systems
resources2. Partners as users with lower access privileges for access to some limited, predetermined network and systems resources
3. Outside users with authority to access very limited systems resources (probably only some pieces of data or
applications) through some proxy servers.4. Additional special privilege levels are likely needed, e.g.,
for administrators as users with higher access privileges, which are required to gain access to and to administer
network and systems components like servers, routers, etc.
Levels of Access Privilege
Because IP is by definition a connectionless transport technology utilizing datagram exchanges over the
network, special facilities are needed to ensure user authentication for each of the IP packets transmitted and
received. Two IP authentication mechanisms:
1. Authentication Header AH: which provides integrity and authentication without confidentiality.
2. Encapsulating Security Payload ESP: which always provides confidentiality and optionally also provides
integrity and authentication. Both AH and ESP use an authentication algorithm to
generate authentication information known as the Integrity Check Value (ICV), which is placed in the authentication
data field in the corresponding header.
IP-AUTHENTICATION MECHANISMS
AH defines an Authentication Header that contains the authentication information for the particular IP datagram and is
used to provide connectionless data integrity and source identity authentication for IP datagrams and protection against replays.
This latter, optional service may be selected by the receiver when a Security Association is established. (Although the default calls for the sender to increment the Sequence Number used for anti-replay,
the service is effective only if the receiver checks the Sequence Number.)
AH provides authentication for as much of the IP header as possible, as well as for upper-level protocol data.
However, some IP header fields may change in transit, and the value of these fields, when the packet arrives at the receiver, may
not be predictable by the sender. The values of such fields cannot be protected by AH.
Thus, the protection provided to the IP header by AH is somewhat piecemeal.
Authentication Header AH
1. AH may be applied alone, in combination with ESP, or in a nested fashion through the use of a tunnel mode.
2. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or
between a security gateway and a host.3. ESP may be used to provide similar security services as AH, and it
also provides an added confidentiality (encryption) service. 4. The primary difference between the authentication capabilities provided by ESP and AH is the extent of the coverage offered by
each. Specifically, ESP does not protect any IP header fields unless those with certain authenticating encryption algorithms. Adding the
AH header to an IP datagram prior to encapsulating the datagram using ESP might be desirable for users wishing to have strong
integrity, authentication, and confidentiality, and perhaps also for users who require strong non-repudiation.
5. When the two mechanisms are combined, the placement of the IP AH makes clear which part of the data is being authenticated.
Authentication Header AH
AH Header Format: The IP protocol header (IPv4, IPv6, or Extension) immediately
preceding AH will contain the value 51 in its Protocol (IPv4) or Next Header (IPv6, Extension) field, where:
Authentication Header AH
AUTHENTICATION METHODS
Content :Content :
• Access and Authentication Technology
• Authentication methods: PPP, PAP, CHAP, EAP
• AAA, RADIUS, TACACS, TACACS, Kerberos
• Authentication Header (AH)
UNIT 4UNIT 4
• Virtual Private Networks (VPN): VPN Architectures
• Encapsulating Security Payload (ESP)
• Authentication On Wireless LANs
IPsec ESP and AH Protection
IPHeader
ESPHeader
ProtectedESP
Trailer
IPHeader
AuthenticationHeader
Protected
Confidentiality
Authentication and Message Integrity
Authentication and Message IntegrityNo Confidentiality
Protocol = 50
Protocol = 51
EncapsulatingSecurityPayload
AuthenticationHeader
Modes and Protections
ESPConfidentialityAuthenticationIntegrity
AHAuthenticationIntegrity
Transport Mode(End-to-End)
Possible Possible
Tunnel Mode(IPsec Gateway to Gateway)
Possible Possible
Digital Signature for Message-by-Message Authentication
To Create the Digital Signature:
1. Hash the plaintext to create abrief message digest; this is NOT the Digital Signature.
2. Sign (encrypt) the messagedigest with the sender’s private
key to create the digital signature.
3. Transmit the plaintext + digitalsignature, encrypted withsymmetric key encryption.
Plaintext
MD
DS
DS Plaintext
Hash
Sign (Encrypt)with Sender’sPrivate Key
Digital Signature for Message-by-Message Authentication
4. Encrypted withSession Key
DS Plaintext
Sender Receiver
Digital Signature for Message-by-Message Authentication
To Test the Digital Signature
5. Hash the received plaintextwith the same hashing algorithm
the sender used. This givesthe message digest.
6. Decrypt the digital signaturewith the sender’s public key.
This also should give themessage digest.
7. If the two match, themessage is authenticated.
Received Plaintext
MD
DS
MD
5. 6.
HashDecrypt withTrue Party’sPublic Key
7.Are they equal?
Public Key Deception
Impostor
“I am the True Person.”
“Here is TP’s public key.”(Sends Impostor’s public key)
“Here is authenticationbased on TP’s private key.”(Really Impostor’s private key)
Decryption of message from Verifierencrypted with Imposter’s public key,so Impostor can decrypt it
Verifier
Must authenticate True Person.
Believes now hasTP’s public key
Believes True Personis authenticated
based on Impostor’s public key
“True Person,here is a message encrypted
with your public key.”
CriticalDeception
Important X.509 Digital Certificate Fields
Field Description
VersionNumber
Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard.
Issuer Name of the Certificate Authority (CA).
SerialNumber
Unique serial number for the certificate, set by the CA.
Important X.509 Digital Certificate Fields
Field Description
Subject The name of the person, organization, computer, or program to which the certificate has been issued. This is the true party.
Public KeyThe public key of the subject—the public key of the true party.
Public KeyAlgorithm
The algorithm the subject uses to sign messages with digital signatures.
Important X.509 Digital Certificate Fields
Field Description
ValidPeriod
The period before which and after which the certificate should not be used.Note: Certificate may be revoked before the end of this period.
DigitalSignature
The digital signature of the certificate, signed by the CA with the CA’s own private key.Provides authentication and certificate integrity.User must know the CA’s public key independently.
Important X.509 Digital Certificate Fields
Field Description
SignatureAlgorithmIdentifier
The digital signature algorithm the CA uses to signits certificates.
Digital Signature and Digital Certificate in Authentication
Digital Certificate
Authentication
Public Key ofTrue Party
Signature to BeTested with
Public Key ofTrue Party
Digital Signature
Public Key Infrastructure (PKI) with a Certificate Authority
Create &Distribute
(1) Private Keyand
(2) Digital Certificate
4.Certificate
for Lee
3.Request Certificate
for Lee
5.Certificate
for Lee
6. Request CertificateRevocation List (CRL)
7. Copy of CRL
Verifier(Brown)
Applicant (Lee)
Verifier(Cheng)
CertificateAuthority
PKI Server
Goals of PKI:• Authenticate the user/system at the sending end of
a transaction• Authenticate the user/system at the receiving end of
a transaction• Non-repudiation
PKI components:• Certification Authority (CA) • Registration Authority (RA) • Certificate Repository• Certificate Archive
Public Key Infrastructure (PKI):
Certification Authority (CA): The CA acts like a trusted third-party which is made up of hardware, software and the
people operating it. It is in charge of issuing, managing, authenticating, signing and revoking of digital certificates.
Digital certificates are like evidence that shows the binding between an entity and its public key. Every CA is identified
by its name and public key. Therefore, certificates are signed by the CA using its name and encrypted with its
private key to prove their authenticity. Verification of the certificates is done by decrypting with the CA’s public key;
therefore, the CA must adequately protect its private key.Registration Authority (RA): Not everyone is entitled to
possess a digital certificate. The RA is set up to assist the CA in verifying an entity’s identity and determines if it is
eligible to have a public key certificate issued.
Certificate Repository: This is a database that stores all the active digital certificates managed by the CA. The
repository is publicly readable, but the CA is the only authorized entity that can modify or update it. The certificate repository also consists of a Certificate
Revocation List (CRL) which is issued, time-stamped and signed by the CA. A CRL contains unique information about revoked certificates to enable relying entities to
determine a particular certificate’s validity.
Certificate Archive: It contains old certificates that were issued by the CA and valid at that point in time.
Therefore, if there are any verification disputes on signatures of old documents, archived certificates can be
retrieved to prove the authenticity of these documents.
Authentication using Public Key Infrastructure (PKI): In order for authentication to take place, there must be some sort of
cryptography system to be put in place. PKI supports the authentication of users and systems by making use of public key
cryptography, which is the cryptography system that PKI is based on.
Implementation of PKI
Cross Certification of PKIs
Digital Signature for Message-by-Message Authentication
To Create the Digital Signature:
1. Hash the plaintext to create abrief message digest; this is NOT the Digital Signature.
2. Sign (encrypt) the messagedigest with the sender’s private
key to create the digital signature.
3. Transmit the plaintext + digitalsignature, encrypted withsymmetric key encryption.
Plaintext
MD
DS
DS Plaintext
Hash
Sign (Encrypt)with Sender’sPrivate Key
Digital Signature for Message-by-Message Authentication
4. Encrypted withSession Key
DS Plaintext
Sender Receiver
Digital Signature for Message-by-Message Authentication
To Test the Digital Signature
5. Hash the received plaintextwith the same hashing algorithm
the sender used. This givesthe message digest.
6. Decrypt the digital signaturewith the sender’s public key.
This also should give themessage digest.
7. If the two match, themessage is authenticated.
Received Plaintext
MD
DS
MD
5. 6.
HashDecrypt withTrue Party’sPublic Key
7.Are they equal?
Public Key Deception
Impostor
“I am the True Person.”
“Here is TP’s public key.”(Sends Impostor’s public key)
“Here is authenticationbased on TP’s private key.”(Really Impostor’s private key)
Decryption of message from Verifierencrypted with Imposter’s public key,so Impostor can decrypt it
Verifier
Must authenticate True Person.
Believes now hasTP’s public key
Believes True Personis authenticated
based on Impostor’s public key
“True Person,here is a message encrypted
with your public key.”
CriticalDeception
Important X.509 Digital Certificate Fields
Field Description
VersionNumber
Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard.
Issuer Name of the Certificate Authority (CA).
SerialNumber
Unique serial number for the certificate, set by the CA.
Important X.509 Digital Certificate Fields
Field Description
Subject The name of the person, organization, computer, or program to which the certificate has been issued. This is the true party.
Public KeyThe public key of the subject—the public key of the true party.
Public KeyAlgorithm
The algorithm the subject uses to sign messages with digital signatures.
Important X.509 Digital Certificate Fields
Field Description
ValidPeriod
The period before which and after which the certificate should not be used.Note: Certificate may be revoked before the end of this period.
DigitalSignature
The digital signature of the certificate, signed by the CA with the CA’s own private key.Provides authentication and certificate integrity.User must know the CA’s public key independently.
Important X.509 Digital Certificate Fields
Field Description
SignatureAlgorithmIdentifier
The digital signature algorithm the CA uses to signits certificates.
Digital Signature and Digital Certificate in Authentication
Digital Certificate
Authentication
Public Key ofTrue Party
Signature to BeTested with
Public Key ofTrue Party
Digital Signature
Public Key Infrastructure (PKI) with a Certificate Authority
Create &Distribute
(1) Private Keyand
(2) Digital Certificate
4.Certificate
for Lee
3.Request Certificate
for Lee
5.Certificate
for Lee
6. Request CertificateRevocation List (CRL)
7. Copy of CRL
Verifier(Brown)
Applicant (Lee)
Verifier(Cheng)
CertificateAuthority
PKI Server
Goals of PKI:• Authenticate the user/system at the sending end of
a transaction• Authenticate the user/system at the receiving end of
a transaction• Non-repudiation
PKI components:• Certification Authority (CA) • Registration Authority (RA) • Certificate Repository• Certificate Archive
Public Key Infrastructure (PKI):
Certification Authority (CA): The CA acts like a trusted third-party which is made up of hardware, software and the
people operating it. It is in charge of issuing, managing, authenticating, signing and revoking of digital certificates.
Digital certificates are like evidence that shows the binding between an entity and its public key. Every CA is identified
by its name and public key. Therefore, certificates are signed by the CA using its name and encrypted with its
private key to prove their authenticity. Verification of the certificates is done by decrypting with the CA’s public key;
therefore, the CA must adequately protect its private key.Registration Authority (RA): Not everyone is entitled to
possess a digital certificate. The RA is set up to assist the CA in verifying an entity’s identity and determines if it is
eligible to have a public key certificate issued.
Certificate Repository: This is a database that stores all the active digital certificates managed by the CA. The
repository is publicly readable, but the CA is the only authorized entity that can modify or update it. The certificate repository also consists of a Certificate
Revocation List (CRL) which is issued, time-stamped and signed by the CA. A CRL contains unique information about revoked certificates to enable relying entities to
determine a particular certificate’s validity.
Certificate Archive: It contains old certificates that were issued by the CA and valid at that point in time.
Therefore, if there are any verification disputes on signatures of old documents, archived certificates can be
retrieved to prove the authenticity of these documents.
Authentication using Public Key Infrastructure (PKI): In order for authentication to take place, there must be some sort of
cryptography system to be put in place. PKI supports the authentication of users and systems by making use of public key
cryptography, which is the cryptography system that PKI is based on.
Implementation of PKI
Cross Certification of PKIs
Content :Content :
• Access and Authentication Technology
• Authentication methods: PPP, PAP, CHAP, EAP
• AAA, RADIUS, TACACS, TACACS, Kerberos
• Authentication Header (AH)
UNIT 4UNIT 4
• Virtual Private Networks (VPN): VPN Architectures
• Encapsulating Security Payload (ESP)
• Authentication On Wireless LANs
VPN
VPN is used to provide secure network links across networks
VPN is constructed on top of existing network media and protocols
On protocol level IPsec is the first choice Other protocols are PPTP, L2TP
VPN
VPN? What’s that?
A VPN is a service that simulates a PRIVATE link over a PUBLIC network (usually a SP).
BranchOfficeSofia
Private Line (leased) BranchOffice
New York
Ideally:
VPN? What’s that?
BranchOfficeSofia
BranchOffice
New York
Internet/IP backbone
Confidentiality neededIPsec comes into the
play
Internet
CorporateNetwork
Encrypted IPEncrypted IP
Access VPN: Client Initiated
Encrypted tunnel from the remote clientto the corporate network
Independent of broadband access technology Standards compliant
IPSec encapsulated tunnel IKE key management
MainOffice
RemoteOffice
RemoteOffice
Service Provider
POP
POP
POPInternet/IP VPNs
VPN Types: Intranet VPN
Extends the connectionlessIP model across a shared WAN
Reduces application development time Reduces support costsReduces line costs
Service Provider
Business Partner
SupplierCustomer
Main Office
POPPOP
POPPOP
POPPOP
Remote Office
Remote Office
VPN Types: Extranet VPN
Extend connectivity to suppliers, customers, and business partners Over a shared infrastructure Using dedicated connections While ensuring proper level of authorized access
Internet/IP VPNs
Requirements for a VPN:
BranchOfficeSofia
BranchOffice
New York
Internet/IP backbone
1.Identify and authenticate the other party(AUTHENTICATION)
2.Un-authorized person should not be able to intercept, record or extract data(CONFIDENTIALITY)
3.Data should not be altered (any changeshould be detectable)
(DATA INTEGRITY)
4.Protection against replay attacks(SEQUENCING)
5.From a user point of view IPsec packets areregular IP packets (SA,DA,“precedence” bits, etc)(TRANSPARENCY)
VPN Issues
Virtual Private Network (VPN) Transmission over the IP Net with added security Some analysts include transmission over a PSDN
with added security
Why VPNs PSDNs are not interconnected IP Net reaches almost all sites Low transmission cost per bit transmitted
Virtual Private Network (VPN)Site-To-Site
VPNServer
ProtectedServer
VPNServer
ProtectedServer
CorporateSite A
CorporateSite B
WAN e.g. IP
Net
RemoteCustomer orSupplier PC
RemoteCorporate PC
RemoteAccess
VPN
RemoteAccess
VPN
Site-to-SiteVPN
Site-to-Site VPNs and Extranets Site-to-site networks link sites within a single
company Often part of an intranet—use of TCP/IP transmission
and applications internally TCP/IP transmission is low in cost TCP/IP applications are good, standardized, and
inexpensive
Extranet: communication with customers and suppliers with security over the IP Net
Server
Host-to-Host VPN
Hosts can communicateDirectly with each other
Client-ServerClient-Client
WAN e.g. IP
Net
Virtual Private Network (VPN)Host-To-Host
Encrypted Communication and FirewallsOptimum Place for VPN Gateway
BorderRouter
BorderRouter
Firewall
Firewall
VPNGateway
VPNGateway
InternalHost
InternalHost
Firewallcan not
readencryptedpackets.
Merelypasses them
through tothe VPNGateway
Firewallcan readdecryptedpackets
But open toattack becausenot defended
by firewall
Enterprise VPN Applications
ISP BackboneCorporate
Remote Office
HomeOffice
MobileWorker
Remote Office
VPN connections allow users working at home or on the road to connect in a secure fashion to a remote corporate server using the routing infrastructure provided by a public IP Network (such as the IP Net).
From the user’s perspective, the VPN connection is a point-to-point connection between the user’s computer and a corporate server. The nature of the intermediate IP Network is irrelevant to the user because it appears as if the data is being sent over a dedicated private link.
Common Uses of VPNs
VPN configurations: Remote Access Over the IP Net Connecting Networks Over the IP Net Connecting Computers over an Intranet
Virtual Private Networks (VPNs)
Remote Access Over the IP Net
VPNs provide remote access (nationally or internationally) to corporate resources over the public IP Net, while maintaining privacy of information.
Figure shows a VPN connection used to connect a remote user to a corporate intranet.
Rather than making a long distance call to a corporate or outsourced network access server (NAS), the user calls a local ISP.
Using the connection to the local ISP, the VPN software creates a VPN between the dial-up user and the corporate VPN server across the IP Net.
Connecting Networks Over the IP Net There are 2 methods for using VPNs to connect LAN at remote sites: Using dedicated lines to connect a branch office to a corporate LAN.
Rather than using an expensive long-haul dedicated circuit between the branch office and the corporate hub, both the branch office and the corporate hub routers can use a local dedicated circuit and local ISP to connect to the IP Net.
The VPN software uses the local ISP connections and the IP Net to create a VPN between the branch office router and corporate hub router.
Using a dial-up line to connect a branch office to a corporate LAN:
Rather than having a router at the branch office make a long distance call to a corporate or outsourced NAS, the router at the branch office can call the local ISP.
The VPN software uses the connection to the local ISP to create a VPN between the branch office router and the corporate hub router across the IP Net.
In both cases, the facilities that connect the branch office and corporate offices to the IP Net are local.The corporate hub router that acts as a VPN server must be connected to a local ISP with a dedicated line. This VPN server must be listening 24 hours a day for incoming VPN traffic.
Figure 3: Using a VPN connection to connect two remote sites
Connecting Computers over an Intranet
In some corporate IP Networks, the departmental data is so sensitive that the department’s LAN is physically disconnected from the rest of the corporate IP Network.
Although this protects the department’s confidential information, it creates information accessibility problems for those users not physically connected to the separate LAN.
Using a VPN connection to connect to a secured or hidden network
Connecting Computers over an Intranet
The solution must allow roaming of remote clients to connect to LAN resources, and the solution must allow remote offices to connect to each other to share resources and information (router-to-router connections).
In addition, the solution must ensure the privacy and integrity of data as it traverses the IP Net.
The same concerns apply in the case of sensitive data traversing a corporate IP Network.
Therefore, a VPN solution should provide at least all of the following:
1- User Authentication: The solution must verify the VPN client’s identity and restrict VPN access to authorized users only. It must also provide audit and accounting records to show who accessed what information and when.
2- Address Management: The solution must assign a VPN client’s address on the intranet and ensure that private addresses are kept private.
3- Data Encryption: Data carried on the public network must be rendered unreadable to unauthorized clients on the network.
4- Key Management: The solution must generate and refresh encryption keys for the client and the server.
5- Multi Protocol Support: The solution must handle common protocols used in the public network. These include IP, IP Network Packet Exchange (IPX), and so on.
An IP Net VPN solution based on the Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP) meets all of these basic requirements and takes advantage of the broad availability of the IP Net.
Other solutions, including IP Net Protocol Security (IPSec), meet only some of these requirements, but remain useful for specific situations.
Advantages of VPNs Cost Savings: VPNs enable organizations to utilize cost-effective
third-party IP Net transport to connect remote offices and remote users to the main corporate site, thus eliminating expensive
dedicated WAN links and modem banks. Furthermore, the advent of cost-effective, high-bandwidth technologies like DSL,
organizations can use VPNs to reduce their connectivity costs while simultaneously increasing remote connection bandwidth.
Security: VPNs provide the highest level of security using advanced encryption and authentication protocols that protect data
from unauthorized access. Scalability: VPNs enable corporations to utilize easy to provision
IP Net infrastructure within ISPs and devices that allow for the easy addition of new users. Therefore, corporations are able to add
large amounts of capacity without adding significant infrastructure. Compatibility with Broadband Technology: VPNs allow mobile
workers, telecommuters and day extenders to take advantage of high-speed, broadband connectivity, such as DSL and Cable, when
gaining access to their corporate networks, providing workers significant flexibility and efficiency. Furthermore, high-speed
broadband connections provide a cost-effective solution for connection remote offices.
There are four concerns with VPN solutions:
1. VPNs require an in-depth understanding of public network security issues and taking proper precautions in VPN deployment.
2. The availability and performance of an organization's wide-area VPN (over the IP Net in particular) depends on factors largely outside of their control.
3. VPN technologies from different vendors may not work well together due to commercial or specific standards.
4. VPNs need to accomodate protocols other than IP and existing ("legacy") internal network technology.
Disadvantages of VPNs
Content :Content :
• Access and Authentication Technology
• Authentication methods: PPP, PAP, CHAP, EAP
• AAA, RADIUS, TACACS, TACACS, Kerberos
• Authentication Header (AH)
UNIT 4UNIT 4
• Virtual Private Networks (VPN): VPN Architectures
• Encapsulating Security Payload (ESP)
• Authentication On Wireless LANs
802.11 Wireless LAN Security
802.11 Wireless LAN (WLAN) Security
802.11 Wireless LAN Family of Standards
Basic Operation Main wired network for servers (usually
802.3 Ethernet) Wireless stations with wireless NICs Access points Access points are bridges that link
802.11 LANs to 802.3 Ethernet LANs
802.11 FrameContaining Packet
802.11 Wireless LAN
NotebookWith PC CardWireless NIC
EthernetSwitch
AccessPoint
Server
802.3 FrameContaining Packet
(2)
(3)
Client PC
(1)
802.11 Wireless LAN
NotebookWith PC CardWireless NIC
EthernetSwitch
AccessPoint
Server
802.11 FrameContaining Packet
802.3 FrameContaining Packet
(2)
(1)
Client PC
(3)
802.11 Wireless LAN (WLAN) Security
Basic Operation
Propagation distance: farther for attackers than users
Attackers can have powerful antennas and amplifiers
Attackers can benefit even if they can only read some messages
Don’t be lulled into complacency by internal experiences with useable distances
802.11 Wireless LAN Standards
StandardRated Speed
(a)UnlicensedRadio Band
EffectiveDistance (b)
802.11b 11 Mbps 2.4 GHz ~30-50 meters
802.11a 54 Mbps 5 GHz ~10-30 meters
802.11g 54 Mbps 2.4 GHz ?
Notes: (a) Actual speeds are much lower and decline with distance. (b) These are distances for good communication; attackers can read some signals and send attack frames from longer distances.
802.11 Wireless LAN (WLAN) Security
Apparent 802.11 Security Spread spectrum transmission does not
provide security Signal is spread over a broad range of
frequencies
Methods used by military are hard to detect
802.11 spread spectrum methods are easy to detect so devices can find each other
Used in 802.11 to prevent frequency-dependent propagation problems rather than for security
802.11 Wireless LAN (WLAN) Security
Apparent 802.11 Security SSIDs
Mobile devices must know the access point’s service set identifier (SSID) to talk to the access point
Usually broadcast frequently by the access point for ease of discovery, so offers no security.
Sent in the clear in messages sent between stations and access points
802.11 Wireless LAN (WLAN) Security
Wired Equivalent Privacy (WEP) Biggest security problem: Not enabled
by default 40-bit encryption keys are too small
Nonstandard 128-bit (really 104-bit) keys are reasonable interoperable
802.11 Wireless LAN (WLAN) Security
Wired Equivalent Privacy (WEP) Shared passwords
Access points and all stations use the same password
Difficult to change, so rarely changed People tend to share shared passwords too
widely
Flawed security algorithms Algorithms were selected by cryptographic
amateurs
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11i Authentication server User data server Individual keys give out at access point
802.1x Authentication for 802.11i WLANs
AccessPoint
Applicant(Lee)
1.Authentication
Data
2.Pass on Request to
RADIUS Server
3.Get User Lee’s Data(Optional; RADIUSServer May Store
This Data)
4. AcceptApplicant Key=XYZ
5. OKUse
Key XYZ
DirectoryServer orKerberos
Server
RADIUS Server
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11 Control access when the user
connects to the network At a wired RJ-45 jack At a wireless access point
802.1x is a general approach to port authentication
802.11i is the implementation of 802.1x on 802.11 wireless LANs
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11 Extensible Authentication Protocol (EAP)
Supports multiple forms of authentication EAP-TLS EAP-TTLS PEAP
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11 Extensible Authentication Protocol (EAP)
Authentication mechanisms Passwords
Simple and inexpensive to implement Low security
Digital Certificate Complex and expensive to install digital
certificates on many devices Very strong authentication
802.11 Wireless LAN (WLAN) Security
Client Authentication
Access Point Authentication
Comment
EAP-TLS Digital Certificate orNothing at all
Digital Certificate
Expensive client authentication or none
EAP-TTLS Password or other authentication method
Digital Certificate
Fits reality that many users have passwords
PEAP (Protected EAP)
Password or other authentication method
Digital Certificate
Strong. Supported by Microsoft, Cisco, and RSA
802.11 Wireless LAN (WLAN) Security
TLS The default for 802.11i security but choice of
either digital certificates for clients or no client authentication is undesirable
PEAP and TTLS Very similar in terms of the authentication
methods they support PEAP is supported by Microsoft, Cisco, and
RSA TTLS is supported by a consortium of other
vendors
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11i
After authentication, the client must be given a key for confidentiality
Temporal Key Integrity Protocol (TKIP) is used in 802.11i and 802.1x
Key changed every 10,000 frames to foil data collection for key guessing
This is an Advanced Encryption Standard (AES) key
Wi-Fi and WPA
Wi-Fi Alliance Industry group that certifies 802.11
systems Created the Wi-Fi Protected Access
(WPA) system in 2002 WPA is basically 802.11i
But does not use AES keys Many installed wireless products can be
upgraded to WPA Stop-gap measure before 802.11i
802.11i Today
802.11i standard was released in July 2004 But products started appearing in 2003
What must firms do? Throw out WEP-only products
In security, legacy technologies are not acceptable
Decide if it can have WPA and 802.11i products co-exist
802.11 Wireless LAN (WLAN) Security
Virtual Private Networks (VPNs) Add security on top of network
technology to compensate for WLAN weaknesses
Discussed in Chapter 8
WLAN, etc.
VPN
The Situation Today in Wireless Security
Wireless security is poor in most installations today
The situation is improving, and technology will soon be good
But old installations are likely to remain weak links in corporate security
Content :Content :
• Access and Authentication Technology
• Authentication methods: PPP, PAP, CHAP, EAP
• AAA, RADIUS, TACACS, TACACS, Kerberos
• Authentication Header (AH)
UNIT 4UNIT 4
• Virtual Private Networks (VPN): VPN Architectures
• Encapsulating Security Payload (ESP)
• USERID AND PASSWORD AUTHENTICATION
Access Controls Types
Discretionary Access Control Mandatory Access Control Role-Based Access Control
Discretionary AC
Name AccessTom YesJohn NoCindy Yes
ApplicationAccess List
Restricts access to objects based solely on the identity of users who are trying to access them.
Individuals Resources
Server 1
Server 3
Server 2
Legacy Apps
Mandatory AC MAC mechanisms assign a security level to
all information, assign a security clearance to each user, and ensure that all users only have access to that data for which they have a clearance.
Better security than DAC
Principle: Read Down Access equal or less Clearance Write Up Access equal or higher Clearance
Mandatory AC (cont)
Individuals Resources
Server 1“Top Secret”
Server 3“Classified”
Server 2“Secret”
Legacy Apps
Role-Based AC A user has access to an object based on the
assigned role. Roles are defined based on job functions.
Permissions are defined based on job authority and responsibilities within a job function.
Operations on an object are invocated based on the permissions.
The object is concerned with the user’s role and not the user.
“Ideally, the [RBAC] system is clearly defined and agile, making the addition of new applications, roles, and employees as efficient as
possible”
Role-Based AC
Individuals Roles Resources
Role 1
Role 2
Role 3
Server 1
Server 3
Server 2
User’s change frequently, Roles don’t
Privilege
Roles are engineered based on the principle of least privileged .
A role contains the minimum amount of permissions to instantiate an object.
A user is assigned to a role that allows him or her to perform only what’s required for that role.
No single role is given more permission than the same role for another user.
Role-Based AC Framework
Core Components Constraining Components
Hierarchical RBAC General Limited
Separation of Duty Relations Static Dynamic
Core Components
Defines: USERS ROLES OPERATIONS (ops) OBJECTS (obs) User Assignments (ua)
assigned_users
Core Components (cont)
Permissions (prms) Assigned Permissions Object Permissions Operation Permissions
Sessions User Sessions Available Session Permissions Session Roles
Constraint Components
Role Hierarchies (rh) General Limited
Separation of Duties Static Dynamic
RBAC Transition
Models Hierarchies Constraints
RBAC0No No
RBAC1Yes No
RBAC2No Yes
RBAC3Yes Yes
Most Complex
Least PrivilegedSeparation of
Duties
RBAC Model
Effort
RBAC3
RBAC System and Administrative Functional Specification
Administrative Operations Create, Delete, Maintain elements and relations
Administrative Reviews Query operations
System Level Functions Creation of user sessions Role activation/deactivation Constraint enforcement Access Decision Calculation
USERS
Process
Process
Person
Intelligent Agent
ROLES
DeveloperBudgetManager
Help Desk Representative
An organizational job function with a clear definition of inherent responsibility and authority (permissions).
Director
MTM relation betweenUSERS & PRMS
OPS (operations)
An execution of an a program specific function that’s invocated by a user.
•Database – Update Insert Append Delete •Locks – Open Close•Reports – Create View Print•Applications - Read Write Execute
SQL
OBS (objects)
An entity that contains or receives information, or has exhaustible system resources.
•OS Files or Directories•DB Columns, Rows, Tables, or Views•Printer•Disk Space•Lock Mechanisms
RBAC will deal with all the objects listed in the permissions assigned to roles.
UA (user assignment)
A user can be assigned to one or more roles
Developer
USERS set ROLES set
Help Desk Rep
A role can be assignedto one or more users
UA (user assignment)
Mapping of role r onto a set of users
User.DB1•View•Update•Append
USERS setROLES set
User.DB1
User.DB1
permissions object
User.F1User.F2User.F3
PRMS (permissions)
The set of permissions that each grant the approval to perform an operation on a protected object.
User.DB1•View•Update•Append
permissions object
User.F1•Read•Write•Execute
permissions object
PA (prms assignment)
A prms can be assigned to one or more roles
Admin.DB1
PRMS set ROLES set
A role can be assignedto one or more prms
User.DB1
ViewUpdateAppend
CreateDeleteDrop
PA (prms assignment)
SUSERSxROLEUA
PRMS setROLES set
User.F1User.F2User.F3Admin.DB1
Mapping of role r onto a set of permissions
•Read•Write•Execute
•View •Update•Append•Create•Drop
SQL
PA (prms assignment)
SUSERSxROLEUA
PRMS setOPS set
Mapping of operations to permissions
public int read(byteBuffer dst) throws IOException
Inherited methods from java.nio.channlsclose()isOpen()
READ
Gives the set of ops associated with the permission
PA (prms assignment)
Mapping of permissions to objects
PRMS set
•Open•Close
•View •Update•Append•Create•Drop
SQL
DB1.table1
Objects
BLD1.door2Gives the set of objects associated with the prms
SESSIONS
The set of sessions that each user invokes.
USER
guest
user
admin
invokes SQL
DB1.table1
FIN1.report1
APP1.desktop
SESSION
SESSIONS
)),(_(|{)(_
2):(_
UArsuserssessionROLESrsrolessession
SESSIONSsrolessession
ii
ROLES
The mapping of user u onto a set of sessions.
USERS
guest
user
admin
invokes SQL
User2.DB1.table1.session
User2.FIN1.report1.session
User2.APP1.desktop.session
SESSION
USER2
USER1
SESSIONS
The mapping of session s onto a set of roles
SESSION ROLES
•Admin•User•Guest
SQL
DB1.table1.session
SESSIONS
Permissions available to a user in a session.
DB1.ADMIN
•View •Update•Append•Create•Drop
SQL
DB1.table1.session
PRMSROLE SESSION
authorized users
Mapping of a role onto a set of users in the presence of a role hierarchy
}),(|{)(_ UAruUSERSuruserassigned
User.DB1•View•Update•Append
First Tier USERS setROLES set
User.DB1
User.DB1
permissions object
Admin.DB1User.DB2User.DB3
authorized permissions
Mapping of a role onto a set of permissions in the presence of a role hierarchy
PRMS setROLES set
User.DB1User.DB2User.DB3Admin.DB1
•View•Update•Append
•Create•Drop
SQL
Separation of Duties
Enforces conflict of interest policies employed to prevent users from exceeding a reasonable level of authority for their position.
Ensures that failures of omission or commission within an organization can be caused only as a result of collusion among individuals.
Two Types: Static Separation of Duties (SSD) Dynamic Separation of Duties (DSD)
SSD
SSD places restrictions on the set of roles and in particular on their ability to form UA relations.
No user is assigned to n or more roles from the same role set, where n or more roles conflict with each other.
A user may be in one role, but not in another—mutually exclusive.
Prevents a person from submitting and approving their own request.
SSD in Presence of RH
A constraint on the authorized users of the roles that have an SSD relation.
Based on the authorized users rather than assigned users.
Ensures that inheritance does not undermine SSD policies.
Reduce the number of potential permissions that can be made available to a user by placing constraints on the users that can be assigned to a set of roles.
DSD
Places constraints on the users that can be assigned to a set of roles, thereby reducing the number of potential prms that can be made available to a user.
Constraints are across or within a user’s session. No user may activate n or more roles from the roles set in
each user session. Timely Revocation of Trust ensures that prms do not
persist beyond the time that they are required for performance of duty.
DSD (cont)
Supervisor
Roles
inherits
Cashier
CashierCorrect Error
Supervisor
Closes Cashier Role sessionClose Cash Drawer
Opens Supv Role sessionOpen Cash Drawer
Accounting Error
ReduceCOI
Topics Covered
Policy-Driven Access Control Identify resources Create an access policy for each Let the policy drive implementation and
testing
Topics Covered
Password-Based Access Control
Reusable passwords are inexpensive because built into servers
Usually weak because people often pick cracked passwords
Hacking root is a key goal
Password resets are necessary but dangerous
Topics Covered
Access Cards and Tokens Magnetic strip cards Smart cards with CPU and Memory Tokens
Tokens with constantly-changing passwords Tokens that plug into USB ports
Proximity cards with radio communication Pins can be short because of manual entry
Topics Covered
Biometric Authentication Can replace reusable passwords Fingerprint scanning dominates biometrics
Inexpensive, somewhat secure Iris recognition is more precise Face recognition can be done surreptitiously Identification vs verification vs watch list FARs and FRRs Often easily deceived by attackers
Topics Covered
802.11 Wireless LAN Security Signals travel outside building, allowing drive-
by hacking Initial security was WEP
Often not even turned on Very easily cracked because uses shared static key
for both confidentiality and authentication
Some firms added passwords and/or VPNs to allow secure communication anyway
Topics Covered
802.11 Wireless LAN Security Now, 802.11i security
Based on 802.1x security for wired LANs
Sophisticated authentication
EAP supports multiple methods
Not a single standard, so problems with equipment interoperability
Strong AES confidentiality
Topics Covered
802.11 Wireless LAN Security Now, 802.11i security
Requires an infrastructure Central authentication server
Adequate for corporate needs
Today Buy only 802.11i equipment See if can keep WPA (post-WEP/pre-
802.11i) products Discard WEP products
Many thanks