ET4280

KỸ THUẬT MẠNG NÂNG CAO

Key Distribution and User Authentication

HANOI UNIVERSITY OF SCIENCE AND TECHNOLOGY Smart Applications & Network System Laboratory
Add : Room 618, Ta Quang Buu Library
No.1 Dai Co Viet Road, Hanoi, Vietnam
TRAN QUANG VINH Mobile : (+84) 912 636 939
Email : [email protected]
Ph.D., Assoc. Prof., Senior Lecturer [email protected]
School of Electrical and Electronic Engineering Website : https://sanslab.vn
 OUTLINE
 Symmetric key distribution using symmetric encryption
• Kerberos
• Version 4
• Version 5
 Key distribution using asymmetric encryption
• Public-key certificates
• Public-key distribution of secret keys
 X.509 certificates
• Certificates
• X.509 Version 3
 Public-key infrastructure
• PKIX management functions
• PKIX management protocols
 Federated identity management
• Identity management
• Identity federation
@ 2022 TRAN-QUANG VINH ◦ HUST 2
Symmetric Key Distribution using symmetric encryption
 For symmetric encryption to work, the two parties to an exchange
must share the same key, and that key must be protected from
access by others
 Frequent key changes are usually desirable to limit the amount of
data compromised if an attacker learns the key
 Key distribution technique
 The means of delivering a key to two parties that wish to exchange
data, without allowing others to see the key

@ 2022 TRAN-QUANG VINH ◦ HUST 3

 Key Distribution
 For two parties A and B, there are the following options:

• A key can be selected by A and physically delivered to B

1

• A third party can select the key and physically deliver it to A and B
2

• If A and B have previously and recently used a key, one party could transmit
the new key to the other, using the old key to encrypt the new key
3

• If A and B each have an encrypted connection to a third party C, C could

deliver a key on the encrypted links to A and B
4

@ 2022 TRAN-QUANG VINH ◦ HUST 4

Key Distribution CENTER

@ 2022 TRAN-QUANG VINH ◦ HUST 5

Key Distribution Task

@ 2022 TRAN-QUANG VINH ◦ HUST 6

 Kerberos
 Key distribution and user authentication service developed at MIT
 Provides a centralized authentication server whose function is to
authenticate users to servers and servers to users
 Relies exclusively on symmetric encryption, making no use of
public-key encryption

Two versions are in use

• Version 4 implementations still exist, although this version is
being phased out
• Version 5 corrects some of the security deficiencies of version 4
and has been issued as a proposed Internet Standard (RFC 4120)

@ 2022 TRAN-QUANG VINH ◦ HUST 7

 Kerberos version 4
 A basic third-party authentication scheme
 Authentication Server (AS)
• Users initially negotiate with AS to identify self
• AS provides a non-corruptible authentication credential (ticket granting
ticket TGT)
 Ticket Granting Server (TGS)
• Users subsequently request access to other services from TGS on basis
of users TGT
 Complex protocol using DES

@ 2022 TRAN-QUANG VINH ◦ HUST 8

 Kerberos version 4
 Kerberros Message Exchange

@ 2022 TRAN-QUANG VINH ◦ HUST 9

@ 2022 TRAN-QUANG VINH ◦ HUST 10
(1)

(2)

(3)

(4)

(5)

(6)

@ 2022 TRAN-QUANG VINH ◦ HUST 11

@ 2022 TRAN-QUANG VINH ◦ HUST 12
@ 2022 TRAN-QUANG VINH ◦ HUST 13
@ 2022 TRAN-QUANG VINH ◦ HUST 14
 Kerberos Realms
 Kerberos Realms
• A set of managed nodes that share
the same Kerberos database A Kerberos environment consists of:
• The Kerberos database resides on
the Kerberos master computer
system, which should be kept in a
physically secure room A Kerberos server
• A read-only copy of the Kerberos
database might also reside on other
Kerberos computer systems
• All changes to the database must A number of clients
be made on the master computer
system
• Changing or accessing the contents
of a Kerberos database requires the A number of application servers
Kerberos master password

@ 2022 TRAN-QUANG VINH ◦ HUST 15

 Kerberos principal
 A service or user that is known to the Kerberos system
 Each Kerberos principal is identified by its principal name

A service An
A realm Principal
or user instance
name name
name name

Principal names consist of three parts

@ 2022 TRAN-QUANG VINH ◦ HUST 16

 Differences between versions 4 and 5
 Environmental shortcomings  Technical deficiencies
• Encryption system dependence • Double encryption
• Internet protocol dependence • PCBC encryption
• Message byte ordering • Session keys
• Ticket lifetime • Password attacks
• Authentication forwarding
• Interrealm authentication

@ 2022 TRAN-QUANG VINH ◦ HUST 17

@ 2022 TRAN-QUANG VINH ◦ HUST 18
 Key Distribution Using Asymmetric Encryption
 One of the major roles of public-key encryption is to address the
problem of key distribution
 There are two distinct aspects to the use of public-key encryption in
this regard:
• The distribution of public keys
• The use of public-key encryption to distribute secret keys
 Public-key certificate
• Consists of a public key plus a user ID of the key owner, with the whole
block signed by a trusted third party
• Typically, the third party is a certificate authority (CA) that is trusted by
the user community, such as a government agency or a financial
institution
• A user can present his or her public key to the authority in a secure
manner and obtain a certificate
• The user can then publish the certificate
• Anyone needing this user’s public key can obtain the certificate and
verify that it is valid by way of the attached trusted signature
@ 2022 TRAN-QUANG VINH ◦ HUST 19
 Simple Secret Key Distribution
 Merkle proposed this very simple scheme
 allows secure communications
 no keys before/after exist

@ 2022 TRAN-QUANG VINH ◦ HUST 20

 Man-in-the-Middle Attack
 The Merkle’s very simple scheme is vulnerable to an active man-in-
the-middle attack

@ 2022 TRAN-QUANG VINH ◦ HUST 21

 Secret Key Distribution with Confidentiality and Authentication
 Distribution of Public Keys can be considered as using one of:
• public announcement
• publicly available directory
• public-key authority
• public-key certificates

@ 2022 TRAN-QUANG VINH ◦ HUST 22

 Secret Key Distribution with Confidentiality and Authentication
 Public Announcement
• users distribute public keys to recipients or broadcast to community at
large
̶ eg. append PGP keys to email messages or post to news groups or email list
• major weakness is forgery
̶ anyone can create a key claiming to be someone else and broadcast it
̶ until forgery is discovered can masquerade as claimed user

@ 2022 TRAN-QUANG VINH ◦ HUST 23

 Secret Key Distribution with Confidentiality and Authentication
 Publicly Available Directory
• can obtain greater security by registering keys with a public directory
• directory must be trusted with properties:
̶ contains {name,public-key} entries
̶ participants register securely with directory
̶ participants can replace key at any time
̶ directory is periodically published
̶ directory can be accessed electronically
• still vulnerable to tampering or forgery

@ 2022 TRAN-QUANG VINH ◦ HUST 24

 Secret Key Distribution with Confidentiality and Authentication
 Public-Key Authority
• improve security by tightening control over distribution of keys from
directory
• has properties of directory
• and requires users to know public key for the directory
• then users interact with directory to obtain any desired public key
securely
̶ does require real-time access to directory when keys are needed
̶ may be vulnerable to tampering

@ 2022 TRAN-QUANG VINH ◦ HUST 25

 Secret Key Distribution with Confidentiality and Authentication
 Public-Key Authority

@ 2022 TRAN-QUANG VINH ◦ HUST 26

Public-Key Authority

@ 2022 TRAN-QUANG VINH ◦ HUST 27

 X.509 Certificates
 ITU-T recommendation X.509 is part of the X.500 series of
recommendations that define a directory service
 Defines a framework for the provision of authentication services by
the X.500 directory to its users
 The directory may serve as a repository of public-key certificates
 Defines alternative authentication protocols based on the use of
public-key certificates
 Was initially issued in 1988
 Based on the use of public-key cryptography and digital signatures
 The standard does not dictate the use of a specific algorithm but
recommends RSA

@ 2022 TRAN-QUANG VINH ◦ HUST 28

 Public-Key Certificates
 certificates allow key exchange without real-time access to public-
key authority
 a certificate binds identity to public key
• usually with other info such as period of validity, rights of use etc
 with all contents signed by a trusted Public-Key or Certificate
Authority (CA)
 can be verified by anyone who knows the public-key authorities
public-key
 X.509 standard
• used in most network security applications, including IP security, secure
sockets layer (SSL), secure electronic transactions (SET), and S/MIME

@ 2022 TRAN-QUANG VINH ◦ HUST 29

 X.509 Authentication Service
 part of CCITT X.500 directory service standards
• distributed servers maintaining user info database
 defines framework for authentication services
• directory may store public-key certificates
• with public key of user signed by certification authority
 also defines authentication protocols
 uses public-key crypto & digital signatures
• algorithms not standardised, but RSA recommended
 X.509 certificates are widely used
• have 3 versions

@ 2022 TRAN-QUANG VINH ◦ HUST 30

 X.509 Certificate Use
 Based on public-key cryptography and digital signatures

@ 2022 TRAN-QUANG VINH ◦ HUST 31

X.509 Certificates

@ 2022 TRAN-QUANG VINH ◦ HUST 32

 Obtaining a user’s certificate
 User certificates generated by a CA have the following
characteristics:
 Any user with access to the public key of the CA can verify the user
public key that was certified
 No party other than the certification authority can modify the
certificate without this being detected
 Because certificates are unforgeable, they can be placed in a
directory without the need for the directory to make special efforts to
protect them

@ 2022 TRAN-QUANG VINH ◦ HUST 33

 Revocation of certificates
 Each certificate includes a period of validity
 Typically a new certificate is issued just before the expiration of the
old one
 It may be desirable on occasion to revoke a certificate before it
expires for one of the following reasons:
 The user’s private key is assumed to be compromised
 The user is no longer certified by this CA; reasons for this include
subject’s name has changed, the certificate is superseded, or the
certificate was not issued in conformance with the CA’s policies
 The CA’s certificate is assumed to be compromised

@ 2022 TRAN-QUANG VINH ◦ HUST 34

 Summary
 Symmetric key distribution  X.509 certificates
using symmetric encryption • Certificates
 Kerberos • X.509 Version 3
• Version 4  Public-key infrastructure
• Version 5 • PKIX management functions
 Key distribution using • PKIX management protocols
asymmetric encryption  Federated identity
• Public-key certificates management
• Public-key distribution of secret • Identity management
keys • Identity federation

@ 2022 TRAN-QUANG VINH ◦ HUST 43