Computing Security. Access Control. Port Protection. Electrostatic Modeling of CMOS sensor array 1. Distributed System Authentication.

Transcription

1 Computing Security Distributed System Authentication Bojan Cukic Spring 00 1 Access Control Encryption valuable within the system boundaries. In a distributed system, secure access to data, programs and other resources is needed. Seamless access, regardless of the physical location. Access control mechanism must: Protecting access points. Authenticating network nodes. Port Protection Authentication far more difficult for dial-ups. Any phone in the world is an access point. Automatic call-back Upon user identification, the line is broken. Computer calls back the user, using the table lookup for the number. Works for multiple registered numbers too. An easy way to establish -way authentication. 3 Electrostatic Modeling of CMOS sensor array 1

2 Port Protection () Differentiated access rights. Access to sensitive data allowed from safe houses (numbers) only. Silent modems Solve the systematic dial-up problem. Waits for the caller s modem to send the first tone. Authentication is still not addressed. 4 AUTHENTICATION IN DISTRIBUTED SYSTEMS In Distributed System computations involve two or more computers. Two problems to be solved: How can one host be assured of authenticity of a remote host? How can a host be assured of authenticity of a user on a remote host? How can the user be assured of authenticity of the remote host? 5 KERBEROS SYSTEM Kerberos - system that supports authentication in distributed systems. Designed at MIT in 1980s. Originally worked with secret keys, now with private ones. Named after the three-headed watchdog Cerberus in Greek mythology that guards the gates to Hades. 6 Electrostatic Modeling of CMOS sensor array

3 Kerberos Tickets Used for authentication between intelligent processes. Central server provides TICKETS, authenticated tokens. Ticket: unforgeable, non-replyable authenticated object. An encrypted data structure naming the user and the service the user is allowed to access. Contains time value and some control information. 7 Initiating a Kerberos Session User U U s Identity 1 Session key S G Ticket T G pw Ticket Granting Server Session key SG KS-TGS Kerberos Server 8 KERBEROS 1. U KS U s identity. KS TGS E ( (S G,U), KS-TGS) KS U E (S G +T G, pw) 3. U D ( E (S G +T G, pw), pw) = S G +T G 9 Electrostatic Modeling of CMOS sensor array 3

4 Kerberos Misc. Passwords stored on the Kerberos server. But they are NEVER passed over the network! Not even in an encrypted form. Other services provided in a similar manner. 10 KERBEROS: File access User U 1 Request ticket to Access File F S G Ticket to File Server to Access File F + S F TGS- F + S F S G Ticket Granting Server 11 KERBEROS 4. U TGS E ( Request+T G, S G ) 5. TGS U E ( E ( (Ticket, S F ), TGS-F), S F, S G ) 6. U D(E ( E ( (Ticket, S F ), TGS-F), S F, S G ), S G ) = = E ( (Ticket, S F ), TGS-F) and S F 7. U F E ( (Ticket, S F ), TGS-F) Ticket contains T G (access ticket code), F, Access rights, S F, Expiration date. 1 Electrostatic Modeling of CMOS sensor array 4

5 KERBEROS Carefully designed to provide the following: No password communicated on the network Cryptographic protection against spoofing Limited period of validity Time stamps to prevent reply attecks Mutual authentication 13 KERBEROS Nothing is perfect: Continuous availability of a trusted TGS Continual trust between TGS and every other server Requires timely transactions Subverted workstations can replay user password Password guessing Kerberos does not scale well Kerberos is a complete solution 14 Infamous Software Failures 1988, Buffer overflow at Berkeley Unix finger daemon. Allowed the spread of the first internet worm. gets() function did not control the length of string, warm code was able to take control of the machines , Kerberos random number generator. Generator not properly seeded. For 8 years, it was possible to break into the most secure authentication system using trivial mathematics. Not known whether fault ever exploited. 15 Electrostatic Modeling of CMOS sensor array 5

6 References 1. Pfleeger, Charles, Security in Computing, Prentice Hall PTR, Gollmann, Dieter, Computer Security, John Wiley & Sons, Salowey, Joseph, Kerberos:A Secure Passport, Performance Computing, Sep98, Vol.16 Issue Bidwell, Alex, Private Keys, Trusted third parties, and Kerberos, Information System Security, Sum96, Vol.5 Issue. 16 Electrostatic Modeling of CMOS sensor array 6