ITA, 14.11.2011, 10-IAM.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Peter Heinzmann Prof. Dr. Andreas Steffen Dr. Nathalie Weiler* Institute for Internet Technologies and Applications (ITA) 10 Identity and Access Management (IAM) * 2002-2004 Zürcher Hochschule Winterthur, currently with Credit Suisse
Internet Security 1 ( IntSi1 ). 10 Identity and Access Management (IAM). Prof. Dr. Peter Heinzmann Prof. Dr. Andreas Steffen Dr. Nathalie Weiler* Institute for Internet Technologies and Applications (ITA). * 2002-2004 Zürcher Hochschule Winterthur, currently with Credit Suisse. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ITA, 14.11.2011, 10-IAM.pptx 1
Internet Security 1 (IntSi1)
Prof. Dr. Peter HeinzmannProf. Dr. Andreas Steffen
Dr. Nathalie Weiler*
Institute for Internet Technologies and Applications (ITA)
10 Identity and AccessManagement (IAM)
* 2002-2004 Zürcher Hochschule Winterthur, currently with Credit Suisse
• Dictionary attack based on word lists (several languages, LOTR, etc.)
• Words with permutations and some special characters (rules)• Exhaustive search (brute force)• Precomputed Tables (Rainbow)• Tools: Cain & Abel, John the Ripper
• Password sniffing• Sniffing and setting triggers (e.g. on „login“ or „password“)
Secure Authentication based onChallenge/Response Protocols
Insecure ChannelUser Server
Keyed Hash Function
MAC
IDU RU
Key
RUIDU IDU RUResponse
MAC
• No secrets are openly transmitted
• The random valuesRS and RU must notbe repeated !
RS
Key Keyed Hash Function
MAC
RSRSChallenge
random value(Nonce)
ITA, 14.11.2011, 10-IAM.pptx 13
Challenge/Response Protocol based onDigital Signatures
Insecure ChannelUser ServerRSRS
Challengerandom value
(Nonce)IDU RU
Hash
Sig
Encryption withPrivate Key
RS
Hash
IDU RU
Response
Sig
IDU RU Decryption withPublic Key
Hash
ITA, 14.11.2011, 10-IAM.pptx 14
Internet Security 1 (IntSi1)
10.3 Windows NT LAN Manager NTLM
ITA, 14.11.2011, 10-IAM.pptx 15
Windows Domain Authentication
• A Domain is a collection of Services (Email, File-Shares, Printers, ...) administered by a Domain Controller (DC).
• Centralized Administration:• Each user has only one account per Domain managed by the Domain
Controller.• Thus there is no need for individual Server accounts.
• Flexibility:• Assignment of Users to Groups• Multiple Domains possible (Master-Domains, Trust Relationships)
• All users and servers must trust the Domain Controller.
User A
PrinterServer 1
Server 3 Server 2User B
DomainController (DC)
Domain
ITA, 14.11.2011, 10-IAM.pptx 16
NTLM – Protocol
• Windows NT LAN Manager is a proprietary Microsoft scheme.
• Typical example of a Challenge-Response protocol.
User Alice Server DomainController (DC)
Domain: WonderlandUsername: AlicePassword: 2Uh7&
Alice
51ff1d83
f68ba0537 OK
H: Hash functionE(x, k): Encryption of x with key k
H(2Uh7&) = KeyA
E(f68ba0537, KeyA) = 51ff1d83
User Alice: KeyA
Alice, f68ba0537, 51ff1d83
Challenge: f68ba0537 E(f68ba0537, KeyA) = 51ff1d83Comparison with 51ff1d83 – ok?
ITA, 14.11.2011, 10-IAM.pptx 17
NTLM Security Analysis
• User key is known to the user and DC only• The user key is derived from the user's login password.
• Only the entitled user can correctly encrypt the challenge.• Non-recurring challenge values (nonces) prevent replay-
attacks.• Pros:
• Password is never transmitted in the clear.• Simple and secure protocol if strong user passwords are used.
• Cons:• The authentication process must be repeated for every use of
a server DC can become a bottleneck.• Weak or short NTLM passwords can be cracked offline with a
dictionary or brute force attack.
ITA, 14.11.2011, 10-IAM.pptx 18
Internet Security 1 (IntSi1)
10.4 KerberosKey Distribution System
ITA, 14.11.2011, 10-IAM.pptx 19
Historical Background
• Developed in 1983 as part of MIT's Athena project.• Motivation:
• Many MIT students „sniffed“ the network and thus got hold ofroot passwords which they used to reboot the servers.
• Requirements:• Authentication in UNIX-based TCP/IP networks• Use of symmetrical cryptography (DES)
• Characteristics:• Relies on the mediation services of a trusted referee or
notary. • Based on the work by Needham and Schroeder on trusted
third-party protocols as well as Denning and Sacco's modifications of these.
• Kerberos Releases• Current release is Kerberos v5 (RFC 1510, September 1993).• V5 supports additional encryption ciphers besides DES.
ITA, 14.11.2011, 10-IAM.pptx 20
AliceBobJack
Jip
Mary
Paul
Peter Harry
Dick
Tom
Kbob Kalice
KDC
Mediated Authentication by means of aKey Distribution Center (KDC)
ITA, 14.11.2011, 10-IAM.pptx 21
Kerberos Tickets
• Each Kerberos participant (Alice, Bob, etc.) – called a Principal – shares a common secret with the Key Distribution Center (KDC) – the Principal’s Master Key.
• Each secured communication or secured access is "mediated"by means of a Kerberos Ticket.
How is Alice going to talk to Bob?
ITA, 14.11.2011, 10-IAM.pptx 22
User Alice KDC
Server Bob
H(2Uh7&) = MKeyA
E(time, MKeyA) = a5F113de
Simplified Kerberos Protocol
H: Hash functionE(x, k): Encryption of x with key kD(x, k): Decryption of x with key k
Realm: WonderlandUsername: AlicePassword: 2Uh7&
Alice, Bob, a5F113de
User Alice: MKeyA
Server Bob: MKeyB
9abc571a, Ticket
D(a5F113de, MKeyA) = time, valid?Session key Alice-Bob: SAB
E(SAB, MKeyA) = 9abc571aE({ Alice, SAB }, MKeyB) = TicketD(9abc571a, MKeyA) = SAB
E({ Alice, time }, SAB) = 5cc10981
5cc10981, Ticket
MKeyB
D(Ticket, MKeyB) = { Alice, SAB }D(5cc10981, SAB) = { Alice, time } correct?
ITA, 14.11.2011, 10-IAM.pptx 23
User Alice KDC
H(2Uh7&) = MKeyA
E(time, MKeyA) = a5F113de
Kerberos Protocol – Authentication ServiceSession Key and Ticket-Granting Ticket (TGT)
Realm: WonderlandUsername: AlicePassword: 2Uh7&
AS_REQ [Alice, a5F113de]
User Alice: MKeyA
Server Bob: MKeyB
AS_REP [27LnZ8vU]
D(a5F113de, MKeyA) = time, valid?Session key for Alice: SA
E({ Alice, SA }, MKeyKDC) = TGTA E({ SA, TGTA }, MKeyA) = 27LnZ8vUD(27LnZ8vU, MKeyA) = { SA, TGTA }
H: Hash functionE(x, k): Encryption of x with key kD(x, k): Decryption of x with key k
ITA, 14.11.2011, 10-IAM.pptx 24
User Alice KDC
E({ Alice, time }, SA) = qR71htp9
Kerberos Protocol – Ticket Granting ServiceRequesting a ticket for accessing server Bob
TGS_REQ [Bob, TGTA, qR71htp9]Server Bob: MKeyB
TGS_REP [b22sYG1k]
D(TGTA, MKeyKDC) = { Alice, SA } D(qR71htp9, SA) = { Alice, time }, valid?Session key for Alice-Bob: SAB
E({ Alice, SAB }, MKeyB) = TAB
E({ SAB, TAB }, SA) = b22sYG1k
D(b22sYG1k, SA) = { SAB, TAB }
H: Hash functionE(x, k): Encryption of x with key kD(x, k): Decryption of x with key k
Session Key: SA
Ticket: TGTA
ITA, 14.11.2011, 10-IAM.pptx 25
User Alice Server Bob
Kerberos Protocol – Client/Server AuthenticationAccessing server Bob
H: Hash functionE(x, k): Encryption of x with key kD(x, k): Decryption of x with key k
• 80% of helpdesk calls are password-related. Single sign-on systems could enable a company to reduce its helpdesk by 40% savings of nearly $4.4 million for company with 20'000 users.Forrester Research
ITA, 14.11.2011, 10-IAM.pptx 31
Workflow-Based User Provisioning
ITA, 14.11.2011, 10-IAM.pptx 32
Example: Novell Identity Manager
ITA, 14.11.2011, 10-IAM.pptx 33
Synchronized Data View using a Meta-Directory
ITA, 14.11.2011, 10-IAM.pptx 34
Meta Directories
Meta Directory
LDAP
Sync
Flat File
Sync
DB
Sync
• Meta directories contain information replicated from varioussource directories.
• Constant synchronization with the source directories guarantees the consistency between original and copy.
CustomizedConnectors
Standardized,consistent view
ITA, 14.11.2011, 10-IAM.pptx 35
Virtual Directories
• Virtual directories provide access to the existing data sources without moving the data out of the original repository.
• Virtual directories act as a proxy between an LDAP server and a client. Configurable modules allow data to be manipulated during the transfer.
LDAPBrokerAgent
Modified LDAP
requestLDAP request
Modified LDAP
response
LDAP response
Client LDAP ServerVirtual Directory
ITA, 14.11.2011, 10-IAM.pptx 36
Identity and Access Management (IAM)
• Enterprise Information Architecture• Identify key business processes and determine the applications,
information assets and transactions critical to meeting its business goals.
• Define which users need what resources and at what level of security.
• Permission and Policy Management• Establish and enforce policies governing the access control rights
of users. Single sign-on (SSO) procedures facilitate the access to all applications a user is entitled to use.
• Entreprise Directory Services• Use the Lightweight Directory Access Protocol (LDAP) to access
an organization's central repository of user identies and access privileges,as well as applications, information, network resources and more.
• User Authentication• The use of a Public key infrastructure (PKI) is the preferred
mechanism.
• Workflow-Based User Provisioning• Provisioning deploys access rights for employees, customers and
business partners. Automated workflow systems reduce tedious manual tasks.