Lecture 13, 20-771: Computer Security, Fall 2002 1 20-771: Computer Security Lecture 13: Login II Robert Thibadeau School of Computer Science Carnegie.

Lecture 13, 20-771: Computer Security, Fall 2002 1

20-771: Computer SecurityLecture 13: Login II

Robert Thibadeau

School of Computer Science

Carnegie Mellon University

Institute for eCommerce, Fall 2002


Today’s lecture

• Windows 2000 Access II• File Encryption/Decryption

• Go to http://rack4.ulib.org/certsrv and get an email certificate. Send it to two people in the class to establish encrypted and signed email. One exam question:

• What did you have to do to get encrypted email to work with a few of your classmates?


This Week

• Read WS 12,13

More Windows SecurityPassword Week


Windows C-2 Security ModelIt must be possible to control access to a resource by

granting or denying access to individual users or named groups of users.

Memory must be protected so that its contents cannot be read after a process frees it. Similarly, a secure file system, such as NTFS, must protect deleted files from being read.

Users must identify themselves in a unique manner, such as by password, when they log on. All auditable actions must identify the user performing the action.

System administrators must be able to audit security-related events. However, access to the security-related events audit data must be limited to authorized administrators.

The system must be protected from external interference or tampering, such as modification of the running system or of system files stored on disk.


Windows 2000 IPAAA ModelWin 2000 SecurityWin 2000 Security

Files & Files & Other ObjectsOther Objects

Web SiteWeb SiteIIS – IE5IIS – IE5

ServicesServicesSome-other-time..Some-other-time..

YOU!YOU!

usernameusername

passwordpassword

certificatecertificate

kerberoskerberos

Active Directory Active Directory DACLs for DACLs for

AuthorizationAuthorization

Other MachinesOther Machines

Certs for Certs for AuthenticationAuthentication

Active DirectoryActive DirectorySACLs for AuditSACLs for Audit

Secure NetworkSecure NetworkPrivacy SSL & IPSecPrivacy SSL & IPSec

A UserA UserUser/groupsUser/groupsRights-e.g., Rights-e.g., delegationdelegation

Web VisitorWeb Visitor

Internal Privacy : File Internal Privacy : File EncryptionEncryption

Certs for Certs for IntegrityIntegrity


Our Class

Whole Facility / Internet Security – Protocols/Policy/Publicity

Path Security-

Physical security

Proxy/Router Security- Kind of Server

Host Security

Server SecurityClient Security

Server ApplicationsClient Applications

Proxy/Router Applications –

Put in Hardware!

(buy CISCO)

Security Server Applications

WINDOWS 2000

Security Assurance

Applications

Web Server

Security

Web Client

Security

Technology The Law

CryptographyHow To

Integrity/Privacy/Authenticate/

Authorize/Record


Exam

• What is a security association?

• What did you have to do to get encrypted email to work with a few of your classmates?

• One or more of the following:

• In 100 Words, Explain how file encryption works in Windows.

• In 100 Words, Explain how Kerberos works and what it protects.

• Analyse Windows in terms of IPAAAA in 100 words.

• What does Interdomain (or across domain, or across realm) Trust Mean?

• Why is a ‘memory only’ smart card a possible security problem?

• Explain the DACL in 100 words.

• Explain the SACL in 100 words.

• How is a file authorized to a user in Windows 2000/XP in 150 words?

• Summarize the chapter on X in Stein (since mid term) in two sentences.


Business of Security

• Guarding what’s Yours

• Sustainable Business Models

– Product

– Service

• Technology

• Policy

Intrusion Detection (Spotting the Crook)

24/7 Services … Next Cable?Box Inside

Box OutsidePolicies and Training


Windows Authentication

• One, Two, Three Factor Authentication

1.What you know (Password)

2.What you have (Token)

3.Who you are (Biometric)


“User Authentication WEEK”

Kerberos

• Why Kerberos?• How does Kerberos work

• what interdomain “trust” means


Weak Link in Authentication

UsernamePassword

AuthenticationAgent

Resource Access

YOU

Obtains

Securely Obtains

Type In

Securely Delivers

Assigns

Password Attacker

Sniffer

KERBEROS


W2000 Security Services

Domain Logon/Kerberos

Computer

Cert Services Computer

Active Directory

Client Computer

Domain Admin/ServerComputer

Security Management

HTTP Computer


Why Kerberos (W2000)

• Standard includes Unix (NTLM is proprietary)– RFC 1510, 1964– RSA 2313

• Authentication is by credentials (doesn’t require consulting the resource)

• Authenticates both Kerberos (permission) server and user client

• Basis for Transitive Trust Relationships (via a shared interrealm – interdomain – key)

• Kerberos was not RSA, now it is…to solve password problem with Smart Cards – we’ll deal with the basic Kerberos model – RSA enhancements are pretty obvious


More Kerberos Jargon

• Kerberos Distribution Server (KDC)– Hides all secret keys!

• Principal – anybody/anything– Rht.user

– Rht.root

– Rht.ftp

• Realm (Domain)

• Long-term key, login session key (long term gets login session)


Other Realms/Domains

Server (e.g., ftp, local system)

Client Computer

Authentication Server (AS)

Ticket Granting Server (TGS)

1. User Logs on JUST USERNAME / request service on host

2. AS verifies user access rights /Creates TGT and Session Key, encrypts with user password

3. User password to decrypt /Sends ticket and authenticator

4. TGS decrypts ticket and authenticator /Create ticket for requested server

5. Send ticket and authenticator

6. Server verifies ticket and authenticator match/Server can return an authenticator for itself.

ONCE PER LOGON SESSION

ONCE PER TYPE OF SERVICE

ONCE PER SERVICE SESSION


Other Realms/Domains

Server (e.g., ftp, local system)

Client Computer

Authentication Server (AS)

Ticket Granting Server (TGS)

1. User Logs on JUST USERNAME / request service on host

2. AS verifies user access rights /Creates TGT and Session Key, encrypts with user password

3. User password to decrypt /Sends ticket and authenticator

4. TGS decrypts ticket and authenticator /Create ticket for requested server

5. Send ticket and authenticator

6. Server verifies ticket and authenticator match/Server can return an authenticator for itself.

Shared Secret is Password

Shared Secret in TGT

Shared Secret in Ticket

Shared Secret with Service

Shared Secret with other Realm


Kerberos Private DES Keys

• Username/password -> generates private key– Other Kerberos Principal Keys

• Server Authentication Keys

• Login Session Keys

• Shared Application Service Keys

• Ticket Granting Service Key

• Code has to know what kind of message it is getting to know what private key to use.


Kerberos Across Realm Authentication

• Across Domain

• Authenticates a Principal

• Shared “interrealm” key

• Steps1. User logs into realm 1

2. AS in realm 1 sends TGT to user

3. Requests of realm 1 TGS the session ticket in Realm 2

4. Realm 1 TGT sends client a “referral ticket”

5. User sends referral to TGS in Realm 2

6. Realm 2 TGS sends session ticket for server in Realm 2

7. Done!


What is “Trust”?

• You bring up the security panel on object.

• You allow someone read/write/modify/etc access to object.

• With trust you can allow someone/some-group in another DOMAIN to have access.

the SID is permitted in the object’s ACE/ACL

• End of story.

• At DOMAIN controller I can turn on or off trust relationships (availability to see the domains in the security settings) with other DOMAINS.

• …underneath is KERBEROS AND PKI!


Break!


Smart Card• ISO 7816 ICC (Integrated Circuit Card)

– Not OK for software/reader/writer interface

• PC/SC Workgroup– www.pcworkgroup.com

• Dumb and Smart– Dumb : Just store info (deprecated)

» Useful in facility security but can be counterfeited easily

– Smart (ICC): have a processor, can hide a private key,

» These can act as full crypto service providers

» Very very hard to counterfeit (if actually possible)


IFDIFD

IFD

ICC Resource Manager

ICC-Aware Applications

IFDHandler

IFDHandler

IFDHandler

Service Provider

ICC ICCICC

Figure 2-1. PC/SC General architecture (search PC/SC in google)


ICC Smart Cards

• Really secure!

• Two Factor Authentication

• Both a password (PIN) and an RSA Key– Three password tries and you are out

– Administrator

» Three password tries and he is out

– Six Tries and you have a dead card

• Even a “smart card reader sniffer” can’t sniff the private key operation

• BUT IT CAN SNIFF THE PASSWORD (PIN)!!!

• Sniff the guy, steal his card. You’re In.


Typical Smart Card Operation

Smart

CardSystem Gets Public Key From Its Store

Or Smart Card Store

System Generates Nonce/Challenge For Smart Card

Smart Card Demonstrates it Knows Secret Private Key by Encrypting Nonce

System Uses Public Key to Prove Smart Card is Who it Says it is.

Smart Card Waits to Hear it’s PIN to Start Talking

HostSystem

Smart Card can Manufacture Certs for System as Requested


Windows Core Security


Encryption and Cert Based Access Control

• Cert is basically

1. Housekeeping: Some plain text about the version of X.509, the cryptosuites being used, and a certificate number

2. Some plain text information about the owner

3. A plain text date to start and and date to expire

4. A plain text public key which is the owners public key

5. Some extra plain text … whatever you want1. Different certificate types define different fields here

6. A signed hash of the above stuff


Certificate Formats

• PKCS#10 : Format for a requestor

• PKCS#7 : Format for a signed certificate

• PKCS#12 : Format for signed certificate and PRIVATE KEYs (hidden by passcode).

• PKCS is at www.rsa.com/rsalabs/pkcs

• Also…

• PKCS#11 : Cryptoki : cryptographic token standard which corresponds to MS CSP/CAPI.

– Used by Java Crypto … same smart card.


PKCS-7 Signing

1. For each signer, a message digest is computed on the content (H(M1))

2. For each signer, the message digest and associated information are encrypted with the signers private key (E(H(M1)+M2).

3. For each signer, the encrypted message digest and other signer-specific information are turned into a certificate (C(E(H(M1)+M2)+M3).

4. All the certificates are rolled up into a “Signed Data” sequence:1. Info + certificates + certificaterevocations2. A<<B>>B<<C>>C<<D>> 3. Public Key A (from CA) gives you your public key D.


Using Certs / Smart Tokens: Non-repudiable Agreements

• Certs (typically two) can represent an agreement.

• Here is the text of the agreement

• Here is the date and time of the agreement

• Here is your signed digest of the content.

• Here is my signed digest of the content.

• We both have copies.

• Now, you say you didn’t agree, but I bring out your signed certificate to prove you did.

• Now, I say I didn’t agree, but you bring out my signed certificate to prove that I did.

• The proof is irrefutable. I could not manufacture your certificate.


Using Certs / Tokens: Anonymizing

• A different use of certs.

• I won’t tell you who I am.

• I just give you a signed authorization to spend $200 or to log into the computer as John Smith.

• The signer guarantees or vouches for me.

• The X.509v3 lets you do this.


Agents

• Converse side of CA

• You sign to give your agent rights

• The agent can now bind you

• www.xns.org


Certs on/from Windows Objects

• EFS: – Prove the owner has the right. User object has to

decrypt the symmetric key that decrypts the object.

• Authenticode:– Prove the code is the code because the cert on it hashes

the code to prove it’s integrity and the hash is signed to prove that it came from who it is said to be from.

– You have to “trust Microsoft Corporation”

» This means that the certificate simply said “Microsoft Corporation, Inc.” but what if it had said “Microsoft Inc.” (of Zimbabwe, Africa)?


PKI works with two mechanisms

• Using the CA public key to unfold [the signing] to your public key (typically, the CA signs your PK cert).

– He vouches for you in a way that cannot be denied

– Key compromise

» Key revocation is a problem

• A file or resource has access granted by the demonstration that the requestor can privately encode that the resource can publicly decode (or that the resource can publicly encode that the requestor can privately decode).

– You can have MORE than one PK on a file or resource

– Example was revocation list

– User (not group) is a owner of a private/public key

– Can let Windows Base Crypto Services or Smart Card.


Win 2000

• Remote administration is very strong

• If you an crack it (using older versions of Windows, Unix, Macs on the Network), you may gain access to the strong system

• Result, you can suck the blood out without getting caught (e.g., you can completely encrypt data on the disk that only you can see!).

• Problem: Passwords can be guessed

• Problem: In RAM things are NOT PROTECTED! This is for Windows 2004.


Windows Authorization


www.authenticator.com

• Shows Good Passwords

• Random Generation

• Password Changing Regimens

• Problems– Impossible to remember

• Best Login– Amazon : email and password

– Problem : easy to impersonate


WS 9. Configuring Win NT Web Server

• Know how to set one up (what to expect from IIS)

• Windows 2000 is IIS 5

• Security Scanner http://security1.norton.com


IIS

• Microsoft Internet Information Server– Like Apache and all others Has Own Layer of

Authorization and Authentication– Apache is completely separate (see .htaccess)– IIS is/can be completely integrated into the Domain

» Including trust among domains

• Front Page– Yet another access/authorization layer permitting

authoring but no other access in domain– Careful! FP uses “.htaccess” type files peppered around

the active directory giving FP access (not integrated into the ACLS!)

– DO NOT APPLY GLOBAL ACCESS CHANGES ON FP DIRECTORIES WITHOUT USING FP! (You may need a special FP administration tool to re-set all the access controls).


IIS

• Standard HTTP Server– Can basically behave exactly like one that utilizes all the

features of HTTP and related protocols (e.g., SSL, CGI, virtual hosting).

– Very easy to manage (right click and look).

– Since users/groups in and between domains are the same as in Active Directory, use “security” (not sharing) to set up Web Access.

– Creating the user “WebServer” for the web server (p. 230 Stein) is probably still good. Note this is the creator-owner of the server and has to have local login rights.


Access RightsGroup Admin

ToolsLogs Scripts Documents

Web Masters R R RW RW

Web Developers - - RW RW

Web Authors - - R RW

Guests - - R R

Don’t make yourself a web author and web master – you’ll wind up being a web author!


Web Access Control

• Basic Access– Response to 401– Send Base64 MIME plaintext username and password!– This is in the clear unless SSL protected!

• Digest Authentication– Server sends “nonce”– Client Send MD5 password

» Put digest, url, nonce inside digest to give integrity– Server checks hashed password, not the plaintext

password– Replay attack fails (except for the page in question).

• Kerberos (‘Windows Authentication’) // including SSL Smartcard Client

• IE 5.0 and IIS5 incorporate good security together.


WS 10. Web Access Control

• Apache has a separate user/group system layered on top on Unix.

• IIS uses the user/group access system built into the MS Windows OS.

• Principles of these systems are largely universal. Always do a security check out to “tighten down” access as much as possible

– Lincoln Stein is right : define special, highly limited, groups if you expose parts of your machine to the Internet.

Lecture 13, 20-771: Computer Security, Fall 2002 1 20-771: Computer Security Lecture 13: Login II Robert Thibadeau School of Computer Science Carnegie.

Documents

computer security lecture

security files

security model

security association

possible security problem

todays lecture windows

integrity slide

icateauthorizerecord