Lecture02_Foundations_Cryptography_Authentication_Kerberos.pdf
Document Details
Uploaded by Deleted User
Full Transcript
Foundations of Cryptography and Secure Authentication Protocols Dr. Mouhannad ALATTAR CSCI368 Network Security Autumn 2024 Outline Introduction to Cryptography Symmetric Key Encryption Asymmetric Key Encryption Hash func...
Foundations of Cryptography and Secure Authentication Protocols Dr. Mouhannad ALATTAR CSCI368 Network Security Autumn 2024 Outline Introduction to Cryptography Symmetric Key Encryption Asymmetric Key Encryption Hash functions Access Control Authentication Kerberos Protocol The Problem: Insecure Communication Network Intercept Modify Fabricate Hi :) Interrupt Alice Bob Cryptography Cryptology Cryptography Cryptanalysis Encryption Decryption Steganography vs. Cryptography Steganography is about concealing the message itself, so others don’t know there’s any communication happening. Example: Embedding a message within an image or audio file. Try it: Steganography Online Cryptography focuses on scrambling the message so it’s unreadable if intercepted. Cryptography Goals: Securing Communication Cryptography helps in ensuring secure communication over an insecure medium Confidentiality (Privacy): Only the intended recipient can read the communication. Authenticity: Guarantees that the communication comes from the claimed sender. Integrity: The message remains unaltered during transmission. Non-repudiation: Ensures the sender cannot deny sending the message (using digital signatures). History of Cryptography: Scytale The oldest known military ciphering method (404 B.C) The Scytale is a cipher that is based on a transposition method. How it works: The sender writes their message on the parchment, and once unwrapped, the letters appear scrambled. To read the message, the recipient needs a rod of the same diameter, which serves as the 'key'. They wrap the parchment around their rod and the message reappears in the correct order. The diameter of the Scytale can be regarded as the key of the cipher. Ref: http://www.cryptool-online.org/images/stories/cto/Skytale.png History of Cryptography: Ceasar’s Cipher It is a cipher that is based on a shifting method. Each letter of the alphabet is translated into a letter a fixed number of spaces after it ci = E(pi) = (pi + K) mod 26 Example: K=3 A ➔ D, B ➔ E , C ➔ F, … , X ➔ A , Y ➔ B, Z ➔ C HELLO ➔ KHOOR Cryptanalysis based on language characteristics techniques (e.g., frequency analysis) Cryptography: How it works? Internet e7d*# e7d*# Hi :) Hi :) 4= 4= Alice Bob Plain Encryption Cipher Cipher Decryption Plain Text Text Text Text Terminology o Plaintext (P) Original message with an obvious meaning o Encryption (E) (encipher) The process of transforming a message so that its meaning is not obvious o Ciphertext (C) The encrypted form of the message o Decryption (D) (decipher) Transforming encrypted message back to its original form o Encryption Key (K); a piece of information (usually a string of characters) used during the process of encryption or decryption. 10 Key length & Brut Force Key length refers to the number of bits in the encryption key. For example, a 2-bit key has four values 00, 01, 10, 11 which defines the Key space A key of length “n” has a key space of 2^n distinct values. The larger the key space, the harder it becomes for an attacker to brute-force every possible combination. Key Size (bits) Number ofAlternative Time required at 1 Time required at 106 Keys decryption/µs decryptions/µs 32 232 = 4.3 ξ 109 231 µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2 ξ 1016 255 µs = 1142 years 10.01 hours 128 2128 = 3.4 ξ 1038 2127 µs = 5.4 ξ 1024 years 5.4 ξ 1018 years 168 2168 = 3.7 ξ 1050 2167 µs = 5.9 ξ 1036 years 5.9 ξ 1030 years Random Numbers in Cryptography A random number is a value generated in an unpredictable manner, with no discernible pattern. Random numbers are essential for generating encryption keys, ensuring they are unpredictable and secure. Random numbers must be truly unpredictable, which requires high- quality random number generators (RNGs). Hardware-based RNGs: generate random numbers based on physical processes such as electrical noise or radioactive decay Pseudo-Random Number Generators (PRNGs): use mathematical algorithms to generate a sequence of numbers that appear random, but are actually deterministic if the initial seed is known NB: in authentication, random numbers (nonces) are used to prevent replay attacks. Cryptography: Symmetric vs Asymmetric Symmetric Key Alogorithms Encryption/Decryption Key (Secret Key) Plain Encryption Decryption Plain Cipher Text Text Text Encryption Key Decryption Key (Receiver's Public key) (My Private key) Asymmetric Key Alogorithms Symmetric Key Algorithms: Stream vs. Block o Stream cipher: algorithm operates on individual bits (or bytes) one at a time. It convert each symbol of plaintext into a symbol of ciphertext Example: Salsa20, ChaCha20, RC4 o Block cipher: break the plaintext into strings (called blocks) of fixed length and encrypt one block at a time. Example, AES, 3DES, DES Example of Stream cipher Encryption Decryption 11001100 plaintext 10100000 ciphertext ⊕ 01101100 key stream ⊕ 01101100 key stream 10100000 ciphertext 11001100 plaintext 15 Symmetric Cryptography: Famous Block Cipher algorithms (Data Encryption Triple DES – Advanced Standard) TDES or Encryption DES 3DES Standard (AES) Year Approved 1977 1999 2001 Key Length (bits) 64 (56 + 8) 112 or 168 128, 192 or 256 Key Strength Weak Strong Strong Processing Moderate High Modest Requirements RAM Moderate High Modest Requirements Note Block Cipher - Block Cipher Block Cipher - Cracked Widely used today (exhaustive search) Block Cipher: Modes of Operation Operation Mode: specifies how blocks are processed and linked together ECB: Electronic CodeBook mode: Encrypt each 64-bit block independently Same input plaintext gives same output ciphertext CBC: Cipher Block Chaining mode: Encryption: Ci = EK(Pi , Ci-1) Decryption: Pi = Ci-1 , DK(Ci) GCM: Galois/Counter Mode: Adds an authentication tag to the ciphertext to ensure also authenticity (integrity) DES - ECB Mode Plaintext 64-Bit Block #1 64-Bit Block #2 64-Bit Block #3..... 64-Bit Block #n DES Encryption 64-Bit Ciphertext Process Block #1 64-Bit Key 64-Bit Block #1 DES Encryption 64-Bit Ciphertext Process Block #2 64-Bit Key 64-Bit Block #2.... Block #n DES - CBC Mode Plaintext 64-Bit Block #1 64-Bit Block #2 64-Bit Block #3..... 64-Bit Block #n Initialization Vector (IV) DES Encryption 64-Bit Ciphertext Process Block #1 64-Bit Key 64-Bit Block #1 DES Encryption 64-Bit Ciphertext Process Block #2 64-Bit Key 64-Bit Block #2.... Block #n Symmetric Cryptography: Key Distribution Problem Bob For N entities, Number of keys = N(N - 1) / 2 Alice John Public Key (Asymmetric) Cryptography Key Distribution Problem: In symmetric cryptography, securely sharing a secret key is challenging. Asymmetric cryptography solves this by allowing secure key exchange over public channels. How Public Key Cryptography Works: Every entity has a public key and a private key. Public key can be shared openly with anyone. Private key must be kept secret by the owner. One-way relationship: It is computationally infeasible to derive the private key from the public key. Encryption and Decryption: Data encrypted with the public key can only be decrypted by the private key and vice versa (used for digital signature). Public Key (Asymmetric) Cryptography Bob Bob public keys ring Alice Encryption Key Decryption Key (Alice's Public key) (Alice's Private key) Alice John RSA: the famous asymmetric algorithm RSA by Ron Rivest, Adi Shamir, and Leonard Adleman – 1977 The security of RSA relies on the fact that factoring large numbers into prime factors is computationally infeasible with current technology: Two large prime numbers are chosen (let's call them p and q). Multiply them together to get a large number (n), which forms part of the public and private keys. Factoring n back into p and q is extremely difficult, especially as the numbers grow larger. RSA algorithm The Challenge of Public Key Sharing Key availability ? Key ownership ? Key validity ? Certificate Authorities Public key cryptography relies on distributing public keys openly, but without proper verification, a hacker can spoof or impersonate someone’s identity by providing a fake public key. Man-in-the-Middle (MITM) Attacks: If a hacker intercepts a public key exchange, they can replace the real public key with their own, allowing them to decrypt, modify, or intercept communications. Certificate Authorities (CAs) provides a solution: A Certificate Authority (CA) is a trusted third party that verifies the ownership of public keys. CAs issue digital certificates that bind an entity’s public key to its identity. These certificates provide authentication, ensuring that the public key truly belongs to the person or entity claiming it. Digital Certificates Web of trust? How can I get a certified public key? Auto-certification Symmetric vs Asymmetric Cryptography: Advantages & Challenges Characteristic Symmetric Cryptography Asymmetric Cryptography Encryption The same key is used for both Different keys are used: a public Method encryption and decryption. key for encryption and a private key for decryption. Security - Secure key storage and - The private key must be kept Requirements transmission. secret. - Knowledge of the algorithm plus - Impossible to derive the private samples of ciphertext must be key from the public key. insufficient to determine the key - Knowledge of the algorithm or ciphertext shouldn’t reveal the private key. Advantages - Faster and more efficient for large - Simplifies key distribution. data. - Provides non-repudiation through - Lower computational overhead. digital signatures. Disadvantages - Key management and secure key - Slower performance for exchange is challenging. encryption/decryption due to complex algorithms. Hybrid Encryption symmetric session key plaintext plaintext encrypt decrypt encrypt decrypt Bob’s Bob’s public private Hashing: the One-way function easy f(x) Difficult… unless you know x some auxiliary information! Hash (One-Way) Functions Hashing: Mathematical process for converting any input (of any size) into fixed-length outputs. Different inputs should have different outputs. Hash function: Algorithm that does the hashing. It hashes the input with a shared secret or password. Example: MD5, SHA1, SHA256 …. Simulator: http://www.cryptage-md5.com/ Input Hash sum Car Hash Function D7J9655J Red Car Hash Function KJGH76GD red car Hash Function JHTGFRTY This is not a Hash Function NEO04CCP car Hash Functions : Security Uses Password hashing Store the password’s hash. When a password is supplied, it computes the password’s hash and compares it with the stored value. Message integrity Using cryptographic hash functions to generate a MAC Download security Using a hash function to ensure a download program is not modified Improving signature efficiency Compute a message digest (using a hash function) and sign that. Encryption vs. Hashing Encryption Hashing Use of Key Uses a key as an Password is usually added input to an to text; the two are encryption method combined, and the combination is hashed Length of Output is similar in Output is of a fixed Result length to input short length, regardless of input Reversilbility Reversible; ciphertext One-way function; hash can be decrypted cannot be “de-hashed” back back to plaintext to the original string Why Protect Integrity and Authenticity? Integrity: Ensures that the data has not been tampered with during transmission or storage. Authenticity: Confirms the identity of the sender and guarantees the message originates from the stated source. Without protection, data can be altered, and communication can be impersonated by attackers. Cryptography provides the solutions: Message Authentication Code (MAC) Digital Signature Message Authentication Code (MAC) Ensures both data integrity and authentication. Uses a symmetric key shared between sender and receiver. A MAC tag is appended to the message and verified by the receiver. Ref: https://www.thesslstore.com/blog/what-is-a-message-authentication-code-mac/ Digital Signature Ensures data integrity, authentication, and non-repudiation (prevent Sender from denying he sent the message). Use asymmetric encryption (e.g., RSA, ECDSA): private key to sign, public key to verify. Hi :) Hi :) Hi :) Hi :) S S’ Hash function Hash function Alice Bob Alice's h h Public Key Decryption Encryption Alice's Private Key h’ =? S Outline Introduction to Cryptography Symmetric Key Encryption Asymmetric Key Encryption Hash functions Access Control Authentication Kerberos Protocol Access Control in Cybersecurity What is Access Control? A security mechanism that defines who can view, use, or interact with resources. Controls permissions based on roles or identities, ensuring only authorized entities (e.g., users, processes, systems) can access specific resources. Ensures confidentiality and integrity by preventing unauthorized access & Limits the damage that can be caused by attackers or insiders by restricting access. Helps comply with regulations and standards (e.g., GDPR, HIPAA) Types of Access Control: Discretionary Access Control (DAC): The owner of the resource decides who can access it. Mandatory Access Control (MAC): Access is determined by centralized policies (usually used in government or military). Role-Based Access Control (RBAC): Access is based on roles and responsibilities within the organization. Access Control Process: Authentication, Permissions, and Auditing DAC and the Access Matrix Discretionary Access Control (DAC): DAC allows the owner of a resource to determine who can access it. It’s a flexible model often used in personal systems but has security risks due to potential user errors. The Access Matrix: is a model used to describe permissions in a DAC system. Rows represent users, and columns represent resources. Each cell in the matrix indicates the permissions a user has for a resource (read, write, execute). An Access Control List (ACL) or Capabilities List can be used to implement the matrix Role-Based Access Control (RBAC) RBAC controls access based on the user’s role (not the individual user) within the organization: Roles are assigned permissions based on the responsibilities of the role. Roles reflect organizational structures (e.g., Admin, Manager, Security Officer, HR). Users are assigned one or more roles, and their permissions are determined by the role(s) they hold. Simplifies access management as administrators manage roles, not individual user permissions. Advantages of RBAC: Scalability: Easier to manage permissions across large organizations. Security: Reduces the risk of excessive permissions by assigning only necessary access based on role. Efficiency: Simplifies adding or revoking access when users change roles or leave the organization. Role-Based Access Control (RBAC) Cont. What is Authentication? Authentication is the process of verifying the identity of a user or entity before allowing access to a system. Identification vs. Authentication: Identification: Claiming an identity (e.g., by providing a username). Authentication: Verifying that the identity claim is legitimate (e.g., using a password or fingerprint). Why It Matters: Authentication is the first critical step in access control i.e., it is necessary to ensure that only authorized entities can access sensitive data and resources. User authentication Principles There are three main types of authentication factors: Something you know: A password or PIN. Something you have: A security token, smart card, or mobile device. Something you are: Biometrics such as fingerprints, facial recognition, or retina scans. Multi-factor Authentication (MFA): Combining two or more factors to strengthen security (e.g., password + fingerprint). Password Based Authentication: Issues & Challenges User login and password is the most common authentication method. Security Challenges: Guessing: Weak passwords are vulnerable to brute-force or dictionary attacks. Password Leakage: Stolen passwords due to phishing, malware, or breaches. Reuse: Users often reuse passwords across multiple systems, increasing vulnerability. Solutions: Strong password policies (e.g., length, complexity). Use of password managers. Multi-factor authentication (MFA). Biometric Authentication: "Something You Are" Biometric authentication uses unique physical or behavioral traits for identity verification. Physical Features: Fingerprint scanning, facial recognition, iris or retina scanning. Behavioral Features: Voice recognition, Signature recognition including how the signature is produced (pressure, speed, stroke order), not just how the signature looks, Typing style, including speed and rhythm of key pressure Advantages: Difficult to forge or steal. Convenient—no need to remember a password. Challenges: Privacy concerns. False positives or negatives. Requires secure storage of biometric data. Service Authentication Service Authentication: Verifying that network services, like servers or applications, are genuine and secure. While user authentication focuses on verifying individuals, service authentication ensures that devices, applications, or services are legitimate and trustworthy. Service Authentication Methods: Certificates (e.g., SSL/TLS for websites). OAuth tokens for APIs... Mutual authentication between services is strongly recommended Centralised Authentication – Kerberos Protocol Why Centralized Authentication Protocols Are Necessary? Users need to access multiple services hosted on different servers, not just locally but across a network or the internet. The user needs to prove his or her identity for each service invoked. Also require that servers prove their identity to users. If each server handles authentication individually, it leads to several issues: Credential leakage risk: The more frequently credentials are shared, the higher the risk of them being intercepted or stolen. Burden on each server: Every server must manage user authentication, which increases the load and complexity. Solution: centralizing authentication protocol like Kerberos that: secure user credentials across multiple services, assists other servers to authenticate the users and establish session keys. Kerberos: An Overview Kerberos is an Authentication and Authorization Infrastructure (AAI) designed to provide strong authentication for client/server applications. Designed for open, distributed environments where users access services on different servers from various locations. Developed at MIT as part of Project Athena Named after the three-headed watchdog from Greek mythology. Kerberos vs. Needham-Schroeder Protocol Needham-Schroeder Protocol is a cryptographic protocol developed in 1978 by Roger Needham and Michael Schroeder to enable mutual authentication between two parties over an insecure network. How it works: Step 1: One party (A) requests a session key from the Key Distribution Center (KDC) to communicate with another party (B). Step 2: The KDC generates a session key and sends it to A, along with an encrypted version of the session key for B. Step 3: A forwards the encrypted session key to B. Step 4: Both A and B now have the same session key and can securely communicate. Kerberos is essentially an evolution of the Needham-Schroeder protocol, incorporating stronger security mechanisms such as timestamps, nonces, and additional features like the Ticket Granting Ticket (TGT) to streamline repeated authentication in distributed systems. 52 How Kerberos Works: An Overview 1. User requests authentication from the Authentication Server (AS). 2. The AS verifies the user’s identity and issues a Ticket Granting Ticket (TGT). 3. The user uses the TGT to request access to services from the Ticket Granting Server (TGS). 4. The TGS issues a service ticket for the specific service. 5. The user presents the service ticket to access the resource. 6. Server return the resource, data or services to the client Step1: User Request to AS 1. C → AS: IDC, IDtgs, TS1 The client module (on user’s PC) sends on behalf of the user a request to the Authentication Server (AS). This request includes a time-stamp (TS1) and two identities: IDC : to inform AS of the user IDtgs : to inform AS of the Ticket Granting Service required. There may be multiple TGS’s. Step2: AS Answer 2. AS → C: EKc[Kc,tgs, IDtgs, TS2, Lifetime2, Tickettgs] Where Tickettgs = EKtgs[Kc,tgs, IDC, ADC, IDtgs, TS2, Lifetime2] A session key, Kc,tgs , is generated for secure communication with the ticket granting server indicated by IDtgs. A time-stamp (TS2) is specified, as is a lifetime (Lifetime2) for the ticket. Tickettgs :This is for access to TGS: It includes: The same session key, identity, time-stamp and lifetime. IDC : indicating the user. ADC: indicated the network address of the client/user Step3: Ticket Granting Request 3. C → TGS: IDV, Tickettgs, AuthenticatorC Where AuthenticatorC = EKc,tgs[IDC, ADC, TS3] o The client now has a ticket to communicate with a ticket granting service, and in this step it communicates with the TGS to request a Server ticket. IDV : indicates the relevant server. Tickettgs : is the client’s permission to access the TGS. AuthenticatorC : It is used by TGS to authenticate C. Only C and TGS can open it. Contains IDC, ADC, TS3. Step4: Ticket Granting Server Answer 4. TGS → C: EKc,tgs[KC,V , IDV, TS4, Lifetime4, TicketV] Where TicketV = EKv[Kc,v, IDC, ADC, IDV, TS4, Lifetime4] The TGS returns a ticket to C, granting access to server/service V. The message is encrypted to ensure confidentiality and authentication. A key, KC,V , for C to talk to V. IDV is the identity of the server There is a new time-stamp (TS4) and a lifetime for the new ticket. Step5: User Request to Server 5. C → V: TicketV, AuthenticatorC Where AuthenticatorC = EKc,v[IDC, ADC, TS5] The client now communicates TicketV and AuthenticatorC with V for access. o AuthenticatorC: Only C and V can open it Used by V to authenticate C. Contains IDC, ADC, TS5. Step6: Server Answer 6. V → C: EKc,v[TS5 + 1] In this step the server acknowledges the message from the client. Access to resources (data or service) is granted Summary of KerberosV4 Exchanges Once per user logon session: Once per type of service Once per service session Kerberos V4 vs. V5: Encryption & Ticket Lifetime Kerberos V4 Kerberos V5 Supported Primarily relied on the DES Supports a wider range of stronger Encryption algorithm, which is now encryption algorithms like AES Algorithms considered weak Flexibility to add new encryption algorithms in the future. Ticket Lifetime Had a fixed ticket lifetime and Introduced renewable tickets. Users can didn’t support renewal or request ticket extensions without extended ticket use. This needing to re-authenticate frequently. could cause issues if the ticket expired during long sessions. Allows configurable ticket lifetimes based on policies, Cross-Realm No Users can authenticate across multiple Authentication Kerberos realms, enabling authentication between different organizations. NB: A Kerberos realm is a set of managed nodes that share the same Kerberos database. Kerberos V4 vs. V5: Encryption & Security Improvements & Authentication Forwarding Kerberos V4 Kerberos V5 Authentication No support for forwarding user Introduced authentication forwarding, Forwarding credentials to other services or allowing a user to access services on machines multiple machines without needing to re- authenticate. Known Vulnerable to dictionary Improved protection by using stronger Vulnerabilities & attacks due to weak encryption algorithms and salting Security encryption (DES) and lack of passwords before hashing, making salting for password hashes. dictionary attacks harder. Enhancements Replay attacks were possible Introduced timed tickets with timestamps because the system didn’t and nonces, making it more resistant to implement proper replay attacks. timestamping. Introduces the concept of a subkey, which is an optional session key that the client or server can propose to use instead of the session key generated by the KDC. Kerberos Version 5: Message Exchanges 63 Kerberos and Single Sign-On (SSO) Single Sign-On (SSO) with Kerberos: Kerberos provides users with SSO by allowing them to authenticate once and gain access to multiple services within a network without re- entering credentials. The Ticket Granting Ticket (TGT) is issued after the initial login, allowing the user to request service tickets for various resources without needing to authenticate again. This process reduces the risk of repeated password transmissions across the network, enhancing both user experience and security. Role in Network Security: Kerberos ensures mutual authentication between users and services, preventing impersonation and other forms of attacks. Widely adopted in enterprise environments (e.g., Microsoft Active Directory), it integrates seamlessly with existing network services. Questions?