PKI provides, among other services, an authentication protocoI reIying on asymmetric encryption. One of the keys is kept private, the other is made PubIic. Public keys are distributed using certificates hich are digitaIIy signed by trusted authorities.
PKI provides, among other services, an authentication protocoI reIying on asymmetric encryption. One of the keys is kept private, the other is made PubIic. Public keys are distributed using certificates hich are digitaIIy signed by trusted authorities.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
PKI provides, among other services, an authentication protocoI reIying on asymmetric encryption. One of the keys is kept private, the other is made PubIic. Public keys are distributed using certificates hich are digitaIIy signed by trusted authorities.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
Integrating PKI and Kerberos Integrating PKI and Kerberos
Authentication services Authentication services AIberto Pace WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 2 Authentication Methods Authentication Methods %o technoIogies for authentication Kerberos and X.509 Certificates (PKI) %oday at CERN Kerberos is used in Windos Domains and AFS PKI is used in aII Grid reIated projects, ith muItipIe certification authorities Both technoIogies here to stay MuItipIe scenarios exist to integrate and interoperate the to technoIogies WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 3 Kerberos vs PKI ? Kerberos vs PKI ? Both technoIogies have eak and strong points Distributed versus centraIized management ForardabIe authentication OffIine authentication %echnoIogy is different Asymmetric encryption ith pubIic/private keypairs versus symmetric encryption and shared secrets Some detaiIs foIIos . WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 1 PKI basics PKI basics PKI provides, among other services, an authentication protocoI reIying on asymmetric encryption. One of the keys is kept private, the other is made pubIic. PubIic keys are distributed using certificates hich are digitaIIy signed by trusted authorities "An intro to "An intro to PKI and fe PKI and fe depIoy hints" depIoy hints" "Py75c%bn&*)9|f "Py75c%bn&*)9|f De^bDzjF@g5=& De^bDzjF@g5=& nmdFgegMs" nmdFgegMs" "An intro to "An intro to PKI and fe PKI and fe depIoy hints" depIoy hints" CIear CIear- -text Input text Input CIear CIear- -text Output text Output Cipher Cipher- -text text Different keys Different keys Encryption Encryption Decryption Decryption WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 5 AIice AIice pub pub DS DS Cert Cert PKI: Obtaining a Certificate PKI: Obtaining a Certificate Priv Priv pub pub Certification Server User generates User generates a key pair a key pair Certificate is Certificate is sent to the user sent to the user PubIic key is PubIic key is submitted to CA submitted to CA for certification for certification AIice AIice pub pub DS DS Cert Cert User identity verified, User identity verified, DigitaI signature added, DigitaI signature added, Certificate produced Certificate produced WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 AIice AIice pub pub DS DS Cert Cert PKI: Authentication ith Certificates PKI: Authentication ith Certificates Priv Priv Bob verifies the Bob verifies the digitaI signature digitaI signature on the certificate on the certificate Certificate is Certificate is sent for sent for authentication authentication He can trust that the public key really belongs to Alice, but is it Alice standing if f ront of him ? AIice AIice pub pub DS DS Cert Cert AIice AIice Bob Bob Bob chaIIenges AIice to encrypt for hima randomphrase he generated I Like FIoers I Like FIoers &erD4%@f%% &erD4%@f%% AIice AIice pub pub DS DS Cert Cert I Like FIoers I Like FIoers &erD4%@f%% &erD4%@f%% ?? I Like FIoers I Like FIoers &erD4%@f%% &erD4%@f%% Encrypt using private key Encrypt using private key Decrypt using pubIic Decrypt using pubIic key in certificate and key in certificate and compare compare SEC390 SEC390 2 2 WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 Z Kerberos Differences Kerberos Differences Kerberos is an authentication protocoI reIying on symmetrical cryptographic aIgorithms that use the same key for encryption as for decryption Different fromPKI ! "An intro to PKI "An intro to PKI and fedepIoy and fedepIoy hints" hints" "AxCvGsmWe#4^,sdgf "AxCvGsmWe#4^,sdgf Mir3:dkJe%sY8R Mir3:dkJe%sY8R\\s@! s@! q3%" q3%" "An intro to PKI "An intro to PKI and fedepIoy and fedepIoy hints" hints" CIear CIear- -text input text input CIear CIear- -text output text output Cipher Cipher- -text text Same key Same key (sharedsecret) (sharedsecret) Encryption Encryption Decryption Decryption WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 8 Kerberos: Basic principIes Kerberos: Basic principIes %here is a trusted authority knon as the Key Distribution Center (KDC) hich is the keeper of secrets. Every user shares a secret passord ith the KDC technicaIIy the KDC doesn't kno the passord but rather a one ay hash, hich is used as the basis for a cryptographic "master key". %he secret master key is different for each user As to users don't kno each other master key they have no direct ay of verifying each other's identity %he essence of Kerberos is key distribution. %he job of the KDC is to distribute a unique session key to each pair of users (security principaIs) that ant to estabIish a secure channeI. Using symmetricencryption Everybody has to trust the KDC KDC trust trust trust trust Ma Mb Ma Mb WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 9 Breakthrough of a (simpIified) Breakthrough of a (simpIified) Kerberos session Kerberos session AIice ants to communicate ith Bob bob couId be a server or a service AIice can communicate secureIy ith the KDC, using symmetric encryption and the shared secret (Master Key) AIice teIIs the KDC that she ants to communicate ith Bob (knon to the KDC) WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 10 (simpIified) Kerberos session 2 (simpIified) Kerberos session 2 %he KDC generates a unique randomcryptographic key for AIice and Bob to use (caII this Kab) He sends back to copies of Kab back to AIice. %he first copy is for her to use, and is sent to her aIong ith some other information in a data structure that is encrypted using AIice's master key. %he second copy of Kab is packaged aIong ith AIice's name in a data structure encrypted ith Bob's master key. %his is knon as a "ticket". KDC AIice AIice Bob Bob Kab Kab AIice AIice Encrypted using Encrypted using Encrypted using Encrypted using Kab I ant to taIk to Bob I ant to taIk to Bob Unique Key for AIice/Bob Unique Key for AIice/Bob communication communication Ma Mb Ma Mb Mb Ma WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 11 What is the ticket ? What is the ticket ? %he ticket is effectiveIy a message to Bob that onIy BOB can decrypt "%his is your KDC. AIice ants to taIk to you, and here's a session key that I've created for you and AIice to use. Besides me, onIy you and AIice couId possibIykno the vaIue of Kab, since I've encrypted it ith your respective master keys. If your peer can prove knoIedge of this key, then you can safeIy assume it is AIice." Kab AIice AIice Encrypted using Encrypted using Mb WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 12 Kerberos authentication Kerberos authentication AIice must send the ticket to Bob ith proof that she knos K ab and she must do it in a ay that aIIos Bob to detect repIays fromattackers Iistening on the netork here AIice, Bob, and the KDC are conversing. %he ticket is sent to Bob, ith an authenticator (her name and the current time, aII encrypted ith the session keyKab) Bob takes the ticket, decrypts it, and puIIs Kab out. %hen decrypts the authenticator using Kab, and compares the name in the authenticator ith the name in the ticket If the time is correct, this couId provide evidence that the authenticator as indeed encrypted ith K ab AIice AIice Bob Bob Kab Kab AIice AIice Encrypted using Encrypted using Encrypted using Encrypted using AIice, 22:34 AIice, 22:34 Authenticator Authenticator %icket %icket Kab Mb Ma Mb SEC390 SEC390 3 3 WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 13 Kerberos authentication Kerberos authentication It time is incorrect, bob reject the request ith a hint of hat his time is (Bob time isn't a secret) If the time is correct . . it's probabIe that the authenticator came fromAIice, but another person might have been atching netork traffic and might no be repIaying an earIier attempt. Hoever, if Bob has recorded the times of authenticators received fromAIice during the past "five minutes", he can defeat repIay attempts. If this authenticator yieIds a time Iater than the time of the Iast authenticator fromAIice, then this message must be fromAIice %his is hytime synchronization is essentiaI in kerberos and aII KDC provides aIso time synchronization services You can see this as a "chaIIenge" on the knoIedge of the shared secret (Kab): "prove that you kno Kab by encrypting the current time for me" WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 11 MutuaI authentication MutuaI authentication AIice has proved her identity to Bob No AIice ants Bob to prove his identity as eII she indicates this in her request to himvia a fIag. After Bob has authenticated AIice, he takes the timestamp she sent, encrypts it ith Kab, and sends it back to AIice. AIice decrypts this and verifies that it's the timestamp she originaIIy sent to Bob She has authenticated Bob because onIyBob couId have decrypted the Authenticator she sent Bob sends just a piece of the information in order to demonstrate that he as abIe to decrypt the authenticator and manipuIate the information inside. He chooses the time because that is the one piece of information that is unique in AIice's message to him AIice AIice Bob Bob Kab Encrypted using Encrypted using 22:34 22:34 Kab Kab Ma Mb WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 15 Kerberos Secure Communication Kerberos Secure Communication AIice and Bob share no a unique secret K ab that they use to communicate AIice AIice Bob Bob Kab Encrypted Encrypted using using Secure Secure information / information / Message Message Kab Kab WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 1 ReaI Iife is more compIicated ReaI Iife is more compIicated ReaI Kerberos incIudes severaI extra steps for additionaI security When AIice first Iogs in, she actuaIIyasks the KDC for hat is caIIed a "ticket granting ticket", or %G%. %he %G% contains the session key(Kak) to be used by AIice in her communications ith the KDC throughout the day. %his expIains hy hen the %G% expiresyou have to rene it So hen AIice requests a ticket for Bob, she actuaIIysends to the KDC her %G% pIus an authenticator ith her request. %he KDC then sends back the AIice/Bob session key Kab encrypted ith Kak as opposed to using AIice's master key as described earIier See various Kerberos references for detaiIs CERN Certification authority, CERN Certification authority, PKI and Kerberos integration PKI and Kerberos integration WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 18 Authentication Services at CERN Authentication Services at CERN For Kerberos: %o KDC in production, one for Windos computers (cern.ch domain) one for AFS (cern.ch ceII) Account and passords pIanned to be synchronized For the grid CERN Certification authority http://cern.ch/service-grid-ca PIan for 2006 / 2007 Migrate to a ne certification authorityintegrated ith the kerberos services http://cern.ch/ca SEC390 SEC390 4 4 WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 19 Ne CERN Certification authority Ne CERN Certification authority Aim to issue certificates Recognized by the entire grid community VaIid to obtain kerberos ticket automaticaIIy Separate Root CA and Issuing CA OffIine Root CA: Run on VirtuaI PC, Server image on removabIe disks Root trusted by defauIt inside CERN. OnIine Issuing CA Issues aII certificate, onIine, connected to the CERN Human resources database Web site http://cern.ch/ca WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 20 CA services pIanned CA services pIanned Issuing User certificates 'softare' cIient certificates Certifies the identity of a persons Issuing Host certificates %o authenticate computers, for exampIe, aII eb servers requiring https services Can certify any host in the cern.ch domain based on the CERN netork database registration Service certificates foreseen Issuing SmartCards Certificate and private key in a HW token AIIo users to map existing certificates issued by trusted CA (for exampIe existing Grid certificates) to their kerberos account. WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 21 DEMO: User Certificate Request DEMO: User Certificate Request nternet Explorer or Mozilla browsers can handle automatically certificate request. Amanual procedure with OpenSSL is also provided. WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 22 DEMO: Host Certificates DEMO: Host Certificates Users can request Host certificates for CERN Hosts they manage WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 23 DEMO: Certificate mapping to DEMO: Certificate mapping to Existing Account Existing Account Users can map an existing certificate to their Kerberos account for authentication %ypicaIIyfor oners of Grid certificates not issued by the CERN CA WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 21 PKI / Kerberos integration PKI / Kerberos integration Priv Priv AIice AIice pub pub DS DS Cert Cert AIice AIice Kerberos KDC Web Server %RUS%ED by the KDC Bob, Resource in Kerberos domain AIice AIice pub pub DS DS Cert Cert Authentication Request Authentication Request Cert vaIidation, chaIIenge Cert vaIidation, chaIIenge on knoIedge of priv key on knoIedge of priv key AIice authenticated AIice authenticated I need a ticket to taIk toBob I need a ticket to taIk toBob on behaIf of AIice. on behaIf of AIice. Kab Kab AIice AIice Mb M Kab AIice AIice Mb NormaI Kerberos NormaI Kerberos Authentication Authentication See: KerberosConstrainedDeIegation See: KerberosConstrainedDeIegation SEC390 SEC390 5 5 WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 25 Roadmap for 2006 Roadmap for 2006 Obtain accreditation fromthe European Grid PoIicy Management Authority(.eugridpma.org) Obtain approvaI of the ne Certificate PoIicy and Certification Practice (CP/CPS) See http://www.eugridpma.org/members/ From offIine issuing CA to onIine issuing CA ith FIPS Hardare moduIe http://www.eugridpma.org/guidelines/%-AP-classic-20050930-4- 0.pdf VerifyinteroperabiIityith Windos and Linux Desktops Mapping beteen Active Directory path and Certificate Subject Distinguished Name AIternate user mapping possibIe Usage of Smartcard on Iinux requires further investigation WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 2 Certificate usage, InteroperabiIity Certificate usage, InteroperabiIity Once a certificate is instaIIed in the cIient computer Can authenticate to CERN Websites (Win, Web, MaiI, %erminaI services, etc.) ot all CER web sites yet, but planned Best example of PK / Kerberos interoperability Can participate in any grid activity, orIdide Certificate recognized worldwide within the grid community Secure e-maiI possibIe Provide a common authentication interface for CERN services: sort of SingIe Sign On Mediumto Iong term: Have the CERN certificates trusted orIdide, not onIy ithin the grid community Support Windos and Linux desktop authentication using Smartcard certificates. Combine together SmartCards and CERN Access cards. WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 29 Web Authentication exampIe Web Authentication exampIe Opening a website f several client certif icates matching server requirements are f ound, browser asks to choose. Certificate authentication complete. Cancelled or no certificate installed WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 30 %echnoIogy not pIatform specific %echnoIogy not pIatform specific WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 31 ExampIe: EmaiI signing ExampIe: EmaiI signing In OutIook: WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 32 Managing Certificates Managing Certificates Softare certificates expire and must be reneed %ypicaIIy once a year Reneing a certificate is more compIicate than a passord change Looking toards automating request, distribution and instaIIation of CIient certificates For PCs member of a Windos domain, the CERN certificate can be pushed to the cIient as a domain poIicy Its reneaI can be handIed automaticaIIy (aIIoing short vaIidity periods) Users do not need to understand, be aare, be informed. 100 % transparent. SimiIar automation IeveIs exist for Linux and Mac OS systems, but require the computers to be centraIIymanaged Otherise, Smartcards are a possibIe soIution Much easier for the user to understand Longer certificate vaIidity SEC390 SEC390 6 6 WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 33 CERN Access Card CERN Access Card Use the same SmartCard for: Windos desktop (and Iaptop) Logon and Browser authentication Linux desktop Browser authentication Mac OS X desktop Browser authentication Remote indos indows %erminal Services Remote Linux Putty (to be defined, possible with OpenSC) OpenSSH (to be defined, possible with OpenSC) Exceed (to be confirmed) WorkShop sul Calcolo e Reti dell'INFN, 6-9 June 2006 31 ConcIusion ConcIusion CERN is improving its Certificate Authority service to issue certificates useabIe ithin the grid community Further automate certificate issuing procedures AutomaticaIIymap Certificates to Kerberos accounts (hen possibIe) In addition, Certificates issued by other trusted CA can be mapped to Kerberos accounts %his shouId provide a good PKI/Kerberos interoperabiIity