 CEG 499/699:
|
|
from http://www.m-w.com/cgi-bin/dictionary
au·then·tic Pronunciation: &-'then-tik, o- Function: adjective;
Etymology: Middle English autentik, from Middle French autentique,
from Late Latin authenticus, from Greek authentikos, from
authentEs perpetrator, master, from aut- + -hentEs (akin to Greek
anyein to accomplish, Sanskrit sanoti he gains) Date: 14th century
au·then·ti·cate Pronunciation: &-'then-ti-"kAt, o- ; Function:
transitive verb; Inflected Form(s): -cat·ed; -cat·ing; Date: 1653 |
Authentication is a corner stone of computer security.
Some computer systems have no user authentication at all. This is not an intrinsic property of home PCs running Windows 95 or older OS, but the result of decisions made regarding the control of access. Systems that contain "valuable" resources wish to grant different degrees of access to different users. This makes it necessary that a user authenticate himself.
User authentication, on ordinary computer systems, is almost always by a password. As long as you have given the right password for Joe User, most systems accept as Joe User. This widespread use of passwords is mostly because the technology for using other methods, such as biometrics, is far too expensive. The password method fails mostly because people do not carefully chose passwords, and also because there are ingenious and computationally extensive techniques that can guess a password.
“Over the Internet, no one knows you're a dog.” -- Anonymous
This joke illustrates a problem that the same password is used whether you are logging on the console or remotely logging in from a thousand miles.
The word node is here synonymous with host. Suppose you are trying to use a machine remotely. How do you know that you are interacting with the right machine? Programs like the secure-shell perform node authentication by exchanging long strings of digits, and remembering what they received the last time they asked the remote node to authenticate itself.
Authentication is always based on encryption. Without encryption, it is like having a paper-thin door to a house. Thus, a computer system stores password in encrypted form. It sends or receives messages regarding authentication in encrypted form.
A key is a carefully generated series of digits. A key unlocks the secret in a message by deciphering it. We also use a key to encrypt. A public key is a key that you may reveal to others. A private key must be kept confidential. Key management refers to how the keys are generated, etc.
Kerberos is a secure method for authenticating a request for a service in a computer network.
"[
1. Suppose you want to access a server on another computer (which you may get to by sending a Telnet or similar login request). You know that this server requires a Kerberos "ticket" before it will honor your request.
2. To get your ticket, you first request authentication from the Authentication Server (AS). The Authentication Server creates a "session key" (which is also an encryption key) basing it on your password (which it can get from your user name) and a random value that represents the requested service. The session key is effectively a "ticket-granting ticket."
3. You next send your ticket-granting ticket to a ticket-granting server (TGS). The TGS may be physically the same server as the Authentication Server, but it's now performing a different service. The TGS returns the ticket that can be sent to the server for the requested service.
4. The service either rejects the ticket or accepts it and performs the service.
5. Because the ticket you received from the TGS is time-stamped, it allows you to make additional requests using the same ticket within a certain time period (typically, eight hours) without having to be reauthenticated. Making the ticket valid for a limited time period make it less likely that someone else will be able to use it later.
The actual process is much more complicated than just described. The user procedure may vary somewhat according to implementation.
]
Passport is a single sign-on mechanism for e-commerce that MS Windows now supports. A customer does not need to establish an "account" with each of these e-businesses. Instead, he supplies his passport. Then through a series of authentications and encrypted cookie certificates, the user is able to purchase items at participating e-commerce sites.
[
"In the Passport model, there are three entities: the client at a Web browser, the e-merchant, and the Passport login server. The login server maintains authentication and customer profile information for the client and gives the merchant access to this information when permitted by the customer. Passport divides client data into profile information (such as addresses, shoe size, and so on) and the wallet, which contains credit card information. Passport's protocols are designed to enable the secure transfer of this profile and wallet information between the Passport server and the merchants.
"Passport's interaction with a user begins when a client, visiting a merchant site, needs to authenticate (to provide some personal information or make a purchase). The merchant Web server redirects the customer's browser to a well-known Passport server. The Passport server presents the user with a login page over an SSL connection. The user logs into the Passport server, and the Passport server redirects the user back to the end server. Authentication information is included in the redirect message in the query string. This information is encrypted using triple DES with a key previously established between Passport and the merchant server. The end server then sets an encrypted cookie in the client's browser.
The Passport architecture.
The idea is that when a user returns to the IBM site, for example, the encrypted cookie is returned as well. The site can decrypt the cookie and verify that the user is already authenticated. The Passport server also sets a cookie. Thus, if a user visits another site, say, dell.com, when the browser is redirected to the Passport server, the user is no longer presented with a login screen because the previous Passport cookie is used. If this cookie contains valid credentials, the client is redirected back to the merchant server without user intervention.
Wallet Protocol
The wallet protocol is very similar in nature to the single signon protocol. Instead of just authenticating, however, the user can insert all sorts of personal and credit card information. Then, when the user is shopping on an end server site, the user can select which information to include for that merchant. The user never needs to enter the information again for participating end servers.
"User Interface - In security systems, the user interface is one of the most crucial and frequently inadequate parts. For example, any merchant site that uses Passport displays a Passport signout icon that is supposed to remove Passport cookies. One of the most popular Passport services currently deployed is the Hotmail e-mail service from Microsoft. We set up some Hotmail accounts and did some experimentation. One thing we discovered is that, in addition to the Passport signout icon, there is also a Hotmail logout option on the page. So, what does this mean to a user? Presumably, the Hotmail logout button is used to remove the Hotmail credentials, while the Passport signout button is used to remove the Passport credentials to all services. While this may be clear to computer security experts, it is unlikely that the average nonexpert computer user will understand the distinction. A user making the mistaken, but reasonable, presumption that the Hotmail Logout button will remove Passport credentials could easily walk away from a browser still able to authenticate on behalf of the user.
"Key Management - The Passport protocol requires that the Passport server share triple DES keys with each merchant. The keys are used to encrypt information transferred from Passport to the merchants in redirect messages. These keys must be generated securely (that is, randomly) and assigned out of band. Many systems have been broken because poor randomness was used to generate keys. It is a difficult problem that requires careful attention.
Passport encrypts information for itself and stores the information in Passport cookies on client machines. A single key is used to encrypt all of the cookies. This represents an unnecessary risk of exposure of that key. A better solution is to use a master key to generate a unique key per client.
Central Point of Attack - As with all single-signon systems, Passport establishes a service trusted by all others to make authoritative decisions about the authenticity of a user. Whereas in traditional Web authentication each merchant is responsible for safeguarding the authentication information of customers, all data is centralized in Passport. Compromise of this central service would be particularly disastrous. Besides authentication data, the Passport login service maintains consumer profile information on all registered users. Storing this information in a central location, while convenient, makes the server an extremely attractive target for attack, both for denial of service and for unauthorized access. The centralized service model is antithetical to the distributed nature of the Internet that has made it so robust and so popular.
Cookies and Javascript - The danger with cookies is limited to the exposure of sensitive cookie payloads to unintended recipients. Because the Passport cookie contains sensitive data, the system encrypts these cookies using triple DES. Passport cookies, though, are also proofs of authentication whose lifetimes are determined only by the lifetime of the Web browser and the (encrypted) time window in the cookie. On a public machine, a user who forgets to log out of a Passport account could leave valid authentication tokens behind on the machine for any user to recover.
The most important problems, however, with cookies and JavaScript are more social than technological. Regardless of their actual value or security, these technologies have been shown to compromise user privacy. Dictating (or even strongly recommending) the use of technologies that are not felt to be trustworthy in a system whose purpose is to establish trust can undermine significantly the perceived value of that system.
Persistent Cookies - Passport leaves authenticators, in the form of browser cookies, on the client machine. The Passport server does not have to reissue credentials if the cookie has not expired yet. This is reminiscent of single signon in Kerberos.
Kerberos uses tickets, which are encrypted credentials, to establish continuous authentication within a specified amount of time, without requiring a return trip to the authentication server. In Passport, where cookies stand in for tickets, possession of the cookie is all that is necessary to impersonate the valid user of that cookie. No further proof is required.
Bogus Merchant - The bogus merchant threat is probably the weakest aspect of Passport. Imagine that users get accustomed to using Passport. They enjoy the convenience of single signon and wallet services, while trusting that the service is secure. Now, to attack the system, a merchant sets up a phony Web store, selling something attractive. When the user visits the phony Web site, the server simulates a redirect to pasport.com, and the user is prompted for his credentials on a page that looks exactly like the legitimate Passport server. The user is in the habit of filling this out every once in a while, so he does not notice the misspelled URL, or check the certificate. Even if he did check the certificate, he might not notice the misspelling. In practice, any URL, even one that does not resemble the word "passport," would probably work as well.
Active Attack - An attacker with access to the network between the client's Web browser and the merchant server (and able, therefore, to rewrite packets passing between the two hosts) can take advantage of this access to achieve the same result described above while permitting the client to interact normally with the merchant site. Such access is not prohibitively difficult to obtain. Large ISPs concentrate the traffic of thousands of users through a fairly small set of routers and servers. Obtaining unauthorized access to one of these hosts interposes the attacker between these users and all services they wish to access. Any traffic passing through such a compromised host could potentially then be read and rewritten.
DNS Attacks - Passport's security model depends heavily on the Domain Name System. In addition to the well-known problem of SSL's dependence on the DNS, HTTP redirects generally specify a host to receive the redirection in the form of a DNS name. An intruder who controls a client's DNS service could transparently perform the rewriting process by simply aliasing http://www.passport.com to the IP address of a server controlled by the intruder.
]
| February 03, 2002 05:40:04 PM |
| pmateti@cs.wright.edu |