This section will introduce you to single sign-on (SSO), and its advantages, disadvantages, and limitations. Then, we will look at the Kerberos authentication protocol. Take note of the Kerberos components such as key distribution center (KDC), ticket granting service (TGS), ticket granting ticket (TGT), and authentication server (AS).
Access Control Technologies
- SSO is a technology that allows a user to enter credentials one time and be able to access all resources in primary and secondary network domains
- Reduces the amount of time users spend authenticating to resources.
- Enable the administrator to streamline user accounts and better control access rights
- Improves security by reducing the probability that users will write down their passwords
- Reduces the administrators time in managing the access permissions
- Every platform application and resource needs to accept the same type of credentials, in the same format and interpret their meaning in the same way.
- Once an individual is in, he is in, thus giving a bigger scope to an attacker
- Kerberos is an authentication protocol that was designed in mid-1980 as part of MIT’s project Athena.
- It works in a C/S model and is based on symmetric key cryptography
- It is widely used in UNIX systems and also the default authentication method for windows 2k and 2k3 and is the de-facto standard for heterogeneous networks.
- Key Distribution Center (KDC)
- Holds all users and services secret key and info about the principles in the database
- Provides an authentication service with the help of a service called AS
- Provides key distribution functionality
- Provides a ticket granting service (TGS)
- Secret Keys are the keys shared between principle and KDC generally using symmetric key cryptography algorithm that are used to authenticate the principles and communicate securely
- Principles are users, applications or any network services
- A ticket is a token generated by KDC and given to a principle when one principle need to authenticate another principle
- Realm is a set of principles. A KDC can be responsible for one or more realms. Realms allow an administrator to logically group resources and users.
- Session Keys are the keys shared between the principles that will enable them communicate security
Kerberos Authentication Process
- User enters username and password into the workstation (WS)
- The Kerberos s/w on the workstation sends the username to the Authentication Server (AS) on the KDC.
- The AS generates a Ticket Granting Ticket (TGT) encrypting it with the user’s secret key stored in DB with the help of TGT and sends it to the user.
- The password entered by the user is transformed into a secret key using which the ticket (TGT) is decrypted and thus the user gains access to the WS.
- Suppose the user wants to use the printer, the users system send the TGT to the TGS on the KDC
- The TGS generates a new ticket with two instances of a session key, one encrypted with the user’s secret key and the other encrypted with the print server’s secret key. This ticket may also contain an authenticator which contains info on user.
- The new ticket is sent to the users system which is used to authenticate with the print server.
- The user’s system decrypts and extracts the session key, adds a second authenticator set of identification information to the ticket and sends the ticket onto the print server.
- The print server receives the ticket, decrypts and extracts the session key, and decrypts and extracts the two authenticators in the ticket. If the printer server can decrypt and extract the session key, it knows that the KDC created the ticket, because only the KDC has the secret key that was used to encrypt the session key. If the authenticator information that the KDC and the user put into the ticket matches, then the print server knows that it received the ticket from the correct principal.
Weakness of Kerberos
- The KDC can be a single point of failure. If the KDC goes down, no one can access needed resources. Redundancy is necessary for the KDC.
- The KDC must be able to handle the number of requests it receives in a timely manner. It must be scalable.
- Secret keys are temporarily stored on the users’ workstation, which means it is possible for an intruder to obtain these cryptographic keys.
- Session keys are decrypted and reside on the users’ workstations, either in a cache or in a key table. Again, an intruder can capture these keys.
- Kerberos is vulnerable to password guessing. The KDC does not know if a dictionary attack is taking place.
- Network traffic is not protected by Kerberos if encryption is not enabled.
- SESAME (Secure European Systems for Applications in a Multi-vendor Environment) is a SSO technology that was developed to extend Kerberos functionality and improve upon its weakness.
- SESAME uses a symmetric and asymmetric cryptographic technique to protect exchanges of data and to authenticate subjects to network resources.
- SESAME uses digitally signed privileged Attribute Certificates (PAC) to authenticate subjects to objects. PAC contains the subject’s identity, access capabilities for the object, access time period, and life time of the PAC
- A domain is a set of resources that are available to a subject.
- A security domain refers to the set the resources working under the same security policy and managed by the same group.
- Domains can be separated by logical boundaries, such as
- Firewalls with ACL’s
- Directory services making access decisions
- Objects that have their own ACL’s indicating which individual or group can access them.
- Domains can be architected in a hierarchical manner that dictates the relationship between the different domains and the ways in which subjects within the different domains can communicate.
- Subjects can access resources in domains of equal or lower trust levels.
- Thin clients are diskless computers that are sometimes called as dumb terminals.
- It is based on C/S technology where a user is supposed to logon to a remote server to use the computing and network resources.
- When the user starts the client, it runs a short list of instructions and then points itself to a server that will actually download the operating system, or interactive operating software, to the terminal. This enforces a strict type of access control, because the computer cannot do anything on its own until it authenticates to a centralized server, and then the server gives the computer its operating system, profile, and functionality.
- Thin-client technology provides another type of SSO access for users, because users authenticate only to the central server or mainframe, which then provides them access to all authorized and necessary resources.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Last modified: Friday, November 20, 2020, 7:39 AM