Kerberized Credential Translation
description
Transcript of Kerberized Credential Translation
![Page 1: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/1.jpg)
Kerberized Credential TranslationOlga KornievskaiaPeter HoneymanBill DosterKevin Coffman
Center for Information Technology Integration
University of Michigan, Ann Arbor
![Page 2: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/2.jpg)
Two worlds
Kerberos is a widely used authentication mechanism login, AFS, mail, LDAP
SSL is used to establish secure connections on the Web https, SSL-enabled Telnet
Need interoperability mechanisms
![Page 3: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/3.jpg)
Webs Access Control
Example: access AFS content via the Web AFS is Kerberos protected, not SSL Web Server needs user’s Kerberos creds Candidate solutions
World-readable files file://afs/citi.umich.edu/u/...
Other problems requiring web access control Kerberized X.500 directory via Web Kerberized IMAP/POP mail servers via Web
![Page 4: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/4.jpg)
Existing solutions and related work
Accessing Kerberized services via the Web Send id and password (securely) to the Web
Server Grants Web Server broad powers to impersonate the
user Kerberos authentication in TLS with support for
delegation Not supported by browsers No mechanism for fine-grained delegation
Perform access control at the Web Server
![Page 5: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/5.jpg)
The best of both worlds
Leverage Kerberos to solve PKI key management problem
Use strong authentication over the Web Provide Web Interface for Kerberized
services through the Web Server Use existing infrastructures
![Page 6: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/6.jpg)
Design Components
KX.509 creates short-lived certificates Web Server acquires Kerberos credentials
on client’s behalf Kerberized Credential Translator (KCT):
Translates client’s PK credentials to Kerberos
WebAFS prototype
![Page 7: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/7.jpg)
KX.509 (junk keys)
Client acquires a service ticket for KCA Then generates a public-private key pair And sends the public key to KCA for
signing Service ticket, public key, MACsk(PK)
KCA generates a certificate Uses X.500 to map client identification Expiry of the certificate is set to that of the
Kerberos creds KCA sends the certificate back to the client
X.509 cert, MACsk(cert)
![Page 8: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/8.jpg)
KX.509
Client stores certificate in Kerberos ticket cache
Netscape manages its own certificates and is unaware of KX.509 certs Added a cryptographic module to
Netscape Netscape calls our module when SSL
client authentication is requested
![Page 9: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/9.jpg)
Web Server
Authenticates client with SSL Records transcript of SSL handshake Sends SSL transcript to KCT Receives and caches Kerberos credentials Authenticates to a backend service (say,
AFS) with received credentials
![Page 10: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/10.jpg)
Kerberized Credential Translator
Kerberos authenticates the Web Server Receives and verifies an SSL transcript
Verifies client/server certs Verifies client’s signature in CLIENT_VERIFY Matches server identities in server cert and
server ticket Assures freshness of the transcript
Issues a service ticket for the client to the Web Server
![Page 11: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/11.jpg)
KCT
Requires access to KDC database Needs the same physical security In practice, runs on the same machine
Avoids challenge of consistent replication Achieves physical security requirement
![Page 12: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/12.jpg)
Performance
End-to-end delays
133 MHz Pentium, Red Hat 6.2 (2.2 kernel)
First access to index.html
4.040 s
Subsequent access to server
1.252 s
Accesses within a page (e.g, images)
0.022 s
![Page 13: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/13.jpg)
Summary
A solution for Web Access Control KX.509 provides single sign-on capability Illustrated how an SSL handshake can be
used as a delegation mechanism Introduced a new mechanism to translate
PK credentials to Kerberos
![Page 14: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/14.jpg)
Any questions?
![Page 15: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/15.jpg)
Extra slides from here on….
![Page 16: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/16.jpg)
Discussion
KX.509 anonymous certificates
KCT More powerful authorization model Different (not KX.509) PK – Kerberos identity mapping
Extensions Any SSL-enabled server (telnet): no more passwords
![Page 17: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/17.jpg)
Overview of Kerberos
Initial authentication Request for a Ticket Granting Ticket
Request for a service ticket Request for a service ticket
Authentication to a Kerberized server
![Page 18: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/18.jpg)
Overview of SSL Provides secure connections
Entity authentication Public key challenge-response protocol + X.509 certs
RSA, DH, Fortezza Message confidentiality
DES, 3DES, RC2, RC4, IDEA Message integrity
MD5, SHA Consists of 2 protocols: record and
handshake
![Page 19: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/19.jpg)
SSL handshake
ClientHello
Certificate
ClientKeyExchange
CertificateVerify
Finished
ServerHello
Certificate
CertificateRequest
ServerHelloDone
Finished
![Page 20: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/20.jpg)
Inside SSL handshake
ClientHello version, timestamp, random, session id,
cipher suite Certificate
X.509 certificate, CA chain ClientKeyExchange
[Key material]WSPK (in RSA) ClientVerify
[HMACMK(handshake msgs)]CPR
![Page 21: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/21.jpg)
Important in SSL handshake
Timestamp serves as a nounce Used as a replay guard
SSL renegotiation establishes a new key Session ID allows for reuse of previously
established session keys Partial handshakes improve performance
![Page 22: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/22.jpg)
Implementation issues
Netscape starts with an SSLv2 ClientHello Requires an SSL renegotiation or a request to
KCT for a nounce Chose to renegotiate
SSLv3 ClientVerify uses master secret Must reveal the secret to KCT
Requires an SSL renegotiation
![Page 23: Kerberized Credential Translation](https://reader035.fdocuments.us/reader035/viewer/2022070418/56815731550346895dc4cf87/html5/thumbnails/23.jpg)
Performance piece by piece
Components delays1 handshake 1.252 s
2 handshakes 2.495 s
TGT/KCT_TKT 0.029 s
KCT request 0.255 s
Partial handshake 0.022 s