The document discusses key concepts in cryptographic key management and user authentication: 1. Kerberos is a trusted third party authentication protocol that allows clients to obtain service tickets from an authentication server (AS) and ticket granting server (TGS) using encrypted tickets and without transmitting passwords in plaintext. 2. Public key certificates bind public keys to user identities through digital signatures by a certification authority (CA). Certificates are distributed through public directory services and can be validated through a hierarchy of CAs. 3. Key distribution and user authentication protocols aim to securely distribute secret keys between parties or allow users to authenticate to services while preventing impersonation attacks. Standards like Kerberos, public key infrastructure and Security Assertion Markup Language

2. To send or broadcast public keys to the
community is convenient but
Anyone can forge such announcement
Public—key certificate
• CA: certificate authority
• Certificate. (public key + user ID) signed by
CA

3. Its first report identified requirementsas:
• Secure
• Reliable
• Transparent
• Scalable
Implemented using an authentication
protocol based on Needham-Schroeder

4. To prevent impersonation
• Burden on each server
Authentication server (AS)
C4AS: IDA |P/| Dv
AS4C: Ticket
C4V: IDy||Ticket
• Ticket=E(K , [ID |)ADc!l D
G
J
)

6. Client Server Authentication Exchange to
obtain service
C4V: Ticket
V4C: E( [TS +1]) (for mutua!
authentication)
• Ticket —
E( [K
Dcl)ADcÍl D ||TS4||Lifetime4])
• Authenticatorc —
E( cvI D |)ADcÌ)TSs])

7. uscr logon
«ession
User logs on o
woiksa‹ion and
requests service on host
user for pareward and
use password to decrypt’
incoming messag e. when
sends t cket and
conta' ne user sn me.
network ddre›s. and
time to TGS
tIcke‹ an
serv cesc.
,i,wet*
ncepef
typeof se+wice
2.M verlfies user's access right In
dacsbase. creates icket granting ‹icker
and session key.Results are encrypted
us ng key derived from use spa swor
uthentication
Server (AS)
grant ng
Server (TGS)
T
G
Sdecrypts ticŁet and
uth n cator. ver esreq
6. Server verifies that
ticket andauthenticaior
mat‹h thengranr›access
to service. If muted
authent cat on
requ red server r
anau‹henticatrx

8. contents user ID,
user s public key
signature using list’s
bl
tieneratc hash
to form signature

9. Fourth Edition
(Based on lecture slides by Lawrie
Brown

10. No Singhalese, whether man or woman,
would venture out of the house without a
bunch of keys in his hand, for without such
e talisman he would fear that some cłe il
m ght take advantage of his week state to
slip into his body
Frazer

11. Key distribution (Ref. Chap.14)
User authentication: Kerberos (Ref.
Chap.15)
Public-key certificate (Ref. Chap.14)
Public-key infrastructure (Ref. Chap.14)

12. Topics of cryptographic key management
key distribution are complex
• Cryptographic protocol & management issues
Symmetric schemes require both parties to
share a common secret key
Public key schemes require parties to
acquire valid public keys
Have concerns with doing both

13. Symmetric schemes require both parties
to share a common secret key
Issue is how to securely distribute this key
whilst protecting it from others
Frequent key changes can be desirable
Often secure system failure due to a break
in the key distribution scheme

14. Given parties A and B have various key
distribution alternatives:
Acan select key and physically deliver to B
Third party can select &deliver key to A&B
Uf A & B have communicated previously can
use previous key to encrypt a new key
If A & B have secure communications with a
third party C, Ccan relay key between A&B

15. Elements in option 4
• Key distribution cente (KDC)
• Session key: valid for the duration of alogical
connection
• Permanent key: for distributing session keys
Steps
• Connection request: A -> KDC
• Connection approval: KDC generates unique
one-time session key and send to Aand B
• Data exchange using session key: A <-> B

16. Kerberos
Trusted key server system from MIT
Provides centralised private-key third-party
authentication in a distributed network
• Allows users access to services distributed
through network
• Without needing to trust all workstations
Rather all trust a central authentication server
Two versions in use: 4 & 5 (RFC 4120)

17. Problems with the previous scenario
• A user has to enter a passwo d many times
Once for every different service
• Plaintext ansmission of the password

18. Problems
• Lifetime of the tickets
Anetwork service must be able to prove that the
person using the ticket is the same person to
whom the ticket was issued
in Kerberos
• Servers need to authenticate themselves to
users
• Mutual authentication

19. A basic third-party authentication scheme
Have an Authentication Server (AS)
• Users initially negotiate with AS to identify self
ASprovides a non-corruptible authentication
c edentiaT (
Have a Ticket Granting server (TGS)
• Users subsequently request access to other
services from TGS on basis of users TGT
Using a complex protocol using DES

20. (b) ’l”icket-4›rariting Service L?xchtutgt to ohtzzin ser* ie-o-granting ticlset
fc› filient/ er•et .'tutfttnticaticn EJxchange tn ‹›btain
service

21. Authentication service exchange to obtain
ticket-granting ticket
C4AS IDC| D
g TS1
AS4C: E(
[ | D
g TS2|| Lifetime2||Ticketg ])
• Ticket g
s
—E( [
IDC||ADC| D gs TS2||Lifetime2])
[Session key: ]

22. Ticket-granting service exchange to obtain
ticket-granting ticket
C->TGS: IDV| Ticketg
TGS4 C: E( [ ||ID ||TS4||Tickety])
• Ticketg E(
IDA )ADcÌÌ D
g
[
| TS2| Lifetime2])
• Ticket —
E( [
D ))ADcÍl Dvl)TS4||Lifetime4])
[ Dcs)ADcÌ)TS3])
• Authenticatorc —
E(ïï ¿
[Session key: ]

23. Kerberos Realms
A Kerberos environment consists of:
• AKerberos server
• Anumber of clientsall registered with server
Application servers, sharing keys with server
This is termed a realm
Typically a single administrative domain
In multiple realms their Kerberos servers
must share keys and trust

24. # C4ASÎ Dc IDg T
S
C
. AS4 C: E(KC
[ c D g TS2| Lifetime2| Ticket ])
C TGS D m||TiCketgs||Authenticatory
. TGS4C: E(Kgg
8 C >
T Srem•CDVem))Ticketțgsemİ)Authenticatorc
TGSrem’ E(KCtgnem,
[Kcvrem) Dvrem))TS6||Ticketyrem])
8 C
C
V emuTickety em))Authenticator

25. Developed in mid 1990 s (RFC1510)
Specified as Internet standard (RFC 4120)
Provides improvements over v4
• Addresses environmental shortcomings
Encryption alg, network protocol byte order ticket
lifetime, authentication forwarding interrealm auth
• And technical deficiencies
Double encryption non-std mode of use session
keys, password attacks

26. Lai Authentication Screice I.xchange to obtain tichet-grnnting ticket
‹h› Ticket•f›racting here ic* I.xchange tu ohtoia ar› iceyranting ticket

27. Distribution of public keys
Use of public-key encryption to distribute
secret keys

28. How to distribute the secret key between
Alice and Bob?
Diffie-HeTlmankey exchange
No authentication of the two communicating
partners
• Public-key certificate
Encrypt the message with one-time session key
Encrypt the session key using public-key
encryption with Alice s public key
• Attach the encrypted session key to the message

29. ITU—T X. 09
• Apa I of X.500 di ectory service
Database of information about users
• Aframewo k for p ovidinp authentication services
by X.500 di ectory to its users
• Arepository of public-key ce łificates
• Used in SMIME (Chap.7) IP security (Chap.8),
SSL TLS (Chap.5)
• First issued in 1988, revised recommendation in
1993, third version in 1995 and revised in 2000
• Does not dictate the use of a specific alg but
recommends RSA

30. Issued by a Certification Authority (CA) containing:
• version V (1. 2 Or 3)
• serial number SN (unique within CA) identifying certificate
• signature algOrithm identifie AI
. issue X.500 name CA
• pe iod of validity TA (fŁOF0 - O dates)
• subject X.500 name A (name of owne
• subject public-key info Ap (algorithm. parameters key)
. issuer unique identifier (v2+)
• subject unique identifier (v2+)
• extension fields (v3)
• signature (of hash of all fields in certificate)
Notation denotes ce tificate for A signed by CA

32. Any user with access to CA can get any
certificate from it
Because cannot be forged certificates can
be placed in a public directory

33. If both users share a common CA then they are
assumed to know its public key
Otherwise CA's must form a hierarchy
Use certificates linking members of hierarchy to
validate other CA's
• Each CA has certificates for clients (forward) and
parent (backward)
Each client trusts parents certificates
Enable verification of any certificate from one CA
by users of all other CAs in hierarchy

34. Z<<B>>

35. Certificates have a period of validity
May need to revoke before expiry, eg:
User s private key is compromised
User is no longer certified by this CA
CA's certificate is compromised
CA s maintain list of revoked certificates
• The Certificate Revocation List (CRL)
Users should check certificates with CA s CRL

37. Key and policy information
• Convey info about subject &issuer keys, plus
indicators of certificate policy
Certificate subject and issuer attributes
• Support alte native names in alternative
formats for certificate subject and or issuer
Certificate path constraints
• Allow constraints on use of certificates by
other CAs

38. Reqistr ation
Cerificee
authority
CRL issucr

39. Functions:
• Regist ation
• Initialization
• Certification
• Key pai recove y
Key pair update
• Revocation request
• Cross certification
2797)

40. Use of common identity management scheme
• Across multiple enterprises & numerous applications
• Supporting many thousands even millions of users
Principal elements are:
• Authentication authorization accounting
provisioning, workflow automation, delegated
administration password synchronization self-service
password reset, federation
Kerberos contains many of these elements

41. Idrnl t centsI

42. values asscciaed wiih met s identiy.
%Uw doAiñA
Smvice pmvider opens snssion witiireovae usersod
idcatity aad attributes

43. Security Assertion Markup Language (SAML)
• XML-based language for exchange of security
information between online business partners
Part of OASIS (Organization for the
Advancement of Structured Information
Standards) standards for federated identity
management
• e.g. WS-Federation for browser-based federation
Need a few mature industry standards