PROTOCOL OF SECURE MUTUAL AUTHENTICATION N. Miloslavskaya, A.Tolstoy, D.Ushakov The Moscow Engineering Physics Institute (State University) {ait, milmur}@mephi.edu
Outline • Distributed information system • Information system’s elements • Adversary’s model • Drawbacks of traditional authentication schemes • Proposed scheme of secure mutual authentication
1. Distributed information system 1.1. Information system • Information system is an organized collection of software and hardware elements, which form a data processing system, are able to function solely or as a component of other systems, and are used for document processing.* * - The Russian State Technical Committee. “Glossary of information security terms”
1.2. Distributed information system • joins several isolated information systems together; • forms an “open system”; • makes possible information exchange; • achieved through a set of services”.
2. Information system’s elements 2.1. Interacting elements • subjects (clients): active elements – access resources; – request services.
• objects (servers): passive elements – have resources; – provide services.
2.2. Extended classification • servers: passive, provide services: – authentication servers: • register clients, give privileges;
– informational servers: • process information from those having privileges (“authenticators”).
• improves system’s: – scalability; – security, including resistance to DoS-attacks; – computational abilities.
3. Adversary’s model 3.1. Adversary • Adversary is a system’s subject which has access to authorized system tools.* • Security should be based only on the reliability of algorithms and protocols. * - The Russian State Technical Committee. “Management directive. Concept of protection of computer facilities and automated systems against unauthorized access to information”.
3.2. Model data channel User 1
message
message
tapping
insertion
false network
server
adversary
User 2
4. Traditional authentication schemes 4.1. Traditional approach • static configuration; • predefined set of privileges; • only client authentication, not the server; • even X.509 is not enough; • lack of scalability; • lack of manageability;
4.2. Overcoming difficulties • authentication:
– authentication services at authentication servers;
• mutual authentication (client and server); • proxy certificates, extending X.509:
- mandatory fields (the digital signature algorithm, the signature itself, the certificate version and so on); – client FQDN (fully qualified client’s name in the DNS format); – client’s public key; – authentication server’s FQDN; – timestamp – lifetime of proxy certificate.
4.3. Proxy usage client domain 1 authentication server (AS) 1
information server (IS)
client domain 2 AS 2
certificates of trusted authentication servers authenticating client domains
5. Proposed authentication scheme 5.1. Algorithm • IS extracts client’s FQDN from proxy; • checks the existence of appropriate AS (in local DB or at CA); • checks the signature validity of the AS certificate received from CA; • extracts the public key of the AS and validates the proxy signature; • checks the identity of the client; • negotiates the secret key, establishes the tunnel; • processes client’s request.
5.2. Reasoning about authentication protocols • BAN-logic (logic of authentication): – a form of mathematical logic; – shows consistency of a protocol; – has a set of postulates (axioms); – uses assumptions (initial expectations about participants); – validates how the protocol achieves its goals.
5.3. Protocol client
authentication server
A
AS
informational server
IS
1. А 2. {Nas}-Kas
3. {Na}-Ka, {F1 (Nas)}-Ka 4. {F2 (Na)}-Kas, CertA 5. CertA, {A, Na2}-Ka 6. {F3 (Na2)}-Kis, {Nis}-Kis 7. {F4 (Nis)}-Ka This is followed by an ordinary protocol which allows to agree on a shared secret session key (e.g., Diffi-Hellman or RSA)
5.4. Initial beliefs • IS: – public key of AS; – knows format of proxy; – believes AS authenticates only valid users;
• AS: – public key of A;
• A: – public key of AS; – believes AS correctly generates certificates; – believes IS, checked by AS in advance;
• Common: – their own public and private keys; – generate “good” (pseudo)random numbers; – know the structure of messages.
5.5. Peculiarities • protocol drawback: – requires synchronization of IS and AS clocks (NOT on the clients and servers!) to protect from “replay” attacks;
• can be mitigated by a shared secret: – unique within every session (a random number); – requires extra rounds; – increases complexity & susceptibility to DoS.
• can be mitigated by symmetric crypto: – bad scalability; – increases load on IS and susceptibility to DoS.
Conclusion • distributed information systems are “open” to the world; • security facilities rely on user identity; • scalable mutual authentication is a must; • proxy certificates + proposed protocol provide proven method of achieving common goals.
Thank you! Questions?
[email protected] [email protected]
