Kerberos for Internet-of-Things

Author: Cody Harrell

26 downloads 0 Views 747KB Size

Report

Download PDF

Recommend Documents

Kerberos. Kerberos Design. Kerberos Design (cont.)

Kerberos for hp OpenVMS

Kerberos. 5.1 Introducing Kerberos

Configuring Kerberos

ENHANCED KERBEROS AUTHENTICATION FOR DISTRIBUTED ENVIRONMENT

Configurating Kerberos Constrained Delegation for NetScaler DataStream

Configure Kerberos Authentication for SharePoint 2010 Products

Configuration Guide for Kerberos Delegation PUB

Executive Summary Problem Statement Historical Evolution of Kerberos Why Kerberos? Kerberos Basics... 3

Kerberos 5 for DESY. Wolfgang Friebel

Configuring Embedded Kerberos Authentication

Kerberos Ticket Exchanges

Kerberos protocol: an overview

Java Kerberos version 1.1

Network Security: Kerberos. Outline. What is Kerberos? Guevara Noubir Network Security. Kerberos V4

Kerberos. Alptraum oder Zusammenspiel?

Kerberos, SSL, IPsec

An Introduction to Kerberos

6.858 Lecture 13 Kerberos

Installing and configuring Kerberos

Cross-Realm Kerberos Authentication

Das Kerberos 5 Protokoll

Configuring AIX 5L for Kerberos Based Authentication Using Windows Kerberos Service

September 17: Kerberos

Kerberos for Internet-of-Things IETF89 Thomas Hardjono MIT Kerberos & Internet Trust Consortium February, 2014

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

Contents •  Kerberos Protocol Overview •  Kerberos in Devices –  DOCSIS & PacketCable –  Intel AMT

•  Kerberos for IoT (pros & cons) •  History of Kerberos

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

2

Kerberos Protocol Overview

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

3

Kerberos Protocol Messages

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

4

Needham-Schroeder Protocol

•  S is Server (KDC) •  A and B are Client and Service •  N is nonce

•  K is the shared symmetric key

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

5

Basic Flows •  Long term symmetric keys: –  Client and KDC share unique long-term key –  Service and KDC share unique long term key

•  Long term keys used to establish sessionkeys –  Used to encrypt Tickets & Authenticators –  Ticket-Granting-Ticket (TGT) and Service Ticket

•  Authenticator: –  Encrypted by Client to provide Proof-ofPossession (POP) to intended recipient © 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

6

What’s Inside a Ticket Granting Ticket

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

7

What’s Inside a Service Ticket

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

8

What’s Inside an Authenticator

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

9

Kerberos in Devices & Embedded Systems

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

10

DOCSIS & Packet Cable Call Management Server TFTP Server Provisioning Server Key Distribution Center

IPsec ESP secures NCS protocol Kerberized Key Management

Config File authenticated with hash delivered via secured SNMPv3

SNMPv3 security Kerberized Key Management MTA

Kerberos/PKINIT CMTS

Service Provider Network

Packet Cable 1.5

CM DOCSIS Security Phone

© Cable Television Laboratories, Inc. 2002. All Rights Reserved. (PKT-SP-PROV1.5-I04-090624) Used With Permission. © 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

11

DOCSIS & Packet Cable Service Provider CA Certificate ...... Digitally Signed by: Service Provider Root

Kerberos/PKINIT

Mfg CA Certificate ...... Digitally Signed by: PacketCable Root

AS Request

KDC Certificate ...... Digitally Signed by: Service Provider CA KDC DH Public Value

KDC

KDC RSA Signature

AS Reply

MTA Certificate ...... Digitally Signed by: Mfg CA

MTA

MTA DH Public Value

MTA RSA Signature

Encrypted Session Key Kerberos Ticket

Kerberized Key Management for SNMPv3 and IPsec

Kerberos Ticket

Sequence #

Sequence #

Subkey

Subkey

App Server

Encrypted Application Specific Data – IPsec or SNMPv3

(Prov Server or CMS)

Key Management Data – key lifetime, should client rekey? Chosen Ciphersuite

11/5/2002

SHA-1 HMAC

AP Request AP Reply

Encrypted

MTA

© Cable Television Laboratories, Inc. 2002. All Rights Reserved. UsedAll With Permission. © 2007-2014 The MIT Kerberos & Internet Trust Consortium. Rights Reserved.

Packet Cable 1.5 (PKT-SP-SEC1.5-I03-090624)

Application Specific Data – IPsec or SNMPv3 Key Management Data – key lifetime, should client rekey? List of Ciphersuites

SHA-1 HMAC 12

Kerberos in Intel® AMT •  Active Management Technology (AMT) –  Manageability technology for Intel platforms (hardware, firmware, software)

•  Out-of-Band Manageability: –  OS-independent (i.e. Pre-OS) & runs on auxiliary power –  Remote boot (Serial-over-LAN) –  Remote diagnostics & firmware updates (pre-OS boot) –  Remote OS repairs –  Bound to PC hardware (difficult to tamper)

•  IT Administrator must be authenticated by AMT device before performing AMT operations remotely © 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

13

Kerberos in Intel® AMT

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

14

Other Embedded Case Studies •  See TeamF1 presentation: –  Data Center authentication –  VPN termination device –  Industrial automation http://www.kerberos.org/events/2009conf/TeamF1.pdf

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

15

Kerberos.org and Other Links •  Needham-Schroeder paper (1978): –  "Using encryption for authentication in large networks of computers.". CACM 21 (12): 993–999. –  Also see Denning-Sacco paper (1981) CACM 24 (8): 533–535

•  Kerberos RFC 4120: –  https://www.ietf.org/rfc/rfc4120.txt

•  MIT Code Base distribution (now Rel 1.12) –  http://web.mit.edu/kerberos/dist/

•  Kerberos APIs documentation: –  http://web.mit.edu/kerberos/krb5-current/doc/

•  Some Guides: –  http://www.kerberos.org/software/whitepapers.html

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

16

Kerberos in Constrained Devices

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

17

Kerberos for IoT: the Pros •  Well understood protocol (cf. Needham-Schroeder) •  Symmetric-key approach suits constrained devices –  Long-term keys can be installed by device manufacturer –  Symmetric key operations cheaper/faster –  Kerberos flows can be optimized for IoT devices

•  Integration with directories a well-trodden path •  Open source code (20+ years) –  MIT code written in C – several generations of coders –  Active dev community

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

18

Kerberos in IoT: the Cons •  RFC4120 will put you to sleep…J •  No initial key distribution protocol –  Use PKINIT (RFC6112) or similar

•  Good C programmers hard to come-by

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

19

Kerberos History & Status

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

20

A Brief History of Kerberos •  Kerberos was developed as the Authentication engine for MIT’s Project Athena in 1987: –  Became IETF standard in 1993 (RFC1510) – now RFC4120

•  MIT’s release of Kerberos as open source in 1987 led to rapid adoption by numerous organizations •  Kerberos now ships standard with all major operating systems –  Apple, Red Hat, Microsoft, Sun, Ubuntu

•  Serves tens of millions of enterprise users: –  Microsoft has been using Kerberos as the default authentication package since Windows 2000 –  Windows Logon used daily by millions of users. –  Used in DOCSIS CableModems for device authentication. –  Used for embedded systems security

•  Kerberos has been hugely successful

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

21

MIT Kerberos: Timeline & Milestones 1983

1988

1993

1999 2000

2007

2013

Huge adoption of Kerberos by Finance industry, Defense, Cable, etc

MIT Project Athena Started Paper on MIT Kerberos at USENIX’88 IETF RFC1510 published

CableLabs uses Kerberos for Cable Modems Microsoft Windows 2000 uses Kerberos

MIT KIT expansion MIT Kerberos Consortium Founded

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

22

MIT Kerberos in Commercial Products •  Google

•  Yahoo

–  Enterprise Search Appliance (GSA)

•  Cisco: –  Cisco IOS - Rel. 11.2 + –  NAC Appliance –  ASA5000 & VPN3000 series.

•  Intel: –  VPro II Platforms (AMT)

•  Red Hat: –  Enterprise Linux & FreeIPA

•  Sun/Oracle:

•  Hadoop infra

•  Juniper: •  Network Admission Control

•  SAP R3 •  NetApp: •  Kerberized NFS

•  F5 Networks: –  BIG-IP ADC

•  Other Open Source OS: –  Ubuntu –  Debian

–  Solaris 8 to 10 and Solaris Nevada

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

23

BACKUP SLIDES

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

24

Kerberos in Browsers: SPNEGO

© 2007-2014 The MIT Kerberos & Internet Trust Consortium. All Rights Reserved.

25