/* $Source: /machusr/jtkohl/krb-tut/RCS/V5.slides,v $ * $Author: jtkohl $ * $Id: V5.slides,v 1.13 91/03/27 13:49:30 jtkohl Exp $ */ #include "common.h" START_SECTION("Future Work",XI) NS_TITLE(Outline) @begin[format,spacing 1.25lines] @tabset(.75inch) @>0.@\ Introduction to Tutorial @>I.@\Introduction to Authentication @>II.@\ Network Security Issues @>III.@\ Kerberos Model @>IV.@\ Kerberos Applications @>V.@\ Kerberos Implementation/API @>VI.@\ Kerberos Administration @>VII.@\ X.509 Certificate Model @>VIII.@\ Kerberos and X.509 Comparison @>IX.@\ Privacy Enhanced E-mail @>X.@\ Authorization Issues BOLD(@>XI.@\ Future Work) @>XII.@\ Lessons of the Internet Virus @end[format] NEWSLIDE() TITLE(Future Work) BI() Kerberos Version 5 Open Issues Subject to change as we gain implementation experience EI() /* -------------------------------------------------- */ NEWSLIDE() TITLE(Data Representation) BI() V4 used byte order of sender V5 uses ASN.1 EI() /* -------------------------------------------------- */ NEWSLIDE() TITLE(Dates and Times) BI() V4 BI() timestamps were UNIX times (seconds since 1/1/70) expiration times were limited to N 5-minute intervals N was 8 bits (i.e. 0 LTE() N LTE() 255) EI() V5 BI() ASN.1 GeneralizedTime expiration times given by a start and end timestamps EI() EI() /* -------------------------------------------------- */ NEWSLIDE() TITLE(Ticket Lifetimes) BI() starttime BI() current time on KDC or requested start time (if realm allows postdating) EI() endtime such that lifetime of a ticket is the minimum of: BI() requested lifetime max lifetime allowed for requesting principal max lifetime allowed for requested service max lifetime allowed by the realm max lifetime of TGT (if issued by TGS) EI() EI() /* -------------------------------------------------- */ NEWSLIDE() TITLE(Renewable Tickets) BI() issued if computed lifetime is less than requested lifetime ticket in renewable until the minimum of: BI() requested endtime starttime + requesting principal's max renewable lifetime starttime + requested service's max renewable lifetime starttime + max renewable lifetime allowed by realm EI() EI() /* -------------------------------------------------- */ NEWSLIDE() TITLE(Host Addresses) BI() V4 BI() ticket contained one 32bit IP address EI() V5 BI() array of variable length addresses known address families: IP, chaos, ISO, XNS, AppleTalk, DECnet (Phase IV) EI() EI() NEWSLIDE() TITLE(Multiple Encryption Algorithms) BI() each request includes algorithm identifier servers may require specific algorithm initial algorithms include: BI() null (for export) Lucifer (with 32bit CRC) DES (CBC with 32bit CRC) PCBC is no longer supported EI() checksum algorithms include: BI() CRC-32 RSA's Message Digest 4 DES CBC EI() EI() NEWSLIDE() TITLE(Principal Names) BI() V4 BI() name instance realm protocol specifies no length limit (MIT implementation limitation of 40 bytes each) EI() V5 BI() arbitrary length array easy mapping into X.500 distinguished name EI() EI() NEWSLIDE() TITLE(Inter-realm Authentication) BI() V4 BI() must share key with remote realm n@+(2) scaling problem EI() V5 BI() request can traverse series of realms (@i(authentication path)) each realm transited is sealed in ticket KDC fills in previous realm for security server can judge trustworthy-ness of intermediary realms allows hierarchies solving n@+(2) problem (e.g. from mit.edu to stanford.edu via edu realm) EI() EI() NEWSLIDE() TITLE(Administrative Server) BI() addition of dictionary check generation of srvtab's by less privileged users EI() NEWSLIDE() TITLE(Proxy and Forwarding) BI() remote service can access other network services on behalf of requesting principal ticket request for remote address proxy may grant limited access forwarding grants all access proxy cannot be use for additional TGT EI() NEWSLIDE() TITLE(Authorization Data) BI() opaque data sealed in ticket interpreted by end service limit power of proxies authorization server as alternative keeping state in servers see Cliff Neuman's paper EI() NEWSLIDE() TITLE(Invalid Tickets) BI() bit in ticket KDC must validate before use used for post-dated tickets allows hot-list revocation EI() NEWSLIDE() TITLE(New Database Fields) BI() larger lifetime max renewable lifetime attributes - control which features can be used (proxy postdating etc.) frequently changing fields (optional) BI() last request last use of TGT EI() string-to-key permutation choice EI() NEWSLIDE() TITLE(Subsession keys and sequence numbers) BI() subsession keys BI() client and server can negotiate to use different key to protect session allows multiple servers to share a key easily might be use by routing protocols EI() sequence numbers BI() can be used in SAFE, PRIV messages sometimes easier/better suited for use than replay detection EI() EI() NEWSLIDE() TITLE(User to User Authentication) BI() V4 BI() server must be registered with KDC server must keep its secret around users destroy their secret key after getting TGT use for public workstations, X displays, etc. EI() EI() NEWSLIDE() TITLE_CONT(User to User Authentication) @blankspace (3 inches) @comment{@begin(enumerate, leftmargin +3 inches)} @blankspace(1inch) BN() A -> B @ @ @ @ @ a,b B -> A @ @ @ T @-{b,tgs} A -> K @ @ @ @ @ T @-{a,tgs}, T @-{b,tgs} K -> A @ @ @ { T @-{a,b}}K @-{b,tgs} @ {K @-{a,b} }K @-{a,tgs} A -> B @ @ @ @ @ T @-{a,b}, A @-{a,b} @end(enumerate) @picture(size = .01 inches, ScaleableLaser=uuser.PS) NEWSLIDE() TITLE(Remove fields from ticket) BI() suggestion to remove service name from ticket not needed for integrity still included in in current spec needed for inter-realm TGS EI() NEWSLIDE() TITLE(Inter-realm Directional Keys) BI() have directional inter-realm keys allows unidirectional trust KDC implementation issue EI() NEWSLIDE() TITLE(Better Ticket Caching Code) BI() V4 clients stored ticket in a file not good enough for diskless machines shared memory added later interface must be generalized (e.g. for Macintosh) EI() NEWSLIDE() TITLE(Library Improvements) BI() don't force synchronized clocks isolate OS dependencies (file system network) as much as possible implement proper replay detection EI() NEWSLIDE() TITLE(Slave Propagation) BI() some sites don't like delay use replicated database technology is extra complexity worth it? EI() NEWSLIDE() TITLE(Better Random Number Generator) BI() Uses DES encryption Since the KDC gives out most random numbers (session keys) this is especially practical. can be used use for sequence numbers EI() NEWSLIDE() TITLE(V4 to V5 migration) BI() glue library emulation GSSAPI V5 KDC issuing V4 tickets link both into server/client try one, exec the other if failure EI() NEWSLIDE() TITLE(Validation suites for protocol) BI() Proposal to do one for the Kerberos library routines implementing protocols. Proposal to improve, i.e. make automatic, the one already available for the DES library. EI() NEWSLIDE() TITLE(Des_string_to_key seed) BI() Seed the des_string_to_key algorithm by the realm name so that if someone uses the same password in two realms, disclosure of one realm's key doesn't compromise the user in the other realm. Proposal to tag Kerberos database entries with the version of the string_to_key algorithm which was used to produce the key, and include that in the reply to an initial ticket request. EI() NEWSLIDE() TITLE(Finding the Realm of Servers) BI() Proposal for a common mechanism for securely finding out the realm, or possibly even the entire name, of a server given just its network name or address. Taking the server's word for it is not sufficient. EI() NEWSLIDE() TITLE(Automatic changing of service keys) BI() Proposal for tools to periodically generate and install new versions of server keys. Observation that having this done without manual intervention would increase security. EI()