Authentication Protocols

Standard protocols and implementations for secure authentication

Security Threats: Eavesdropping

Eavesdropping is a passive attack where an attacker intercepts and monitors network traffic without modifying it. In the context of authentication, eavesdropping can lead to credential theft and session hijacking.

Types of Eavesdropping:

  • Network Sniffing: Capturing data packets as they travel across a network.
  • Man-in-the-Middle (MITM): Positioning between communicating parties to intercept traffic.
  • Wi-Fi Eavesdropping: Monitoring wireless traffic, especially on unsecured networks.

Countermeasures:

  • Encryption of all authentication traffic
  • Use of secure protocols like TLS/SSL
  • Implementation of mutual authentication
  • Network segmentation and monitoring

The authentication protocols discussed below (Kerberos, SSL, TLS) are designed with eavesdropping protection in mind.

Kerberos

Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications using secret-key cryptography. It was developed at MIT and is now widely used in enterprise environments, including Active Directory.

Key Components:

  • Key Distribution Center (KDC): A trusted third party that consists of two services:
    • Authentication Server (AS): Verifies users' identities
    • Ticket Granting Server (TGS): Issues tickets for accessing services
  • Tickets: Encrypted data structures that prove authentication
  • Realms: Administrative domains in Kerberos (similar to domains)

Authentication Process:

  1. The client requests a Ticket Granting Ticket (TGT) from the Authentication Server
  2. The AS verifies the client's identity and issues a TGT encrypted with the TGS's key
  3. The client presents the TGT to the Ticket Granting Server to request a service ticket
  4. The TGS issues a service ticket encrypted with the service's key
  5. The client presents the service ticket to the service to authenticate

Advantages:

  • Single sign-on capability
  • Mutual authentication
  • Limited ticket lifetimes reduce risk from stolen credentials
  • Passwords never sent over the network

Limitations: Requires synchronized clocks, the KDC is a single point of failure, and it's vulnerable to offline password guessing attacks.

Secure Socket Layer (SSL)

Secure Socket Layer (SSL) is a cryptographic protocol designed to provide secure communication over a computer network. Developed by Netscape in the mid-1990s, SSL was the predecessor to TLS and is now considered deprecated due to security vulnerabilities.

Key Features:

  • Server authentication using digital certificates
  • Optional client authentication
  • Encrypted data transfer
  • Message integrity verification

SSL Handshake Process:

  1. Client sends ClientHello message with supported cipher suites and SSL version
  2. Server responds with ServerHello, selecting cipher suite and protocol version
  3. Server sends its certificate for authentication
  4. Server may request client certificate (optional)
  5. Client verifies server certificate
  6. Client generates a pre-master secret, encrypts it with server's public key, and sends it to server
  7. Both parties derive session keys from the pre-master secret
  8. Client and server exchange finished messages to verify handshake success

SSL Versions:

  • SSL 1.0: Never publicly released due to security flaws
  • SSL 2.0: Released in 1995, deprecated in 2011 (RFC 6176)
  • SSL 3.0: Released in 1996, deprecated in 2015 (RFC 7568) after the POODLE attack

Current Status: SSL is considered insecure and has been replaced by TLS. All SSL versions (1.0, 2.0, and 3.0) are deprecated and should not be used.

Transport Layer Security (TLS)

Transport Layer Security (TLS) is the successor to SSL and provides cryptographic security for communications over computer networks. TLS is widely used to secure web browsing (HTTPS), email, instant messaging, and voice-over-IP (VoIP).

TLS Components:

  • Handshake Protocol: Authenticates the server and optionally the client, and establishes the cryptographic parameters.
  • Record Protocol: Encapsulates and encrypts the application data.
  • Alert Protocol: Signals errors and warnings.

TLS Handshake (TLS 1.2):

  1. Client sends ClientHello with supported cipher suites and highest TLS version
  2. Server responds with ServerHello, selecting cipher suite and TLS version
  3. Server sends its certificate and may request client certificate
  4. Server sends ServerHelloDone message
  5. Client verifies server certificate
  6. Client sends ClientKeyExchange message with the pre-master secret
  7. Client and server compute the master secret and session keys
  8. Client sends ChangeCipherSpec and Finished messages
  9. Server sends ChangeCipherSpec and Finished messages
  10. Secure communication begins using the negotiated keys

TLS 1.3 Improvements:

  • Reduced handshake latency (1-RTT handshakes, 0-RTT resumption)
  • Removed support for weak and legacy cryptographic algorithms
  • All handshake messages after ServerHello are encrypted
  • Digital signatures are mandatory even with pre-shared key
  • Improved privacy with encrypted server certificates

TLS Versions:

  • TLS 1.0: Released in 1999 (RFC 2246), now considered insecure
  • TLS 1.1: Released in 2006 (RFC 4346), now considered insecure
  • TLS 1.2: Released in 2008 (RFC 5246), widely used and still secure
  • TLS 1.3: Released in 2018 (RFC 8446), current version with significant security and performance improvements

Authentication in TLS:

  • Server Authentication: Mandatory in TLS, using X.509 certificates issued by trusted Certificate Authorities.
  • Client Authentication: Optional, can use client certificates or other methods like pre-shared keys.

Applications: HTTPS for secure web browsing, secure email (SMTPS, IMAPS, POP3S), secure FTP (FTPS), and many other protocols that require secure communication.

Previous: Authentication Methods