Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ConFoo 2018: Authentication: passwords, 2FA, Ke...

ConFoo 2018: Authentication: passwords, 2FA, Kerberos, OpenIDC, and more

Proper and correct authentication is a fundamental requirement for authorization and access control. Plain passwords logins is ubiquitous, but no longer state of the art. This talk will give you an overview of various alternatives and their crypto starting with password hashing over Unix sockets, 2FA, certificates, and hardware tokens to federated Single Sign-On solutions like Kerberos or OpenIDC.

https://confoo.ca/en/yul2018/session/authentication-passwords-2fa-kerberos-openidc-and-more

Christian Heimes

March 08, 2018
Tweet

More Decks by Christian Heimes

Other Decks in Programming

Transcript

  1. Authentication: passwords, 2FA, Kerberos, OpenIDC, and more ConFoo 2018 /

    Montreal Christian Heimes Senior Software Engineer [email protected] / [email protected] @ChristianHeimes
  2. ConFoo Montreal 2018 3 Who am I? • from Hamburg/Germany

    • Linux user since 1997 • Python and C developer • Python core developer since 2008 • maintainer of ssl and hashlib module • Python security team
  3. ConFoo Montreal 2018 4 Professional life • Senior Software Engineer

    at Red Hat • Security Engineering • FreeIPA Identity Management • Dogtag PKI • Custudia secrets management
  4. ConFoo Montreal 2018 6 Agenda • theory • password authentication

    • passwords & Humans • implicit & external authentication • public key cryptography • hardware tokens • 2FA / U2F • Single Sign-On • Summary & Recommendations
  5. ConFoo Montreal 2018 9 Authentication (authn) The act of confrming

    the identity of an entity by verifying the validity of attributes. Authorization (authz) granting or denying access based on attributes and policies. Accounting / Auditing logging billing The three “A”
  6. ConFoo Montreal 2018 11 INDIVIDUAL me you MACHINE server hardware

    client machine virtual machine router SERVICE web server database ssh application Entity container, process, thread, sandbox, ...
  7. ConFoo Montreal 2018 13 FRIENDS nick name relationship clothing style

    favorite beer WORK surname position employee number offce GAMING character name race / class level Identity depends context
  8. ConFoo Montreal 2018 14 Principal (Wikipedia defnition) A principal in

    computer security is an entity that can be authenticated by a computer system or network. […] Principals can be individual people, computers, services, computational entities such as processes and threads, or any group of such things. They need to be identifed and authenticated before they can be assigned rights and privileges over resources in the network. A principal typically has an associated identifer […]
  9. ConFoo Montreal 2018 15 KNOWLEDGE password PIN mother's maiden name

    OWNERSHIP bankcard hardware token software token (?) RFID badge INHERENCY / CONTEXT signature biometrics location Authentication factor
  10. ConFoo Montreal 2018 16 EXPLICIT enter password swipe badge IMPLICIT

    company network location PROXY (indirect) GPG web of trust Single Sign-On attestation Authentication types
  11. ConFoo Montreal 2018 17 Validation • reveal knowledge • proof

    of knowledge • symmetric • asymmetric • proof of access to knowledge • zero-knowledge proof
  12. ConFoo Montreal 2018 19 Naive methods • plain text password

    • symmetrically encrypted password (AES) • hashed password (MD5, SHA256) • rainbow table • GPU • ASICs
  13. ConFoo Montreal 2018 22 Key stretching / Key derivation function

    password random salt one-way function digest
  14. ConFoo Montreal 2018 23 PKCS#5: PKBDF2-HMAC msg = salt for

    1...iterations: msg = msg ⊕ HMAC(k: password, m: msg) HMAC(k, m) := H((k⊕opad)∥H((k⊕ipad)∥m)) Simplifed algorithm (incorrect)
  15. ConFoo Montreal 2018 24 PKCS#5: PKBDF2-HMAC PBKDF2-HMAC SHA-1 with 250,000

    iterations password length good bad 10 119 ms 3728 ms 100 118 ms 4135 ms 1,000 118 ms 4438 ms 10,000 117 ms 6623 ms
  16. ConFoo Montreal 2018 26 Password “hashing” algorithms • argon2 (PHC

    winner) • scrypt • PBKDF2-HMAC-SHA256 • bcrypt Constant time comparison operator!
  17. ConFoo Montreal 2018 28 Challenge-Response / Digest auth • server

    sends random challenge (nonce) • client calculates response HA1 = MD5(username:realm:password) HA2 = MD5(method:digestURI) response = MD5(HA1:nonce:HA2) response = HMAC(password, challenge)
  18. ConFoo Montreal 2018 29 BALANCED PAKE mutual auth AUGMENTED PAKE

    password equivalent data PAKE Password authenticated key exchange JPAKE, SPAKE2, TLS-SRP
  19. ConFoo Montreal 2018 30 ZKP, SSS, PPSS • Zero-knowledge proof

    • Shamir Secret Sharing • Password-protected Secret Sharing
  20. ConFoo Montreal 2018 31 Network-bound disk encryption Clevis tang Tang

    sss t=1 pwd sss t=2 tpm sss t=1 bt Bluetooth pwd https://github.com/latchset/clevis
  21. ConFoo Montreal 2018 35 Trick with treat - Reciprocity increases

    the willingness to communicate personal data Université du Luxembourg, Computers in Human Behavior, 2016; DOI: 10.1016/j.chb.2016.03.026 Up to 47.9% exchange password in exchange for piece of chocolate
  22. ConFoo Montreal 2018 40 Unix domain sockets from socket import

    (socket, socketpair, SOCK_STREAM, AF_UNIX) a, b = socketpair() server = socket(AF_UNIX, SOCK_STREAM) server.bind('/path/to/file') client = socket(AF_UNIX, SOCK_STREAM) client.connect('/path/to/file') from socket import (socket, socketpair, SOCK_STREAM, AF_UNIX) a, b = socketpair() server = socket(AF_UNIX, SOCK_STREAM) server.bind('/path/to/file') client = socket(AF_UNIX, SOCK_STREAM) client.connect('/path/to/file')
  23. ConFoo Montreal 2018 41 SO_PEERCRED: pid, user, group import socket,

    struct def getpeercred(sock): size = struct.calcsize("iII") raw = sock.getsockopt(socket.SOL_SOCKET, socket.SO_PEERCRED, size) pid, uid, gid = struct.unpack("iII", raw) return pid, uid, gid >>> getpeercred(uds) (31362, 0, 0) import socket, struct def getpeercred(sock): size = struct.calcsize("iII") raw = sock.getsockopt(socket.SOL_SOCKET, socket.SO_PEERCRED, size) pid, uid, gid = struct.unpack("iII", raw) return pid, uid, gid >>> getpeercred(uds) (31362, 0, 0)
  24. ConFoo Montreal 2018 42 SO_PEERSEC – Security context import socket

    SO_PEERSEC = getattr(socket, 'SO_PEERSEC', 31) def getpeersec(sock): raw = sock.getsockopt(socket.SOL_SOCKET, SO_PEERSEC, 256) return raw.rstrip(b'\x00').decode('utf-8') >>> getpeersec(uds) 'system_u:system_r:svirt_lxc_net_t:s0:c560,c872' import socket SO_PEERSEC = getattr(socket, 'SO_PEERSEC', 31) def getpeersec(sock): raw = sock.getsockopt(socket.SOL_SOCKET, SO_PEERSEC, 256) return raw.rstrip(b'\x00').decode('utf-8') >>> getpeersec(uds) 'system_u:system_r:svirt_lxc_net_t:s0:c560,c872'
  25. ConFoo Montreal 2018 46 TLS with mutual auth ClientHello Supported

    cipher suites max version, client random, ... ServerHello select cipher suite version, server random, ... Certifcate Chain ServerHelloDone Finish MAC of handshake message ChangeCipherSpec Finish MAC of handshake message ChangeCipherSpec HTTP GET (verify mac) ServerKeyExchange CertifcateRequest CertifcateVerify Client Certifcate
  26. ConFoo Montreal 2018 47 X.509 certifcates • trust anchors (root

    CA certs) • intermediate CA certs • end-entity certs • server • client • ... root CA intermediate CA 1 intermediate CA 2 self-signs signs signs end-entity cert signs
  27. ConFoo Montreal 2018 48 ssh $ ssh heimes@localhost The authenticity

    of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:oY94h7GfV... ECDSA key fingerprint is MD5:66:90:7a:... Are you sure you want to continue connecting (yes/no)? $ ssh heimes@localhost The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:oY94h7GfV... ECDSA key fingerprint is MD5:66:90:7a:... Are you sure you want to continue connecting (yes/no)?
  28. ConFoo Montreal 2018 49 DANE, SSHFP, DNSSEC $ ssh-keygen -r

    localhost localhost IN SSHFP 1 1 42dd603a3... localhost IN SSHFP 1 2 232cc366f… ... $ ssh-keygen -r localhost localhost IN SSHFP 1 1 42dd603a3... localhost IN SSHFP 1 2 232cc366f… ... . (2018-03-04 20:30:17 UTC) org (2018-03-04 22:13:52 UTC) python.org (2018-03-05 01:17:00 UTC) DNSKEY alg=8, id=19036 2048 bits DNSKEY alg=8, id=41824 2048 bits DNSKEY alg=8, id=20326 2048 bits DS digest algs=1,2 NSEC3 org/SOA DNSKEY alg=7, id=6368 1024 bits DNSKEY alg=7, id=9795 2048 bits DNSKEY alg=7, id=1862 1024 bits DNSKEY alg=7, id=17883 2048 bits python.org/TXT python.org/SOA python.org/AAAA python.org/NS python.org/MX python.org/A
  29. ConFoo Montreal 2018 52 Hardware security devices • smart cards

    • TPM • HSM • USB dongles (NitroKey, YubiKey) • RFID chips (passport, STM OPUS) • SoftHSM • ssh-agent, gpg-agent
  30. ConFoo Montreal 2018 57 HOTP HMAC-based OTP HMAC(counter, secret) TOTP

    time-based OTP HMAC(timestamp, secret) 2FA with OTP
  31. ConFoo Montreal 2018 58 Design issues in OTP 2FA •

    MitM attack / fsh-able • shared, symmetric secret • storage makes hardware tokens expensive • bad UX • Don't ask me about smartphone resets…
  32. ConFoo Montreal 2018 60 FIDO U2F • challenge/response with public/private

    key • ECC (elliptic curve cryptography) • unique key pair • AppId • device key • no local storage (usually)
  33. ConFoo Montreal 2018 62 Kerberos / SAML / OpenID Connect

    Kerberos/GSSAPI SAML2 OpenID Connect Organization IETF (RFC) OASIS OpenID Foundation Serialization Format ASN.1 XML / XMLSEC JSON / JOSE 1st Release 1993 (v5) 2002 (1.0), 2005 (2.0) 2014 Classifcation enterprise enterprise individual Network Intranet / LAN Internet Internet / Mobile Usage web, mail, VPN, ssh, service to service web web Implementations MIT, Heimdal, Active Directory ADFS, Shibboleth, Ipsilon, KeyCloak, ... ... Federated yes yes no (WIP) Features authn authn, authz, metadata, claims authn on top of authz with OAuth
  34. ConFoo Montreal 2018 64 Kerberos / SAML / OpenIDC Kerberos/GSSAPI

    SAML2 OpenID Connect user initiator user user authority provider Authentication Server Ticket Granting Server Identity Provider (IdP) Identity Provider (IdP) Resource Provider (RP) consumer acceptor Service Provider (SP) application token ticket granting ticket service ticket assertion ID token
  35. ConFoo Montreal 2018 65 Kerberos (GSSAPI) Single-Sign-on • Kerberos Realm:

    MONTREAL.CA • Initiator (user): [email protected] • Host: [email protected] • Acceptor (service): bus/[email protected] • Authentication Server (AS) issues Ticket Granting Ticket (TGT) • Credential Cache (ccache) • Ticket Granting Server (TGS) issues Service Ticket (ST) • Service verifes Service Ticket with its keytab
  36. ConFoo Montreal 2018 69 Summary • use HTTPS everywhere •

    avoid passwords • use MFA / U2F • prefer social media login • be wary about password policies • use a password manager