Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ConFoo 2018: Authentication: passwords, 2FA, Kerberos, OpenIDC, and more

ConFoo 2018: Authentication: passwords, 2FA, Kerberos, OpenIDC, and more

Proper and correct authentication is a fundamental requirement for authorization and access control. Plain passwords logins is ubiquitous, but no longer state of the art. This talk will give you an overview of various alternatives and their crypto starting with password hashing over Unix sockets, 2FA, certificates, and hardware tokens to federated Single Sign-On solutions like Kerberos or OpenIDC.

https://confoo.ca/en/yul2018/session/authentication-passwords-2fa-kerberos-openidc-and-more

Christian Heimes

March 08, 2018
Tweet

More Decks by Christian Heimes

Other Decks in Programming

Transcript

  1. Authentication: passwords, 2FA, Kerberos,
    OpenIDC, and more
    ConFoo 2018 / Montreal
    Christian Heimes
    Senior Software Engineer
    [email protected] / [email protected]
    @ChristianHeimes

    View full-size slide

  2. ConFoo Montreal 2018
    2

    View full-size slide

  3. ConFoo Montreal 2018
    3
    Who am I?

    from Hamburg/Germany

    Linux user since 1997

    Python and C developer

    Python core developer since 2008

    maintainer of ssl and hashlib module

    Python security team

    View full-size slide

  4. ConFoo Montreal 2018
    4
    Professional life

    Senior Software Engineer at Red Hat

    Security Engineering

    FreeIPA Identity Management

    Dogtag PKI

    Custudia secrets management

    View full-size slide

  5. Agenda & Takeaways

    View full-size slide

  6. ConFoo Montreal 2018
    6
    Agenda

    theory

    password authentication

    passwords & Humans

    implicit & external authentication

    public key cryptography

    hardware tokens

    2FA / U2F

    Single Sign-On

    Summary & Recommendations

    View full-size slide

  7. Theory
    &
    Terminology

    View full-size slide

  8. ConFoo Montreal 2018
    8
    Authentication
    Authorization
    Accounting / Auditing

    View full-size slide

  9. ConFoo Montreal 2018
    9
    Authentication (authn)
    The act of confrming the identity
    of an entity by verifying the
    validity of attributes.
    Authorization (authz)
    granting or denying access
    based on attributes and policies.
    Accounting / Auditing
    logging
    billing
    The three “A”

    View full-size slide

  10. ConFoo Montreal 2018
    10
    Entity
    Identity
    Principal

    View full-size slide

  11. ConFoo Montreal 2018
    11
    INDIVIDUAL
    me
    you
    MACHINE
    server hardware
    client machine
    virtual machine
    router
    SERVICE
    web server
    database
    ssh
    application
    Entity
    container, process, thread, sandbox, ...

    View full-size slide

  12. ConFoo Montreal 2018
    12
    Identity
    set of attributes related to an entity
    (ISO 29115)

    View full-size slide

  13. ConFoo Montreal 2018
    13
    FRIENDS
    nick name
    relationship
    clothing style
    favorite beer
    WORK
    surname
    position
    employee number
    offce
    GAMING
    character name
    race / class
    level
    Identity depends context

    View full-size slide

  14. ConFoo Montreal 2018
    14
    Principal (Wikipedia defnition)
    A principal in computer security is an entity that can be authenticated by a computer
    system or network. […]
    Principals can be individual people, computers, services, computational entities such
    as processes and threads, or any group of such things. They need to be identifed and
    authenticated before they can be assigned rights and privileges over resources in the
    network. A principal typically has an associated identifer […]

    View full-size slide

  15. ConFoo Montreal 2018
    15
    KNOWLEDGE
    password
    PIN
    mother's maiden name
    OWNERSHIP
    bankcard
    hardware token
    software token (?)
    RFID badge
    INHERENCY / CONTEXT
    signature
    biometrics
    location
    Authentication factor

    View full-size slide

  16. ConFoo Montreal 2018
    16
    EXPLICIT
    enter password
    swipe badge
    IMPLICIT
    company network
    location
    PROXY (indirect)
    GPG web of trust
    Single Sign-On
    attestation
    Authentication types

    View full-size slide

  17. ConFoo Montreal 2018
    17
    Validation

    reveal knowledge

    proof of knowledge

    symmetric

    asymmetric

    proof of access to knowledge

    zero-knowledge proof

    View full-size slide

  18. ConFoo Montreal 2018
    19
    Naive methods

    plain text password

    symmetrically encrypted password (AES)

    hashed password (MD5, SHA256)

    rainbow table

    GPU

    ASICs

    View full-size slide

  19. ConFoo Montreal 2018
    20
    hashcat
    https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40
    8x Nvidia GTX 1080 Cluster
    Algorithm Performance
    MD5 200 GH/s
    SHA-256 23 GH/s
    SHA3 6.5 GH/s

    View full-size slide

  20. ConFoo Montreal 2018
    21
    Salt against rainbow tables
    password random salt
    one-way
    function
    digest
    DB

    View full-size slide

  21. ConFoo Montreal 2018
    22
    Key stretching / Key derivation function
    password random salt
    one-way
    function
    digest

    View full-size slide

  22. ConFoo Montreal 2018
    23
    PKCS#5: PKBDF2-HMAC
    msg = salt
    for 1...iterations:
    msg = msg ⊕ HMAC(k: password, m: msg)
    HMAC(k, m) := H((k⊕opad)∥H((k⊕ipad)∥m))
    Simplifed algorithm (incorrect)

    View full-size slide

  23. ConFoo Montreal 2018
    24
    PKCS#5: PKBDF2-HMAC
    PBKDF2-HMAC SHA-1 with 250,000 iterations
    password length good bad
    10 119 ms 3728 ms
    100 118 ms 4135 ms
    1,000 118 ms 4438 ms
    10,000 117 ms 6623 ms

    View full-size slide

  24. ConFoo Montreal 2018
    25
    https://jbp.io/2015/08/11/pbkdf2-performance-matters

    View full-size slide

  25. ConFoo Montreal 2018
    26
    Password “hashing” algorithms

    argon2 (PHC winner)

    scrypt

    PBKDF2-HMAC-SHA256

    bcrypt
    Constant time comparison operator!

    View full-size slide

  26. advanced
    password
    algorithms

    View full-size slide

  27. ConFoo Montreal 2018
    28
    Challenge-Response / Digest auth

    server sends random challenge (nonce)

    client calculates response
    HA1 = MD5(username:realm:password)
    HA2 = MD5(method:digestURI)
    response = MD5(HA1:nonce:HA2)
    response = HMAC(password, challenge)

    View full-size slide

  28. ConFoo Montreal 2018
    29
    BALANCED PAKE
    mutual auth
    AUGMENTED PAKE
    password equivalent data
    PAKE
    Password authenticated key exchange
    JPAKE, SPAKE2, TLS-SRP

    View full-size slide

  29. ConFoo Montreal 2018
    30
    ZKP, SSS, PPSS

    Zero-knowledge proof

    Shamir Secret Sharing

    Password-protected Secret Sharing

    View full-size slide

  30. ConFoo Montreal 2018
    31
    Network-bound disk encryption
    Clevis
    tang Tang
    sss
    t=1
    pwd
    sss
    t=2
    tpm
    sss
    t=1
    bt Bluetooth
    pwd
    https://github.com/latchset/clevis

    View full-size slide

  31. passwords
    &
    humans

    View full-size slide

  32. ConFoo Montreal 2018
    33

    View full-size slide

  33. ConFoo Montreal 2018
    34
    https://github.com/danielmiessler/SecLists/pull/155/fles

    View full-size slide

  34. ConFoo Montreal 2018
    35
    Trick with treat - Reciprocity increases the willingness
    to communicate personal data
    Université du Luxembourg, Computers in Human Behavior, 2016; DOI: 10.1016/j.chb.2016.03.026
    Up to 47.9% exchange password in
    exchange for piece of chocolate

    View full-size slide

  35. ConFoo Montreal 2018
    36
    https://www.cnet.com/news/father-of-passwords-bill-burr-regrets-the-advice-he-gave/

    View full-size slide

  36. ConFoo Montreal 2018
    37
    https://twitter.com/AlecMuffett/status/969179319108022273

    View full-size slide

  37. ConFoo Montreal 2018
    38

    View full-size slide

  38. Implicit / External
    Authentication

    View full-size slide

  39. ConFoo Montreal 2018
    40
    Unix domain sockets
    from socket import (socket, socketpair,
    SOCK_STREAM, AF_UNIX)
    a, b = socketpair()
    server = socket(AF_UNIX, SOCK_STREAM)
    server.bind('/path/to/file')
    client = socket(AF_UNIX, SOCK_STREAM)
    client.connect('/path/to/file')
    from socket import (socket, socketpair,
    SOCK_STREAM, AF_UNIX)
    a, b = socketpair()
    server = socket(AF_UNIX, SOCK_STREAM)
    server.bind('/path/to/file')
    client = socket(AF_UNIX, SOCK_STREAM)
    client.connect('/path/to/file')

    View full-size slide

  40. ConFoo Montreal 2018
    41
    SO_PEERCRED: pid, user, group
    import socket, struct
    def getpeercred(sock):
    size = struct.calcsize("iII")
    raw = sock.getsockopt(socket.SOL_SOCKET,
    socket.SO_PEERCRED, size)
    pid, uid, gid = struct.unpack("iII", raw)
    return pid, uid, gid
    >>> getpeercred(uds)
    (31362, 0, 0)
    import socket, struct
    def getpeercred(sock):
    size = struct.calcsize("iII")
    raw = sock.getsockopt(socket.SOL_SOCKET,
    socket.SO_PEERCRED, size)
    pid, uid, gid = struct.unpack("iII", raw)
    return pid, uid, gid
    >>> getpeercred(uds)
    (31362, 0, 0)

    View full-size slide

  41. ConFoo Montreal 2018
    42
    SO_PEERSEC – Security context
    import socket
    SO_PEERSEC = getattr(socket, 'SO_PEERSEC', 31)
    def getpeersec(sock):
    raw = sock.getsockopt(socket.SOL_SOCKET,
    SO_PEERSEC, 256)
    return raw.rstrip(b'\x00').decode('utf-8')
    >>> getpeersec(uds)
    'system_u:system_r:svirt_lxc_net_t:s0:c560,c872'
    import socket
    SO_PEERSEC = getattr(socket, 'SO_PEERSEC', 31)
    def getpeersec(sock):
    raw = sock.getsockopt(socket.SOL_SOCKET,
    SO_PEERSEC, 256)
    return raw.rstrip(b'\x00').decode('utf-8')
    >>> getpeersec(uds)
    'system_u:system_r:svirt_lxc_net_t:s0:c560,c872'

    View full-size slide

  42. ConFoo Montreal 2018
    43
    Sidecar approach:
    Istio & Envoy for Kubernetes

    View full-size slide

  43. Public Key
    Cryptography

    View full-size slide

  44. ConFoo Montreal 2018
    45
    PUBLIC KEY KRÜPTO idea-instructions.com/public-key/
    v1.0, CC by-nc-sa 4.0

    View full-size slide

  45. ConFoo Montreal 2018
    46
    TLS with mutual auth
    ClientHello
    Supported cipher suites
    max version, client random, ... ServerHello
    select cipher suite
    version, server random, ...
    Certifcate Chain
    ServerHelloDone
    Finish
    MAC of handshake message
    ChangeCipherSpec
    Finish
    MAC of handshake message
    ChangeCipherSpec
    HTTP GET
    (verify mac)
    ServerKeyExchange
    CertifcateRequest
    CertifcateVerify
    Client Certifcate

    View full-size slide

  46. ConFoo Montreal 2018
    47
    X.509 certifcates

    trust anchors (root CA certs)

    intermediate CA certs

    end-entity certs

    server

    client

    ...
    root CA
    intermediate CA 1
    intermediate CA 2
    self-signs
    signs
    signs
    end-entity cert
    signs

    View full-size slide

  47. ConFoo Montreal 2018
    48
    ssh
    $ ssh heimes@localhost
    The authenticity of host 'localhost (::1)' can't be established.
    ECDSA key fingerprint is SHA256:oY94h7GfV...
    ECDSA key fingerprint is MD5:66:90:7a:...
    Are you sure you want to continue connecting (yes/no)?
    $ ssh heimes@localhost
    The authenticity of host 'localhost (::1)' can't be established.
    ECDSA key fingerprint is SHA256:oY94h7GfV...
    ECDSA key fingerprint is MD5:66:90:7a:...
    Are you sure you want to continue connecting (yes/no)?

    View full-size slide

  48. ConFoo Montreal 2018
    49
    DANE, SSHFP, DNSSEC
    $ ssh-keygen -r localhost
    localhost IN SSHFP 1 1 42dd603a3...
    localhost IN SSHFP 1 2 232cc366f…
    ...
    $ ssh-keygen -r localhost
    localhost IN SSHFP 1 1 42dd603a3...
    localhost IN SSHFP 1 2 232cc366f…
    ...
    .
    (2018-03-04 20:30:17 UTC)
    org
    (2018-03-04 22:13:52 UTC)
    python.org
    (2018-03-05 01:17:00 UTC)
    DNSKEY
    alg=8, id=19036
    2048 bits
    DNSKEY
    alg=8, id=41824
    2048 bits
    DNSKEY
    alg=8, id=20326
    2048 bits
    DS
    digest algs=1,2
    NSEC3
    org/SOA
    DNSKEY
    alg=7, id=6368
    1024 bits
    DNSKEY
    alg=7, id=9795
    2048 bits
    DNSKEY
    alg=7, id=1862
    1024 bits
    DNSKEY
    alg=7, id=17883
    2048 bits
    python.org/TXT python.org/SOA python.org/AAAA python.org/NS python.org/MX python.org/A

    View full-size slide

  49. Hardware tokens

    View full-size slide

  50. ConFoo Montreal 2018
    51

    View full-size slide

  51. ConFoo Montreal 2018
    52
    Hardware security devices

    smart cards

    TPM

    HSM

    USB dongles (NitroKey, YubiKey)

    RFID chips (passport, STM OPUS)

    SoftHSM

    ssh-agent, gpg-agent

    View full-size slide

  52. 2FA / MFA
    FIDO U2F

    View full-size slide

  53. ConFoo Montreal 2018
    54

    View full-size slide

  54. ConFoo Montreal 2018
    55
    SMS / Text
    cross-contamination

    View full-size slide

  55. ConFoo Montreal 2018
    56

    View full-size slide

  56. ConFoo Montreal 2018
    57
    HOTP
    HMAC-based OTP
    HMAC(counter, secret)
    TOTP
    time-based OTP
    HMAC(timestamp, secret)
    2FA with OTP

    View full-size slide

  57. ConFoo Montreal 2018
    58
    Design issues in OTP 2FA

    MitM attack / fsh-able

    shared, symmetric secret

    storage makes hardware tokens expensive

    bad UX

    Don't ask me about smartphone resets…

    View full-size slide

  58. ConFoo Montreal 2018
    59

    View full-size slide

  59. ConFoo Montreal 2018
    60
    FIDO U2F

    challenge/response with public/private key

    ECC (elliptic curve cryptography)

    unique key pair

    AppId

    device key

    no local storage (usually)

    View full-size slide

  60. Single Sign-On

    View full-size slide

  61. ConFoo Montreal 2018
    62
    Kerberos / SAML / OpenID Connect
    Kerberos/GSSAPI SAML2 OpenID Connect
    Organization IETF (RFC) OASIS OpenID Foundation
    Serialization Format ASN.1 XML / XMLSEC JSON / JOSE
    1st Release 1993 (v5) 2002 (1.0), 2005 (2.0) 2014
    Classifcation enterprise enterprise individual
    Network Intranet / LAN Internet Internet / Mobile
    Usage
    web, mail, VPN, ssh,
    service to service
    web web
    Implementations
    MIT, Heimdal,
    Active Directory
    ADFS, Shibboleth, Ipsilon,
    KeyCloak, ...
    ...
    Federated yes yes no (WIP)
    Features authn
    authn, authz, metadata,
    claims
    authn on top of
    authz with OAuth

    View full-size slide

  62. ConFoo Montreal 2018
    63
    Application retrieves
    username and password
    from API

    View full-size slide

  63. ConFoo Montreal 2018
    64
    Kerberos / SAML / OpenIDC
    Kerberos/GSSAPI SAML2 OpenID Connect
    user initiator user user
    authority provider
    Authentication Server
    Ticket Granting Server
    Identity Provider (IdP)
    Identity Provider (IdP)
    Resource Provider (RP)
    consumer acceptor Service Provider (SP) application
    token
    ticket granting ticket
    service ticket
    assertion ID token

    View full-size slide

  64. ConFoo Montreal 2018
    65
    Kerberos (GSSAPI) Single-Sign-on

    Kerberos Realm: MONTREAL.CA

    Initiator (user): [email protected]

    Host: [email protected]

    Acceptor (service): bus/[email protected]

    Authentication Server (AS) issues Ticket Granting Ticket (TGT)

    Credential Cache (ccache)

    Ticket Granting Server (TGS) issues Service Ticket (ST)

    Service verifes Service Ticket with its keytab

    View full-size slide

  65. ConFoo Montreal 2018
    66
    OpenID Connect

    View full-size slide

  66. ConFoo Montreal 2018
    67
    Social Media Login

    View full-size slide

  67. ConFoo Montreal 2018
    69
    Summary

    use HTTPS everywhere

    avoid passwords

    use MFA / U2F

    prefer social media login

    be wary about password policies

    use a password manager

    View full-size slide

  68. ConFoo Montreal 2018
    70
    Recommendations

    mod_auth_mellon

    mod_auth_gssapi

    mod_lookup_identity

    View full-size slide

  69. THANK YOU
    plus.google.com/+RedHat
    youtube.com/user/RedHatVideos
    facebook.com/redhatinc
    twitter.com/RedHatNews
    linkedin.com/company/red-hat
    [email protected]
    [email protected]
    @ChristianHeimes

    View full-size slide