ConFoo 2018: Authentication: passwords, 2FA, Kerberos, OpenIDC, and more

Transcript

1. Authentication: passwords, 2FA, Kerberos, OpenIDC, and more ConFoo 2018 /

   Montreal Christian Heimes Senior Software Engineer [email protected] / [email protected] @ChristianHeimes

2. ConFoo Montreal 2018 2

3. ConFoo Montreal 2018 3 Who am I? • from Hamburg/Germany

   • Linux user since 1997 • Python and C developer • Python core developer since 2008 • maintainer of ssl and hashlib module • Python security team

4. ConFoo Montreal 2018 4 Professional life • Senior Software Engineer

   at Red Hat • Security Engineering • FreeIPA Identity Management • Dogtag PKI • Custudia secrets management

5. Agenda & Takeaways

6. ConFoo Montreal 2018 6 Agenda • theory • password authentication

   • passwords & Humans • implicit & external authentication • public key cryptography • hardware tokens • 2FA / U2F • Single Sign-On • Summary & Recommendations

7. Theory & Terminology

8. ConFoo Montreal 2018 8 Authentication Authorization Accounting / Auditing

9. ConFoo Montreal 2018 9 Authentication (authn) The act of confrming

   the identity of an entity by verifying the validity of attributes. Authorization (authz) granting or denying access based on attributes and policies. Accounting / Auditing logging billing The three “A”

10. ConFoo Montreal 2018 10 Entity Identity Principal

11. ConFoo Montreal 2018 11 INDIVIDUAL me you MACHINE server hardware

    client machine virtual machine router SERVICE web server database ssh application Entity container, process, thread, sandbox, ...

12. ConFoo Montreal 2018 12 Identity set of attributes related to

    an entity (ISO 29115)

13. ConFoo Montreal 2018 13 FRIENDS nick name relationship clothing style

    favorite beer WORK surname position employee number offce GAMING character name race / class level Identity depends context

14. ConFoo Montreal 2018 14 Principal (Wikipedia defnition) A principal in

    computer security is an entity that can be authenticated by a computer system or network. […] Principals can be individual people, computers, services, computational entities such as processes and threads, or any group of such things. They need to be identifed and authenticated before they can be assigned rights and privileges over resources in the network. A principal typically has an associated identifer […]

15. ConFoo Montreal 2018 15 KNOWLEDGE password PIN mother's maiden name

    OWNERSHIP bankcard hardware token software token (?) RFID badge INHERENCY / CONTEXT signature biometrics location Authentication factor

16. ConFoo Montreal 2018 16 EXPLICIT enter password swipe badge IMPLICIT

    company network location PROXY (indirect) GPG web of trust Single Sign-On attestation Authentication types

17. ConFoo Montreal 2018 17 Validation • reveal knowledge • proof

    of knowledge • symmetric • asymmetric • proof of access to knowledge • zero-knowledge proof

18. Passwords

19. ConFoo Montreal 2018 19 Naive methods • plain text password

    • symmetrically encrypted password (AES) • hashed password (MD5, SHA256) • rainbow table • GPU • ASICs

20. ConFoo Montreal 2018 20 hashcat https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40 8x Nvidia GTX 1080

    Cluster Algorithm Performance MD5 200 GH/s SHA-256 23 GH/s SHA3 6.5 GH/s

21. ConFoo Montreal 2018 21 Salt against rainbow tables password random

    salt one-way function digest DB

22. ConFoo Montreal 2018 22 Key stretching / Key derivation function

    password random salt one-way function digest

23. ConFoo Montreal 2018 23 PKCS#5: PKBDF2-HMAC msg = salt for

    1...iterations: msg = msg ⊕ HMAC(k: password, m: msg) HMAC(k, m) := H((k⊕opad)∥H((k⊕ipad)∥m)) Simplifed algorithm (incorrect)

24. ConFoo Montreal 2018 24 PKCS#5: PKBDF2-HMAC PBKDF2-HMAC SHA-1 with 250,000

    iterations password length good bad 10 119 ms 3728 ms 100 118 ms 4135 ms 1,000 118 ms 4438 ms 10,000 117 ms 6623 ms

25. ConFoo Montreal 2018 25 https://jbp.io/2015/08/11/pbkdf2-performance-matters

26. ConFoo Montreal 2018 26 Password “hashing” algorithms • argon2 (PHC

    winner) • scrypt • PBKDF2-HMAC-SHA256 • bcrypt Constant time comparison operator!

27. advanced password algorithms

28. ConFoo Montreal 2018 28 Challenge-Response / Digest auth • server

    sends random challenge (nonce) • client calculates response HA1 = MD5(username:realm:password) HA2 = MD5(method:digestURI) response = MD5(HA1:nonce:HA2) response = HMAC(password, challenge)

29. ConFoo Montreal 2018 29 BALANCED PAKE mutual auth AUGMENTED PAKE

    password equivalent data PAKE Password authenticated key exchange JPAKE, SPAKE2, TLS-SRP

30. ConFoo Montreal 2018 30 ZKP, SSS, PPSS • Zero-knowledge proof

    • Shamir Secret Sharing • Password-protected Secret Sharing

31. ConFoo Montreal 2018 31 Network-bound disk encryption Clevis tang Tang

    sss t=1 pwd sss t=2 tpm sss t=1 bt Bluetooth pwd https://github.com/latchset/clevis

32. passwords & humans

33. ConFoo Montreal 2018 33

34. ConFoo Montreal 2018 34 https://github.com/danielmiessler/SecLists/pull/155/fles

35. ConFoo Montreal 2018 35 Trick with treat - Reciprocity increases

    the willingness to communicate personal data Université du Luxembourg, Computers in Human Behavior, 2016; DOI: 10.1016/j.chb.2016.03.026 Up to 47.9% exchange password in exchange for piece of chocolate

36. ConFoo Montreal 2018 36 https://www.cnet.com/news/father-of-passwords-bill-burr-regrets-the-advice-he-gave/

37. ConFoo Montreal 2018 37 https://twitter.com/AlecMuffett/status/969179319108022273

38. ConFoo Montreal 2018 38

39. Implicit / External Authentication

40. ConFoo Montreal 2018 40 Unix domain sockets from socket import

    (socket, socketpair, SOCK_STREAM, AF_UNIX) a, b = socketpair() server = socket(AF_UNIX, SOCK_STREAM) server.bind('/path/to/file') client = socket(AF_UNIX, SOCK_STREAM) client.connect('/path/to/file') from socket import (socket, socketpair, SOCK_STREAM, AF_UNIX) a, b = socketpair() server = socket(AF_UNIX, SOCK_STREAM) server.bind('/path/to/file') client = socket(AF_UNIX, SOCK_STREAM) client.connect('/path/to/file')

41. ConFoo Montreal 2018 41 SO_PEERCRED: pid, user, group import socket,

    struct def getpeercred(sock): size = struct.calcsize("iII") raw = sock.getsockopt(socket.SOL_SOCKET, socket.SO_PEERCRED, size) pid, uid, gid = struct.unpack("iII", raw) return pid, uid, gid >>> getpeercred(uds) (31362, 0, 0) import socket, struct def getpeercred(sock): size = struct.calcsize("iII") raw = sock.getsockopt(socket.SOL_SOCKET, socket.SO_PEERCRED, size) pid, uid, gid = struct.unpack("iII", raw) return pid, uid, gid >>> getpeercred(uds) (31362, 0, 0)

42. ConFoo Montreal 2018 42 SO_PEERSEC – Security context import socket

    SO_PEERSEC = getattr(socket, 'SO_PEERSEC', 31) def getpeersec(sock): raw = sock.getsockopt(socket.SOL_SOCKET, SO_PEERSEC, 256) return raw.rstrip(b'\x00').decode('utf-8') >>> getpeersec(uds) 'system_u:system_r:svirt_lxc_net_t:s0:c560,c872' import socket SO_PEERSEC = getattr(socket, 'SO_PEERSEC', 31) def getpeersec(sock): raw = sock.getsockopt(socket.SOL_SOCKET, SO_PEERSEC, 256) return raw.rstrip(b'\x00').decode('utf-8') >>> getpeersec(uds) 'system_u:system_r:svirt_lxc_net_t:s0:c560,c872'

43. ConFoo Montreal 2018 43 Sidecar approach: Istio & Envoy for

    Kubernetes

44. Public Key Cryptography

45. ConFoo Montreal 2018 45 PUBLIC KEY KRÜPTO idea-instructions.com/public-key/ v1.0, CC

    by-nc-sa 4.0

46. ConFoo Montreal 2018 46 TLS with mutual auth ClientHello Supported

    cipher suites max version, client random, ... ServerHello select cipher suite version, server random, ... Certifcate Chain ServerHelloDone Finish MAC of handshake message ChangeCipherSpec Finish MAC of handshake message ChangeCipherSpec HTTP GET (verify mac) ServerKeyExchange CertifcateRequest CertifcateVerify Client Certifcate

47. ConFoo Montreal 2018 47 X.509 certifcates • trust anchors (root

    CA certs) • intermediate CA certs • end-entity certs • server • client • ... root CA intermediate CA 1 intermediate CA 2 self-signs signs signs end-entity cert signs

48. ConFoo Montreal 2018 48 ssh $ ssh heimes@localhost The authenticity

    of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:oY94h7GfV... ECDSA key fingerprint is MD5:66:90:7a:... Are you sure you want to continue connecting (yes/no)? $ ssh heimes@localhost The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:oY94h7GfV... ECDSA key fingerprint is MD5:66:90:7a:... Are you sure you want to continue connecting (yes/no)?

49. ConFoo Montreal 2018 49 DANE, SSHFP, DNSSEC $ ssh-keygen -r

    localhost localhost IN SSHFP 1 1 42dd603a3... localhost IN SSHFP 1 2 232cc366f… ... $ ssh-keygen -r localhost localhost IN SSHFP 1 1 42dd603a3... localhost IN SSHFP 1 2 232cc366f… ... . (2018-03-04 20:30:17 UTC) org (2018-03-04 22:13:52 UTC) python.org (2018-03-05 01:17:00 UTC) DNSKEY alg=8, id=19036 2048 bits DNSKEY alg=8, id=41824 2048 bits DNSKEY alg=8, id=20326 2048 bits DS digest algs=1,2 NSEC3 org/SOA DNSKEY alg=7, id=6368 1024 bits DNSKEY alg=7, id=9795 2048 bits DNSKEY alg=7, id=1862 1024 bits DNSKEY alg=7, id=17883 2048 bits python.org/TXT python.org/SOA python.org/AAAA python.org/NS python.org/MX python.org/A

50. Hardware tokens

51. ConFoo Montreal 2018 51

52. ConFoo Montreal 2018 52 Hardware security devices • smart cards

    • TPM • HSM • USB dongles (NitroKey, YubiKey) • RFID chips (passport, STM OPUS) • SoftHSM • ssh-agent, gpg-agent

53. 2FA / MFA FIDO U2F

54. ConFoo Montreal 2018 54

55. ConFoo Montreal 2018 55 SMS / Text cross-contamination

56. ConFoo Montreal 2018 56

57. ConFoo Montreal 2018 57 HOTP HMAC-based OTP HMAC(counter, secret) TOTP

    time-based OTP HMAC(timestamp, secret) 2FA with OTP

58. ConFoo Montreal 2018 58 Design issues in OTP 2FA •

    MitM attack / fsh-able • shared, symmetric secret • storage makes hardware tokens expensive • bad UX • Don't ask me about smartphone resets…

59. ConFoo Montreal 2018 59

60. ConFoo Montreal 2018 60 FIDO U2F • challenge/response with public/private

    key • ECC (elliptic curve cryptography) • unique key pair • AppId • device key • no local storage (usually)

61. Single Sign-On

62. ConFoo Montreal 2018 62 Kerberos / SAML / OpenID Connect

    Kerberos/GSSAPI SAML2 OpenID Connect Organization IETF (RFC) OASIS OpenID Foundation Serialization Format ASN.1 XML / XMLSEC JSON / JOSE 1st Release 1993 (v5) 2002 (1.0), 2005 (2.0) 2014 Classifcation enterprise enterprise individual Network Intranet / LAN Internet Internet / Mobile Usage web, mail, VPN, ssh, service to service web web Implementations MIT, Heimdal, Active Directory ADFS, Shibboleth, Ipsilon, KeyCloak, ... ... Federated yes yes no (WIP) Features authn authn, authz, metadata, claims authn on top of authz with OAuth

63. ConFoo Montreal 2018 63 Application retrieves username and password from

    API

64. ConFoo Montreal 2018 64 Kerberos / SAML / OpenIDC Kerberos/GSSAPI

    SAML2 OpenID Connect user initiator user user authority provider Authentication Server Ticket Granting Server Identity Provider (IdP) Identity Provider (IdP) Resource Provider (RP) consumer acceptor Service Provider (SP) application token ticket granting ticket service ticket assertion ID token

65. ConFoo Montreal 2018 65 Kerberos (GSSAPI) Single-Sign-on • Kerberos Realm:

    MONTREAL.CA • Initiator (user): [email protected] • Host: [email protected] • Acceptor (service): bus/[email protected] • Authentication Server (AS) issues Ticket Granting Ticket (TGT) • Credential Cache (ccache) • Ticket Granting Server (TGS) issues Service Ticket (ST) • Service verifes Service Ticket with its keytab

66. ConFoo Montreal 2018 66 OpenID Connect

67. ConFoo Montreal 2018 67 Social Media Login

68. Summary

69. ConFoo Montreal 2018 69 Summary • use HTTPS everywhere •

    avoid passwords • use MFA / U2F • prefer social media login • be wary about password policies • use a password manager

70. ConFoo Montreal 2018 70 Recommendations • mod_auth_mellon • mod_auth_gssapi •

    mod_lookup_identity

71. THANK YOU plus.google.com/+RedHat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews linkedin.com/company/red-hat [email protected] [email protected] @ChristianHeimes