[4202] in Kerberos
Re: Kerberos w/ one-time passwords?
daemon@ATHENA.MIT.EDU (Carson Gaspar)
Wed Nov 16 03:37:25 1994
To: kerberos@MIT.EDU
Date: 16 Nov 1994 00:00:50 -0500
From: carson@dragon.lehman.com (Carson Gaspar)
I can't manage to see what the problem is. So, you're dialing in from
home, and you want a ticket. The following should work, unless I'm
completely confused (which is a possibility):
You connect to some host running the mythical s/key-kerberos software.
The login program has been modified to call skinit (the s/key kinit).
skinit sends an s/key challenge
You compute the response with your secret key (via computing device or
piece of paper), and send it. The response is sent in the clear.
skinit verifies your s/key response, grants you a ticket, and logs you
in.
The above scenario has the following security problems that I can see:
Scenario #1:
Bad guy spies on the phone line, and remembers the s/key challenge.
Bad guy then waits for your next call, connects you to his modem, and
issues you the next challenge. You reply. The bad guy can now dial
in for real and get a ticket. This is a problem that is generic to
any password-based system - you have to assume that you're talking to
who you _think_ you're talking to. If kinit has been replaced by a
trojan horse, Bad Guy can get your kerberos password. If the phone
line has been compromised to the point that you're not dialing where
you think you're dialing, the Bad Guy gets access.
Scenario #2:
Having skinit get you a kerberos ticket involves the machine running
skinit having either your kerberos passwd, or the ksrvtgt secret for
your realm. If that machine is compromised, so is kerberos. One way
around this is to have skinit talk to skinitd, which runs on the KDC,
which had better be secure if you trust kerberos. All exchanges
between skinit and skinitd can be authenticated using a shared secret
(ala rcmd) to prevent spoofing. skinit requests the s/key challenge
from skinitd, presents it to the user, and then passes the response
back. skinitd then passes the ticket to skinit (encrypted using the
aforementioned shared secret ala rcmd), which can then happily write
it to /tmp or wherever you like to store your ticket files. Now if
you crack the host running skinit, you can spoof the user for the
duration of the ticket - no worse than cracking any kerberized host.
So, what have I missed?
--
--
Carson Gaspar -- carson@cs.columbia.edu carson@lehman.com
<This is the boring business .sig - no outre sayings here>
