[5028] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Secure telnet/PPP/Kerberos/STEL/... (was Re: STEL: Secure TELnet -- Call for Beta Testers)

daemon@ATHENA.MIT.EDU (David Vincenzetti)
Mon Apr 24 08:48:54 1995

To: kerberos@MIT.EDU
Date: 24 Apr 1995 12:16:39 GMT
From: vince@idea.sec.dsi.unimi.it (David Vincenzetti)

In <Pine.SUN.3.91.950420060653.5096D-100000@kerby.ocsg.com> Joe Kovara <joek@kerby.ocsg.com> writes:

>What about the security of the authentication scheme?  Diffie-Hellman was
>suggested as solving the need for secure authentication to the host
>(licensing issues aside). Nope. Diffie-Hellman allows two strangers to set
>up a secure channel.  It does not authenticate either end (unless we add
>certificates, CA's, etc.; but remember, we're trying to keep this simple). 
>Well, since I've got a secure channel, why not send my password?  Ok, who
>goes first? If you're talking to a bad guy, whoever goes first has just
>given away their password.  This does NOT imply that the host has already
>been compromised.  It simply means that someone has been able to fool you
>(using DNS/IP spoofing) into talking to them instead of the real host.
>Very doable, very probable. And it doesn't require me to compromise the
>host or your workstation.  This means you still need a strong
>authentication mechanism even if you use Diffie-Hellman.  Ah ha! I'll use
>token based authentication as well.  This will help.  But then, you need
>cards, you need an authentication server to go with it, ...  Remember,
>we're trying to keep this simple.  (And, yes, our Kerberos supports
>token-based authentication.)

You are probably talking about a Man In The Middle Attack.

Stel has not been released yet, and we plan to make it available,
to beta testers only, in a few days. I do not want to start
a discussion about the security of stel right now; not me neither
my CERT-IT colleagues would have time to read and follow up all
the posts. I suggest we start discussing about Stel when it is
released to the Internet, that is, in a mounth or so.

Anyway, stel is resistant to Man In The Middle Attacks , even
when it is using standard Unix passwords (i.e., /etc/passwd).
Stel supports, in fact, an optional muthual authentication method
based upon:

        @article{interlock,
           author = {Ronald L. Rivest and Adi Shamir},
           journal = {Communications of the ACM},
           number = {4},
           pages = {393--395},
           title = {How to Expose an Eavesdropper},
           volume = {27},
           year = {1984}
        }
 
What is more, stel's method is supposed to be resistant to:

        @article{ndandp,
           author = {Steven M. Bellovin and Michael Merritt},
           journal = {IEEE Transactions on Information Theory},
           title = {An Attack on the {{\em Interlock Protocol}} When Used for Authentica
        tion},
           year = {1994},
           month = {January},
           volume = 40,
           number =1,
           pages = {273--275},
        }
 
Regards,
David
--
David Vincenzetti
Computer Emergency Response Team ITaly (CERT-IT)
DSI, Universita` degli Studi di Milano,
via Comelico 39, 20135 Milan, ITALY
e-mail: cert-it@dsi.unimi.it
phone: ++39-2-55006-391
fax: ++39-2-55006-394

home help back first fref pref prev next nref lref last post