[5028] in Kerberos
Re: Secure telnet/PPP/Kerberos/STEL/... (was Re: STEL: Secure TELnet -- Call for Beta Testers)
daemon@ATHENA.MIT.EDU (David Vincenzetti)
Mon Apr 24 08:48:54 1995
To: kerberos@MIT.EDU
Date: 24 Apr 1995 12:16:39 GMT
From: vince@idea.sec.dsi.unimi.it (David Vincenzetti)
In <Pine.SUN.3.91.950420060653.5096D-100000@kerby.ocsg.com> Joe Kovara <joek@kerby.ocsg.com> writes:
>What about the security of the authentication scheme? Diffie-Hellman was
>suggested as solving the need for secure authentication to the host
>(licensing issues aside). Nope. Diffie-Hellman allows two strangers to set
>up a secure channel. It does not authenticate either end (unless we add
>certificates, CA's, etc.; but remember, we're trying to keep this simple).
>Well, since I've got a secure channel, why not send my password? Ok, who
>goes first? If you're talking to a bad guy, whoever goes first has just
>given away their password. This does NOT imply that the host has already
>been compromised. It simply means that someone has been able to fool you
>(using DNS/IP spoofing) into talking to them instead of the real host.
>Very doable, very probable. And it doesn't require me to compromise the
>host or your workstation. This means you still need a strong
>authentication mechanism even if you use Diffie-Hellman. Ah ha! I'll use
>token based authentication as well. This will help. But then, you need
>cards, you need an authentication server to go with it, ... Remember,
>we're trying to keep this simple. (And, yes, our Kerberos supports
>token-based authentication.)
You are probably talking about a Man In The Middle Attack.
Stel has not been released yet, and we plan to make it available,
to beta testers only, in a few days. I do not want to start
a discussion about the security of stel right now; not me neither
my CERT-IT colleagues would have time to read and follow up all
the posts. I suggest we start discussing about Stel when it is
released to the Internet, that is, in a mounth or so.
Anyway, stel is resistant to Man In The Middle Attacks , even
when it is using standard Unix passwords (i.e., /etc/passwd).
Stel supports, in fact, an optional muthual authentication method
based upon:
@article{interlock,
author = {Ronald L. Rivest and Adi Shamir},
journal = {Communications of the ACM},
number = {4},
pages = {393--395},
title = {How to Expose an Eavesdropper},
volume = {27},
year = {1984}
}
What is more, stel's method is supposed to be resistant to:
@article{ndandp,
author = {Steven M. Bellovin and Michael Merritt},
journal = {IEEE Transactions on Information Theory},
title = {An Attack on the {{\em Interlock Protocol}} When Used for Authentica
tion},
year = {1994},
month = {January},
volume = 40,
number =1,
pages = {273--275},
}
Regards,
David
--
David Vincenzetti
Computer Emergency Response Team ITaly (CERT-IT)
DSI, Universita` degli Studi di Milano,
via Comelico 39, 20135 Milan, ITALY
e-mail: cert-it@dsi.unimi.it
phone: ++39-2-55006-391
fax: ++39-2-55006-394