Likbez on the basics of security and cryptography

Cryptography

Three whales of cryptography - hash, symmetric encryption, asymmetric encryption (with public key). Cryptographic algorithms are based on the complexity of calculating large numbers, but in more detail about this, if you are specifically interested in “stuffing”, it is worth reading not in the general reviews called educational program. It also contains a simple statement, without unnecessary problems, that is, superficial.

A hash is a function, a “one way” function, since it is impossible to recover data from which a hash (the result of a hash function) was obtained by hashing. Information is input, at the output we have its imprint, a string of fixed length. Finding input that will give the same result should be a daunting task. Hence the consequence - if you have a verified hash of a disk image, a document, etc., then you can calculate the hash of the resulting file and compare - if they match, then this is the same. Passwords are often done in a similar way - if the hash of the received password matches that of the password (in / etc / shadow for example), then the check is successful.

Encryption is symmetric - encryption which uses, respectively, a symmetric key. This suggests that if you archiving something encrypted one key, then the reverse operation must be done to them. It can also be used when checking knowledge of a secret - we encrypt certain information with this very secret, or with its hash, transfer the result to the second party. The second party, which is supposed to know the secret, decrypts the data, complements them, encrypts, and sends back. The first party, having received the answer, decrypts it again, and looks at whether the second side correctly changed the data. It is clear that if the second or first side slips the wrong secret, the process will fail. This was a very general description of the processes taking place in the Kerberos protocol.
')
Asymmetric encryption - in which encryption is used, two keys, which are usually called private (secret) and public (known to all). Encrypting anything with one of a pair of keys, you can only decrypt the second one back. Thus, it is quite simple to verify your knowledge of the private key - we encrypt certain information with your public key and, if you know the private key, you can easily read it. Many systems are built on asymmetric key encryption, for example, PGP and PKI. Also, each of you used this type of cryptography when you applied to the addresses of the form https: //.

Authentication and Authorization

Authentication is an identification process. When you enter the password on Habr, you are authenticated. You do not get any rights.

Authorization is a process in which the user's rights to perform any actions in the system are checked. For example, by default you have the right to write to a personal blog, but the system will not allow you to publish habratopic to a collective blog if you have a little karma. Here, the authorization to perform any action is made by the number of karma, in file systems you are given the right to perform actions through the ACL, group membership, and so on.

Once again - through the authentication process you can not get the right to perform something, the authorization process is engaged in this, and authentication only establishes the identity.

Authentication, a little about the cryptographic side of things

Authentication is often based on testing the secret. The easiest way is to get the password from you in a pure form (!) And compare it with the one stored in the database. There is an option - to check the password hash, which will allow not to know the password to the server, but to store its hash. But note - the password passes in open form over the network! Secondly, you do not know who sent your password, the server can be fake. The workaround is to use only in conjunction with SSL / TLS, but in this case the server should have a valid, not expired certificate issued by a trusted authority, and not as usual.

The second option - the server knows the secret, you know it - the method described in the paragraph on symmetric encryption is used. This is better than comparing with a stored hash - the password does not run over the network at all, the server also does not receive your secret - you conduct mutual authentication with the server. On this method, a very serious protocol has grown - Kerberos, with one nuance - only dedicated servers on the network know passwords. Kerberos is used in Microsoft Active Directory, as an example I cite as the most famous product - we still have an educational program.

The third option, complex, PKI. Beyond the literacy its description goes, it is interesting - read it yourself. Essentially similar to Kerberos - there is a center, but it is based on asymmetric encryption.

Kerberos

The algorithm is described with some digressions, to improve perception. If you need an exact description of the work, not for general information, I advise you to read more serious literature

Every day, employees of the corporate sector actively use the quintessence of cryptographic thinking - the Kerberos protocol, surfing the corporate network built on the basis of Microsoft solutions, because it takes all the processes of identifying users and computers by services (IMAP, SMTP, access to files) .

The Kerberos protocol is an authentication protocol using hash functions and symmetric ciphers. Surprisingly, Kerberos is not just another generation of Microsoft in the pursuit of "to be ours and not compatible with anything, and so that they give us their soul for specifications", a protocol was created within the walls of the Massachusetts Institute of Technology - MIT, where all these are actively used years in the campus network of the university.

Re-read the description of symmetric ciphers, at the end there is an example. So what is the disadvantage of the solution proposed in that paragraph? And it turns out that the passwords must be placed on each server on the network, and even each service will need to have access to them, to unencrypted passwords, and on each server these passwords must be entered. It looks a bit wry.

The Kerberos protocol has a separate server for storing passwords — the Key Distribution Center (key distribution server); every participant in the process has the keys — both the users and the services. The key is obtained from the password by hashing, since the user cannot remember the number of characters required for the encryption algorithm. Hashing always returns a fixed-length string, which is just right for encryption algorithms with a symmetric key.

When a user needs to gain access to an HTTP server (the portal is corporate there, for example), he appeals to the KDC (well, it is clear that the library is addressing) with a request to provide a key for access to the HTTP server. KDC has user and server keys

The KDC generates a random, symmetric key and makes a rather complex structure, called a ticket, which is better to look at in the picture:



So, we have a nested doll, but she understands simply enough. The user, having received the answer, decrypts it with his key, receives the generated key and the packet encrypted by the server key. So this user already sends this packet to the HTTP server, which decrypts it and also receives the same generated key.

Now both have a common key. And now you can authenticate each other, the method has already been described - we encrypt the user name, IP address, time received from the KDC, the generated key, and send it to the server. The server decrypts, and having received the expected username Pupkin recognizes it. Now the server's turn to introduce itself - it adds 1 (one) to the received time and, encrypting everything back, sends the packet to the user. It is clear that if in the received packet, after decryption, the same time stamp is detected that the user sent, but increased by one, the server is recognized as genuine.

But about the time I mentioned for good reason. Access is granted for a certain time (often for 10 hours), the time is stamped in the ticket, and after the expiration of the ticket is considered overdue - the server will not accept such a ticket, which is not fatal, you get a new one. It will be much sadder if the time on your PC disperses by more than 5 minutes from the KDC — you cannot log in, because the Kerberos protocol requires participants to have a synchronous time — so that tickets expire on all machines on the network at the same time, and it was not possible to use expired ticket for access to either.

So, the ticket is valid for 10 hours, without requiring more than entering a password, to access the server. But it’s so tedious to enter a password for each server on the network, especially as you may have noticed - no one does that, after one password is entered when logging in to Windows, you no longer enter passwords for access to shared network folders. And everything from the fact that getting tickets is also possible by ticket! This design is called TGT - ticket to get tickets. Everything here is the same as it was shown, we get a ticket for access to the network service issuing tickets (TGS - Ticket-Granting Service), which recognizes Pupkin Pupkin. And if Pupkin is Pupkin, then he can issue tickets to Pupkin for access to various servers on the network.

Thus, during the TGT validity period, you can receive tickets to access network services without re-entering your password. It works comfortably, right?

Note that Kerberos issues tickets for access to any network service, whether you have the right to use it or not, the authentication protocol is indifferent - it is your business to certify your identity, and completely different mechanisms are involved in the rights.

PS In the rest of the operating system, Kerberos also works. Windows serves as an example because of its greater prevalence, and, as a result, greater visibility in everyday life.

PPS In the comments there are links to a more detailed presentation of some aspects, if you are interested to learn more and read more - read.