A primer in GateKeeper authentication
Summary :
The GateKeeper authentication system allows a end user U to be authenticated by an authentication portail AP on behalf of a web application WA. GateKeeper delivers more than simply authenticating the end user into the web application, it also allows to efficiently prevent MITM attacks.
- MITM attacks are an unsolved problem for in browser web application accessed by human end user.
- Phishing, Pharming are well known examples for MITM attacks .
Environment set-up :
- To use GateKeeper to reliably authenticate its end users a web application WA must have established a trust relationship with one or several authentication portails AP.
- Each trust relationship is materialized by a set of cryptographic keys K_wa shared in between WA and AP.
- A web application may also operate its own authentication portail ...
Authentication request :
- The end user U initiates authentication by visiting WA.
- WA responds with an authentication request that contains the list of the trusted AP.
- The end user browser UB detects the authentication request and reacts by showing the GateKeeper gui in an area non accessible to remote scripts (browser chrome ...)
Authentication U-AP :
- The end user enters his (login,password) into GateKeeper.
- GateKeeper starts a SRP authentication with AP.
- If successful, UB and AP share K_ua.
Authentication Token emission :
- UB forward differents information to AP that relate to the connection to WA as seen by UB.
- AP combine those information with end user identifier into an authentication token TOK.
- AP encrypt TOK a first time with K_wa and a second time with K_ua.
- AP return the encrypted {{TOK}} to UB.
TOK content is detailled here
Authentication Token validation :
- GateKeeper decrypt {{TOK}} using K_ua.
- UB forwards {TOK} to WA.
- WA decrypt {TOK} using K_wa.
- WA proceeds with TOK validation, which if successful guarantees :
- user has been successfully authenticated by AP.
- UB is directly connected to WA.
Main ideas :
GateKeeper is built on 2 simple ideas :
Password based authentication is here to stay : let's make it work
In the case of GateKeeper, the end user uses password based authentication (PBA) to authenticate with a "central" authentication portail. It is generally assumed that PBA is a low grade authentication method and hence is not suitable for security demanding application.
GateKeeper makes extended used of the SRP protocol so as to prevent password theft by MITM attacks.
Well known PBA weaknesses are reviewed here, and counter measures available to GateKeeper are also detailled.
MITM attacks can be avoided
At a time, where Phishing is seen as a major security threat on the Internet, this appears a difficult target. The approach of trying to detect MITM relay sites and maintain an inventory of them, that can be accessed online is a desesperate response to a growing problem. Such response will not prevent rogue sites to mushroom.
There are 2 places, where a MITM attack can occur in GateKeeper :
- In between the end user browser UB and the authentication portail AP. The SRP protocol completely prevent it.
- In between the end user browser UB and the web application WA. This is prevented by mean of a tamper proof authentication token that allows the WA to detect the occurence of a MITM attack. See here for details.
Attachments
- 1.jpg (8.4 kB) - added by nicolas on 05/30/2007 09:18:21 AM.
- 2.jpg (22.9 kB) - added by nicolas on 05/30/2007 09:19:03 AM.
- 3.jpg (18.7 kB) - added by nicolas on 05/30/2007 09:19:32 AM.
- 1_big.jpg (26.1 kB) - added by nicolas on 05/30/2007 09:28:25 AM.
- 2_big.jpg (65.7 kB) - added by nicolas on 05/30/2007 09:29:24 AM.
- 3_big.jpg (52.5 kB) - added by nicolas on 05/30/2007 09:29:42 AM.
- 4_big.jpg (49.0 kB) - added by nicolas on 05/31/2007 04:12:00 AM.
- 5_big.jpg (48.6 kB) - added by nicolas on 05/31/2007 04:12:19 AM.
- 4.jpg (16.1 kB) - added by nicolas on 05/31/2007 04:12:39 AM.
- 5.jpg (16.3 kB) - added by nicolas on 05/31/2007 04:12:54 AM.
