We are the national information service that provides busy school leaders with instant answers to their questions on all aspects of managing a school.
This document was written by Chris Walsh.It is based in part on a similar document entitled
Printed copies of this document are available in the CSEL office, and a Postscript version is available on-line
ContentsReferencesIntroduction
On EECSNet, as in many computing environments, passwords provide the first lineof defense against unauthorized use. Users who are able to respond with the correctpassword at the Password: prompt are presumed to be who they say they are. Anobvious vulnerability springs to mind: anyone who can guess or steal a legitimateuser's password is in. Guessing can be made much less probable by avoiding theselection of easily-guessed passwords. Theft can be minimized by not writing downpasswords, not telling them to others, and not allowing anyone to see them whenthey are typed in. The passwd program currently installed on departmental Sunsdoes not permit the selection of many types of bad passwords, such as words from adictionary, and all users have been warned repeatedly about writing down theirpasswords or telling them to others. Presumably, users are savvy enough not toenter their password when someone is looking over their shoulder, so it would seemthat barring a gradual creeping lassitude, EECSNet password security has been takencare of.
Unfortunately, this is not the case. Unlike the days of yore, when logins took placefrom hardwired terminals, and the only place to intercept a password was over theuser's shoulder or off the note he had taped to his adm3a, today's ubiquitousinterconnected networks make it possible for passwords to be grabbed as theytraverse the Internet. Indeed, there have been well-publicized instances of password'sniffers' being used on major regional networks and the machines of InternetService Providers, leading to thousands of passwords being compromised. One wayto prevent such compromises in the future is for authentication to take place over anencrypted connection. United States legal restrictions on the export ofcryptographic technologies, however, have retarded the development of universallyavailable solutions on this front. As an alternative, however, one can use a schemewhich makes passwords obtained through eavesdropping useless. This is theapproach taken by S/KEY.
What S/KEY IsS/KEY is a software package developed at Bellcore. It is a one-time password system.Each password used in the system is usable only for one authentication. Passwordscannot be re-used, and thus, intercepted passwords are of no utility. Moreover,knowledge of already-used passwords in a user's S/KEY password sequence provideno information about future passwords. Thus, even all of one's S/KEY passwords are'sniffed' as they transit an insecure network, they will not benefit their interceptor.CERT recommends that such a system be used in order to protect authenticationdata [CERT, 1994].How It WorksA user initializes S/KEY by selecting a secret password and n, a number of passwordsto generate. A secure hash function (currently MD4) is applied to the secretpassword n times. The result is stored on the server. When the user attempts to login, the server issues a challenge, which is the number n-1. Software on the user'sclient machine prompts for her secret password, and applies n-1 iterations of thehash function to it, and sends this response to the server. The server applies thehash function to this response. If the result it obtains is the same as the value itstored earlier, the authentication worked. The user is allowed in, and the serverreplaces the stored value with the response obtained from the client, and decrementsthe password counter. [Haller, 1994; Rubin, 1995]
A somewhat more technical overview is available here. If you find this whole subject confusing and or annoying, you should look here, foran entertaining yet accurate elaboration of the terse, algebraic prosefound in the antecedent URL.
S/KEY in the EECSNet environmentS/KEY is currently installed on an experimental basison the general-accessdepartmental Suns: delta, arcadia, asgard, atlantis, canaan, eden, laputa, nirvana,and olympus. The CSEL staff strongly recommends that it be used to authenticate alllogins which do not both begin and end on EECSNet.
Before you can begin to use S/KEY for authentication, however, you need toinitialize the system. You also need a secure local computer equipped with thesoftware used to generate responses from S/KEY challenges, or a printed list of onetime passwords and their corresponding challenges. The latter should be used only ifa trusted machine is unavailable, such as while you are attending a conference. TheCSEL can supply S/KEY software and documentation for Mac, PC, or UNIXRplatforms, so only in fairly unusual circumstances should the use of pre-printed listsbe necessary. The following paragraphs describe the steps you need to take in orderto begin using S/KEY. For simplicity, we assume you will be logging into delta. Theprocedure is exactly the same regardless of which EECS Sun you use. Be advised,however, that (unlike our standard UNIX passwords) S/KEY passwords differ frommachine to machine. The steps we describe below will need to be followed on eachmachine you wish to log into directly. You may prefer to always login to a singlemachine such as delta, and use rlogin from there to connect to other EECSmachines.
S/KEY Initialization
Here's an example. User Chris is initializing a sequence of 99 passwords on delta.
At this point, Chris is ready to have his delta logins authenticated viaS/KEY. The procedures to be followed are described below.
Login Authentication with S/KEY
The process is equally simple for DOS, Windows, and Mac users. Please see the Software Availabilitysection later in this document for information concerningwhere you can get S/KEY software and documentation for your DOS, Windows, orMac computer.
Establishing a New Password SequenceThe Key Is Generated As Ka Hai Alice's Password Freekeyinit from within EECSNet. Occasionally, however,this may prove impractical. You may be away from Evanston for an extendedperiod, yet still connecting to delta on a daily basis from a remoteworkstation. Happily, there is a way to use keyinit which will allow you to initialize a new password sequence, butwhich does not require that your secret password travel over an untrustednetwork.This technique uses local software to do the encryption of your secretpassword. You then supply the result to keyinit. Here's how itis done.
Here is an example. User Chris, separated from delta by an insecure network,needs to establish a new S/KEY password sequence from his workstation cicero.
Back on delta..
This completes the process. The next time Chris tries to log in to delta, he will be challenged for the 999th password in the new sequence.
Creating a List of PasswordsOccasionally, such as when you are travelling, you will have no trusted local host upon which to run the key command or its equivalent.Under such circumstances, you can run key prior to your departure,and have it generate a list of passwords which you can refer to during yourtrip. This list should be treated with the utmost care. No identifying information should appear on it, and it should be only as longas is absolutely necessary.
To generate the list, you need to know the current key and sequence number foryour S/KEY password sequence. This is the information presented to you as a login challenge. It is maintained in the file /etc/skeykeys. You can extractyour information from this file using the keyinfo command.The first field is the sequence number, and the second is the key. These will be used in conjunction with your secret password to generate the list ofone-time passwords for your trip.
Here is an example. Chris is going to a conference, and needs to log inonce a day. He therefore generates seven passwords on the machine into which he will be telnetting while away.
These can be printed off, and used while travelling. When login presents its numbered S/KEY challenge, Chris can simply look up thepassword corresponding to it, and enter it. The care with which such listsof passwords should be guarded cannot be overemphasized. Immediately contact the CSEL staff if you have lost such a list.
If this process is unacceptablycumbersome, you can use the keyprint command, which will automaticallyproduce a credit-card sized list of passwords for you.
Software AvailabilityS/KEY software for your PC, Mac, or UNIX machine is either already installed(in the case of Departmental Suns), or can be provided by e-mail requestsdirected to [email protected] have binaries for PCs and Macs, and can supply sourcecode for various flavors of UNIX, including Linux. Specifically, the CSELrecommends the use of the following packages:
KEYAPP.EXE is a Microsoft Windows application which computes S/KEY one-timepasswords, given an S/KEY challenge and a user's secret password. Its installation and use are described in the documentUsing KEYAPP.EXE, available in the CSEL office, and on-line.
Macintosh users should refer to the document Using S/KEY for the Mac,which describes S/KEY software for the Macintosh platform, available in the CSEL office, and on-line.
TERMKEY.EXE is a TSR which DOS users can 'pop-up' on demand in order tocompute S/KEY one-time passwords. Refer to the document Using TERMKEY.EXE,available in the CSEL office, and on-line, as a Postscript man page.(although it is a DOS program, there is a UNIX-style man page for termkey).
The software mentioned above is available on diskettes in the CSEL office,as well as in the directories /usr/local/lib/skey/mac, /usr/local/lib/skey/dos, or /usr/local/lib/skey/windows.It can also be FTPed from ftp://ece.nwu.edu/pub/skey/.
The source code for S/KEY is located in /vol/src/logdaemon-4.9/skey.
Future DevelopmentsSince passwords traverse networks for much more than logins, the S/KEY approachneeds to be applied to much more thanThe Key Is Generated As Ka Hai Alice's Password Free/bin/login. We haveinstalled S/KEY capable versions of rshdThe Key Is Generated As Ka Hai Alice's Password Lyrics, rexecd, and ftpd in order to provide this additionalprotection. They behave just as login does -- by providing a challenge for which you must supply an appropriate response.
We also plan to acquire an encrypting version of telnet as soon aspossible. This will enable users to encrypt their telnet connections in toto, using triple DES. We may also be experimenting with an encrypting session layer, but its deployment is impossible to predict atthis time.
References[CERT, 1994]Computer Emergency Response Team, CERT Advisory 94:01,Carnegie Mellon University, Pittsburgh, Feb 3, 1994.
[Haller, 1994]Neil M. Haller, 'The S/KEY One-time Password System'. Proceedingsof the Internet Society Symposium on Network and Distributed System Security, San Diego, Feb 3, 1994.
[Rubin, 1995] Aviel D. Rubin, 'Independent One-Time Passwords', Proceedings of the Fifth USENIX UNIX Security Symposium,Salt Lake City, June 5-7, 1995.
[email protected].
The Key Is Generated As Ka Hai Alice's Password LyricsLast updated: $Date: 96/10/30 05:20:47 $ Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |