What is a user login procedure?

Authentication Protocol

SSH-AUTH is simpler than SSH-TRANS. The authentication protocol defines a framework for these exchanges, defines a number of actual mechanisms (but only a few of them), and allows for extensions. The three defined methods are public-key, password, and host-based authentication.

The authentication process is framed by client requests and server responses. The “authentication” request actually includes elements of authorization (access rights are checked as well). A request contains:

Username, U—The claimed identity of the user. On Unix systems, this is typically the user account. However, the interpretation context is not defined by the protocol.

Server name, S—The user is requesting access to a “server,” which is really the protocol to run on the SSH-TRANS connection after authentication finishes. This is usually “ssh-connection,” which represents all services (remote log-in, command execution, etc.) provided by the SSH-CONN protocol.

Method name, M, and method-specific data, D—The particular authentication method used for the request and any data needed with it. For example, if the method is password, the data provided are the password itself.

There can be other messages exchanged, depending on the authentication request. But ultimately the server issues an authentication response. The response can be SUCCESS or FAILURE, and the success message has no other content. The failure response includes

a list of the authentication methods that can continue the process

a “partial success” flag

The FAILURE response can be misleading. If the partial success flag is not set (false), the message means that the preceding authentication method has failed for some reason (incorrect password, invalid account, and so on). However, if the partial success flag is set (true), the message means that the method has succeeded (odd in a failure message!), but the server requires that additional methods also succeed before access is granted. In other words, the server can require multiple successful authentication methods. OpenSSH does not support this feature.

But how does the client know which methods to start with? The client starts with a “none” authentication request, which prompts the server to reply with a list of the authentication methods the client can choose to continue the process. In other words, if the server requires any authentication at all, the “none” method fails. If not, a SUCCESS is immediate and a lot of time is saved.

13.7 Security in North American Cellular/PCS Systems

The ANSI-41 authentication features are independent of the air-interface protocol used to access the network, and subscribers are never involved in the process. A successful outcome of authentication occurs when it can be shown that the MS and the network possess identical results of a calculation performed in both the MS and the network. The authentication center (AC) is the primary functional entity in the network responsible for performing this calculation (see Chapter 7), although the serving system (i.e., the VLR) may also be allocated certain responsibilities. The authentication calculations are based on a set of algorithms, collectively known as the cellular authentication and voice encryption (CAVE) algorithm.

The authentication process and algorithm are based on the following two secret numbers:

Authentication key (A-key) (64-bit)

Shared secret data (SSD) (128-bit)

The A-key is a 64-bit secret number that is the permanent key used by the authentication calculations in both the MS and the AC. The A-key is permanently installed into the MS and is securely stored at the AC in the network when a new subscription is obtained.

Once the A-key is installed in the MS, it should not be displayed or retrievable. The MS and the AC are the only functional entities ever aware of the A-key; it is never transmitted over the air or passed between systems. The primary function of the A-key is as a parameter used in calculation to generate the SSD.

The COUNT is a 6-bit parameter that is intended to provide additional security in case the A-key or SSD is compromised. The current value of the COUNT is maintained by both the MS and the authentication controller. The respective counts should generally be the same — they may not always match exactly due to radio transmission problems or system failures in the network. If the respective counts differ by a large enough range, or frequently do not match, the AC may assume that a fraudulent condition exists and take corrective action. Note that a COUNT mismatch detection does not conclusively indicate that the particular MS accessing the system is fraudulent — only that a clone may exist.

13.7.1 Shared Secret Data Update

The SSD is a 128-bit secret number that is essentially a temporary key used by authentication calculations in both the MS and the AC. The SSD may also be shared with the serving system via a number of ANSI-41 messages. The SSD is a semipermanent value. It can be modified by the network at any time, and the network can command the MS to generate a new value.

The SSD is obtained from calculations using the A-key, the ESN, and a random number shared between the MS and the network. SSD calculation results in two separate 64-bit values, SSD_A and SSD_B. SSD_A is the value used for the authentication process, whereas SSD_B is used for encryption algorithms for privacy and to encrypt and decrypt selected messages on the radio traffic channel. Figure 13.4 shows the SSD generation process. At any time, the network can order the MS to update the SSD by generating the new SSD with a new SSD random number for security purposes.

Figure 13.4. SSD generation.

13.7.2 Global Challenge

For a global and unique challenge authentication process, the ANSI-41 standard is used [8, 9]. In a global challenge the serving system presents a numeric authentication challenge to all mobile stations that are using a particular radio control channel. The ANSI-41 AC verifies that the numeric authentication response from an MS attempting to access the system is correct. This is called a global challenge because the challenge indicator and random number used for the challenge are broadcast on the radio control channel and are used by all mobile stations accessing that control channel.

The authentication process flow diagram (when SSD is not shared with the serving system) is given in Figure 13.5.

Figure 13.5. Global challenge authentication process (no SSD sharing with serving system).

1.

The serving system generates a random number (RAND) and sends it to the MS in the overhead message on the control channel.

2.

MS calculates an authentication result using CAVE and transmits that result back to the serving system when it accesses the system for registration, call origination, or paging response purposes.

3.

The serving system forwards the authentication result and the random number to AC.

4.

The AC independently calculates an authentication result and compares it to the result received from the MS. If the results match, the MS is considered successfully authenticated. If the results do not match, the MS may be considered fraudulent and service may be denied.

If the SSD is shared, then the serving system performs the calculations.

13.7.3 Unique Challenge

In the ANSI-41 unique challenge, the authentication controller directs the serving system to present a numeric authentication challenge to a single MS that either is requesting service from the network or is already engaged in a call. The serving system presents the numeric authentication challenge to the MS and verifies that the numeric authentication response provided by the MS is correct. The unique challenge is so named because the challenge indicator and the random number used for the challenge are directed to a particular MS, whereas a global challenge is required by each MS. Figure 13.6 shows the basic unique challenge procedure for authentication when SSD is not shared.

Figure 13.6. Basic unique-challenge authentication process when SSD is not shared.

1.

The AC generates a random number and uses it to calculate an authentication result. The AC sends both the random number and authentication result to the serving system.

2.

The serving system forwards the random number to the MS.

3.

The MS calculates an authentication result and sends it to the serving system.

4.

The serving system compares the result from the AC with the result from the MS. If the results match, the MS is considered to have successfully responded to the challenge. If they do not match, the MS may be considered fraudulent and service may be denied. Either way, the serving system reports the results to the AC.

If SSD is shared, the serving system may initiate the unique challenge process and would report a failure to the AC.

3.3.1.2 OAuth WRAP

WRAP is the Web Resource Authorization Protocol. WRAP is actually a profile designed for OAuth called OAuth WRAP. OAuth WRAP is used to allow users to grant applications access to their identity information. With the development of OAuth 2.0, OAuth WRAP has been deprecated but it is still in use.

OAuth WRAP uses token exchange to secure access. To further secure communications, OAuth WRAP communications are done using SSL. In OAuth WRAP, the client will obtain a bearer token from the Authorization Server. This token will have a specified lifetime that is usually very short. The client will then present this token to the server hosting the desired resource. WRAP also allows for a client to act on another user’s behalf. OAuth WRAP also provides for refresh tokens that are used to obtain new tokens before expiration.

The OAuth WRAP authentication process is as follows:

The user attempts to access an application.

The user is redirected to the IdP to receive a verification code.

The user gives consent for the application to access information from the IdP.

The user submits the verification code to the application.

The application uses the verification code to contact the IdP.

The IdP returns an access token and a refresh token to the application.

The application uses the access token to retrieve user data.

When the access token expires, the application uses the refresh token to get a new access token.

Multifactor Authentication

Multifactor authentication is an authentication process that uses at least two of the following three components: what you have, what you are, and what you know. What you have is something like a memory card, access token, or other device. What you are is a form of biometric information such as a retinal, palm or fingerprint scan held in a reference file. What you know is the most common form and consists of usernames, passwords, and answers to personal questions. By requiring at least two of the three components, the access level is considered “safe/secure” [13].

The Pre-Authentication Process

The client pre-authentication process works as shown in Figure 4.13. The ISA server takes care of the authentication transparently, so the client doesn't know it's being authenticated by something other than its destination server.

Step 1 The client sends its credentials to the ISA server, either via a standard log-in box in the case of Outlook Anywhere, or via the forms-based authentication method used for Outlook Web Access.

Step 2 ISA Server uses these credentials to authenticate the user against the authentication server. Depending on domain membership and other factors, this may be a RADIUS service, LDAP, or an Active Directory domain controller.

Step 3 The authentication provider sends acknowledgment of the credentials and gives the ISA server a green light to let the user in.

Step 4 ISA server sends the original client request to the Web server and uses authentication delegation to present the client's credentials for validation. The form the credentials take is not dependent on how it was presented by the client. (For example, the client may provide credentials by NTLM, but if the Web server requires Basic authentication, the ISA server can present those credentials to the Web server using Basic auth.)

Step 5 The Web server sends a response to the client, which is intercepted by the ISA server. (Actually, depending how the publishing rule is set up, the ISA server may be the client as far as the Web server is concerned.)

Step 6 The ISA server forwards the response to the client.

Later in this chapter, we explore different methods of publishing Exchange Server 2007 with ISA Server 2006 and dependencies on certificates, and making the Autodiscover service available to Outlook Anywhere clients.

Working with Sites

Sites are used for optimizing the authentication process, by reducing authentication traffic across slow, high-cost WAN links.

Subnets provide rapid and reliable communication between locations.

The primary role of sites is to increase the performance of a network, which is achieved by economic and rapid transmission of data.

Replication enables transferring data from a data store present on a source computer to an identical data store present on a destination computer.

The KCC is a process that runs on a DC.

The process of associating a subnet with a site notifies Active Directory sites about the physical networks that are represented by the site.

Cost is the value used to calculate site links by comparing one to others, in terms of speed and reliability charges.

Improved Authentication

Improvements have been made to the authentication process in ISA Server 2004. Users can be authenticated via the built-in Windows authentication or Remote Authentication Dial-In User Service (RADIUS) or other namespaces. You can apply rules to users or usergroups in any namespace. Using the software development kit, third-party vendors can extend these built-in authentication types to provide for additional authentication mechanisms.

A common authentication problem with ISA Server 2000 has been solved: in ISA 2000, the HTTP redirector had to forward requests to the Web Proxy service so that firewall clients could benefit from the Web cache. During this process, user credentials were removed, and then the request failed if user credentials were required. ISA Server 2004 fixes this problem by allowing Firewall clients to access the Web cache via the HTTP filter, without requiring separate authentication with the Web Proxy service.

With ISA Server 2000, there were also some authentication issues with the Hotmail Web site. This required the site to be configured for direct access. The improved HTTP filter in ISA Server 2004 fixes this problem, too. Now all users can access Hotmail via an easily-configured firewall rule without any need for special configuration on either the client or the firewall.

Notations

The following are defined for our authentication process:

Source group: A group of nodes equipped with SOKCs generated from m different source keys, ai where 1 ≤ i ≤m , are distributed among Nsrc number of source nodes (m ≤Nsrc). It is assumed that m is an odd number in this scheme. The source nodes may or may not be located in close proximity, and some source nodes may have the same source key if m

Verifier group: Nvrf nodes (e.g., multicast group members or all the nodes in the broadcast case) are equipped with verification information for authenticating a packet’s traversing of at least m source nodes with different ai in the routing path. That is, a verifier node has the ability to verify that the packet passed through all the source group nodes with m different source keys.

Information kept in the source group node and the verifier group node is as follows:

Source node from ai keeps the following items:

Split-Join One-Way Key Chain from ai : SOKCi={Kn−1i,...K2i,K1i}

public source key sum a=a1⊕a2⊕⋯⊕am

cryptographic one-way hash function

Verifier node keeps the following items:

public source key sum a1⊕a2 ⊕⋯⊕am

last key, Yn, in the SOKC

cryptographic one-way hash function

2.2.3 Explanation of the Modulo Addition Operation

In the aforementioned watermark embedding and authentication processes, the modulo addition operation is defined as follows:

(2.1)i⊕k=C⌊i/ C⌋+mod(i+k,C)

where i and k are two integers involved in the addition modulo operation, ⌊·⌋ is the rounding operation, C is the modulo, and mod(.,.) is the operation to get the remainder. Through this modulo addition operation, if i + k is just integer times the modulo C, then mod(i + k,C) = 0, thus the absolute difference D between the modulo addition result i⊕k = C⌊i/C⌋ and i + k is just one modulo C, i.e.,

(2.2)D= |i+k−C⌊i/C⌋|=|C( ⌊i/C⌋±1)−C⌊i/C⌋|=C

For example, if C = 16, assume that the dynamic range of i is [0,255] and k = 1, then we have the modulo addition result 0→1, 1→2, …, 15→0, 16→17, 17→18, …, 31→16, and so on. Obviously, the smaller the modulo C is, the less distortion this operation introduces near the boundary (i.e., the case that i + k is just integer times C). However, on the other hand, the smaller the modulo C is, the more distorted pixels there are in the whole dynamic range (e.g., the dynamic range of an 8-bit grayscale image is [0,255]). For a given image, to reduce the distortion introduced by the modulo addition operation, it is required to choose C according to concrete conditions: if k is small and the number of pixels near the boundary (the pixel value near 0 or 255) is small, then we can use a big C, e.g., 256; otherwise, a small value of C should be adopted to avoid severe visual distortion like the salt-and-pepper noise. In addition, note that in the first step of authentication, the method used in watermark extraction is the correlation operation with the noise sequence, thus the robustness of the watermark extraction operation can be guaranteed.

Understanding the Role of Sites

☑

Sites are used for optimizing the authentication process, by reducing authentication traffic across slow, high-cost WAN links.

Subnets provide rapid and reliable communication between locations.

The primary role of sites is to increase the performance of a network, which is achieved by economic and rapid transmission of data.

Replication enables transferring data from a data store present on a source computer to an identical data store present on a destination computer.

The Knowledge Consistency Checker (KCC) is a process that runs on a DC.

Authentication is a process by which a system validates users, using the logon information provided.

Network authentication verifies the user’s identification to a network service.