You probably won't be surprised to find out that protocols have been defined to initiate and implement secure communication. Different protocols can be used to meet different needs, and we will discuss three such protocols in this chapter: Kerberos, NTLM, and SSL. I selected these protocols because of the exceptional support Windows 2000 provides for them and their significance in existing environments such as the Internet.
Security protocols are primarily designed to use encryption techniques as well as network communication techniques, in a defined manner, with the objective of implementing one or more of the three goals mentioned earlier in this chapter: privacy, authentication, and integrity. All three protocols that we will cover achieve these goals to varying degrees. Additional features of some of the protocols are delegation and mutual authentication.
The Kerberos and NTLM security protocols are an integral part of security in Windows 2000. As such, these protocols can be used to directly authenticate a user in a domain. Said another way, a server can retrieve an access token for a client by using the Kerberos and NTLM security protocols. (Tokens are discussed in detail in Chapter 11.)
SSL is a security protocol that is not as tightly integrated with the Windows security model as are the other protocols. SSL is a certificate-based protocol, and Windows must do a mapping of certificate information before a server can impersonate. (Impersonation is discussed in detail in Chapter 11.)
NTLM is the existing security protocol of the Windows family. It is understood by Windows 2000, Windows NT, and Windows 95/98. Although Kerberos offers some noteworthy improvements over NTLM, you need to understand NTLM.
The NTLM protocol is fairly straightforward and is based on what is known as a challenge/response sequence. The sequence, illustrated in Figure 12-1, works like this:
Figure 12-1. NTLM authentication
As you can see from Figure 12-1, the network traffic generated by the NTLM protocol is significant, and the server bears a great deal of the responsibility even though it is largely acting as a proxy between the client and the domain controller (DC). But this protocol does get the job done.
As I mentioned in the last section, NTLM is the only security protocol supported on all of Microsoft's desktop operating systems. For this reason, it still plays a very important role in server development in an enterprise. However, Kerberos is the shining star of Windows 2000 and offers a lot of great features:
Kerberos is the name of the three-headed dog in Greek mythology that guarded the entrance to the underworld. The Kerberos protocol was named after this mythical animal because it too has three components:
Each of these entities plays an important role in the Kerberos specification. The following description of Kerberos will define some important terms and concepts for you, but you don't need a complete understanding of Kerberos before you can use it in your applications.
Kerberos relies on symmetric key encryption. A server using Kerberos to authenticate a client decrypts a packet known as an authenticator, which is sent by the client and contains an encrypted copy of the client's identification and a timestamp (which is used to avoid authenticator duplication and reuse across the wire). Only the client and the server can encrypt or decrypt the authenticator with this key, which is guaranteed to be a secret known only by them. This secret key is a session key. This session key is also the key that the client and server use to encrypt data as they continue to communicate for the duration of the session.
Kerberos authentication is pretty simple so far, but as you can imagine, the real magic of Kerberos is in the negotiation of the session key. The session key must be unique and is a secret known only by the communicating entities—the client and the server. The open questions are as follows:
I will go through the process that answers these questions one step at a time, but first it is important that you understand the Kerberos protocol's concept of a ticket.
The ticket A ticket is a packet of information whose contents are held by a client, and that contains information that allows a server to authenticate the client. This packet was given the name ticket because its information is the client's "ticket" to "use" the server. Here are some important items contained within a ticket:
Tickets are generated by the Key Distribution Center or KDC. The secret session key found inside the ticket is encrypted with the server's password. Only the KDC and the server know this password. Although the KDC grants tickets to clients, the encrypted portions of a ticket are opaque to a client and will be used only by the requested server.
The client requests tickets for use with specific servers, and the KDC grants these tickets. A ticket can be used and reused for authenticated communication with a server until the expiration time has passed, at which time the client must be granted a new ticket from the KDC.
Because the session key is encrypted using the server's password, the key can be used only by the server. Additionally, encrypted and clear-text versions of the ticket holder's identification are included on the ticket. This allows anybody to know the holder of the ticket, but the encrypted copy allows the server to ensure that the ticket holder has not been changed since the creation of the ticket.
The duration of a ticket's usefulness defines a session with a server. This session continues until the ticket expires or until the client discards the ticket. The server does not store the ticket, so authentication (from the server's point of view) is stateless.
Now I would like to describe a very important session. This is the client's session with the KDC. This is also the first of three phases that a client must go through to authenticate itself with a server. Figure 12-2 shows the entire authentication process using the Kerberos protocol from start to finish.
Figure 12-2. Kerberos protocol authentication process
The ticket-granting ticket (First Phase) As I mentioned before, the KDC creates tickets and communicates them to a requesting client. The KDC itself is a server, however, and the client must maintain a ticket for use with the KDC. Because the client will be using the KDC to retrieve tickets for use with other servers in the system, the ticket that the client holds for use with the KDC is called a ticket-granting ticket, or TGT. This is the very first ticket that a client requests from the KDC, and it defines a session with the KDC. Here are the steps in acquiring a TGT:
Now the client holds a session key and a ticket that can be used with the KDC in requests for future tickets. The session key returned to the client is encrypted with the client's password. If the client has lied about its identity, it will not be able to decrypt the session key, and the ticket-granting ticket will be useless to it. This is because the session key is used in all future communication with the KDC.
The ticket-granting ticket, like all tickets, has a session key encrypted with the server's password and expiration information. As long as the client holds an unexpired TGT for the KDC, it is participating in a session with the server.
Requesting a ticket (Second Phase) When a client wishes to initiate an authenticated session with a server, it must first request a ticket for this session from the KDC. Before it can do this, it must hold a ticket-granting ticket for use with the KDC. This was established in the first phase. Here are the steps the client takes to request a ticket for use with a server:
At this point, the client holds a ticket for authenticating with the requested server. The client also holds its own copy of the session key used when communicating with the server.
Authenticating with a server (Third Phase) Finally, the client begins its communication with the server, which can happen only if the client holds a ticket for authenticating with the server. The ticket is granted in the second phase. Here are the steps that the client takes to authenticate with a server:
At this point, the client and the server can communicate using their shared session key to encrypt data as it crosses the network.
Like the KDC, the server does not save its ticket, and in this way uses what is known as stateless authentication. This means that the third phase is necessary each successive time the client wishes to communicate with the server.
Notice in Figure 12-2 that communication with the server does not begin until the third phase. Notice also that the server and the KDC never communicate. These are noteworthy scalability improvements over the authentication scheme presented by NTLM.
As I mentioned before, this coverage of the Kerberos protocol does not cover every detail of the protocol. However, this description provides some perspective, which you will find useful when we begin our discussion of programming using security protocols.