svn commit: lorikeet r77 - in trunk/samba4-ad-thesis: .

Sat Sep 25 14:07:51 GMT 2004

Author: abartlet
Date: 2004-09-25 14:07:51 +0000 (Sat, 25 Sep 2004)
New Revision: 77

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/samba4-ad-thesis&rev=77&nolog=1

Log:
Expand on NTLM, and NTLMSSP.

Andrew Bartlett

Modified:
   trunk/samba4-ad-thesis/chapters.lyx
   trunk/samba4-ad-thesis/thesis.bib


Changeset:
Modified: trunk/samba4-ad-thesis/chapters.lyx
===================================================================

--- trunk/samba4-ad-thesis/chapters.lyx	2004-09-25 12:01:05 UTC (rev 76)
+++ trunk/samba4-ad-thesis/chapters.lyx	2004-09-25 14:07:51 UTC (rev 77)
@@ -150,7 +150,7 @@
  this problem, and to simply implement the missing components.
 \layout Section
 
-More than what we had done before 
+More than had been done before 
 \layout Standard
 
 The biggest change in Samba4 is the move beyond the CIFS protocol and the
@@ -424,9 +424,6 @@
 \layout Standard
 
 Schannel-signed NTP packets.
-\layout Subsection
-
-NTLMSSP
 \layout Section
 
 Kerberos
@@ -991,6 +988,8 @@
 The 24 byte response (8 bytes from each DES operation) is then send over
  the network, proving to the server that the client knows the NT or LM hash,
  and presumably therefore the password.
+ This is known as the LM response when based on the LM hash, and the NTLM
+ response when based on the NT hash.
 \layout Standard
 
 The LM challenge-response function sufferers from a number of flaws, but
@@ -1006,17 +1005,135 @@
 \layout Subsection
 
 NTLMv2
+\layout Standard
+
+Due to the problems with the security of the NTLM challenge-response scheme,
+ a new scheme was devised by Microsoft, and became known as NLTMv2.
+ 
+\begin_inset LatexCommand \citet{ntlmv2enable}
+
+\end_inset 
+
+ Unfortunetly a number of other improvements are also labeled NTLMv2 - but
+ we will start by describing the new NTLMv2 challenge-response:
+\layout Standard
+
+NTLMv2 uses the same NT hash, but instead of the LM challenge-response formula,
+ a new system based on HMAC-MD5 has been built.
+ Because the 56-bit (cypher strength) DES step has been replaced by a 128-bit
+ HMAC-MD5 call, logins can be considered to be protected by 128 bit security.
 \layout Subsection
 
+Session Keys
+\layout Standard
+
+As part of the byproduct of NTLM authentication, a password-derived `session
+ key' is produced, for use in verifying or encrypting data carried between
+ the client and server.
+ The algorithm used varies depending on the method of authentication, but
+ can unfortunetly be very weak - often a fixed derivitive of the user's
+ password! This key is known as the `user session key', and is used in a
+ number of places within CIFS directly, as well as by the NTLMSSP suite.
+\layout Subsubsection*
+
+LM session key construction
+\layout Subsubsection*
+
+NT session key construction
+\layout Standard
+
+The NT session key is a fixed derivitive of the password - it contains none
+ of the per-session information that the otherwise weaker LM key does:
+\layout LyX-Code
+
+NT_key = md4(md4(unicode(password));
+\layout Subsection
+
 NLTMSSP
 \layout Standard
 
+NTLMSSP
+\begin_inset LatexCommand \citet{davenportntlm,opengroupntlm}
 
-\begin_inset LatexCommand \citet{davenportntlm}
+\end_inset 
 
+ is a collection of protocols, which togeather forfill the Microsoft `security
+ support provider interface' (SSPI
+\begin_inset LatexCommand \citet{sspi}
+
 \end_inset 
 
+).
+ As such, the NTLM challenge-response steps have been wrapped into a framework
+ such that a calling application need only know how to pass messages, not
+ to understand them.
+ At each end of the connection, these blobs of data are passed down to the
+ security libries for processing.
+\layout Subsubsection*
 
+NTLMSSP Packets
+\layout Standard
+
+Within those blobs of data is a particular packet format, which is known
+ as NTLMSSP, partly because this ASCII string prepends every protocol message.
+ Three different packets pass back and forth between client and server:
+\layout List
+\labelwidthstring 00.00.0000
+
+Negotiate The intial packet, sent from the client to the server, suggesting
+ options (including choice of Unicode or ASCII for future communication)
+ and requesting an authentication
+\layout List
+\labelwidthstring 00.00.0000
+
+Challenge The return packet, containing the LanMan challenge, and the server's
+ options (influenced by the client).
+ It may also include data on the target system's name and domain.
+\layout List
+\labelwidthstring 00.00.0000
+
+Authenticate The final packet, containing the username, domain and challenge-res
+ponse (also known as the encrypted passwords), in whatever format may have
+ been negotiated.
+\layout Standard
+
+The format of these packets, and the meaning of most of the options carried
+ in them is now reasonably well understood, and partially documented in
+ 
+\begin_inset LatexCommand \citet{opengroupntlm}
+
+\end_inset 
+
+.
+ 
+\layout Subsubsection*
+
+NTLMSSP Signing and Sealing
+\layout Standard
+
+NTLMSSP provides generic functions to sign and seal quantities of data,
+ and this shows up in DCE-RPC.
+ Using the session key negotiated between the client and server, a chiper
+ state is established though which the data is encypted, or the signature
+ is generated/verified.
+\layout Standard
+
+The core of the sign/seal algorithms is alledge to be RC4
+\begin_inset LatexCommand \citet{RC4FAQ,RC4Page}
+
+\end_inset 
+
+ - an algorithm used repeatedly (and unfrotunetly often poorly) in many
+ parts of Microsoft's network server implementation.
+ When negotiating the newer `NTLM2 Session Security', multiple RC4 sboxs
+ are generated, one per direction, each using unique subkeys, and checksums
+ are calculated with the strong HMAC-MD5 checksum.
+ However, when this is not negotiated (and such negotiation is not yet mandetory
+ in default installations), only a single RC4 sbox is used, for both directions
+ - a practice strongly discouraged by cryptograpers.
+ Also, without NTLM2 the checksum is a CRC32 function - weaknesses in this
+ function have been used in the past to break the security of SSH connections.
+ 
 \layout Chapter
 
 The Join process
@@ -1206,6 +1323,18 @@
  an LDAP back-end, and a simple key-value database.
  It is this interface that this project will extend, with a new `ldb' back-end
  to be provided.
+\layout Subsection
+
+Heimdal/Samba Integration
+\layout Standard
+
+Another feature of current Heimdal snapshots is support for intergration
+ with Samba 3.0.
+ By using Samba 3.0's password entries in the LDAP database, Heimdal snapshots
+ can use the sambaNTPassword as an arcfour-hmac-md5 kerberos key.
+ This intergration work not only opened up valuable communicaton channels
+ between Samba and Heimdal developers, it provided hands-on experience in
+ hdb module development.
 \layout Section
 
 clapd

Modified: trunk/samba4-ad-thesis/thesis.bib
===================================================================
--- trunk/samba4-ad-thesis/thesis.bib	2004-09-25 12:01:05 UTC (rev 76)
+++ trunk/samba4-ad-thesis/thesis.bib	2004-09-25 14:07:51 UTC (rev 77)
@@ -59,11 +59,19 @@
 
 @misc{win2kauth,
   title = {Windows 2000 Network Architecture},
-  URL = http://www.microsoft.com/windows2000/techinfo/reskit/en-us/cnet/cnad\_arc\_plgn.asp},
+  URL = {http://www.microsoft.com/windows2000/techinfo/reskit/en-us/cnet/cnad\_arc\_plgn.asp},
   corpauthor = {Microsoft Corporation},
   year = 2001
 }
 
+ at misc{ntlmv2enable, 
+ title = {How to enable NTLM 2 authentication},
+ URL = {http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239869},
+ corpauthor = {Microsoft Corporation},
+ key = {Microsoft Corporation},
+ year = 2004
+}
+
 @article{mind, 
   author = {Paul Leach and Dan Perry},
   title = {CIFS: A Common Internet File System},
@@ -269,7 +277,7 @@
 }
 
 @unpublished{rogerclarkauth, 
- URL = {},
+ URL = {http://www.anu.edu.au/people/Roger.Clarke/EC/AuthModel.html},
  title = {Authentication: A Sufficiently Rich Model to Enable e-Business},
  author = {Roger Clarke},
  year = 2001,
@@ -283,3 +291,17 @@
  year = 1997,
  mongth = {Dec}
 }
+
+ at unpublished{RC4FAQ, 
+ corpauthor = {RSA Laboritories},
+ key = {RSA Laboritories},
+ year = 2003,
+ title = {What is RC4?},
+ URL = {http://www.rsasecurity.com/rsalabs/faq/3-6-3.html}
+}
+
+ at misc{RC4Page, 
+ author = {Itsik Mantin},
+ title = {RC4},
+ URL = {http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4.html}
+}

