Turn: Use Kerberos to lock the J2ME application, Part 1: Kerberos data format introduction

content:

A security MIDletkerberos message exchange for mobile banking Kerberos Messages Kerberos Bill Outlook: Design Kerberos Client Conclusion Reference Information About The Author's Evaluation

related information:

SIMPLIFY Enterprise Java Authentication with Single Sign-OndeveloperWorks Toolbox Subscribe

subscription:

DeveloperWorks Newsletter

Understand how Kerberos guarantees wireless security

Faheem Khan Freelance December 18, 2003

Users need to ensure that the wireless applications used will not harm their sensitive information. One method is to provide security using the industry standard protocol such as Kerberos. In this series, Faheem Khan will create an example J2ME MIDlet that uses Kerberos to protect financial data. This article is the first article of the series, and he introduces some basic knowledge by explaining the security of his application's security to the Kerberos data format of the skeleton.

Many users are reluctant to use applications that transmit sensitive data over wireless connections because they don't trust wireless security. However, the security of e-commerce on traditional wired networks has become possible, and wireless transactions can also be secure. In this series of three articles, I will display secure messages that the J2ME client and server-side Java application uses the Kerberos protocol (see links in the reference). I will develop a mobile banking MIDlet application that can be safely transmitted and received through the Internet. The MIDlet application will use a J2ME-based Kerberos client for practical security messaging. In this article, I first explain the usage model of the mobile bank application, and then I will explain the order of the Kerberos message exchange, so that secure messages that are securely communicated between subsequent J2ME clients and server-side Java applications. The data format used in the Kerberos messaging is described next. The last part of this article briefly introduces the system structure of the Kerberos client, which ultimately creates and handles Kerberos messages and data formats. A safety MIDlet for mobile banks. I will first consider such a use case scene: two of which have mobile phones users Alice and Bob with electronic bank accounts. If Alice wants to pay to Bob, then she provides the MIDlet application to provide Bob's mobile number (or his bank account number) and let MIDLET pay for him. MIDLET is safely contacted with e-banking and requests e-banking to pay to BOB. Electronic banks complete this transaction and send confirmation back to Alice. Bob also installed MIDlet on his mobile phone, which can be used to see if Alice payment reaches his account. MIDLET is safely communicating with e-banking to verify payment status. I will use the MIDlet that is designed and implemented in this series of articles all the application-specific messaging that is specific to the application. Of course, the MIDlet must ensure that communication is safe. The following features constitute the security requirements of the MIDlet:

Electronic banks should confirm the identity of the requested payment and update account status. This security requirement is often referred to as authentication, where the server needs to verify the identity of the requested customer. Users like Alice and Bob should make sure they are really communicating with e-banking rather than some malicious hackers. This is also an authentication situation where customers want to authenticate the server. Customers and servers are verified to each other, called two-way authentication. All communication should be encrypted to maintain the confidentiality of the message. Even if the hacker can get the message byte transmitted on the network, he does not understand the meaning of these encrypted data bytes. Both sides (users and e-banking) of communication should be able to verify the integrity of the received messages. If a malicious hacker changes the message in the transmission, then the received party should find this change. I will use the Kerberos protocol to meet these security needs (see Resources for more information on Keeros). I put all the features related to Kerberos to a small, suitable for the client Kerberos implementation of the J2ME device. Our mobile bank MIDlet only needs to be responsible for the application-specific message delivery, and the Kerberos client will process all security issues. This technology has a benefit for readers. The Kerberos client wraps security features (authentication, confidentiality, and message integrity). Therefore, if you want to develop your own MIDlet, you can use the Kerberos client described herein to make it secure. Most of this article is used to discuss how Kerberos work together with applications, as well as different messages exchanged between clients and servers in order to establish secure communications. I will describe the client application itself in a subsequent article in this series. Kerberos Message Switching this section I will describe the Kerberos message exchange between the following three participants: Support J2ME wireless device wireless device User Electronic Banking Figure 1. Kerberos Message Exchange Exchange in the Conventional Conclusion Context is given three Announcement of messaging between participants. This section I will discuss this view and interpret the final result of the message exchange shown in the figure. The next section explains the specific details of each message (ie, structure and format). Note that the wireless device for J2ME in Figure 1 contains two participants: MIDlet and Kerberos clients. Similarly, the e-banking system also includes two participants: business logic servers and Kerberos Distribution Center, KDCs. The business logic server is a server-side Java application that implements eBordan business logic. KDC is a Kerberos server that manages and distributes Kerberos bills. KDC is composed of two servers: an authentication server (AS) and a ticket grant server (TGS). Both AS and TGS receive client requests and issue Kerberos bills to respond to these requests. When the AS receives the client's bill request, it issued an initial bill. The client then demonstrates this initial bill to TGS. TGS issued a service ticket based on this initial bill. The main purpose of obtaining initial notes is to use it to get one or more service tickets. This is why the initial ticket is also called a ticket (TGT). Note that service notes are a means for secure communication between clients and specific servers. On the other hand, TGT is not for any particular server. Therefore, TGT is logically equal to an open connection, and one end is a client, and the other end is unknown. When a service bill is generated for a TGT, the other end is determined. The same TGT can be used to obtain any number of service tickets. The message exchange steps described below unveil how MIDET and why the mystery of the Kerberos bill is obtained. Each number in Figure 1 corresponds to one of the steps discussed below.

Mobile users provide him or her username and password to the MIDlet application (a secret shared by users and e-banking). This password is only used in the J2ME application within the J2ME application, it will never enter the network. Only usernames are transmitted over the network. MIDLET handed the username and password to the Kerberos client. The Kerberos client is responsible for the establishment of a context that is securely communicating with the e-banking. The Kerberos client request AS issued a TGT. A TGT request represents a security session. A client can create multiple sub-sessions in a security session. The TGT request contains the username of the requested customer, but does not include a password (shared secret). The Kerberos client sends a request to the AS. When the AS receives the TGT request, it proposes the username from the request and removes the corresponding password from the internal database (the secret of sharing). Then AS releases a TGT and package the TGT package in the reply message. This TGT contains a plain text section and a password text (encrypted) section. In order to encrypt the password portion of the TGT, AS uses an encryption key generated by the user's password. Therefore, only the user who knows the password can solve the encrypted part. The encryption section of the TGT also contains an encryption key called a session key. The AS sends a reply message (including TGT) to the requestible Kerberos client. After receiving the AS reply, the Kerberos client removes the TGT from the reply and decrypt the part of the TGT. The Kerberos client then issues a service ticket request. This request includes TGT and a encrypted structure called an authenticator. The client machine is used from the session key encryption password code extracted from the TGT. Identification code certifies the client to master the session key. The service ticket request also specifies the name of the e-banking logic server. The client sends a service ticket request to TGS (which is part of the electronic bank's KDC). After receiving the service ticket request, TGS extracts the name of the client to request a service ticket, and then grant a service ticket. Service tickets are not very different from TGT. Like TGT, service tickets contain a plain text section and a password text (encrypted) section. TGS uses a server's key (a key to generate a server sharing secret) encrypts the password text section of the service ticket, so that only that server can decrypt the password text section of this service ticket. TGS also adds a new encryption key in the password text section of the service ticket. This key is called a sub-session key. Note There are now two keys: session keys and sub-session keys. After granting the service ticket, TGS will be packaged in a response message. This response message also contains a password text section, which is encrypted with session key. The password text section of the response message contains a sub-session key. TGS sends a response message to the client. After receiving the TGS response, the client is decrypted by the session key to extract the sub-session key. The client also extracts the service bill. The client then issues a message to the e-banking logic server and wraps the service ticket in the message. This message requests the server to establish a new security session with the client. The client sends a message to the business logic server of the electronic bank. Electronic Bank's business logic server extracts a service ticket from the request, decrypt its password text section, and extract the sub-session key. This client and server have mastered this key. The e-bank server sends a positive response to the client. The client and e-banking server can now be securely communicated by sub-session keys. Kerberos message then how did these encryption work? In the rest of this article, I will explore the structure of the Kerberos message exchanged in steps 3 through 16 of FIG. 1 in FIG. 1. The TGT request FIG. 2 illustrates the representation of the TGT request message discussed in step 3 of FIG. 1.

Figure 2. The structure of the TGT request message The Kerberos protocol defines all the data structures and messages of the data used in the Kerberos message delivery. Note that the title of the message in Figure 2 is AS-REQ - this is an AS request. Figure 2 shows the structure of a nested frame. Each box represents a data field. Some fields also contain different fields to form a nested hierarchy. The outermost frame is marked as AS-REQ, which contains a smaller box tagged as KDC-REQ. This KDC-REQ box contains four fields: pvno: This data field represents the Kerberos protocol version number. The discussion of this series of articles is for the Kerveros version 5, it is quite stable and is currently the latest. MSG-Type: You can identify different Kerberos messages by message type. TGS request message is 10. PADATA: This is an optional field that does not have it in most TGT request messages. The purpose of this field is to join authentication information. The structure of the PADATA field will describe the service ticket request later in this section. The fourth field is marked as REQ-BODY, which is the body of the TGT request. It further divides several fields:

KDC-OPTIONS: This field represents the KDC option. Kerveros defines several options that the client may wish to request. For example, a client may require a Forwardable bill (which can forward tickets for different KDC servers). Similar to this, the client may request a renewable bill (which can be updated after the failure of the bill). Behind this series of articles, I will discuss some options, especially those related to my mobile banking app. CNAME: Customer's username. Realm: Realm. Note that every organization that uses Kerberos can build your own field. The field is like a trust domain, such as our e-banking. One area may span or do not cross the company boundaries. This means that one area may be needed or does not need to communicate with other companies. In the mobile banking application, I will try to remain simple, assume that all users (such as Alice and Bob) are registered in the e-banking companies. SNAME: This is a name that identifies the server that the client will present the requested bill. For TGT requests, the SNAME field specifies the name of the TGS (because the client will demonstrate TGT to the TGS). On the other hand, for the service ticket request (you will see it after this section), the sname field will specify the name of the e-bank server (because the client is ultimately presenting a service ticket to the e-banking business logic server). From: This is an optional field that indicates that the client needs a bill of filiving, that is, its validity will start at a moment. I don't need this feature in the mobile banking application. Till: This field indicates the time of TGT failure. When the client specifies when TGT is invalid. All Kerberos time fields follow the YearmontDaSecz format. For example, 3:30 in the morning of August 14, 1947 will be expressed as 19470814033000z. RTIME: This field specifies when the bill cannot be updated. This is an optional field that is only used when the client selects the renewable option in the KDC-Options field. Nonce: This is a randomly generated integer. Although this integer itself does not make sense, it helps to detect reply attacks. ETYPE: This field specifies the encryption algorithm to use by the client. Kerberos defines different integers for commonly used encryption algorithms, and clients will use the corresponding integer values. Addresses: This is an optional field that contains a set of addresses that are valid only from these addresses. Customers can specify from what network address to use the requested bills. ENC-Authorization-Data: This is an optional field that is packaged with authentication data, and the server can implement its authentication policies based on this data. I am not ready to display this function in the mobile banking application. Additional-Tickets: This is an optional field that makes the Kerberos client request a security session according to multiple bills already obtained. I am not ready to use this feature in the mobile banking application.

Define data structures with ASN.1 Kerberos Use Abstract Syntax Notation One (ASN.1) to define various data structures and byte formats used in Kerberos communications. ASN.1 is a standard for ITU-T (International Telecommunication Union-Telecommunication Standardization Sector). It consists of different documents of the reference number to X.680 to X.699 (see links in the reference). Asn.1 syntax and coding details are not the focus of this article. However, I need to discuss the concept of ASN.1 to explain the Kerberos structure and byte format. I will only discuss the ASN.1 concepts you need to explain the Kerberos message format. Byte encoding of the Kerberos message Before discussing other contents of the Kerberos message, I will first describe how to encode the TGT request message in FIG. 2 as a byte value sequence. Listing 1 is an ASN.1 class definition of the TGT request message in Figure 2 (see the sidebar for more contents of ASN.1). Table 2 shows the format of each byte of the TGT request message encoded. In order to understand the byte encoding of the TGT request message, FIG. 2, inventory 1, and Table 2 must be associated together. Note that the primary structure in Listing 1 is marked as AS-REQ. The same AS-REQ tag appears in the peripheral frame in Fig. 2. Now look at what is in the list of AS-REQ in the list 1. Two colons and equal numbers (:: =) behind the AS-REQ indicate this line defines the AS-REQ structure. Next is a string application 10 in square brackets. A Application 10 indicates that this AS-REQ structure is identified by numbers 10 in various structures of this Application. We can say number 10 is an application level tag number. This number is unique in the application - in other words, other Kerberos structures will not use this number. Note the KDC-REQ string after the [Application 10] string. This indicates that the format of the AS-REQ structure is another definition of the structure called KDC-REQ. This is an reuse mechanism in ASN.1. The KDC-REQ structure is used in two places. Therefore, Kerberos defines the KDC-REQ once and use it twice. In summary, as-req :: = [Application 10] KDC-REQ indicates that the AS-REQ is marked in different structures in the application, and the rear is the definition of another structure called KDC-REQ. Listing 1. TGT request message ASN.1 class definition as-regic :: = [Application 10] KDC-Req

KDC-REQ :: = sequence {

PVNO [1] Integer,

MSG-Type [2] Integer,

Padata [3] Sequence of Pa-Data Optional,

Req-body [4] KDC-REQ-BODY

}

PA-DATA :: = SEQUENCE {

Padata-type [1] integer,

Padata-value [2] OcTet string,

- Might Be encoded AP-REQ

}

KDC-REQ-BODY :: = sequence {

KDC-Options [0] kdcoptions,

CNAME [1] PrincipalName Optional,

- Used Only in As-Req

Realm [2] Realm, - Server's Realm

- Also Client's In As-ReqSname [3] PrincipalName Optional,

From [4] Kerberostime Optional,

Till [5] Kerberostime,

Rtime [6] Kerberostime Optional,

Nonce [7] integer,

ETYPE [8] Sequence of Integer, - EncryptionType,

- in Preference Order

Addresses [9] Hostaddresses Optional,

ENC-Authorization-Data [10] EncryptedData Optional,

- Encrypted AuthorizationData ENCODING

Additional-Tickets [11] Sequence of Ticket Optional

}

EncryptedData :: = sequence {

ETYPE [0] Integer, - EncryptionType

Kvno [1] Integer Optional,

Cipher [2] OcTet string - Ciphertext

}

KDCOPTIONS :: = bit string {

Reserved (0),

Forwardable (1),

Forwarded (2),

Proxiable (3),

Proxy (4),

Allow-PostDate (5),

PostDated (6),

Unused7 (7),

Renewable (8),

Unused9 (9),

Unused10 (10),

Unused11 (11),

Renewable-OK (27),

ENC-TKT-IN-SKEY (28),

Renew (30),

Validate (31)

}

Principalname :: = sequence {

Name-Type [0] Integer,

Name-string [1] sequence of generalstring

}

Kerberostime :: = generalizedtime

- Specifying UTC Time Zone (Z)

Hostaddresses :: = sequence of sequence {

AddR-Type [0] Integer,

Address [1] OcTet String

}

Now let's take a look at the KDC-REQ structure. The KDC-REQ:: = SEQUENCE this line in Listing 1 indicates that the KDC-REQ structure is a sequence of different data structures. A set of parentheses after the sequence keyword describes the data structure that together constitutes the KDC-REQ structure. There are four lines of code in the curly brackets. The first line (PVNO [1] Integer defines the first element of the KDC-REQ structure, which is the PVNO field in Figure 2. The second line (MSG-TYPE [2] Integer corresponds to the MSG-Type field in Figure 2. Note that the type of PVNO and MSG-Type fields is Integer, which means they are built with the Integer data type. Also note the numbers in square brackets behind the PVNO and MSG-TYPE in Listing 1 (PVNO [1] and MSG-TYPE [2]). In contrast to the application level tag number seen in the front of the previous As-Req :: = [Application 10] KDC-REQ, they are the context-specific label number. What is the difference between application-level and context-specific label numbers? Application level tag numbers are only unique and effective throughout applications. For example, numbered 10 in the entire Kerberos application refers to an AS-REQ structure. The context-specific label number is only meaningful in defining their context. For example, inside the structure of KDC-REQ, the context-specific tag number 1 represents PVNO. However, when viewing the inside of other structures, the same context-specific tag number 1 is represented by some other fields. When discussed later, the list of lists 1 is encoded as the byte sequence in Table 2, I will explain the use of these application levels and context-specific tag numbers. Take a look at the third line of the KDC-REQ structure in Listing 1 (Padata [3] Sequence Of PA-DATA) and the fourth line (Req-body [4] kdc-req-body). The third line defines the PADATA field in Figure 2, which is a sequence of the PA-DATA structure. The fourth line represents the Req-Body box in Figure 2. The Padata and Req-Body fields are also a Kerberos structure consisting of different fields. For example, the data type of REQ-BODY is KDC-Req-Body, and the data type is one of them with several fields (with KDC-Options, CName, Realm, Sname, Till, NONCE, and "like previously discussed. The Kerberos structure of ETYPE and other fields. Recalling that the PVNO field is built with an Integer. On the other hand, the data type of the REQ-BODY field is KDC-REQ-BODY, which is a structure constructed by several fields. Also note that Integer is an example of the basic ASN.1 data type, and KDC-Req-Body is a derived data type built by other fields. ASN.1 defines some data types that can be used by the application, called universal data types. Most general data types are basic types, only a small number is built. ASN.1 defines tag numbers for general data types, as shown in Table 1. Table 1. Some universal data types and tag numbers

General Data Type General Label Number Build Type or Basic Type? Boolean 1 Basic Type Integer 2 Basic Type Bit String 3 Basic Type OCTET STRING 4 Basic Type SEQUENCE 16 Build Type GeneralizedTime 24 Basic Type GeneralString 27 Basic Table 1 Display INTEGER Data Types The label number is 2, and the Integer data type is the basic type. Sequence is a universal tag for the only build type in Table 1. This is because the Sequence data type is universal defined using other fields, and Sequence is always built with other fields. A tab number of the general data type is not mentioned in the definition of the ASN.1, because these tag numbers have been universally defined and understood. However, it is necessary to use the universal tag number when trying to encode the Kerberos structure as a byte sequence. You will see this later. Now, let me explain how the AS-REQ message in Listing 1 is how to encode the byte sequence. In order to show this encoding process, I provide Table 2, which shows that the client sends to the KDC server to request TGT requests (an AS-REQ structure) actual byte sequence in the TGT. The byte sequence shown in Table 2 is the end result of the AS-REQ encoding process we want to analyze. Because it is relatively long, I use a separate file to provide Table 2. When reading the following discussion, you should open it in a separate browser window. Look at the first byte in Table 2 (01101010). This is the first byte of the message indicates the beginning of the AS-REQ structure of the list 1 (the peripheral box in Figure 2). Bit 8 and bit 7 (01) indicates that this is an application-level label. Bit 6 (1) indicates that this is a built-in structure. Bits 5 in place 1 (01010) represents the tag number of AS-REQ (I said in the previous discussion, the application level tag number of the AS-REQ structure is 10, and its binary is represented as 01010). You can divide the label by segment into three parts:

Bit 8 and bit 7 specify the type or class of the label. For application-level tags, bit 8 and bit 7 should be 01, for context-specific tags, they should be 10, for general tags, they are 00. Bit 6 Specifies the label to be substantially (0) or built (1). Bits 5 in place 1 Code tag number. Because the number of bits used to indicate the label number limit the number of tags that can have, you may be weird why only 5 is used for tag numbers. ASN.1 defines a complete mechanism for the encoding tag number, independent of the size of the tag number. However, Kerberos did not define any label numbers that cannot be expressed in 5 digits. Therefore, in order to focus on Kerberos, I will not discuss how to handle big label numbers. Now, look at the second byte in Table 2 (10000001). After the label byte, there is one or more length bytes. These length bytes specify the total number of bytes constituting the full label. There are two ways to define the length byte. The first is the single-byte length indication, and the second is a multiberi-byte length representation. For single-byte lengths, the bit 8 of the first length byte is 0 is 0, and the number of length bytes is specified with the remaining bits. For example, if you want to say that there is 65 bytes in this structure, the length value can be encoded to 01000001 (bit 8 is set to 0, and the bit 7 is in place 1 - 1000001 - indicates 65). In this method, there is always a length byte that the next byte marker structure is started. The maximum value encoded with this method is 127. For multi-byte representation, the bit 8 of the first length byte is set to 1, and the number of subsequent length bytes is specified by bit 7 in place 1. For example, if you want to encode a value of 210, the first length byte will be 10000001 (bit 8 is set to 1, the bit 7 is set to 1, that is, 0000001 indicates that there is a length byte), then follow one byte, Its value is 11010010 (representing a decimal 210). Look at the bytes 2 and bytes in Table 2, they are 10000001 and 11010010, respectively. This means that I use the multi-byte length representation to specify the length of the AS-REQ structure, ie 210. Note There are 213 bytes in Table 2, where 210 is after the third byte. All 210 bytes after byte 3 belong to the AS-REQ structure. Therefore, all bytes of the fourth byte and the rear constitute the content of the AS-REQ structure. Note that the AS-REQ structure in Listing 1 is the definition of the KDC-REQ structure, which is a sequence. Recall that sequence is a general tag in Table 1, which is a built-in data type and its label number is 16. This is why the value of byte 4 in Table 2 is 00110000. Bit 8 and bit 7 (00) Specify this is a general tag. Bit 6 (1) indicates that this structure is built. Bit 5 is in place 1 Specify the tag number, which is 16 (binary 10000) for Sequence. Bytes 5 and byte 6 Specify the number of bytes in the KDC-REQ structure. Byte 5 (10000001) specifies a length byte. Byte 6 (11001111) Specifies the actual length (207) of the KDC-REQ sequence. I have explained the working way of the length byte. The first field of the KDC-REQ sequence in Listing 1 is PVNO, which is a context-specific, built-in field, which is 1. The byte 7 (10100001) in Table 2 represents this field. Bit 8 and bit 7 (10) indicates that this is a context-specific label.

Bit 6 (1) indicates that this is a built-in, bit 5 in place 1 (00001) Specify the label number of the PVNO field. Byte 8 (00000011) Specifies the length of the PVNO field. The bit 8 of this length byte is 0, which indicates that I use a single-byte length representation. Bit 7 in place 1 (0000011) Specify length 3. It should be noted here that as explained earlier, when the length of the structure is less than 127, I use a single-byte length representation. The content of the PVNO field begins with the 9th byte in Table 2. The PVNO field is built with the Integer basic data type, so I can expect the content of PVNO as an integer value. Byte 9 (00000010) represents an Integer tag. Bit 8 and bit 7 (00) Identify this is a general tag, bit 6 (0) means it is a basic type, bit 5 in place 1 (00010) indicates that the label number is 2 (see Table 1). Bit 10 (00000001) provides this INTEGER data type in the single-byte length representation. The Integer value consists only by one byte, that is, the next byte (11th byte). You will notice the byte encoding process to follow a clear mode. I started with the tag value corresponding to a field in Listing 1. The label value is behind the length byte, and the length byte is the content of the label. I have continuously used nested, hierarchical build structures until they reach a basic data type. You can complete Table 2 based on this mode. The instructions of Table 2 can help you understand the role of each byte. For additional messages to be discussed herein, I will not provide the by-byte analysis, but the analysis of this message can make you understand their way of work. Response of Packaging TGT Figure 3 is a graphical representation of a response message packaged by a TGT. Figure 3 also uses the nested frame structure shown in Figure 2. Figure 3. Structure of the TGT response of AS Figure 3 is marked as AS-REP, which contains a smaller box marked as KDC-REP. KDC-REP is a sequence consisting of several fields. PVNO: I explain this field when I discuss Figure 2. MSG-Type: The type of message. It is an integer, and it should be 11 for TGT response messages. Padata: I have done this field when discussing Figure 2. This is an optional field that does not use it in most TGT response messages. CREALM and CNAME: These fields are described in discussing Figure 2. Ticket: The actual TGT. I will discuss the format of Kerberos bills themselves in the later section of this article. ENC-Part: This is a package of encrypted data. All encrypted parts in the Kerveros message contain three fields:

ETYPE: Specifies the identifier of the encryption algorithm for performing password encryption. KVNO: The version used to encrypt the encryption key. AS is encrypted using the client's key. This field specifies the version used to make the encrypted key. Cipher: A series of bytes. This is the actual encrypted data. After the data is decrypted, I have another structure, as shown in Figure 4. Figure 4. Configuration of the encryption portion of the TGT response message Figure 4 shows the structure obtained after the encryption portion of the TGT response message is decrypted. It contains the following fields:

Key: This is a session key. Subsequent communication of the current session will use this key instead of a password key. Last-REQ: This field specifies the time of the last ticket request of the client. This field helps to inform the client, and its request has been received. Nonce: I have done this field when discussing Figure 2. The AS will contain a copy of the random number it receives in the request. This helps to detect reply attacks. If the hacker gets the TGT response and wants to reply it repeatedly, the client can compare the response Nonce field to request a reply. Key-eviration: This is an optional field that specifies the time for the key failure of the client. Flags: This field corresponds to the KDC-Options field of the TGT request of Figure 2. These Flags represent different optional features that the Kerberos client may request. The AS sends a flag back to the client, allowing the client to compare whether the AS can provide the requested optional function. Authtime: The time of the bill issues a ticket. STARTTIME: Time for the ticket to take effect. EndTime: Time for the ticket failed. Renew-Till: The final failure time of updatable tickets. SREALM: The field of the server. SNAME: The server name, the bills are valid. CADDR: This field specifies an address list that gives the corresponding tickets given by these addresses. The purpose of this field is to make the hacker use stolen notes more difficult. Listing 2 provides an ASN.1 class definition of TGT response messages. The reader can define the class in Listing 2 relative to the different fields shown in Figures 3 and 4. Listing 2. TGT response message ASN.1 class definition as-replication: = [Application 11] KDC-Rep

KDC-rep :: = sequence {

PVNO [0] Integer,

MSG-Type [1] Integer,

Padata [2] Sequence of Pa-Data Optional,

CREALM [3] Realm,

CNAME [4] PrincipalName,

Ticket [5] ticket,

ENC-Part [6] EncryptedData

}

EncryptedData :: = sequence {

ETYPE [0] Integer, - EncryptionType

Kvno [1] Integer Optional,

Cipher [2] OcTet string - Ciphertext

}

ENCASREPPART :: = [Application 25] Enckdcreppart

Enckdcreppart :: = sequence {

Key [0] EncryptionKey,

Last-Req [1] LastReq,

Nonne [2] Integer,

Key-eviration [3] Kerberostime Optional,

Flags [4] TicketFlags,

Authtime [5] Kerberostime,

StartTime [6] Kerberostime Optional,

Endtime [7] Kerberostime,

Renew-till [8] Kerberostime Optional, SREALM [9] Realm,

Sname [10] PrincipalName,

Caddr [11] Hostaddresses Optional

}

After receiving the TGT, the service ticket request, the client issues a service ticket request, as shown in Figure 5. The service ticket request is very similar to the TGT request I discussed in Figure 2. All fields in FIG. 5 can be controlled to the corresponding fields in FIG. I just need to explain the PADATA field specifically for the service ticket request. Figure 5. Structure Padata field of the service ticket request message is a sequence of the PA-DATA structure, which contains authentication data. The service ticket request needs to send TGT to the ticket to the paper. The PADATA field packages TGT into a PA-DATA structure. Kerberos achieves different purposes with PADATA fields, and packaging TGT is just one. Therefore, Kerberos defines different integer values ​​to specify what type of data packaged in PA-DATA structure. Figure 5 shows that the PA-DATA sequence contains only one PA-DATA structure, which consists of two subfields, namely Padata-Type and Padata-Value. Each PA-DATA structure in the PADATA sequence contains both fields. PADATA-TYPE is an integer value to specify the data type in the Padata-Value field. When the Padata-Value field is packaged in the service ticket request, the value of the PADATA-TYPE field is 1. The PADATA-VALUE field is a string byte containing TGT. The byte string in the PADATA-VALUE field is actually another Kerberos structure called KRB_AP_REQ (or AP-REQ), also known as the authentication head. The authentication header contains TGT and some other fields as follows:

PVNO: I have explained this field in the discussion of Figure 2. Message-Type: This field contains an integer value (12) for identifying KRB_TGS_REQ messages. AP-OPTIONS: This is a set of options. The first option remains used in later use. The second option specifies that the corresponding TGT is encrypted with the session key encrypted in the corresponding TGT. Because TGS already knows the session key, it can use this key to decrypt. If the third option is selected, then it specifies two-way authentication for the client. Ticket: TGT itself. Authenticator: This is an encrypted structure that contains several fields that allow the client to prove that it has session keys and helps TGS to detect reply attacks. The identification code in the authentication head is in the form of encrypted (ciphertext). The client uses the session key encryption password code. The fields of the identification code are as follows:

Authenticator-vno: The version number of the authentication code format. For Kerberos Version 5, this field should specify 5. CREALM and CNAME: I explained these fields in the discussion of Figure 2. CKSUM: A checksum or hash value is calculated from byte encoding of the Req-Body field shown in Figure 5. This field allows TGS to check the integrity of request messages. This field also demonstrates that the client has session keys in a structure in which the check is in a structure encrypted with a session key. CUSEC and CTIME: These two fields collectively specify client time for issuing KRB_AP_REQ messages. Cusec field Specifies the microsecond portion of the time, and the CTIME field specifies the date and the time in milliseconds. Subkey: This is an optional field that allows the client to specify the key to which communication between the server is then specified. For mobile bank applications, I will try to minimize processing loads on the J2ME client, so let the server determine the session key and subroll key. SEQ-NUMBER: This is an optional field that can contain a serial number of the message to detect a reply attack. Authorization-Data: This is an optional field with an application-specific authentication data. I didn't use this field in the mobile banking application. Listing 3 provides an ASN.1 class definition for service ticket request messages. The reader can define the different fields shown in Figure 5 with the class in Listing 3. Listing 3. Service ticket request message ASN.1 Class definition TGS-REQ :: = [Application 12] KDC-REQ

KDC-REQ :: = sequence {

PVNO [1] Integer,

MSG-Type [2] Integer,

Padata [3] Sequence of Pa-Data Optional,

Req-body [4] KDC-REQ-BODY

}

PA-DATA :: = SEQUENCE {

Padata-type [1] integer,

Padata-value [2] OcTet string,

- Might Be encoded AP-REQ

}

KDC-REQ-BODY :: = sequence {

KDC-Options [0] kdcoptions,

Realm [2] Realm, - Server's Realm

- Also Client's IN AS-REQ

Sname [3] PrincipalName Optional,

From [4] Kerberostime Optional,

Till [5] Kerberostime,

Rtime [6] Kerberostime Optional,

Nonce [7] integer,

ETYPE [8] Sequence of Integer, - EncryptionType,

- in Preference Order

Addresses [9] Hostaddresses Optional,

ENC-Authorization-Data [10] EncryptedData Optional,

- Encrypted AuthorizationData ENCODING

Additional-Tickets [11] Sequence of Ticket Optional

}

AP-REQ :: = [Application 14] sequence {pvno [0] Integer, - INDICES VERSION 5

MSG-Type [1] Integer, - INDICATES KRB_AP_REQ

AP-OPTIONS [2] Apoptions,

Ticket [3] ticket,

Authenticator [4] EncryptedData

}

Apoptions :: = bit string {

Reserved (0),

Use-session-key (1),

Mutual-reguired (2)

}

Ticket :: = [Application 1] sequence {

TKT-VNO [0] Integer, - INDICES VERSION 5

Realm [1] Realm,

Sname [2] PrincipalName,

ENC-Part [3] EncryptedData

}

- Encrypted Part of Ticket

ENCTICKETPART :: = [Application 3] sequence {

Flags [0] TicketFlags,

Key [1] EncryptionKey,

CREALM [2] Realm,

CNAME [3] PrincipalName,

Transited [4] TransitEncoding,

Authtime [5] Kerberostime,

StartTime [6] Kerberostime Optional,

Endtime [7] Kerberostime,

Renew-till [8] Kerberostime Optional,

Caddr [9] Hostaddresses Optional,

Authorization-Data [10] AuthorizationData Optional

}

- Unencrypted Authenticator

Authenticator :: = [Application 2] sequence {

Authenticator-vno [0] integer,

CREALM [1] Realm,

CNAME [2] PrincipalName,

CKSUM [3] Checksum Optional,

Cusec [4] Integer,

CTIME [5] Kerberostime,

Subkey [6] EncryptionKey Optional,

SEQ-NUMBER [7] Integer Optional,

Authorization-Data [8] AuthorizationData Optional

}

When the request contains the service ticket to receive the service ticket, it issues a service ticket in the response. Figure 6 shows the TGS response of the packaged service ticket. You can compare Figure 6 and Figure 3. You will find that the fields shown in Figure 3 are displayed in Figure 6, but the Ticket field in Figure 3 is TGT, and the Ticket field of Figure 6 is a service ticket. Also, when generating the encryption portion of Figure 6, KDC uses a session key exchanged in the previous message. Service tickets are packaged with the sub-session key that the client will use when communicating with the e-bank server. Figure 6. Structure Listing 4 of TGS Service Bill Response provides an ASN.1 class definition of service ticket response messages. The reader can control the different fields in Figure 6 to the class definition in Listing 4. Listing 4. Service ticket response message ASN.1 class definition TGS-rep :: = [Application 13] KDC-Rep

KDC-rep :: = sequence {

PVNO [0] Integer,

MSG-Type [1] Integer,

Padata [2] Sequence of Pa-Data Optional,

CREALM [3] Realm,

CNAME [4] PrincipalName,

Ticket [5] ticket,

ENC-Part [6] EncryptedData

}

EncryptedData :: = sequence {

ETYPE [0] Integer, - EncryptionType

Kvno [1] Integer Optional,

Cipher [2] OcTet string - Ciphertext

}

ENCTGSREPPART :: = [Application 26] Enckdcreppart

Enckdcreppart :: = sequence {

Key [0] EncryptionKey,

Last-Req [1] LastReq,

Nonne [2] Integer,

Key-eviration [3] Kerberostime Optional,

Flags [4] TicketFlags,

Authtime [5] Kerberostime,

StartTime [6] Kerberostime Optional,

Endtime [7] Kerberostime,

Renew-till [8] Kerberostime Optional,

SREALM [9] Realm,

Sname [10] PrincipalName,

Caddr [11] Hostaddresses Optional

}

The message from the client to the e-banking business logic server is now available to the client, which can be sent to the e-banking logic server. The client sends the message to the electronic bank server in Figure 7. The purpose of this message is to request the server to establish a new security context with the client. Figure 7. Structure from the Kerberos client to the e-bank server I said that the purpose of this article is to show the J2ME-based security mobile banking application. I am going to use the Generic Security Services API (GSS API, or simply referred to as GSS) to provide security features for e-banking logic servers. GSS is a general high-level security API that works on different security technologies like Kerberos (see Resources for more on GSS). I will discuss the use of the GSS API in the IP Business Logic Server in the third article of this series. Now, as long as you know that GSS is also an IETF standard. IETF defines the GSS wrapper for the Kerveros message delivered to the client and the server. In order to use GSS on the server side, I must ensure that the GSS client can issue and process the GSS wrapper. The peripheral frame in Figure 7 is marked as INITIALCONTEXTTOKEN, which is actually the name of the GSS wrapper packaged from the GSS client to the GSS server. In the InitialContextToken package, the first field name is thismech, which defines the security mechanism used by GSS as a low-level security technology (here is Kerveros). The second field in the InitialContextToken box is marked as KRB_AP_REQ, and I analyze it when discussing Figure 5. Recalling the previous discussion says that the KRB_AP_REQ structure is packaged. That's why I can use this structure to pack a service bill and send it to the e-bank server. I said that the service ticket already contains a sub-session key. Listing 5 provides an ASN.1 class definition of the Kerberos client to send the news of the electronic banking business logic server. You can control different fields in Figure 7 with class definitions in Listing 5. Listing 5. ASN.1 Class definition of the ASN.1 class definition of the security context request message from the client to the server InitialContextToken :: =

[Application 0] implicit sequence {

Thismech mechtype

- MechType is Object Identifier

Representing "Kerberos V5"

InnerContextToken Any Defined by thismech

- Contents Mechanism-Specific;

- Asn.1 Usage With InnerContextToken

- Is Not Required

}

AP-REQ :: = [Application 14] sequence {

PVNO [0] Integer, - Indicates Version 5

MSG-Type [1] Integer, - INDICATES KRB_AP_REQ

AP-OPTIONS [2] Apoptions,

Ticket [3] ticket,

Authenticator [4] EncryptedData

}

Apoptions :: = bit string {

Reserved (0),

Use-session-key (1),

Mutual-reguired (2)

}

Ticket :: = [Application 1] sequence {

TKT-VNO [0] INTEGER, - INDICATES VERSION 5REALM [1] Realm,

Sname [2] PrincipalName,

ENC-Part [3] EncryptedData

}

- Encrypted Part of Ticket

ENCTICKETPART :: = [Application 3] sequence {

Flags [0] TicketFlags,

Key [1] EncryptionKey,

CREALM [2] Realm,

CNAME [3] PrincipalName,

Transited [4] TransitEncoding,

Authtime [5] Kerberostime,

StartTime [6] Kerberostime Optional,

Endtime [7] Kerberostime,

Renew-till [8] Kerberostime Optional,

Caddr [9] Hostaddresses Optional,

Authorization-Data [10] AuthorizationData Optional

}

- Unencrypted Authenticator

Authenticator :: = [Application 2] sequence {

Authenticator-vno [0] integer,

CREALM [1] Realm,

CNAME [2] PrincipalName,

CKSUM [3] Checksum Optional,

Cusec [4] Integer,

CTIME [5] Kerberostime,

Subkey [6] EncryptionKey Optional,

SEQ-NUMBER [7] Integer Optional,

Authorization-Data [8] AuthorizationData Optional

}

Electronic Bank's response to the electronic bank's business logic server receives the message in Figure 7, which extracts the service ticket and decrypt the encryption portion in the ticket to obtain the sub-session key. The client already has the same subclock key. Therefore, the server and client can use this sub-session key to securely communicate with each other. Figure 8. Electronics Bank Send a confirmation message to the client to the system of the response to the Kerberos client, as shown in Figure 8. Below is a field that makes up the message of Figure 8:

PVNO: I explain this field in the discussion of Figure 2. MSG-TYPE: This is a message type identifier with integer value 14. ENC-Part: The encryption section of the message. The client decrypts the encryption section with sub-session keys. When decryption, it will show another structure with the following fields:

CTIME and CUSEC: I explain these fields in the discussion of Figure 6. Subkey: This is an optional key that a server may send to the client. If the server sends this key to the client, this key will be used to subsequent secure communication between the client and the server (replacing the sub-session key). SEQ-NUMBER: I explained this field in the discussion of Figure 5. Listing 6 provides an ASN.1 class definition of an electronic bank's response to the Kerveros client. The reader can define the different fields shown in Figure 8 with the class in Listing 6. Listing 6. ASN.1 definition of ASN.1 from the server to the client's security context

AP-rep :: = [Application 15] sequence {pvno [0] Integer, - Repesents Kerberos V5

MSG-TYPE [1] Integer, - Repesents KRB_AP_REP

ENC-Part [2] EncryptedData

}

Encapreppart :: = [Application 27] sequence {

CTIME [0] Kerberostime,

Cusec [1] integer,

Subkey [2] EncryptionKey Optional,

SEQ-NUMBER [3] Integer Optional

}

Before the end of this article, Kerberos bills I would like to show the structure of the Kerberos bill itself. Figure 9 shows the structure of the Kerberos bill. Figure 9. The structure of the Kerberos bill contains 11 fields:

TKT-VNO: Version of the bill format. Currently it is 5. Realm and Sname: I explained these fields in the discussion of Figure 2. These two fields collectively specify the full identifier of the server that can give a valid ticket. For TGT, these two fields identify TGS. On the other hand, for service bills, they specify an electronic banking logic server. ENC-Part: This is the confidential part of the ticket. This encrypted part is declared after another Kerberos structure, which contains some of the fields described below:

Flags: This is a set of flags I mentioned when I discuss the KDC-Options field in Figure 2. One of the signs is used to illustrate this TGT or a service ticket. Key: This is a session key (for TGT) or sub-session keys (for service bills). CREAL and CNAME: I explained these fields in the discussion of Figure 2. TRANSITED: As mentioned earlier, different Kerberos servers working in different fields can forward bills from one field to another. This field specifies the names of different fields involved in the release of such bills. I don't need this feature in the mobile banking application. Authtime: This is the time for KDC verification requesting customer identity. StartTime and EndTime: Tickets are valid from StartTime to EndTime. Renew-Till: As mentioned earlier, Kerberos bills can be updated. Such a ticket can contain this field that specifies the final failure time of the ticket. After this time, the bill will no longer be renewable. CADDR: I explained this field in the discussion of Figure 4. Outlook: Design the rest of the Kerberos client in this series, I will build a Kerberos client that provides security features for mobile banking applications. The main purpose of the Kerberos client is to post and process the Kerberos message explained herein. The client will be able to publish all messages from the client to the ticket or e-bank server (the message shown in Figures 2, 5, and 7) and process the message sent back from the server (shown in Figure 2, 4, 6, 8, and 9) news). The Kerberos client I develop will run on a limited wireless device. Therefore, there is only a few resources. My focus is placed in efficiently using available device resources. Safety applications typically make equipment resources bear heavy processing load. In order to improve the efficiency of the program, I have to make some compromises for good object-oriented design practices. This is very common for major J2ME applications. The latter two articles will be displayed in the mobile banking application. Conclusion In this article, I explained the usage model and security requirements of the mobile banking application. I also describe the sequence of the Kerberos message to exchange the encryption key between the Kerberos client and an electronic bank server to securely communicate (and the Kerberos data format). Then I briefly look forward to the J2ME Kerberos client to build in the two articles in this series. I hope this article can provide useful information for all readers who wish to understand the details of the Kerberos message. I need to use all of this information when writing the rest of this series. Reference

You can see the original text of this article on the developerWorks global site. Download all lists discussed herein and Table 2. Read the official RFC 1510 of the Kerberos (version 5) on Ietf.org and the RFC 1964 of GSS. Visit the Kerberos Working Group on the IETF website. In the article "SIMPLIFY Enterprise Java Authentication with Single Sign-on" (DeveloperWorks, Sep 2003), Faheem Khan dedicated the single sign-on using Kerberos and Java GSS API. This page on MIT contains a very good link to Kerberos. Download a complete ASN.1 document and encoding rules. Read Jason Garman's Kerberos: The Definitive Guide (O'Reilly & Associates, 2003) to learn Kerberos. See how IBM products use Kerberos. IBM AlphaWorks provides Web Services Toolkit for Mobile Devices to connect your J2ME device with the Web service world. About the author Faheem Khan is an independent software consultant, expertise is an enterprise application integration (EAI) and B2B solution. Readers can contact Faheem via fkhan872@yahoo.com.