Skip to content

Latest commit

 

History

History
398 lines (269 loc) · 8.98 KB

README.md

File metadata and controls

398 lines (269 loc) · 8.98 KB

Cryptographic and Authentication Protocols Project

This project demonstrates cryptographic techniques (AES encryption) and compares authentication protocols (Kerberos and OAuth 2.0) in a Python-based environment. It evaluates the performance of these protocols and generates automated reports.

Project Structure

cryptographic_and_authentication/
├── aes_encryption.py           # AES encryption and decryption script
├── kerberos_auth.py            # Kerberos authentication script
├── oauth2_auth.py              # OAuth 2.0 authentication script
├── performance_comparison.py   # Script to compare Kerberos and OAuth
├── results/
│   ├── results.txt             # Log file for results
│   ├── performance_chart.png   # Visualization chart
│   └── report.md               # Automated report
├── requirements.txt            # Python dependencies
└── README.md                   # Project documentation

Features

  • AES Encryption: Demonstrates symmetric encryption for securing data.
  • Kerberos Authentication: Automates ticket-based authentication using MIT Kerberos.
  • OAuth 2.0 Authentication: Implements token-based delegated access for secure API usage.
  • Performance Comparison: Measures and compares the time taken for Kerberos and OAuth 2.0 flows.
  • Visualization: Generates a bar chart to illustrate protocol performance.
  • Automated Documentation: Creates logs and a report summarizing the results.

Prerequisites

1. Python 3.8 or higher installed on your system.

2. Required Python libraries:

  • cryptography
  • requests
  • requests-oauthlib
  • matplotlib
  • jinja2
  • pykerberos

Installation

1. Clone the repository:

git clone https://github.com/aliabbascheema/cryptographic_and_authentication.git
cd cryptographic_and_authentication

2. Python Environment

  • Python 3.8+
  • Create a virtual environment: 
    python3 -m venv venv
source venv/bin/activate   # On Windows: venv\Scripts\activate
  • Install dependencies: 
    pip install -r requirements.txt

3. Kerberos Setup

  • Install Kerberos utilities:
sudo apt update
sudo apt install krb5-kdc krb5-admin-server krb5-user

During installation, you’ll be prompted to set up the Kerberos realm. If you skip this, you can configure it manually.

Step 2: Configure Kerberos Realm

  1. Edit /etc/krb5.conf: Open the Kerberos configuration file:

    sudo nano /etc/krb5.conf

    Example configuration:

    [libdefaults]
    default_realm = EXAMPLE.COM
    dns_lookup_realm = false
    dns_lookup_kdc = false

[realms]
    EXAMPLE.COM = {
        kdc = localhost
        admin_server = localhost
    }

[domain_realm]
    .example.com = EXAMPLE.COM
    example.com = EXAMPLE.COM

    Replace EXAMPLE.COM with your desired realm.

  2. Edit /etc/krb5kdc/kdc.conf: Configure the KDC-specific settings:

    sudo nano /etc/krb5kdc/kdc.conf

    Example configuration:

    [kdcdefaults]
    kdc_ports = 88
    kdc_tcp_ports = 88

[realms]
    EXAMPLE.COM = {
        master_key_type = aes256-cts
        max_life = 1d
        max_renewable_life = 7d
        acl_file = /etc/krb5kdc/kadm5.acl
        database_name = /var/lib/krb5kdc/principal
        key_stash_file = /etc/krb5kdc/stash
        default_principal_flags = +preauth
    }

  3. Edit /etc/krb5kdc/kadm5.acl: Define access control rules for administrative operations:

    sudo nano /etc/krb5kdc/kadm5.acl

    Example content:

    */admin@EXAMPLE.COM *

    This allows all admin principals to have full access.

Step 3: Create the Kerberos Database

Initialize the KDC database:

sudo kdb5_util create -s

You will be prompted to set a master password for the database.

Step 4: Add Kerberos Principals

  1. Add an admin principal:

    sudo kadmin.local

    Inside the kadmin.local shell:

    addprinc admin/admin

    Set a password for the admin/admin principal.

  2. Add a regular user principal for testing:

    addprinc testuser

    Set a password for testuser.

  3. Exit the admin shell:

    exit

Step 5: Start the Kerberos Services

Start and enable the KDC and admin services:

sudo systemctl start krb5-kdc
sudo systemctl start krb5-admin-server
sudo systemctl enable krb5-kdc
sudo systemctl enable krb5-admin-server

Step 6: Configure as a Kerberos Client

  1. Ensure /etc/krb5.conf matches the server configuration. It should already be configured if you followed the earlier steps.

  2. Test the client by obtaining a Kerberos ticket:

    kinit admin/admin

    Enter the password you set earlier. If successful, you can view your ticket using:

    klist

    Output should look like:

    Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: admin/admin@EXAMPLE.COM

Valid starting       Expires              Service principal
12/05/2024  19:45    12/06/2024  19:45    krbtgt/EXAMPLE.COM@EXAMPLE.COM

Step 7: Test Kerberos Authentication

  1. Add a service principal for testing:

    sudo kadmin.local

    Inside the kadmin.local shell:

    addprinc -randkey host/localhost

    Export the keytab file for the service:

    ktadd host/localhost

    Exit the admin shell:

    exit

  2. Test a service authentication using:

    kinit testuser
kvno host/localhost

    The kvno command fetches a service ticket, indicating successful Kerberos authentication.

Step 8: Debugging

  • Check logs for any issues:

    • /var/log/krb5kdc.log
    • /var/log/krb5lib.log

  • Restart services if needed:

    sudo systemctl restart krb5-kdc
sudo systemctl restart krb5-admin-server

4. OAuth Setup

  • OAuth Application Registration:
    • Register your app with a provider like GitHub.
    • Add these variables to .env: 
      CLIENT_ID=<your_client_id>
CLIENT_SECRET=<your_client_secret>
AUTHORIZATION_URL=https://github.com/login/oauth/authorize
TOKEN_URL=https://github.com/login/oauth/access_token
REDIRECT_URL=<your_redirect_url>

Scripts Overview

1. AES Encryption (aes_encryption.py)

  • Encrypts and decrypts a message using AES with CBC mode.
  • Generates a random key and initialization vector (IV).
  • Demonstrates encryption, padding, and decryption.

2. Kerberos Authentication (kerberos_auth.py)

  • Automates the setup of a Kerberos service principal.
  • Authenticates using Kerberos tickets and retrieves a service token.

3. OAuth 2.0 Authentication (oauth2_auth.py)

  • Implements the OAuth 2.0 flow to authenticate and fetch user data.
  • Retrieves an access token and uses it to access a protected resource.

4. Performance Comparison (performance_comparison.py)

  • Compares Kerberos and OAuth 2.0 authentication based on execution time.
  • Outputs a performance chart and a summary report.

Outputs

  1. results/results.txt:

    • Execution times for Kerberos and OAuth.
    • OAuth user details (retrieved from the API).

  2. results/performance_chart.png:

    • A bar chart comparing authentication performance.

  3. results/report.md:

    • A markdown report summarizing the results and including the performance chart.

Usage Guide

1. Run AES Encryption

python aes_encryption.py

2. Run Kerberos Authentication

python kerberos_auth.py

3. Run OAuth 2.0 Authentication

python oauth2_auth.py

4. Compare Protocols

python performance_comparison.py

Example Workflow

  1. Activate the virtual environment: 
    source venv/bin/activate
  2. Run individual scripts to observe functionality.
  3. Execute performance_comparison.py to measure and compare protocol performance.

Dependencies

All dependencies are listed in requirements.txt. Install them with:

pip install -r requirements.txt

Key Notes

  1. Kerberos:

    • Ensure /etc/krb5.conf is correctly configured for your realm.
    • Use a valid service principal (HTTP/localhost).

  2. OAuth:

    • Replace placeholders in .env with valid credentials from your OAuth provider.

  3. Virtual Environment:

    • Always activate the virtual environment before running scripts.

Future Enhancements

  • Extend comparison to additional encryption and authentication protocols (e.g., RSA, JWT).
  • Add real-world use cases, such as API integration.
  • Automate environment setup using Docker or Ansible.
  • Add support for decentralized identity solutions like DIDs.
  • Extend the performance evaluation to include scalability tests with multiple concurrent users.

Author

  • Ali Abbas