Kerberos

By: Vinay Pratap Singh M.Tech - CIT-13/12

Kerberos
Network authentication protocol + Key Distribution Center. Developed at MIT in the mid 1980s. Available as open source or in supported commercial software. Requires that each client (each request for service) prove its identity. Does not require user to enter password every time a service is requested! . Authentication service for interactive services like telnet,ftp etc.. Here user prompted for password and must login in real time. Symmetric key encryption used. It is fast and allows real time authentication.

Why Kerberos?
Authentication is a key feature in a multi user environment. Sending usernames and passwords in the clear jeopardizes the security of the network. Each time a password is sent in the clear, there is a chance for interception.

Kerberos Assumption
The workstations or machines are more or less secure i.e. There is no way for an attacker to intercept communication between a user and a client (user process).

Kerberos Design
user must identify himself once at the beginning of a workstation session (login session). passwords are never sent across the network in clear text (or stored in memory) every user has a password. every service has a password. the only entity that knows all the passwords is the authentication server.

Kerberos Requirements
Its requirements as:
Security: a network eavesdropper should not be able to obtain the required information for impresonating a user. Reliability: services rely on the availability of Kerberos access control, thus lack of availability of Kerberos is lack of availability of the services. Kerberos should employ a distributed server architecture with one system able to back up another. Transparency: the user should not be aware that authentication is taking place, except for the entering of the password Scalability: the system should have a modular, distributed architecture to support large number of clients and servers.

implemented using an authentication protocol based on Needham-Schroeder Protocol

Kerberos 4
a basic third-party authentication scheme have an Authentication Server (AS)
users initially negotiate with AS to identify self, AS provides a non-corruptible authentication credential (ticket granting ticket TGT) .

have a Ticket Granting server (TGS)

users subsequently request access to other services from TGS on basis of users TGT.

Tickets
Each request for a service requires a ticket. A ticket provides a single client with access to a single server. Tickets are dispensed by the ticket granting server (tgs), which has knowledge of all the encryption keys. Tickets are meaningless to clients, they simply use them to gain access to servers. The tgs seals (encrypts) each ticket with the secret encryption key of the server. Sealed tickets can be sent safely over a network - only the server can make sense out of it. Each ticket has a limited lifetime (a few hours).

Tickets Contents
Client Name (User Login Name) Server Name Client Host Network Address Session Key For Client/Server Ticket Lifetime Creation Timestamp

Kerberos 4

The Ticket Granting Tickets

The Ticket Granting Service

The Application Server

Kerberos Realms
a Kerberos environment consists of:
a Kerberos server a number of clients, all registered with server application servers, sharing keys with server

this is termed a realm

typically a single administrative domain

if have multiple realms, their Kerberos servers must share keys and trust The use of multiple realms provides for the scalability of Kerberos.

Weakness
Single point of failure. Requires synchronization of involved hosts clocks. The administration protocol is not standardized. Compromise of central server will compromise all users' secret keys. If stolen, TGT can be used to access network services of others.

Thank You !!