Professional Documents
Culture Documents
Kerberos
Trusted key server system from MIT
Based on Needham-Shroeder
Signifies multi-headed dog in Greek
mythology (keep outsiders away)
provides centralised private-key third-party
authentication in a distributed network
allows users access to services distributed
through network
without needing to trust all workstations
server
two versions in use: 4 & 5
Kerberos Requirements
first published report identified its
requirements as:
security
reliability
transparency
scalability
implemented using an authentication
protocol based on Needham-Schroeder
Kerberos Realms
a Kerberos environment consists of:
a Kerberos server
a number of clients, all registered with
server
application servers, sharing keys with
server
this is termed a realm
typically a single administrative domain
if have multiple realms, their Kerberos
servers must share keys and trust
Kerberos 4 Overview
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify self
AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other
services from TGS on basis of users TGT
Tickets and Ticket-Granting Tickets
users, resources: principal share
master key with KDC
KDC sends to A: KA{KAB}
Bob ; ticket: KB{KAB} + other
information (name of Alice)
Alice tickets expire in 21 hours
thus: knowledge of KAB proves identity
+ use for encryption
credentials: KAB and ticket
Alice logs in with uid and passwd
password generates master key
workstation asks for session key SA on
behalf of Alice (time-limited)
KDC sends SA to workstation
ticket-granting ticket (TGT) KDC{SA ….}
master key
Alice AS
Login
Id = Alice
•AS sends back encrypted session key and TGT to
Alice
Alice Output*
AS
Session key
Alice (KS)
Output*
•Step 2 : Alice sends a request for SGT to the TGS
•Contains TGT, id of server (Bob)& current timestamp
encrypted with session key
Alice TGS
Request for a SGT
Output*
Timestamp
Output*
•TGS sends response back to Alice
Alic Output*
TGS
e
Alice KAB
Bob KAB
Output*
•Step 3
•User contacts Bob for accessing the server
•Alice sends KAB securely to Bob
Alic SendingSending
KABKAB Bob
e
Output*
Timestamp
Output*
•Bob acknowledges the receipt of KAB
Acknowledging KAB
Alic Bob
e
Encrypted Timestamp
(ET)*
Wonderland KDC
Oz@wonderland
Credentials to Oz
Oz KDC
Dorothy
Alice
TGS_REQ(“alice@Wonderland”,Dorothy@Oz
Credentials to Dorothy
AP _ REQ
Key Version Numbers
allow unsynchronized changes of master
keys
remember several versions of past keys
replication new passwords may fail
Kerberos Version 5
developed in mid 1990’s
provides improvements over v4
addresses environmental shortcomings
encryption algo, network protocol, byte order, ticket
lifetime, authentication forwarding, interrealm auth
and technical deficiencies
double encryption, non-std mode of use, session keys,
password attacks
specified as Internet standard RFC 1510
Names
Kerberos V4 client is named by three
fields
Name, instance, realm
V% 2 components
Realm and name
Delegation of Rights
transfer rights to object, for limited time & scope
can’t delegate: contain network address of
requestor
V5: ask for TGT for different node or any node
(audit!)
may grant TGT or ticket to specific service
Forwardable: exchange for TGT with different
address
may ask for TGT that can again be forwarded
Proxy tickets
Ticket Lifetimes
unlimited lifetime instead of 21 hours
– start time (may be postdated into the
future)
– end time (may be adjusted)
– authorization time (initial TGT)
– renew-till = upper bound on renewal
– postdating may require revalidation à
revocation
renewable ticket
can’t renew expired ticket
Key Protection
single password in all realms à same
masterkey
compromise one KDC à compromise all
solution: master key depends on realm
Cryptographic Algorithms