Scribd
Upload
55 views

Lecture 16 Kerberos

The document discusses Kerberos, a network authentication protocol that uses tickets to allow nodes on a non-secure network to prove their identity through a trusted third party. Kerberos relies on symmetric key cryptography and uses tickets and ticket granting tickets to authenticate users to services on the network. It describes the basic workflow where a client authenticates to the authentication service, gets a ticket granting ticket, and then uses that to get service tickets to access resources requiring authentication.

Uploaded by

open up eyes
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views

Lecture 16 Kerberos

The document discusses Kerberos, a network authentication protocol that uses tickets to allow nodes on a non-secure network to prove their identity through a trusted third party. Kerberos relies on symmetric key cryptography and uses tickets and ticket granting tickets to authenticate users to services on the network. It describes the basic workflow where a client authenticates to the authentication service, gets a ticket granting ticket, and then uses that to get service tickets to access resources requiring authentication.

Uploaded by

open up eyes
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 37

IS-381 Network Security

AUTH E NTIC ATIO N APPLIC ATIO NS:


KE R B E R O S

Dr. Waseem Iqbal


Introduction
 Kerberos is a computer
network authentication protocol that works on the basis
of tickets to allow nodes communicating over a non-
secure network to prove their identity to one another in a
secure manner

 Kerberos builds on symmetric key cryptography and


requires a trusted third party, and optionally may use
public-key cryptography during certain phases of
authentication

 Kerberos uses UDP port 88 by default


Kerberos
 A trusted third party authentication service
designed for distributed environments.
 Kerberos assumes:
 An open distributed environment for users at
workstations to access services on servers
distributed through the network
 No trust on the identification of users by workstations
(WS)
Kerberos
 Three threats exist if WS identifies users:
 An opponent pretends to be another user
operating on the workstation.
 An opponent alters the network address of a
workstation.
 An opponent eavesdrops on exchanges and uses
a replay attack
 Authentication done individually at each server
would be complex.
Kerberos
 Provides a centralized authentication server to
authenticate users to servers and servers to
users.
 R elies on conventional encryption, making no
use of public-key encryption
 Two versions: version 4 and 5
 V ersion 4 makes use of DE S, and 5 use AE S
M otivation
 Today, more common implementation is a
distributed architecture with dedicated user WSs
(clients) and centralized servers.
 Three approaches for security:
 E ach WS assures the identity of its user and each
server enforces a security policy based on user ID.
 C lient systems authenticate themselves to servers,
but servers trust C lient systems concerning the
identity of its user.
 The C lient proves user’s identity for each service
invoked and the servers prove its identity to the
clients
 Kerberos supports this third approach.
R equirements
 Secure
 R eliable
 Transparent
 Scalable
Kerberos V ersion 4
 Terms:
 C = C lient
 AS = authentication server
 V = server
 IDc = identifier of user on C
 IDv = identifier of V
 Pc = password of user on C
 ADc = network address of C
 Kv = secret encryption key shared by AS an V
 TS = timestamp
 || = concatenation
Ticket
G ranting
X Y Z Service Think “Kerberos Server” and Service
don’t let yourself get mired in
terminology.
Key
Distribution
C enter

Authen-
Tication
Service

Susan’s
Desktop
Susan C omputer
Ticket
G ranting
X Y Z Service R epresents something Service
requiring Kerberos
authentication (web
server, ftp server, ssh Key
server, etc… ) Distribution
C enter

Authen-
Tication
Service

Susan’s
Desktop
Susan C omputer
Ticket
G ranting
X Y Z Service Service

Key
“I’d like to be allowed to Distribution
get tickets from the C enter
Ticket G ranting Server,
please.
Authen-
Tication
Service

Susan’s
Desktop
Susan C omputer
Ticket
G ranting
X Y Z Service Service
“O kay. I locked this box with
your secret password. If you
can unlock it, you can use its
contents to access my Ticket Key
G ranting Service.” Distribution
C enter

Authen-
Tication
Service

Susan’s
Desktop
Susan C omputer
Ticket
G ranting
X Y Z Service Service

Key
Distribution
C enter

Authen-
Tication
TG T Service

ord Susan’s
myPassw
Desktop
Susan C omputer
TG T
B ecause Susan was able to open the box (decrypt
a message) from the Authentication Service, she is
now the owner of a shiny “Ticket-G ranting Ticket”.

The Ticket-G ranting Ticket (TG T) must be


presented to the Ticket G ranting Service in order to
acquire “service tickets” for use with services
requiring Kerberos authentication.

The TG T contains no password information.


“Let me prove I am
Susan to X Y Z Service. Ticket
G ranting
X Y Z Service H ere’s a copy of my Service
TG T!”

Key
Distribution
C enter

Authen-
Tication
TGTG
T T
Service

Susan’s
us e X Y Z Desktop
Susan C omputer
H ey X Y Z :
Susan is Susan. Ticket
C O NF IR M E D: TG S
G ranting
X Y Z Service Service
Y ou’re Susan.
H ere, take this.
Key
Distribution
C enter

Authen-
Tication
TG T
Service

Susan’s
Desktop
Susan C omputer
Ticket
I’m Susan. I’ll prove it. G ranting
X Y Z Service Service
H ere’s a copy of my
legit service ticket for
XYZ.
Key
Distribution
C enter

Authen-
H ey X Y Z :
Tication
SusanH iseySusan.
XYZ:
TG T
C O Susan
NF IR M is Susan.
E D: TG S Service
C O NF IR M E D: TG S

Susan’s
Desktop
Susan C omputer
That’s Susan alright. Let me
determine if she is authorized
to use me. Ticket
G ranting
X Y Z Service Service

H ey X Y Z :
Susan is Susan. Key
C O NF IR M E D: TG S Distribution
C enter

Authen-
H ey X Y Z :
Tication
Susan is Susan. TG T
C O NF IR M E D: TG S Service

Susan’s
Desktop
Susan C omputer
Authorization checks are performed by the X Y Z
service…

J ust because Susan has authenticated herself


does not inherently mean she is authorized to
make use of the X Y Z service.
O ne remaining note:

Tickets (your TG T as well as service-specific


tickets) have expiration dates configured by your
local system administrator(s). An expired ticket is
unusable.

Until a ticket’s expiration, it may be used


repeatedly.
Ticket
M E AG AIN! I’ll prove it. G ranting
X Y Z Service Service
H ere’s another copy of
my legit service ticket
for X Y Z .
Key
Distribution
C enter

Authen-
H ey X Y Z :
Tication
SusanH iseySusan.
XYZ:
TG T
C O Susan
NF IR M is Susan.
E D: TG S Service
C O NF IR M E D: TG S

Susan’s
us e X Y Z Desktop
Susan C omputer
That’s Susan… again. Let me
determine if she is authorized
to use me. Ticket
G ranting
X Y Z Service Service

H ey X Y Z :
Susan is Susan. Key
C O NF IR M E D: TG S Distribution
C enter

Authen-
H ey X Y Z :
Tication
Susan is Susan. TG T
C O NF IR M E D: TG S Service

Susan’s
Desktop
Susan C omputer
A Simple Authentication
Dialogue
(1) C  AS: IDc || P c || Idv
(2) AS  C: Ticket
(3) C  V : ID c || Ticket

Ticket = E K v [ID c || AD c || IDv ]


- The user logs on to a WS and requests access to server V
- The client module C requests user’s password
- Then C sends message(1) to AS
- AS send a ticket to convince V of the user’s authenticity
A Simple Authentication
Dialogue

Pc=password of client

c+ IDv
c+P
1- ID
ket
2- Tic

3- ID
c +T
icke
t

Ticket=Ekv[IDc,ADc,IDv]
Problems
 Frequent requests to enter user’s password
 Suppose each ticket can be used only once
 A user enters a password to get a ticket each time the
user wants access to V
 Suppose the tickets are reusable to improve the
matters
 A user needs a new ticket for every different service
and hence be required to enter a password
 A plaintext transmission of password in
message(1)
 An opponent could capture the password and use
any service accessible to the victim
A M ore Secure Authentication
Dialogue
 Addition of a ticket-granting server (TG S).
 TG S issues tickets for services to users who
have been authenticated to AS.
 User first requests a ticket-granting ticket (TG T)
from AS
 TG T is saved in the client module of WS and used
to authenticate the user itself to TG S for each
access to a new service
 The service-granting ticket (SG T) issued by TG S is
saved and used to authenticate its user to a
server for a particular service
A M ore Secure Authentication
Dialogue
Once per user logon session:
(1) C  AS: IDC ll IDtgs
(2) AS  C : E(KC , Tickettgs )

Once per a type of service:


(3) C  TGS: IDC ll IDV ll Tickettgs
(4) TGS  C: Ticketv
Once per a service session:
(5) C  V: IDC ll Ticketv
Tickettgs = E(Ktgs, [Idc ll Adc ll Idtgs ll TS1 ll Lifetime1])
Ticketv = E(Kv , [Idc ll Adc ll Idv ll TS2 ll Lifetime2])
A M ore Secure Authentication
Dialogue
O nce per user logon session:
(1) C  AS: IDC ll IDtgs
(2 ) AS  C : E (KC , Tickettgs)
Tickettgs = E (Ktgs, [IDcllADcllIDtgsllTS1llLifetime1])

 The client requests a TG T by sending msg(1) to AS


 The AS responds with a ticket encrypted with a key
derived from user’s password
 The client prompts the user to enter a password when
receiving the response from the AS and generates a
key
 If the correct password is supplied, the ticket is
successfully recovered
A M ore Secure Authentication
Dialogue
O nce per type of service:
(3) C  TG S: IDC ll IDV ll Tickettgs
(4 ) TG S  C : Ticketv
Ticketv = E (Kv, [IDc ll ADc ll IDv ll TS2 ll Lifetime2 ])

 The client requests a service-granting ticket


(SG T) for the user with a message(3) including
the TG T
 The TG S issues a SG T when the user has been
authenticated by the content of the TG T
 The SG T has the same structure as the TG T
because both authenticate clients
A M ore Secure Authentication
Dialogue
O nce per type of service:
(5 ) C  V : IDC ll Ticketv
Ticketv = E (Kv, [Idc ll Adc ll Idv ll TS2 ll Lifetime2 ])

 The client requests access to a server for the user


with message(5 )
 The server authenticates by using the contents of
the SG T
 The scenario satisfies the two requirement:
 O nly one password query
 No transmission of the user password in plaintext
A M ore Secure Authentication
Dialogue

User IDC , IDtgs


AS
E KC (Tickettgs)
O nce per user logon Ticket G ranting TicketTG S= E Ktgs[IDC , ADC , IDtgs, Lifetime1]
session

IDC , IDV , Tickettgs


C TG S
TicketV
O nce per type of Service G ranting TicketV = E KV [IDC , ADC , IDV , Lifetime2 ]
service

IDc, TicketV V
O nce per service session

TG S : Ticket G ranting Server


Problems
 The lifetime associated with the TG T
 Too short  frequent prompts for entering the
password
 Too long  replay attack after capturing the
ticket
 TG S or AS must prove that the person using the
ticket is the same person to whom that ticket was
issued.
 The requirement for servers to authenticate
themselves to users.
 The impersonated server could deny the true
service to the user
V ersion 4 Authentication
Dialogue
(1) C  AS IDc || IDtgs || TS1
(2) AS  C E(K c ,[ K c , tgs ll IDtgs ll TS2 ll Lifetime2 ll Tickettgs ])
Tickettgs = E (K tgs , [Kc , tgs ll IDc ll ADc ll IDtgs ll TS2||Lifetime2])
(a) Authentication Service E xchange to obtain ticket-granting ticket

(3) C  TGS IDv || Tickettgs || Authenticatorc


(4) TGS  C E(K c, tgs [K c,v ll IDv ll TS4 ll Ticketv ])
Tickettgs = E(K tgs,[K c, tgs ll IDc ll ADc ll IDtgs ll TS2 ll Lifetime2])
Ticketv = E(K v ,[K c, v ll IDc ll ADc ll IDv ll TS4 ll Lifetime4])
Authenticatorc = E(K c, tgs [IDc ll ADc ll TS3])

(b) Ticket-G ranting Service E xchange to obtain service-granting ticket

(5) CV Ticketv || Authenticatorc


(6) V  C E(K c,v , [TS5 + 1]) (for mutual authentication)
Ticketv = E (K v , [Kc, v ll IDc ll ADc ll IDv ll TS4 ll Lifetime4])
Authenticatorc = E ( K c,v , [IDc ll ADc ll TS5])
(c) C lient/Server Authentication E xchange to obtain service
V ersion 4 Authentication
Dialogue
(1) C  AS IDc || IDtgs || TS1
(2) AS  C E(K c ,[ K c , tgs ll IDtgs ll TS2 ll Lifetime2 ll Tickettgs ])

Tickettgs = E (K tgs , [ K c , tgs ll IDc ll ADc ll IDtgs ll TS2||Lifetime2])

 The client requests a TG T to AS with message(1)


 To handle the problem of captured TG T and the ID
of ticket presenter,
 the AS provides both the TG S and the client with a
secret information, called a session key, in a secure
manner through message(2 )
 The key is used to prove the identity of the client to
TG S
V ersion 4 Authentication
Dialogue
(3) C  TGS IDv || Tickettgs || Authenticatorc
(4) TGS  C E(Kc, tgs [Kc,v ll IDv ll TS4 ll Ticketv ])
Authenticatorc = E(Kc, tgs [IDc ll ADc ll TS3])
Tickettgs = E(Ktgs,[K c, tgs ll IDc ll ADc ll IDtgs ll TS2 ll Lifetime2])

Ticketv = E(Kv ,[K c, v ll IDc ll ADc ll IDv ll TS4 ll Lifetime4])


 C transmits an authenticator (A) used only once with very short lifetime in
message(3)
 R eplay attack is encountered.
 The TG S decrypts the A and the ticket with keys,
 The contents from the both are checked if those match
 The ticket is a way to distribute keys securely
 The A proves the client’s identity.
 R eply from TG S includes a session key shared b/w C and V.
 It says that the key can be used by only C and V for authentication.
V ersion 4 Authentication
Dialogue
(5) CV Ticketv || Authenticatorc
(6) V  C E(Kc,v , [TS5 + 1]) (for mutual authentication)
Ticketv = E (Kv , [Kc, v ll IDc ll ADc ll IDv ll TS4 ll Lifetime4])

Authenticatorc = E (Kc,v , [IDc ll ADc ll TS5])

 The message(5 ) is similar to message(3)


 V examines the contents of A and the ticket if the ticket
presenter is genuine
 The mutual authentication is done with message(6 )
 The value of timestamp from the A is incremented by 1 and
encrypted by the session key.
 The contents of the message assures C that this is not a replay
 The session key is used to encrypt future messages b/w the
two or to exchange a new random session key for that purpose
V ersion 4 Authentication
Dialogue

You might also like