Scribd
Upload
7 views24 pages

Kerberos

Kerberos is a network authentication protocol developed by MIT in the 1980s that provides mutual authentication between clients and servers. It utilizes a Key Distribution Center (KDC) for authentication through a ticketing system, based on symmetric key encryption. Key features include single sign-on, limited ticket lifetimes, and strong security measures, although it faces certain security concerns like Golden Ticket and Kerberoasting.

Uploaded by

newarsahil34
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views24 pages

Kerberos

Kerberos is a network authentication protocol developed by MIT in the 1980s that provides mutual authentication between clients and servers. It utilizes a Key Distribution Center (KDC) for authentication through a ticketing system, based on symmetric key encryption. Key features include single sign-on, limited ticket lifetimes, and strong security measures, although it faces certain security concerns like Golden Ticket and Kerberoasting.

Uploaded by

newarsahil34
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

KERBEROS

Network Authentication Protocol


What is Kerberos?
▸ Kerberos is a network authentication protocol
▸ Version 5 provides mechanism for mutual authentication between client
and server or two servers.
▸ The Kerberos Key Distribution Center (KDC) uses the domain’s Active
Directory service database as it’s security account database.
▸ The protocol was initially developed by MIT in the 1980

2
Characteristics
▸ It is a stateless protocol
▸ Based on symmetric key encryption and communication
▸ Authentication is based on ticketing system

3
Key Components
▸ Authentication via Kerberos is done by the Key Distribution Center
(KDC)
▹ Authentication service (AS): Authenticates users when they initially
attempt to access a service
▹ Ticket granting service (TGS): Connects a user with the service server
(for example, a file server) based on information stored in the database
▹ Kerberos database: Where the IDs and passwords are stored, often an
LDAP server or the Security Account Manager (SAM) database in an
Active Directory environment.

4
Authentication Process
▸ Three pairs of Request-Response
▹ AS_REQ and AS_REP
▹ TGS_REQ and TGS_REP
▹ AP_REQ and AP_REP

5
Authentication Process
▸ AS_REQ
▹ Security Identifier (SID)
▹ Name of the requested service (for example, example.cool.hat)
▹ User's IP address
▹ Desired lifetime of the Ticket Granting Ticket (TGT). The default is 10 hours and
can be changed via Group Policy

6
Authentication Process
▸ AS_REP
▹ First Message (Ticket Granting Ticket)
▹ Security identifier (SID)
▹ TGS ID
▹ Timestamp
▹ User's IP address
▹ TGT lifetime
▹ TGT
▹ TGS Session key

7
Authentication Process
▸ AS_REP
▹ Second Message
▹ TGS ID
▹ Timestamp
▹ Lifetime
▹ TGS Session key

8
Authentication Process
▸ TGS_REQ
▹ First Message
▹ TGT
▹ Kerberos ID for service
▹ Lifetime

9
Authentication Process
▸ TGS_REQ
▹ Second Message (Authenticator)
▹ User ID
▹ Timestamp
▹ TGS Session key

10
Authentication Process
▸ TGS_REP
▹ First Message (Service Ticket)
▹ Service ticket
▹ User's ID
▹ User's IP address
▹ Lifetime
▹ Service session key

11
Authentication Process
▸ TGS_REP
▹ Second Message
▹ User ID
▹ Timestamp
▹ Lifetime
▹ Service Session key

12
Authentication Process
▸ AP_REQ
▹ First Message
▹ Service ticket
▹ User ID
▹ Timestamp
▹ IP Address
▹ Timestamp
▹ Service session key

13
Authentication Process
▸ AP_REQ
▹ Second Message (Authenticator)
▹ User ID
▹ Timestamp
▹ Service Session key

14
Authentication Process
▸ AP_REP
▹ Timestamp
▹ Service session key

15
Authentication Process

16
Authentication Process

17
Authentication Process

18
19
20
Features
▸ Effective Access Control
▸ Single Sign On
▸ Limited Lifetime for Key Tickets
▸ Mutual Authentication
▸ Reusable Authentication
▸ Strong and Diverse Security Measures

21
Security Concerns?
▸ Golden Ticket
▸ Silver Ticket
▸ Pass the Hash
▸ Pass the Ticket
▸ Overpass the Hash
▸ Kerberoasting

22
1
Transition
headline
Let’s start with the first set of slides
In two or three
columns
Yellow Blue Red
Is the color of gold, butter Is the colour of the clear sky Is the color of blood, and
and ripe lemons. In the and the deep sea. It is because of this it has
spectrum of visible light, located between violet and historically been associated
yellow is found between green on the optical with sacrifice, danger and
green and orange. spectrum. courage.

24

You might also like