Network Security

and Kerberos
Network Objectives

 Message received as sent

 Delivery on time

 Message protected as needed

 Network Security: Challenges
Access
paths
PREVIOUS Access here! PRESENT

Access here!

Network

Application Access here!

Access here!
System Software

Access
Access here!
Network Risks
 Integrity
 completeness
 accuracy

 Confidentiality
 authentication
 authorization

 Availability
 Relevance
 Infrastructure
Authentication

 Something you know

 Something you have

 Something you are

Passwords

 Can be made secure in a stand-

alone environment
 Subject to sniffing attacks when
used over a network
 Network password solutions often
include encryption techniques
Encryption Techniques
 Symmetric - Secret Key: the same key
for encryption and decryption. Tends to
be fast and is good for data encryption.
However, the key management issues
associated with secret key can be
significant.
e.g. DES = Data Encryption Standard
 Encryption Techniques

Asymmetric - Public/Private Key: a publicly
known key for encryption and a private key
for decryption (or vice versa). Tends to be
slow and is generally only useful for
encrypting small amounts of data (such as
passwords, PINs and symmetric keys.)
e.g. RSA = Rivest, Shamir, Adleman
PGP = Pretty Good Privacy
(Phil Zimmerman)
 Public Key Encryption

User B’s User B’s

Public Private
User A Key Key User B

Encrypted
Message Encrypt Decrypt Message
message

Only User B can read the message.

 Digital signatures

User A’s User A’s

Private Public
User A Key Key User B

Digital Confirmed
Message Encrypt Decrypt
or data message or
Signature data


Anyone can read the message.

Non-repudiation - can only have come from
User A.
Kerberos - What Is It?

Authentication service developed by MIT
to allow users and services to
authenticate


Designed for client/server environments


Uses secret key cryptography - data
encryption standard (DES)
Why Is It Needed?
 Authentication across a network to
normal services sends clear-text
passwords, capable of being discovered
in a sniffing attack
 Users are annoyed at having to type
passwords in often
 Services were developed, such as rlogin,
rsh, IDENT which used “authentication by
assertion”
Kerberos Authentication
 Kerberos Authentication server issues
user a “ticket”
 User requests a remote service
 Remote service looks at ticket to verify
who the user is
Kerberos - How It Works

Both user and service must have “keys”
registered with the Kerberos
Authentication Server

User’s key is derived from a password he
chooses
 Request: User login name
IP address Authentication
Client Server
Key Distribution Center

kinit

Ticket Granting
Server
Auth
info

Client
TGT key

Kerberos key

User key
Auth info Server session key
Service
Service secret key
Client
Auth
info
Kerberos - How It Works
Initialization

User requests a Kerberos “Ticket
Granting Ticket” (TGT) by running kinit

kinit builds a request which has:
 user login name
 client machine IP address
 name of ticket - here it is krbtgt, the
Kerberos ticket-granting ticket

Kerberos looks in its database to see is
user is allowed to request a TGT on this
host
Kerberos - How It Works
Initialization

Kerberos sends user a message which
contains two copies of the ticket:
 One copy is encrypted with Kerberos’
secret key
 One copy is in plain text
Entire message is encrypted with user’s
key

kinit client process receives message
and decrypts it based on the password
the user typed in
Kerberos - How It Works
Initialization

If the message decrypts correctly, kinit
puts the TGT into /tmp/tktuid where uid is
user’s user ID

kinit uses session key in the TGT to
encrypt an “authenticator” consisting of
principal name, IP address of client
machine and current time
Kerberos - How It Works
Service Request

User requests service, telnet, for
example

kerberized telnet client sends a request
to Kerberos server containing the TGT
stored in /tmp/tgtuid and the
authenticator

Kerberos uses its secret key to decrypt
the TGT, extracts the session key from
the TGT and decrypts the authenticator
Kerberos - How It Works
Service Request

To validate the user:
 Kerberos compares the contents of the
authenticator to the contents of the TGT
 Kerberos compares the expiration
timestamp in the authenticator to the
current time

Kerberos builds a session key for the
telnet session, and makes two copies
 one encrypted with TGT
 one encrypted with telnetd’s key
Kerberos - How It Works
Service Request

Session key sent to user

telnet client uses the TGT key to decrypt
the session key, and adds ticket to
Kerberos ticket file

telnet client builds an authenticator for
the ticket, encrypts it with the session key
and sends ticket which was encrypted
with telnetd key and authenticator to
telnetd service
Kerberos - How It Works
Service Request

telnetd service decrypts ticket with its
secret key to get the session key

telnetd service uses session key to
decrypt authenticator

if information in ticket and authenticator
agree, telnetd sends back a message to
the user and the session begins
Kerberos Limitations

Bad passwords are still subject to
a dictionary attack
 Kerberos V4 subject to cracker
attack (worse than some standard
Unix security)
 Kerberos V5 subject to sniffer
attack

Passwords still subject to host
security

Trojan horses in Kerberos client
software can divulge passwords
Kerberos Limitations

Security over Kerberos database
containing users’ and services’
encryption keys must be strictly enforced

Security over master Kerberos password
must be kept
Other Security Enhancements

One-time Passwords
 Device - SecurID
 List of passwords - SKey


Public-key Cryptography
Benefits of Kerberos

No Clear Text Passwords Across
Internet


Users Do Not Need to Enter Password
Multiple Times
Thank You