Kerberos
524 views
21 slides
Oct 19, 2022
Slide 1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
About This Presentation
Client Server Mutual Authentication Application - Kerberos
Slide Content
KERBEROS –CLIENT SERVER
MUTUAL AUTHENTICATION
APPLICATION
1
~ S. Janani, AP/CSE, KCET
MUTUAL AUTHENTICATION
APPLICATION
1
~ S. Janani, AP/CSE, KCET
Authentication Applications
2
will consider authentication functions
developed to support application-level
authentication & digital signatures
will consider Kerberos–a private-key
authentication service
then X.509directory authentication service
2
will consider authentication functions
developed to support application-level
authentication & digital signatures
will consider Kerberos–a private-key
authentication service
then X.509directory authentication service
Kerberos
3
trusted key server system from MIT
provides centralised private-key third-party
authentication in a distributed network
allows users access to services distributed
through out the network
without needing to trust all workstations
rather all trust a central authentication server
two versions in use: 4 & 5
3
trusted key server system from MIT
provides centralised private-key third-party
authentication in a distributed network
allows users access to services distributed
through out the network
without needing to trust all workstations
rather all trust a central authentication server
two versions in use: 4 & 5
Kerberos Requirements
4
first published report identified its requirements
as:
security
reliability
transparency
scalability
implemented using an authentication protocol
based on Needham-Schroeder
4
first published report identified its requirements
as:
security
reliability
transparency
scalability
implemented using an authentication protocol
based on Needham-Schroeder
Kerberos 4 Overview
5
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify
themselves
AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other
services from TGS on basis of users TGT
5
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify
themselves
AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other
services from TGS on basis of users TGT
A Simple Authentication
Dialogue
6
(1) C -> AS : ID
C || P
C|| ID
V
C = client
AS = authentication server
ID
C = identifier of user on C
P
C = password of user on C
ID
V= identifier of server V
C asks user for the password
AS checks that user supplied the right password
Dialogue
6
(1) C -> AS : ID
C || P
C|| ID
V
C = client
AS = authentication server
ID
C = identifier of user on C
P
C = password of user on C
ID
V= identifier of server V
C asks user for the password
AS checks that user supplied the right password
Message 2
7
(2) AS -> C : Ticket
Ticket = E
K(V)[ID
C || AD
C || ID
V]
K(V) = secret encryption key shared by AS and V
AD
C = network address of C
Ticket cannot be altered by C or an adversary
7
(2) AS -> C : Ticket
Ticket = E
K(V)[ID
C || AD
C || ID
V]
K(V) = secret encryption key shared by AS and V
AD
C = network address of C
Ticket cannot be altered by C or an adversary
Message 3
8
(3) C -> V: ID
C || Ticket
Server V decrypts the ticket and checks various
fields
AD
C in the ticket binds the ticket to the network
address of C
However this authentication scheme has
problems
8
(3) C -> V: ID
C || Ticket
Server V decrypts the ticket and checks various
fields
AD
C in the ticket binds the ticket to the network
address of C
However this authentication scheme has
problems
Problems
9
Each time a user needs to access a different
service he/she needs to enter their password
Read email several times
Print, mail, or file server
Assume that each ticket can be used only once
(otherwise open to replay attacks)
Password sent in the clear
9
Each time a user needs to access a different
service he/she needs to enter their password
Read email several times
Print, mail, or file server
Assume that each ticket can be used only once
(otherwise open to replay attacks)
Password sent in the clear
Authentication Dialogue II
10
Once per user logon session
(1) C -> AS: ID
C || ID
TGS
(2) AS -> C: E
K(C)[Ticket
TGS]
Ticket
TGSis equal to
E
K(TGS)[ID
C|| AD
C|| ID
TGS
|| TS
1 || Lifetime
1]
10
Once per user logon session
(1) C -> AS: ID
C || ID
TGS
(2) AS -> C: E
K(C)[Ticket
TGS]
Ticket
TGSis equal to
E
K(TGS)[ID
C|| AD
C|| ID
TGS
|| TS
1 || Lifetime
1]
Explaining the fields
11
TGS = Ticket-granting server
ID
TGS = Identifier of the TGS
Ticket
TGS= Ticket-granting ticket or TGT
TS
1= timestamp
Lifetime
1 = lifetime for the TGT
K
(C)= key derived from user’s password
11
TGS = Ticket-granting server
ID
TGS = Identifier of the TGS
Ticket
TGS= Ticket-granting ticket or TGT
TS
1= timestamp
Lifetime
1 = lifetime for the TGT
K
(C)= key derived from user’s password
Messages (3) and (4)
12
Once per type of service
(3) C -> TGS: ID
C || ID
V|| Ticket
TGS
(4) TGS -> C : Ticket
V
Ticket
Vis equal to
E
K(V)[ ID
C || AD
C|| ID
V ||
TS
2|| Lifetime
2]
K(V): key shared between V and TGS
Is called the service-granting ticket (SGT)
12
Once per type of service
(3) C -> TGS: ID
C || ID
V|| Ticket
TGS
(4) TGS -> C : Ticket
V
Ticket
Vis equal to
E
K(V)[ ID
C || AD
C|| ID
V ||
TS
2|| Lifetime
2]
K(V): key shared between V and TGS
Is called the service-granting ticket (SGT)
Message 5
13
Once per service session
(5) C -> V: ID
C|| Ticket
V
C says to V “I am ID
C and have a ticket from
the TGS” . Let me in!
Seems secure, but..
There are problems
13
Once per service session
(5) C -> V: ID
C|| Ticket
V
C says to V “I am ID
C and have a ticket from
the TGS” . Let me in!
Seems secure, but..
There are problems
Problems
14
Lifetime of the TGT
Short: user is repeatedly asked for their
password
Long: open to replay attack
Oscar captures TGT and waits for the user to
logoff
Sends message (3) with network address ID
C
(network address is easy to forge)
Same problem with SGT
14
Lifetime of the TGT
Short: user is repeatedly asked for their
password
Long: open to replay attack
Oscar captures TGT and waits for the user to
logoff
Sends message (3) with network address ID
C
(network address is easy to forge)
Same problem with SGT
What should we do?
15
A network service (TGS or server) should be able
to verify that
person using the ticket is the same as the person that the
ticket was issued to
Remedy : use an authenticator
Server should also authenticate to user
Otherwise can setup a “fake” server
A “fake” tuition payment server and capture the student’s
credit card
Remedy : use a challenge-response protocol
15
A network service (TGS or server) should be able
to verify that
person using the ticket is the same as the person that the
ticket was issued to
Remedy : use an authenticator
Server should also authenticate to user
Otherwise can setup a “fake” server
A “fake” tuition payment server and capture the student’s
credit card
Remedy : use a challenge-response protocol
Kerberos Version 4
Uses DES, in a rather elaborate protocol, to
provide authentication
Uses an Authentication Server (AS)
Knows all user passwords, and stores in a DB
Shares a unique secret key with each server
Send an encrypted ticket granting ticket
TGT contains a lifetime and timestamp
Uses DES, in a rather elaborate protocol, to
provide authentication
Uses an Authentication Server (AS)
Knows all user passwords, and stores in a DB
Shares a unique secret key with each server
Send an encrypted ticket granting ticket
TGT contains a lifetime and timestamp
Kerberos Version 4
Uses a Ticket Granting Server (TGS)
Issues tickets to users authenticated by AS
Encrypted with a key only known by AS and TGS
Returns a service granting ticket
Service granting ticket contains timestamp and
lifetime
Uses a Ticket Granting Server (TGS)
Issues tickets to users authenticated by AS
Encrypted with a key only known by AS and TGS
Returns a service granting ticket
Service granting ticket contains timestamp and
lifetime
18
Kerberos Realms
20
a Kerberos environment consists of:
a Kerberos server
a number of clients, all registered with server
application servers, sharing keys with server
this is termed a realm
typically a single administrative domain
if have multiple realms, their Kerberos servers
must share keys and trust
20
a Kerberos environment consists of:
a Kerberos server
a number of clients, all registered with server
application servers, sharing keys with server
this is termed a realm
typically a single administrative domain
if have multiple realms, their Kerberos servers
must share keys and trust
Kerberos Version 5
21
developed in mid 1990’s
provides improvements over v4
addresses environmental shortcomings
encryption algorithm, network protocol, byte order,
ticket lifetime, authentication forwarding, inter-realm
authentication
and technical deficiencies
double encryption, non-standard mode of use, session
keys, password attacks
specified as Internet standard RFC 1510
21
developed in mid 1990’s
provides improvements over v4
addresses environmental shortcomings
encryption algorithm, network protocol, byte order,
ticket lifetime, authentication forwarding, inter-realm
authentication
and technical deficiencies
double encryption, non-standard mode of use, session
keys, password attacks
specified as Internet standard RFC 1510
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 524
- Slides 21
- Age 1140 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views