Netprog: Kerberos 1 KERBEROS
Dec 31, 2015
Netprog: Kerberos 1
KERBEROS
Contents:IntroductionHistoryComponentsAuthentication ProcessStrengthsWeaknesses and SolutionsApplicationsReferences
IntroductionIt is a secure, single-sign-on, trusted
third-party authentication serviceMakes assumption that the connection
between a client and service is insecure
Passwords are encrypted to prevent others from reading them
Clients only have to authenticate once during a pre-defined lifetime
Provides a way to authenticate clients to services to each other through a trusted third party
How did Kerberos get it’s name?
The name "Kerberos" comes from a mythological three-headed dog that guarded the entrance to HadesHades => Underworld (where hackers apparently live).
HistoryDeveloped at MIT as a part of Project
Athena in mid 1980sCurrently, Kerberos is up to Version
5Version 4 being the first version to
be released outside of MIT.Adopted by several private
companies as well as added to several operating systems.
Its creation was inspired by client-server model
ComponentsPrincipals
Realms
Key Distribution Centers (KDC’s)◦Authentication Service◦Ticket Granting Service
ComponentsPrincipals: Each entity, such as clients or
application servers, is represented as a principal
Realms: Companies and organizations are
composed of different departments, each with a different service named realm
ComponentsKey Distribution Centers (KDC’s)
◦composed of an Authentication Service and Ticket Granting Server
◦has a database that houses all principals and their keys for a given realm
◦at least one KDC per realm
Susan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
Susan’sDesktop
Computer
Think “Kerberos Server”
Authentication Process
Susan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
Susan’sDesktop
Computer
Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…)
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
“I’d like to be allowed to get tickets from the Ticket Granting Server, please.
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service“Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.”
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
myPassword
XYZ Service
TGT
TGT
Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a “Ticket-Granting Ticket”.
The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication.
The TGT contains no password information.
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
“Let me prove I am Susan to XYZ Service.
Here’s a copy of my TGT!”
use XYZ
TGTTGT
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGT
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
You’re Susan.Here, take this.
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGTHey XYZ:
Susan is Susan.CONFIRMED: TGS
I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for
XYZ.
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGTHey XYZ:
Susan is Susan.CONFIRMED: TGS
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
That’s Susan alright. Let me determine if she is authorized to use me.
Authorization checks are performed by the XYZ service…
Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service.
One remaining note:
Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable.
Until a ticket’s expiration, it may be used repeatedly.
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGTHey XYZ:
Susan is Susan.CONFIRMED: TGS
ME AGAIN! I’ll prove it. Here’s another copy of my legit service ticket for
XYZ.
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
use XYZ
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGTHey XYZ:
Susan is Susan.CONFIRMED: TGS
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
That’s Susan… again. Let me determine if she is authorized to use me.
Strengths
1. Passwords are never sent across the network unencrypted
2. Clients and applications services mutually authenticated
3. Tickets have a limited lifetime4. Authentication through the AS only
has to happen once5. Shared secret keys between clients
and services are more efficient than public-keys
Weaknesses and Solutions
If TGT stolen, can be used to access network services.
Only a problem until ticket expires in a few hours.
Very bad if Authentication Server compromised.
Physical protection for the server.
Applications :
Kerberos-aware applications are called Kerberized
Some kerberized applications are – Berkeley R-commands Telnet POP USC’s Win2000 network FTP
THANK YOU