KERBEROS CHAPTER 1 INTRODUCTION Computer security has been a problem since the very beginning. Proper authentication and protection using cryptographic methods is a must in today’s electronic communication. Kerberos provides an infrastructure to achieve this using symmetric cryptography. 1.1. History Kerberos was developed at the Massachusetts Institute of Technology (MIT) during a project intended to integrate computers into the university’s undergraduate curriculum. The project, called Athena, started in 1983 with UNIX timesharing computers, having several terminals connected to each one, but without a network connection. If a student or staff member wanted to use any of the computers, he or she sat down at one of these terminals. As soon as the terminals and old computers were substituted by newer workstations with network connection, the project’s goal was to allow any user to sit down at the workstation of his or her choice accessing his data over the network (which is a very common scenario for every network today). The problem of network eavesdropping became apparent. Since the network has been accessible from all over the campus, DEPT OF Comp Engg. 1 D.B.N.C.O.E.T,YTL
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
KERBEROS
CHAPTER 1
INTRODUCTION
Computer security has been a problem since the very beginning. Proper authentication
and protection using cryptographic methods is a must in today’s electronic communication.
Kerberos provides an infrastructure to achieve this using symmetric cryptography.
1.1. History
Kerberos was developed at the Massachusetts Institute of Technology (MIT) during a
project intended to integrate computers into the university’s undergraduate curriculum. The
project, called Athena, started in 1983 with UNIX timesharing computers, having several
terminals connected to each one, but without a network connection. If a student or staff member
wanted to use any of the computers, he or she sat down at one of these terminals. As soon as the
terminals and old computers were substituted by newer workstations with network connection,
the project’s goal was to allow any user to sit down at the workstation of his or her choice
accessing his data over the network (which is a very common scenario for every network today).
The problem of network eavesdropping became apparent. Since the network has been accessible
from all over the campus, nothing prevented students from running network monitoring tools and
learning other users and root passwords. Another big problem was some PC/ATs which were
lacking even fundamental internal security. To protect the users’ data in the network
environment as it had been protected in the timesharing environment Kerberos was invented.
Kerberos is an authentication system that uses symmetric key cryptography to protect sensitive
information on an open network. It is a ticket based system that issues a ticket encrypted with the
user’s password when he or she logs in. The user decrypts the ticket and uses it to obtain tickets
for other network services he or she wants to use. Because all information in tickets is encrypted,
it is not susceptible to eavesdropping or misappropriation.
DEPT OF Comp Engg. 1 D.B.N.C.O.E.T,YTL
KERBEROS
MIT developed Kerberos to protect network services provided by Project Athena. The
protocol was named after the Greek mythological character Kerberos (or Cerberus), known in
Greek mythology as being the monstrous three-headed guard dog of Hades.
1.2. Motivation
In a network of users requiring services from many separate computers, there are three
approaches one can take to access control: One can do nothing, relying on the machine to which
the user is logged in to prevent unauthorized access; one can require the host to prove its identity,
but trust the host’s word as to who the user is; or one can require the user to prove her/his
identity for each required service.In a closed environment where all the machines are under strict
control, one can use the first approach. When the organization controls all the hosts
communicating over the network, this is a reasonable approach.
In a more open environment, one might selectively trust only those hosts under
organizational control. In this case, each host must be required to prove its identity.In those
protocols,authentication is done by checking the Internet address from which a connection has
been established. In the Athena environment, we must be able to honor requests from hosts that
are not under organizational control. Users have complete control of their workstations: they can
reboot them, bring them up standalone, or even boot off their own tapes. As such, the third
approach must be taken; the user must prove her/his identity for each desired service. The server
must also prove its identity. It is not sufficient to physically secure the host running a network
server; someone elsewhere on the network may be masquerading as the given server.
The environment places several requirements on an identification mechanism. First, it
must be secure. Circumventing it must be difficult enough that a potential attacker does not find
the authentication mechanism to be the weak link. Someone watching the network should not be
able to obtain the information necessary to impersonate another user. Second, it must be reliable.
Access to many services will depend on the authentication service. If it is not reliable, the system
of services as a whole will not be. Third, it should be transparent. Ideally, the user should not be
aware of authentication taking place. Finally, it should be scalable. Many systems can
DEPT OF Comp Engg. 2 D.B.N.C.O.E.T,YTL
KERBEROS
communicate with Athena hosts. Not all of these will support the mechanism, but software
should not break if they did.
Kerberos is the result of our work to satisfy the above requirements. When a user walks
up to a workstation she/he “logs in”. As far as the user can tell, this initial identification is
sufficient to prove her/his identity to all the required network servers for the duration of the login
session. The security of Kerberos relies on the security of several authentication servers, but not
on the system from which users log in, or on the security of the end servers that will be used. The
authentication server provides a properly authenticated user with a way to prove her/his identity
to servers scattered across the network.
DEPT OF Comp Engg. 3 D.B.N.C.O.E.T,YTL
KERBEROS
CHAPTER 2
KERBEROS
Kerberos is a computer network authentication protocol, which allows nodes
communicating over a non-secure network to prove their identity to one another in a secure
manner. The Kerberos protocol is designed to provide reliable authentication over open and
insecure networks where communications between the hosts belonging to it may be intercepted.
However, one should be aware that Kerberos does not provide any guarantees if the computers
being used are vulnerable: the authentication servers, application servers and clients must be kept
constantly updated so that the authenticity of the requesting users and service providers can be
guaranteed. Thus we can say that: "Kerberos is an authentication protocol for trusted hosts on
untrusted networks".
Kerberos is a trusted third-party authentication service based on the model presented by
Needham and Schroeder. It is trusted in the sense that each of its clients believes Kerberos’
judgement as to the identity of each of its other clients to be accurate. Timestamps (large
numbers representing the current date and time) have been added to the original model to aid in
the detection of replay. Replay occurs when a message is stolen off the network and resent later.
2.1.Protocol
Kerberos uses as its basis the symmetric Needham-Schroeder protocol.
2.1.1.Needham-Schroeder Authentication
An approach to secure authentication is the Needham- Schroeder protocol. It defines a
three-party authentication service and five step message chain. In the very first step the client
requests a session key for communication with a certain service. The requested session key and a
message encrypted for the service is send back to the client encrypted with the client’s key to
protect it in an open network. The client forwards the part for the service (which is encrypted
with the service key) to the desired service. After that the service generates a random message
which is sent back to the client encrypted with the session key. This random message is
transformed in a predefined way and sent back to the server encrypted with the session key as
DEPT OF Comp Engg. 4 D.B.N.C.O.E.T,YTL
KERBEROS
well to prove that A was the sender of message number three. After performing these five steps
the service can be sure that the client has authenticated itself correctly, because only the client
knows the key to decrypt message two.
This protocol is no longer considered secure as B does not know if the key is fresh. If an
attacker obtains an old key he or she can perform a replay attack and convince B that the key
they hold is the current key of A.
2.1.2.Needham-Schroeder in Kerberos
Kerberos uses a variant of Needham-Schroeder, which uses timestamps on every message
to avoid the problem mentioned above. Due to the fact that it is a problem to keep all clocks
returning exact the same time in a network environment, every message is valid in a time
window from five minutes in the past to five minutes in the future. In a short time slot of ten
minutes length replay attacks are impeded by a replay cache held by every service. Messages are
cached as long as they are valid and authentication attempts using messages which are already
held in cache can be refused.
DEPT OF Comp Engg. 5 D.B.N.C.O.E.T,YTL
KERBEROS
CHAPTER 3
TERMINOLOGY
This section provides the definition of the objects and terms, knowledge of which is
essential for the subsequent description of the Kerberos protocol.
3.1.Realm
The term realm indicates an authentication administrative domain. Its intention is to
establish the boundaries within which an authentication server has the authority to authenticate a
user, host or service. This does not mean that the authentication between a user and a service that
they must belong to the same realm: if the two objects are part of different realms and there is a
trust relationship between them, then the authentication can take place. This characteristic is
known as Cross-Authentication Basically, a user/service belongs to a realm if and only if he/it
shares a secret (password/key) with the authentication server of that realm.
The name of a realm is case sensitive, i.e. there is a difference between upper and lower
case letters, but normally realms always appear in upper case letters. It is also good practice, in
an organization, to make the realm name the same as the DNS domain (in upper case letters
though). Following these tips when selecting the realm name significantly simplifies the
configuration of Kerberos clients, above all when it is desired to establish trust relationships with
subdomains. By way of example, if an organization belongs to the DNS domain example.com, it
is appropriate that the related Kerberos realm is EXAMPLE.COM.
3.2.Principal
A principal is the name used to refer to the entries in the authentication server database.
A principal is associated with each user, host or service of a given realm. A principal in Kerberos
5 is of the following type:
component1/component2/.../componentN@REALM
DEPT OF Comp Engg. 6 D.B.N.C.O.E.T,YTL
KERBEROS
However, in practice a maximum of two components are used. For an entry referring to a
user the principal is the following type:
Name[/Instance]@REALM
The instance is optional and is normally used to better qualify the type of user. For
example administrator users normally have the admin instance. The following are examples of