Kerberos Authentication

Post on 23-Jan-2016

64 views 1 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

Kerberos Authentication. Alternative to one time passwords. Need for an authentication scheme which never sends the passwords in clear text form over the network. - PowerPoint PPT Presentation

transcript

1

Kerberos Authentication

2

Alternative to one time passwords

Need for an authentication scheme which never sends the passwords in clear text form over the network.

One time password is an example where the actual password is not sent along the communication line, rather a derivative is sent on to the server.

Authentication methods based on cryptography are required.

Also there is a need to authenticate for services without entering password every time. E.g. r-commands on Unix.

3

One-time passwords

As the name implies a password is used only once. Typically password is generated by applying repeatedly MD5 algorithm on a secret password.

Let p the password and f is the one-way MD5 function. Initially let n=9, then the first time password transmitted for verification will be f9(p) and next time it will be f 8(p) and so on.

4

Kerberos Authentication

Alternative to one-time passwords Allow workstations to authenticate

themselves to services running on servers without ever sending a password in clear text over the network.

5

Kerberos Authentication

Kerberos is a distributed authentication service that allows a process (a client) running on behalf of a principal (a user) to prove its identity to a verifier (an application server or server) without sending data across the network.

Developed as part of MIT’s Project Athena.

6

The Word of “Kerberos”

Also spelled as Cerberus. n. The watch dog of Hades (in the ancient Greece), whose duty was to guard the entrance -- against whom or what does not clearly appear; ...it is known to have three heads. ...

--- The Enlarged Devil’s Dictionary, by Ambrose Bierce

7

How Kerberos works?

Kerberos authentication scheme uses a series of encrypted messages to a verifier (server) that a client is running on behalf of a particular user.

More precisely that the client has knowledge of an encryption key that is known by the user and the authentication server.

The users encryption key is derived and should be thought of as a password; similarly, each application server shares an encryption key with the authentication server- call this key as the sever key.

8

How Kerberos works?

The client (C)and server (V) do not initially share an encryption key.

Whenever the client authenticates itself to a new verifier it relies on the authentication server (AS) to generate a new encryption key and distribute it securely to both parties.

This new encryption key is called session key and a ticket mechanism is used to distribute this key to the verifier.

9

Kerberos Ticket? Ticket is a certificate issued by the authentication

server, encrypted using server key. Ticket contains a random session key, which will

be used to for the authentication of the principal to the verifier, the name of the principal to whom the session key was issued, and an expiration time after which the session key is no longer valid (time stamp).

The ticket is not sent directly to the verifier, but is instead sent to the client who forwards it to the verifier as part of the application request.

Since the ticket is encrypted in the server key, known only by the authentication server and the indented verifier, it is not possible for the client to modify the ticket without detection.

10

Basic Kerberos (simplified)

symbols used:c: client/client namev: server/server nameAS: authentication servicen: nonceKc,v: shared key btwn c & vtimeexp: expiring timeKc: shared key btwn c & ASKv: shared key btwn v & ASKsubsession: a session key

btwn c & v

11

1 2

Basic Kerberos (simplified)

authentication service

Client 34 server

1. client-name, server-name, expiring-time, random-num.

2. DESKc(Kc,v, expiring-time,random-num.,...), DESKv(Tc,v)

3. DESKc,v(time-stamp, session-key,...), DESKv(Tc,v)

4. DESKc,v(time-stamp), (this step is optional)

where Tc,v = Kc,v, client-name, expiring-time, ...

12

Full Kerberos (simplified)

Symbols used:c: client/client namev: server/server nameAS: authentication serviceTGS: ticket grant servicen: nonceKc,v: shared key btwn c & vtimeexp: expiring timeKc: shared key btwn c & ASKv: shared key btwn v & ASKtgs: shared key btwn TGS & ASKc,tgs: shared key btwn c & TGSKsubsession: a session key btwn c & v

13

Identification

An Identification (ID) ProtocolIdentification (ID) Protocol allows one party (say Alice) to convince another party (say Bob) of her identity similar to Authentication.

But an ID protocol must also meet a more stringent requirement: It must be secure against ALL THREE types of attacks

Marvin can mount (see Attacks slide) • Protocol Eavesdropping

• Impersonating as Verifier to Prover

• Honest Verifier knowledge compromise

Hence it’s also called a “passport protocol”.

14

Exercise

State whether or not each of the following is an ID protocol, and if not, describe an attack (one of the 3 type/s) that it succumbs to:Challenge-and-Response ProtocolOne-way function based Password Protocol

15

Schnorr passport protocol

InvolvingA trusted authority (TA) to issue

“certificates/passports”A certificate holderA verifier

16

Setting up by the TA

TA’s public key = (y, p, q, g), wherep = a prime of at least 512 bits.q = a 160-bit prime divisor of p-1.g = h(p-1)/q mod p, where h is any integer with 1 <

h < p-1 s.t. h(p-1)/q mod p > 1

(g has order q mod p.)y = g -x mod p, where x is an integer randomly

selected from [1, q-1].

TA’s secret key is x.

17

Issuing a certificate by TA

Alice TA xIDAlice || V

W

pgV

qaa

R

mod

]1,1[

Check the ID, and then usingSchnorr signatureto sign (IDAlice || V ).Let W = sign(IDAlice ||V )

•Alice’s certificate: (IDAlice || V || W)

•Alice’s secret: a

a

18

Schnorr signature - Signing a doc M by TA

To sign a document M=(IDAlice || V), TA does the following:randomly pick an integer k from [1, q-1].r = Hash(gk mod p, M)s = (k + x * r)) mod q,

where Hash is a 1-way hash.

TA’s signature on M is the pair of numbers W=(r, s).

19

How Alice proves her ID to Bob

Alice Boba Forwarding cert.(IDAlice || V || W)

OK

pgQ

qkk

R

mod

]1,1[

Verify the cert.If not OK, then abort.

Q

]]1,1[ qc Rc

qcakd mod dAccept ifQ=gdVc mod p

20

Important points

Setting up & certificate issuing are one-off operations.

Bob the verifier needs to have access to TA’s public key.

The actual proving protocol has 2 parts:Shows that the certificate is OK, &Demonstrate that Alice “knows” the secret

associated with the certificate.

21

Security of Schnorr Protocol

The Schnorr protocol (slightly modified) can be proved to be an ID Protocol, assuming that the discrete-logarithm problem is difficult:The probability that Marvin can successfully

masquerade Alice to an Honest verifier Bob is negligibly small, even if Marvin mounts all of the three types of attacks.

Top related

Kerberos: An Authentication Sewice for Computer Networkscourses.cs.vt.edu/cs5204/fall10-kafura-BB/Papers/Security/Kerberos-Paper.pdf · Kerberos: An Authentication Sewice for Computer
Documents
VKSF 423 System Administration III Authentication Kerberos.
Documents
Authentication and Authorization Infrastructures: Kerberos vs. PKI
Documents
Kerberos Authentication for Information Security
Documents
Configure Kerberos Authentication for Reporting Services
Documents
Configure Kerberos Authentication for SharePoint 2010 Productsdicassharepoint.weebly.com/.../2/8/1/5/28155593/sp2010_kerberos_gu… · Web viewConfigure Kerberos Authentication for
Documents
1 Chapter 5 Authentication Applications Kerberos.
Documents
Kerberos & HPC Batch systemsworkshop.openafs.org/afsbpw10/talks/wed_3/hautreux_kerberos_hpc.pdf · Kerberos & HPC systems Kerberos authentication key concepts Trusted third party
Documents
Configure Kerberos Authentication for SharePoint 2010 Products
Documents
Introduction to Kerberos Kerberos and Domain Authentication.
Documents
Kerberos: An Authentication Sewice for Computer Networksyingdi/pub/papers/... · Kerberos: An Authentication Sewice for Computer Networks When using authentication based on cryptography,
Documents
@TimMedin tim@redsiege.com Kerberos & Attacks 101 · KERBEROS INTRODUCTION In a Microsoft AD domain, the main authentication mechanism is Kerberos. Kerberos is a network authentication
Documents
Configure Kerberos Authentication for SharePoint ... - …  · Web viewKerberos authentication changes in Windows 2008 R2 and Windows 722. Kerberos configuration changes in SharePoint
Documents
Chapter 5 Authentication Applications Kerberos
Documents
GROUP 4: KERBEROS AUTHENTICATION
Documents
Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication
Documents
Configuring Authentication with Kerberos...Configuring Authentication with Kerberos Kerberos Principals Overview Term Description Keytab A file that includes one or more principals
Documents
Configuring Authentication with Kerberos · 2020-05-09 · Configuring Authentication with Kerberos Kerberos Principals Overview Term Description Keytab A file that includes one or
Documents
Kerberos: An Authentication Sewice for Computer Networks
Documents
Kerberos - cdn.ttgtmedia.com · 5.1 Introducing Kerberos 135 Chapter 5 Mutual authentication Kerberos supports mutual authentication. This means that the client authenticates to the
Documents

Copyright © 2018 DOCUMENTS