Date post: | 08-Dec-2014 |
Category: |
Technology |
Upload: | luis-belloch-gomez |
View: | 1,564 times |
Download: | 2 times |
KerberosLuis Belloch GómezSSD - Febrero 2010
Kerberos es un protocolo de Autenticación.
Creado por Miller, Neuman, Schiller y Saltzer para el proyecto Athena del MIT, en los años 80.
Basado en el protocolo Needham-Schroeder.
The Kerberos Authentication System uses a series of encrypted messages to prove to a verifier that a client is running on behalf of a particular user.
Kerberos is a distributed authentication service that allows a process (a client) running on behalf of a principal (a user) to prove its identity to a verifier (an application server, or just server) without sending data across the network that might allow an attacker or the verifier to subsequently impersonate the principal.
C AS
V
1
2
3 4
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
1
2
3
4
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.2. Paso 4
ts,Kc,v
1
c clientas auth. server (kdc)v verifier (server)1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
C AS
V
1
2
3 4
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
1
2
3
4
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.2. Paso 4
ts,Kc,v
1
c clientas auth. server (kdc)v verifier (server)
ticket
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
C AS
V
1
2
3 4
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
1
2
3
4
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.2. Paso 4
ts,Kc,v
1
c clientas auth. server (kdc)v verifier (server)
ticket
session key
session key
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
C AS
V
1
2
3 4
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
1
2
3
4
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.2. Paso 4
ts,Kc,v
1
c clientas auth. server (kdc)v verifier (server)
ticket
session key
session key
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
1. Kerberos
c, v, texp, n
Kc(Kc,v, v, texp, n)
Kv(Tc,v) = Kv(Kc,v, c, texp)
1.1. Paso 3
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1
authenticator
C
AS
V
1
2
5 6TGS
3 4
solo laprimera vez
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1
2
3
4
c clientas auth. serverv verifier (server)tgs ticket granting service
5
6
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tc,v)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
C
AS
V
1
2
5 6TGS
3 4
solo laprimera vez
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1
2
3
4
c clientas auth. serverv verifier (server)tgs ticket granting service
5
6
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
ticket
ticket
ticket
ticket
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tcv)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
1. Kerberos TGS
c, tgs, texp, n
Kc(Kc,tgs, tgs, texp, n)
Ktgs(Tc,tgs)
1.1. Paso 3
Kc,tgs(ts, ..)
Ktgs(Tc,tgs)
v, texp, n
1.2. Paso 4
Kc,tgs(Kc,v, v, texp, n)
Kv(Tc,v)
1.3. Paso 5
Kc,v(ts, ck,Ks)
Kv(Tc,v)
1.4. Paso 6
Kc,v(ts)
1
Diferencias con Needham-Schroeder
1. Uso de marcas de tiempo para evitar la reutilización de los tickets por terceros (Replay Attack) [4].
2. Introducción del Ticket Granting Service, para evitar volver a autenticar contra el KDC en cada uso.
3. Permite el uso entre distintos realms de autenticación.
Ampliaciones
Uso de criptografía de clave pública.
One-time passcode.
Desventajas \ Problemas1. Sensible a la elección de las claves
2. La distribución de claves debe ser segura
3. KDC centraliza las claves
3.1.Puede comprometer a toda la red
3.2.Solo funciona si el KDC está online
4. Requiere sincronización de tiempos
5. Necesidad de adaptar las aplicaciones
6. Implementaciones no interoperables [5]
ImplementacionesMicrosoft Windowshttp://msdn.microsoft.com/en-us/library/aa378747(VS.85).aspx
Apple MacOS Xhttp://developer.apple.com/opensource/kerberosintro.html
Kerberos Infrastructure HOWTOhttp://tldp.org/HOWTO/Kerberos-Infrastructure-HOWTO/
Debianhttp://www.debian-administration.org/articles/570http://wiki.debian.org/LDAP/Kerberos
Ubuntu (Samba+Kerberos)https://help.ubuntu.com/community/Samba/Kerberos
FreeBSD (Heimdal)http://www.freebsd.org/doc/en/books/handbook/kerberos5.html
Bibliografía1. B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication
Service for Computer Networks, IEEE Communications, 32(9):33-38. September 1994
2. John Kohl and B. Clifford Neuman. The Kerberos Network Authentication Service (Version 5). Internet Request for Comments RFC-1510. September 1993
3. S. M. Bellovin and M. Merritt. Limitations of the kerberos authenication system. Computer Communication Review, 20(5):119-132, October 1990
4. D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols. Communication of the ACM, 24(8):533-536, August 1981
5. Findings of Fact-Allegedly New "Bad" Acts Relating to Interoperation (139a) New York v. Microsoft Corp., 224 F. Supp. 2d 76 - Dist. Court, Dist. of Columbia 2002