KERBEROSKERBEROS

Miah, Md. Saef Ullah

What Is Kerberos?What Is Kerberos?An authentication Service, designed for

using in a distributed networked environment.

Developed at MIT in mid 1980sNamed after a Greek mythological creature

named “Cerberus”, a three headed dog.

Why KerberosWhy KerberosSecure

◦An opponent does not find it to be the weak link

Reliable◦The system should be able to back up another

Transparent◦An user should not be aware of authentication

Scalable◦The system supports large number of clients

and severs

Cryptography ApproachCryptography ApproachPrivate Key: Each party uses the

same secret key to encode and decode messages.

Uses a trusted third party which can guaranty for the identity of both parties in a transaction. Security of third party is imperative.

How Kerberos WorksHow Kerberos WorksInstead of client sending password to

application server:◦ Request Ticket from authentication server◦ Ticket and encrypted request sent to

application server◦ Ticket contains Id of client, Network Address

of Client and Id of server and secret encryption key shared by Application server and Authentication server.

How Kerberos Works How Kerberos Works

How Kerberos works?How Kerberos works?Ticket Granting TicketsTicket Granting Tickets

C → AS: IDc || IDtgs || TS1AS → C: E Kc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs]Tickettgs = E Ktgs[Kc,tgs || IDC || ADC || IDtgs || TS2 || Lifetime2]

How Kerberos Works?How Kerberos Works?The Ticket Granting ServiceThe Ticket Granting Service

C → TGS: IDS || Tickettgs || AuthenticatorCTGS → C: EKc,tgs[ KC,S || IDS || TS4 || TicketS ]Ticket tgs = EKtgs[ KC,tgs || IDC || ADC || IDtgs || TS2 || Lifetime2 ]Ticket S = EKS [ KC,S || IDC || ADC || IDs || TS4 || Lifetime4 ]Authenticator C = E Kc, tgs[ IDC || ADC || TS3 ]

How Kerberos works?How Kerberos works?The Application ServerThe Application Server

C → S: TicketS || AuthenticatorCS → C: EKc,s[ TS5 + 1 ]TicketS = EKs[ KC,S || IDC || ADC || IDs || TS4 || Lifetime4 ]AuthenticatorC = EKc, s[ IDC || ADC || TS5 ]

Multiple KerberiMultiple Kerberi

Multiple Kerberi (contd..)Multiple Kerberi (contd..)

C -> AS: IDc||IDtgs||TS1AS -> C: EKc[Kc,tgs||IDtgs||TS2||Lifetime2||Tickettgs]C -> TGS: IDtgsrem||Tickettgs||AuthenticatorcTGS -> C: EKc,tgs[Kc,tgsrem||IDtgsrem||TS4||Lifetime2||Tickettgsrem]C -> TGSrem: IDsrem|| Tickettgsrem|| AuthenticatorcTGSrem -> C: EKc,tgsrem[Kc,srem||IDsrem||TS6|| Ticketsrem]C -> Srem: Ticket srem|| Authenticatorc

KERBEROS Version 5 versus KERBEROS Version 5 versus Version4Version4

Environmental shortcomings of Version 4:•Encryption system dependence: DES•Internet protocol dependence•Ticket lifetime•Authentication forwarding•Inter-realm authentication

Technical deficiencies of Version 4:•Double encryption•Session Keys•Password attack

New Elements in Kerberos New Elements in Kerberos Version 5Version 5

Realm ◦Indicates realm of the user

OptionsTimes

◦From: the desired start time for the ticket

◦Till: the requested expiration time◦Rtime: requested renew-till time

Nonce◦A random value to assure the

response is fresh

Weaknesses and SolutionsWeaknesses and Solutions

If TGT stolen, can be used to access network services.

Only a problem until ticket expires in a few hours.

Subject to dictionary attack.

Timestamps require hacker to guess in 5 minutes.

Very bad if Authentication Server compromised.

Physical protection for the server.

ReferencesReferences1. Cryptography and Network

Security by William Stallings2. http://www.obscure.org/~jafitz/

250_p1/kerberos.htm3. http://en.wikipedia.org/wiki/

Kerberos_(protocol)4. www.cs.purdue.edu/homes/

bertino/426Fall2009