What Is Kerberos?What Is Kerberos?An authentication Service, designed for
using in a distributed networked environment.
Developed at MIT in mid 1980sNamed after a Greek mythological creature
named “Cerberus”, a three headed dog.
Why KerberosWhy KerberosSecure
◦An opponent does not find it to be the weak link
Reliable◦The system should be able to back up another
Transparent◦An user should not be aware of authentication
Scalable◦The system supports large number of clients
and severs
Cryptography ApproachCryptography ApproachPrivate Key: Each party uses the
same secret key to encode and decode messages.
Uses a trusted third party which can guaranty for the identity of both parties in a transaction. Security of third party is imperative.
How Kerberos WorksHow Kerberos WorksInstead of client sending password to
application server:◦ Request Ticket from authentication server◦ Ticket and encrypted request sent to
application server◦ Ticket contains Id of client, Network Address
of Client and Id of server and secret encryption key shared by Application server and Authentication server.
How Kerberos works?How Kerberos works?Ticket Granting TicketsTicket Granting Tickets
C → AS: IDc || IDtgs || TS1AS → C: E Kc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs]Tickettgs = E Ktgs[Kc,tgs || IDC || ADC || IDtgs || TS2 || Lifetime2]
How Kerberos Works?How Kerberos Works?The Ticket Granting ServiceThe Ticket Granting Service
C → TGS: IDS || Tickettgs || AuthenticatorCTGS → C: EKc,tgs[ KC,S || IDS || TS4 || TicketS ]Ticket tgs = EKtgs[ KC,tgs || IDC || ADC || IDtgs || TS2 || Lifetime2 ]Ticket S = EKS [ KC,S || IDC || ADC || IDs || TS4 || Lifetime4 ]Authenticator C = E Kc, tgs[ IDC || ADC || TS3 ]
How Kerberos works?How Kerberos works?The Application ServerThe Application Server
C → S: TicketS || AuthenticatorCS → C: EKc,s[ TS5 + 1 ]TicketS = EKs[ KC,S || IDC || ADC || IDs || TS4 || Lifetime4 ]AuthenticatorC = EKc, s[ IDC || ADC || TS5 ]
Multiple Kerberi (contd..)Multiple Kerberi (contd..)
C -> AS: IDc||IDtgs||TS1AS -> C: EKc[Kc,tgs||IDtgs||TS2||Lifetime2||Tickettgs]C -> TGS: IDtgsrem||Tickettgs||AuthenticatorcTGS -> C: EKc,tgs[Kc,tgsrem||IDtgsrem||TS4||Lifetime2||Tickettgsrem]C -> TGSrem: IDsrem|| Tickettgsrem|| AuthenticatorcTGSrem -> C: EKc,tgsrem[Kc,srem||IDsrem||TS6|| Ticketsrem]C -> Srem: Ticket srem|| Authenticatorc
KERBEROS Version 5 versus KERBEROS Version 5 versus Version4Version4
Environmental shortcomings of Version 4:•Encryption system dependence: DES•Internet protocol dependence•Ticket lifetime•Authentication forwarding•Inter-realm authentication
Technical deficiencies of Version 4:•Double encryption•Session Keys•Password attack
New Elements in Kerberos New Elements in Kerberos Version 5Version 5
Realm ◦Indicates realm of the user
OptionsTimes
◦From: the desired start time for the ticket
◦Till: the requested expiration time◦Rtime: requested renew-till time
Nonce◦A random value to assure the
response is fresh
Weaknesses and SolutionsWeaknesses and Solutions
If TGT stolen, can be used to access network services.
Only a problem until ticket expires in a few hours.
Subject to dictionary attack.
Timestamps require hacker to guess in 5 minutes.
Very bad if Authentication Server compromised.
Physical protection for the server.