KerberosKerberos

Kerberos was a 3-headed dog in Kerberos was a 3-headed dog in Greek mythologyGreek mythology• Guarded the gates of the deadGuarded the gates of the dead• Decided who might enterDecided who might enter• Strong security!Strong security!

KerberosKerberos

Three Parties are PresentThree Parties are Present• Kerberos serverKerberos server

• Applicant hostApplicant host

• Verifier hostVerifier host

Verifier

Kerberos Server

Applicant

KerberosKerberos

Kerberos Server shares a symmetric Kerberos Server shares a symmetric key with each hostkey with each host• Key shared with the Applicant will be Key shared with the Applicant will be

called Key AS (Applicant-Server)called Key AS (Applicant-Server)• Key shared with verifier will be Key VSKey shared with verifier will be Key VS

Applicant

Verifier

Kerberos Server

Key AS Key VS

KerberosKerberos Applicant sends message to Applicant sends message to

Kerberos serverKerberos server• Logs in and asks for Logs in and asks for ticket-granting ticket-granting

ticket (TGT)ticket (TGT) Authenticates the applicant to the Authenticates the applicant to the

serverserver

• Server sends back ticket-granting Server sends back ticket-granting ticketticket

• TGT allows applicant to request TGT allows applicant to request connectionsconnections

ApplicantKerberos ServerTGT RQ

TGT

KerberosKerberos To connect to the verifierTo connect to the verifier Applicant asks Kerberos server for Applicant asks Kerberos server for

credentialscredentials to introduce the to introduce the applicant to the verifierapplicant to the verifier

Request includes the Ticket-Request includes the Ticket-Granting TicketsGranting Tickets

Applicant

Kerberos Server

Credentials RQ

KerberosKerberos Kerberos server sends the Kerberos server sends the

credentialscredentials• Credential include the session Key Credential include the session Key

AV that applicant and verifier will AV that applicant and verifier will use for secure communicationuse for secure communication

• Encrypted with Key AS so that Encrypted with Key AS so that interceptors cannot read itinterceptors cannot read it

Applicant

Kerberos Server

Credentials=Session Key AVService Ticket

KerberosKerberos Kerberos server sends the Kerberos server sends the

credentialscredentials• Credential also include the Credential also include the Service Service

TicketTicket, which is encrypted with Key , which is encrypted with Key VS; Applicant cannot read or change VS; Applicant cannot read or change itit

Applicant

Kerberos Server

Credentials=Session Key AV,

Service Ticket

KerberosKerberos

Applicant sends the Service Ticket Applicant sends the Service Ticket plus a Authenticator to the Verifierplus a Authenticator to the Verifier• Service ticket contains the symmetric Service ticket contains the symmetric

session key (Key AV)session key (Key AV)• Now both parties have Key AV and so Now both parties have Key AV and so

can communicate with confidentialitycan communicate with confidentiality

Applicant Verifier

Service Ticket(Contains Key AV)

+ Authenticator

KerberosKerberos

Applicant sends the Service Ticket Applicant sends the Service Ticket plus a Authenticator to the Verifierplus a Authenticator to the Verifier• AuthenticatorAuthenticator contains information contains information

encrypted with Key AVencrypted with Key AV Guarantees that the service ticket came Guarantees that the service ticket came

from the applicant, which alone knows Key from the applicant, which alone knows Key AVAV

Service ticket has a time stamp to prevent Service ticket has a time stamp to prevent replayreplay

Service Ticket(Contains Key AV) + Authenticator

KerberosKerberos

Subsequent communication between Subsequent communication between the applicant and verifier uses the the applicant and verifier uses the symmetric session key (Key AV) for symmetric session key (Key AV) for confidentialityconfidentiality

Applicant Verifier

CommunicationEncrypted with

Key AV

KerberosKerberos

The Service Ticket can contain more The Service Ticket can contain more than Key AVthan Key AV

If the applicant is a client and the If the applicant is a client and the verifier is a server, service ticket may verifier is a server, service ticket may containcontain• Verifier’s user name and passwordVerifier’s user name and password• List of rights to files and directories on List of rights to files and directories on

the serverthe server

Verifier

KerberosKerberos

Is the basis for security in Microsoft Is the basis for security in Microsoft Operating systemsOperating systems

Only uses symmetric key encryption Only uses symmetric key encryption for reduced processing costfor reduced processing cost