KerberosKerberos
Kerberos was a 3-headed dog in Kerberos was a 3-headed dog in Greek mythologyGreek mythology• Guarded the gates of the deadGuarded the gates of the dead• Decided who might enterDecided who might enter• Talk about strong security!Talk about strong security!
KerberosKerberos
Three Parties are PresentThree Parties are Present• Kerberos serverKerberos server
• Applicant hostApplicant host
• Verifier hostVerifier host
Verifier
Kerberos Server
Applicant
KerberosKerberos
Kerberos Server shares a symmetric Kerberos Server shares a symmetric key with each hostkey with each host• Key shared with the Applicant will be Key shared with the Applicant will be
called Key AS (Applicant-Server)called Key AS (Applicant-Server)• Key shared with verifier will be Key VSKey shared with verifier will be Key VS
Applicant
Verifier
Kerberos Server
Key AS Key VS
KerberosKerberos Applicant sends message to Applicant sends message to
Kerberos serverKerberos server• Logs in and asks for Logs in and asks for ticket-granting ticket-granting
ticket (TGT)ticket (TGT) Authenticates the applicant to the Authenticates the applicant to the
serverserver
• Server sends back ticket-granting Server sends back ticket-granting ticketticket
• TGT allows applicant to request TGT allows applicant to request connectionsconnections
ApplicantKerberos ServerTGT RQ
TGT
KerberosKerberos To connect to the verifierTo connect to the verifier Applicant asks Kerberos server for Applicant asks Kerberos server for
credentialscredentials to introduce the to introduce the applicant to the verifierapplicant to the verifier
Request includes the Ticket-Request includes the Ticket-Granting TicketsGranting Tickets
Applicant
Kerberos Server
Credentials RQ
KerberosKerberos Kerberos server sends the Kerberos server sends the
credentialscredentials• Credential include the session Key Credential include the session Key
AV that applicant and verifier will AV that applicant and verifier will use for secure communicationuse for secure communication
• Encrypted with Key AS so that Encrypted with Key AS so that interceptors cannot read itinterceptors cannot read it
Applicant
Kerberos Server
Credentials=Session Key AVService Ticket
KerberosKerberos Kerberos server sends the Kerberos server sends the
credentialscredentials• Credential also include the Credential also include the Service Service
TicketTicket, which is encrypted with Key , which is encrypted with Key VS; Applicant cannot read or change VS; Applicant cannot read or change itit
Applicant
Kerberos Server
Credentials=Session Key AV,
Service Ticket
KerberosKerberos
Applicant sends the Service Ticket Applicant sends the Service Ticket plus a Authenticator to the Verifierplus a Authenticator to the Verifier• Service ticket contains the symmetric Service ticket contains the symmetric
session key (Key AV)session key (Key AV)• Now both parties have Key AV and so Now both parties have Key AV and so
can communicate with confidentialitycan communicate with confidentiality
Applicant Verifier
Service Ticket(Contains Key AV)
+ Authenticator
KerberosKerberos
Applicant sends the Service Ticket Applicant sends the Service Ticket plus a Authenticator to the Verifierplus a Authenticator to the Verifier• AuthenticatorAuthenticator contains information contains information
encrypted with Key AVencrypted with Key AV Guarantees that the service ticket came Guarantees that the service ticket came
from the applicant, which alone knows Key from the applicant, which alone knows Key AVAV
Service ticket has a time stamp to prevent Service ticket has a time stamp to prevent replayreplay
Service Ticket(Contains Key AV) + Authenticator
KerberosKerberos
Subsequent communication between Subsequent communication between the applicant and verifier uses the the applicant and verifier uses the symmetric session key (Key AV) for symmetric session key (Key AV) for confidentialityconfidentiality
Applicant Verifier
CommunicationEncrypted with
Key AV
KerberosKerberos
The Service Ticket can contain more The Service Ticket can contain more than Key AVthan Key AV
If the applicant is a client and the If the applicant is a client and the verifier is a server, service ticket may verifier is a server, service ticket may containcontain• Verifier’s user name and passwordVerifier’s user name and password• List of rights to files and directories on List of rights to files and directories on
the serverthe server
Verifier
KerberosKerberos
Is the basis for security in Microsoft Is the basis for security in Microsoft Windows 2000Windows 2000
Only uses symmetric key encryption Only uses symmetric key encryption for reduced processing costfor reduced processing cost