8/9/2019 Kerberos_Network Authentication Protocol
1/27
KERBEROSKERBEROS
Network authenticationNetwork authentication
protocolprotocol
8/9/2019 Kerberos_Network Authentication Protocol
2/27
KerberosKerberos
Authentication:Deals with confirmingAuthentication:Deals with confirmingidentity of a communication partner.identity of a communication partner.
Kerberos uses secretKerberos uses secret--key cryptograpy.key cryptograpy.
SecretSecret--key means key or password.key means key or password.
Secret both proves their identity andSecret both proves their identity andforms a seed of encryption.forms a seed of encryption.
8/9/2019 Kerberos_Network Authentication Protocol
3/27
Part of project Athena (MIT).Part of project Athena (MIT). Trusted 3rd party authenticationTrusted 3rd party authentication
scheme.scheme.
Assumes that hosts are notAssumes that hosts are nottrustworthy.trustworthy.
Requires that each client (each requestRequires that each client (each request
for service) prove its identity.for service) prove its identity. Does not require user to enterDoes not require user to enter
password every time a service ispassword every time a service isrequested!requested!
KERBEROSKERBEROS
8/9/2019 Kerberos_Network Authentication Protocol
4/27
KERBEROSKERBEROS
Kerberos is a cross-platform securenetwork authentication protocol
The protocol is currently at version 5
Kerberos provides authentication forclient/server applications (such as FTPand telnet) by using secret-key
cryptography Kerberos can be described as a identity-
verifying proxy or as a trusted third-partyauthentication system
8/9/2019 Kerberos_Network Authentication Protocol
5/27
Kerberos DesignKerberos Design
User must identify itself once at theUser must identify itself once at thebeginning of a workstation sessionbeginning of a workstation session(login session).(login session).
Passwords are never sent across thePasswords are never sent across thenetwork in clear text (or stored innetwork in clear text (or stored in
memory)memory)
8/9/2019 Kerberos_Network Authentication Protocol
6/27
Kerberos Design (cont.)Kerberos Design (cont.)
Every user has a password.Every user has a password.
Every service has a password.Every service has a password.
The only entity that knows all theThe only entity that knows all thepasswords is thepasswords is theAuthentication ServerAuthentication Server..
8/9/2019 Kerberos_Network Authentication Protocol
7/27
ServerServerServerServerServerServerServerServer
KerberosKerberosDatabaseDatabase
Ticket GrantingTicket Granting
ServerServer
AuthenticationAuthentication
ServerServer
WorkstationWorkstation
Kerberos Key Distribution ServiceKerberos Key Distribution Service
8/9/2019 Kerberos_Network Authentication Protocol
8/27
Secret Key CryptographySecret Key Cryptography
The encryption used by currentThe encryption used by currentKerberos implementations is DES,Kerberos implementations is DES,although Kerberos V5 has hooks soalthough Kerberos V5 has hooks so
that other algorithms can be used.that other algorithms can be used.
encryptionencryptionplaintextplaintext ciphertextciphertext
keykeyciphertextciphertext plaintextplaintext
decryptiondecryption
8/9/2019 Kerberos_Network Authentication Protocol
9/27
TicketsTickets
Each request for a service requires aEach request for a service requires aticket.ticket.
A ticket provides a single client withA ticket provides a single client withaccess to a single server.access to a single server.
8/9/2019 Kerberos_Network Authentication Protocol
10/27
Tickets (cont.)Tickets (cont.)
Tickets are dispensed by the TicketTickets are dispensed by the TicketGranting Server (Granting Server (TGSTGS), which has), which hasknowledge of all the encryption keys.knowledge of all the encryption keys.
Tickets are meaningless to clients, theyTickets are meaningless to clients, theysimply use them to gain access tosimply use them to gain access to
servers.servers.
8/9/2019 Kerberos_Network Authentication Protocol
11/27
Tickets (cont.)Tickets (cont.)
TheThe TGSTGSseals (encrypts) each ticketseals (encrypts) each ticketwith the secret encryption key of thewith the secret encryption key of theserver.server.
Sealed tickets can be sent safely over aSealed tickets can be sent safely over anetworknetwork -- only the server can makeonly the server can makesense out of it.sense out of it.
Each ticket has a limited lifetime (a fewEach ticket has a limited lifetime (a fewhours).hours).
8/9/2019 Kerberos_Network Authentication Protocol
12/27
Ticket ContentsTicket Contents
Client name (user login name)Client name (user login name) Server nameServer name Client Host network addressClient Host network address Session Key for Client/ServerSession Key for Client/Server Ticket lifetimeTicket lifetime
Creation timestampCreation timestamp
8/9/2019 Kerberos_Network Authentication Protocol
13/27
Session KeySession Key
Random number that is specific to aRandom number that is specific to asession.session.
Session Key is used toSession Key is used to sealsealclientclientrequests to server.requests to server.
Session Key can be used to sealSession Key can be used to sealresponses (application specific usage).responses (application specific usage).
8/9/2019 Kerberos_Network Authentication Protocol
14/27
AuthenticatorsAuthenticators
Authenticators prove a clients identity.Authenticators prove a clients identity. Includes:Includes:
Client user name.Client user name.
Client network address.Client network address.
Timestamp.Timestamp.
Authenticators are sealed with aAuthenticators are sealed with asession key.session key.
8/9/2019 Kerberos_Network Authentication Protocol
15/27
BootstrapBootstrap
Each time a client wants to contact aEach time a client wants to contact aserver, it must first ask the 3rd partyserver, it must first ask the 3rd party((TGSTGS) for a ticket and session key.) for a ticket and session key.
In order to request a ticket from theIn order to request a ticket from theTGSTGS, the client must already have a TG, the client must already have a TGticket and a session key forticket and a session key forcommunicating with thecommunicating with the TGSTGS!!
8/9/2019 Kerberos_Network Authentication Protocol
16/27
Authentication ServerAuthentication Server
The client sends aThe client sends a plaintextplaintextrequest torequest tothethe ASASasking for a ticket it can use toasking for a ticket it can use totalk to thetalk to the TGSTGS..
REQUEST:REQUEST: login namelogin name
TGSTGSnamename
Since this request contains only wellSince this request contains only well--known names, it does not need to beknown names, it does not need to besealed.sealed.
8/9/2019 Kerberos_Network Authentication Protocol
17/27
8/9/2019 Kerberos_Network Authentication Protocol
18/27
Authentication ServerAuthentication Server
TheThe ASASfinds the keys corresponding tofinds the keys corresponding tothe login name and thethe login name and the TGSTGSname.name.
TheThe ASAScreates a ticket:creates a ticket: login namelogin name
TGSTGSnamename
client network addressclient network address
TGSTGSsession keysession key
TheThe ASASseals the ticket with theseals the ticket with the TGSTGSsecret key.secret key.
8/9/2019 Kerberos_Network Authentication Protocol
19/27
Authentication ServerAuthentication Server
ResponseResponse
TheThe ASASalso creates a random sessionalso creates a random session
key for the client and thekey for the client and the TGSTGSto use.to use. The session key and the sealed ticketThe session key and the sealed ticket
are sealed with the user (login name)are sealed with the user (login name)secret key.secret key.
8/9/2019 Kerberos_Network Authentication Protocol
20/27
TGS session key
Ticket:login name
TGS name
net address
TGS session key
Sealed with user keySealed with user key
Sealed with TGS keySealed with TGS key
8/9/2019 Kerberos_Network Authentication Protocol
21/27
Accessing theAccessing the TGSTGS
The client decrypts the message usingThe client decrypts the message usingthe users password as the secret key.the users password as the secret key.
The client now has a session key andThe client now has a session key and
ticket that can be used to contact theticket that can be used to contact theTGSTGS..
The client cannot see inside the ticket,The client cannot see inside the ticket,
since the client does not know thesince the client does not know theTGSTGS
secret key.secret key.
8/9/2019 Kerberos_Network Authentication Protocol
22/27
Accessing a ServerAccessing a Server
When a client wants to start using aWhen a client wants to start using aserver (service), the client must firstserver (service), the client must firstobtain a ticket.obtain a ticket.
The client composes a request to sendThe client composes a request to sendto theto the TGSTGS::
TGS Ticket
Authenticator
Server Name
sealed withsealed with
TGS keyTGS key
sealed with
session key
8/9/2019 Kerberos_Network Authentication Protocol
23/27
TGSTGSresponseresponse
TheThe TGSTGSdecrypts the ticket using itsdecrypts the ticket using itssecret key. Inside is the TGS sessionsecret key. Inside is the TGS sessionkey.key.
TheThe TGSTGSdecrypts the Authenticatordecrypts the Authenticatorusing the session key.using the session key.
TheThe TGSTGScheck to make sure logincheck to make sure loginnames, client addresses andnames, client addresses and TGSTGSserver name are all OK.server name are all OK.
TGSTGSmakes sure the Authenticator ismakes sure the Authenticator isrecent.recent.
8/9/2019 Kerberos_Network Authentication Protocol
24/27
TGSTGSResponseResponse
Once everything checks outOnce everything checks out -- the TGS:the TGS:
builds a ticket for the client andbuilds a ticket for the client andrequested server. The ticket is sealedrequested server. The ticket is sealed
with the server key.with the server key. creates a session keycreates a session key seals the entire message with the TGSseals the entire message with the TGS
session key and sends it to the client.session key and sends it to the client.
8/9/2019 Kerberos_Network Authentication Protocol
25/27
Client accesses ServerClient accesses Server
The client now decrypts theThe client now decrypts the TGSTGSresponse using the TGS session key.response using the TGS session key.
The client now has a session key forThe client now has a session key for
use with the new server, and a ticket touse with the new server, and a ticket touse with that server.use with that server.
The client can contact the new serverThe client can contact the new serverusing the same format used to accessusing the same format used to accessthethe TGSTGS..
8/9/2019 Kerberos_Network Authentication Protocol
26/27
Kerberos SummaryKerberos Summary
Every service request needs a ticket.Every service request needs a ticket. Tickets come from the TGS (except theTickets come from the TGS (except the
ticket for the TGS!).ticket for the TGS!).
Workstations cannot understandWorkstations cannot understandtickets, they are encrypted using thetickets, they are encrypted using theserver key.server key.
Every ticket has an associated sessionEvery ticket has an associated sessionkey.key. Tickets are reusableTickets are reusable..
8/9/2019 Kerberos_Network Authentication Protocol
27/27
Kerberos Summary (cont.)Kerberos Summary (cont.)
Tickets have a finite lifetime.Tickets have a finite lifetime. Authenticators are only used once (newAuthenticators are only used once (new
connection to a server).connection to a server).
Authenticators expire fast !Authenticators expire fast ! Server maintains list of authenticatorsServer maintains list of authenticators
(prevent stolen authenticators).(prevent stolen authenticators).
There is a lot more to Kerberos!!!There is a lot more to Kerberos!!!