Network Security – Kerberos
INTRODUCTION Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Authentication is the process of verifying whether the client is genuine or not. It is widely used in Internet to prevent corruption of files and to provide safe networking
encrypted database. CLIENT TRUSTED THIRD PARTY KDC ENCRYPTION DECRYPTION SERVER The Kerberos keeps a database of its clients and their private keys. The private key is a large number known only to Kerberos and the client it belongs to. In the case that the client is a user, it is an encrypted password.
FOCUS IN DEPTH KERBEROS Kerberos is a trusted third-party authentication service. It is trusted in the sense that each of its clients believes Kerberos’ judgment as to the identity of each of its other clients to be accurate. Timestamps have been added to make the authentication and detection of replay. Replay is something that occurs when a message is stolen from the network and resent later.
CREDENTIALS There are two types of credentials used in the Kerberos authentication model: tickets and authenticators. The ticket is used to securely pass the identity of the person to the end server. When single server and single client are involved, the ticket contains the name of the server, the name of the client, the internet address of the client, timestamp, lifetime and a random session key. This information is actually encrypted using the key of the server. After the ticket is issued, the client may use it many times to gain access to the server until the ticket is expired. The ticket is actually encrypted by the end server. So it is safe for the client to pass it on to the server
KERBEROS’ SOFTWARE COMPONENTS DATA ENCRYPTION AND DECRYPTION In Kerberos the encryption is based on the Data Encryption Standard (DES). Several encryption methods are provided with balance between speed and security. It is responsible to change the data to cipher text and is an independent module
DATABASE MANAGEMENT SYSTEM WS: Work station It has a record for each principal containing the name, private key, expiration date of the principal and additional information for that principal. Sensitive information like passwords should be handled carefully using high security measures.
ADMINISTRATIVE DATABASE This takes care of the administrative requests from the user. The user may wish to change his password. Or there may be a new principal. This cannot be done in slave machines. This will be done in the administrative module maintained by the master.
THE WORKING OF KERBEROS Kerberos maintains a database of its clients and their corresponding private key. The private key is known only to the Kerberos and the client. If the client is a user then the private key will be an encrypted password. Since the private key is known only to the Kerberos, it convinces its clients that the message is truly from the other
Authentication on the sender. Authentication for all incoming messages. Creating private message i.e., encrypting the message.
APPLICATION OF KERBEROS IN WINDOWS 2000 Windows 2000 will have a Kerberos client installed with extensions that permit initial authentication using public key certificates. The windows 2000 implementation of Kerberos (MIT KERBEROS V5) encryption based on RC-4 algorithm and using a MD5 HMAC. This is of 128 bit key length and provides an alternative to the existing DES (Data Encryption Standard) based encryption
OUR VIEW ON ENHANCING KERBEROS The conversion of the data to cipher text involves data encryption module. We presume that the conversion should follow different and complicated techniques thereby making it difficult for the hackers to work on it. The password generated should be highly random and non-sequential. So that it is highly securitized.
CONCLUSION Network security is a vast ocean and only a drop of it has been dealt with. Security is not a static thing; it is a continually evolving process. To obtain true security, constant vigilance is to be maintained. Kerberos can keep network resources from being exploited by hackers. Kerberos represents a big advance in network authentication techniques, and continues to be the most widely used single-sign on system. . Passwords remain the Achilles heal for Kerberos users.