KERBEROS Miah, Md. Saef Ullah

What Is Kerberos? An authentication Service, designed for using in a distributed networked environment. Developed at MIT in mid 1980s Named after a Greek mythological creature named “Cerberus”, a three headed dog.

Why Kerberos Secure Reliable Transparent Scalable An opponent does not find it to be the weak link Reliable The system should be able to back up another Transparent An user should not be aware of authentication Scalable The system supports large number of clients and severs

Cryptography Approach Private Key: Each party uses the same secret key to encode and decode messages. Uses a trusted third party which can guaranty for the identity of both parties in a transaction. Security of third party is imperative.

How Kerberos Works Instead of client sending password to application server: Request Ticket from authentication server Ticket and encrypted request sent to application server Ticket contains Id of client, Network Address of Client and Id of server and secret encryption key shared by Application server and Authentication server.

How Kerberos Works

How Kerberos works? Ticket Granting Tickets C → AS: IDc || IDtgs || TS1 AS → C: E Kc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs] Tickettgs = E Ktgs[Kc,tgs || IDC || ADC || IDtgs || TS2 || Lifetime2]

How Kerberos Works? The Ticket Granting Service C → TGS: IDS || Tickettgs || AuthenticatorC TGS → C: EKc,tgs[ KC,S || IDS || TS4 || TicketS ] Ticket tgs = EKtgs[ KC,tgs || IDC || ADC || IDtgs || TS2 || Lifetime2 ] Ticket S = EKS [ KC,S || IDC || ADC || IDs || TS4 || Lifetime4 ] Authenticator C = E Kc, tgs[ IDC || ADC || TS3 ]

How Kerberos works? The Application Server C → S: TicketS || AuthenticatorC S → C: EKc,s[ TS5 + 1 ] TicketS = EKs[ KC,S || IDC || ADC || IDs || TS4 || Lifetime4 ] AuthenticatorC = EKc, s[ IDC || ADC || TS5 ]

Multiple Kerberi

Multiple Kerberi (contd..) C -> AS: IDc||IDtgs||TS1 AS -> C: EKc[Kc,tgs||IDtgs||TS2||Lifetime2||Tickettgs] C -> TGS: IDtgsrem||Tickettgs||Authenticatorc TGS -> C: EKc,tgs[Kc,tgsrem||IDtgsrem||TS4||Lifetime2||Tickettgsrem] C -> TGSrem: IDsrem|| Tickettgsrem|| Authenticatorc TGSrem -> C: EKc,tgsrem[Kc,srem||IDsrem||TS6|| Ticketsrem] C -> Srem: Ticket srem|| Authenticatorc

KERBEROS Version 5 versus Version4 Environmental shortcomings of Version 4: Encryption system dependence: DES Internet protocol dependence Ticket lifetime Authentication forwarding Inter-realm authentication Technical deficiencies of Version 4: Double encryption Session Keys Password attack

New Elements in Kerberos Version 5 Realm Indicates realm of the user Options Times From: the desired start time for the ticket Till: the requested expiration time Rtime: requested renew-till time Nonce A random value to assure the response is fresh

Weaknesses and Solutions If TGT stolen, can be used to access network services. Only a problem until ticket expires in a few hours. Subject to dictionary attack. Timestamps require hacker to guess in 5 minutes. Very bad if Authentication Server compromised. Physical protection for the server.

References Cryptography and Network Security by William Stallings http://www.obscure.org/~jafitz/250_p1/k erberos.htm http://en.wikipedia.org/wiki/Kerberos_(p rotocol) www.cs.purdue.edu/homes/bertino/426F all2009