KERBEROS LtCdr Samit Mehra (05IT 6018)

What is Kerberos? Motivation Why Kerberos? Firewall Vs Kerberos Kerberos assumptions How does Kerberos work? Weakness and solutions Conclusion

WHAT IS KERBEROS? NETWORK AUTHENTICATION PROTOCOL DEVELOPED AT MIT IN THE MID 1980s AVAILABLE AS OPEN SOURCE OR IN SUPPORTED COMMERCIAL SOFTWARE REQUIRES THAT EACH CLIENT (EACH REQUEST FOR SERVICE) PROVE IT’S IDENTITY. DOES NOT REQUIRE USER TO ENTER PASSWORD EVERY TIME A SERVICE IS REQUESTED!

WHAT IS KERBEROS? Contd AUTHENTICATION SERVICE FOR INTERACTIVE SERVICES LIKE TELNET,FTP etc. HERE USER PROMPTED FOR PASSWORD AND MUST LOGIN IN REAL TIME SYMMETRIC KEY ENCRYPTION USED IT IS FAST AND ALLOWS REAL TIME AUTHENTICATION

MOTIVATION WITHOUT KNOWLEDGE OF IDENTITY OF PERSON REQUESTING AN OPERATION DIFFICULT TO DECIDE IF IT SHOULD BE ALLOWED. TRADITIONAL AUTHENTICATION METHODS ARE NOT SUITABLE FOR USE IN COMPUTER NETWORKS WHERE ATTACKERS CAN MONITOR NETWORK TRAFFIC AND INTERCEPT PASSWORDS. USE OF STRONG AUTHENTICATION METHODS IS IMPERATIVE.

MOTIVATION IN A COMMON DISTRIBUTED ARCHIETECTURE THREE APPROACHES TO SECURITY ENVISAGED: RELY ON INDIVIDUAL CLIENT WORK STATIONS TO ASSURE IDENTITY OF USER. REQUIRE CLIENT SYSTEMS TO AUTHENTICATE THEMSELVES TO SERVERS. REQUIRE USER TO PROVE IDENTITY FOR EACH SERVICE INVOKED.

MOTIVATION IN A CLOSED ENVIRONMENT WHERE ALL SYSTEMS OWNED AND OPERATED BY SINGLE ORGANISATION FIRST OR SECOND APPROACH MAY SUFFICE. BUT IN AN OPEN ENVIRONMENT THIRD APPROACH (SUPPORTED BY KERBEROS) NEEDED TO PROTECT USER INFORMATION AND RESOURCES HOUSED ON SERVER.

WHY KERBEROS? AUTHENTICATION IS A KEY FEATURE IN A MULTI USER ENVIRONMENT. SENDING USERNAMES AND PASSWORDS IN THE CLEAR JEOPARDIZES THE SECURITY OF THE NETWORK. EACH TIME A PASSWORD IS SENT IN THE CLEAR, THERE IS A CHANCE FOR INTERCEPTION.

FIREWALL Vs KERBEROS FIREWALLS MAKE A RISKY ASSUMPTION: THAT ATTACKERS ARE COMING FROM THE OUTSIDE. IN REALITY, ATTACKS FREQUENTLY COME FROM WITHIN. KERBEROS ASSUMES THAT NETWORK CONNECTIONS (RATHER THAN SERVERS AND WORK STATIONS) ARE THE WEAK LINK IN NETWORK SECURITY.

KERBEROS ASSUMPTIONS THE USER WONT USE SIMPLE PASSWORDS LIKE HIS OWN USER NAME ETC… WHICH CAN BE EASILY BROKEN BY A PASSWORD CRACKER …IN FACT NO AUTHENTICATION MECHANISM TILL DATE CAN COPE FOR PASSWORD GUESSING. THE WORKSTATIONS OR MACHINES ARE MORE OR LESS SECURE I.E. THERE IS NO WAY FOR AN ATTACKER TO INTERCEPT COMMUNICATION BETWEEN A USER AND A CLIENT (USER PROCESS).

KERBEROS DESIGN USER MUST IDENTIFY HIMSELF ONCE AT THE BEGINNING OF A WORKSTATION SESSION (LOGIN SESSION). PASSWORDS ARE NEVER SENT ACROSS THE NETWORK IN CLEARTEXT (OR STORED IN MEMORY)

KERBEROS DESIGN (CONT.) EVERY USER HAS A PASSWORD. EVERY SERVICE HAS A PASSWORD. THE ONLY ENTITY THAT KNOWS ALL THE PASSWORDS IS THE AUTHENTICATION SERVER.

Server Server Server Server Workstation Ticket Granting Server Server Server Kerberos Database Workstation Authentication Server Kerberos Key Distribution Service

SECRET KEY CRYPTOGRAPHY THE ENCRYPTION USED BY KERBEROS IMPLEMENTATIONS IS DES, ALTHOUGH KERBEROS V5 ALLOWS OTHER ALGORITHMS CAN BE USED. ENCRYPTION PLAINTEXT CIPHERTEXT KEY CIPHERTEXT PLAINTEXT DECRYPTION

HOW DOES KERBEROS WORK? INSTEAD OF CLIENT SENDING PASSWORD TO APPLICATION SERVER: REQUEST TICKET FROM AUTHENTICATION SERVER TICKET AND ENCRYPTED REQUEST SENT TO APPLICATION SERVER HOW TO REQUEST TICKETS WITHOUT REPEATEDLY SENDING CREDENTIALS? TICKET GRANTING TICKET (TGT)

AUTHENTICATION SERVER THE CLIENT SENDS A PLAINTEXT REQUEST TO THE AS ASKING FOR A TICKET IT CAN USE TO TALK TO THE TGS. REQUEST: LOGIN NAME TGS NAME SINCE THIS REQUEST CONTAINS ONLY WELL-KNOWN NAMES, IT DOES NOT NEED TO BE SEALED.

AUTHENTICATION SERVER THE AS FINDS THE KEYS CORRESPONDING TO THE LOGIN NAME AND THE TGS NAME. THE AS CREATES A TICKET: LOGIN NAME TGS NAME CLIENT NETWORK ADDRESS TGS SESSION KEY THE AS SEALS THE TICKET WITH THE TGS SECRET KEY.

AUTHENTICATION SERVER RESPONSE THE AS ALSO CREATES A RANDOM SESSION KEY FOR THE CLIENT AND THE TGS TO USE. THE SESSION KEY AND THE SEALED TICKET ARE SEALED WITH THE USER (LOGIN NAME) SECRET KEY. Sealed with TGS key Ticket: login name TGS name net address TGS session key TGS session key Sealed with user key

ACCESSING THE TGS THE CLIENT DECRYPTS THE MESSAGE USING THE USER’S PASSWORD AS THE SECRET KEY. THE CLIENT NOW HAS A SESSION KEY AND TICKET THAT CAN BE USED TO CONTACT THE TGS. THE CLIENT CANNOT SEE INSIDE THE TICKET, SINCE THE CLIENT DOES NOT KNOW THE TGS SECRET KEY.

TICKET GRANTING TICKETS

ACCESSING A SERVER sealed with TGS key sealed with session key WHEN A CLIENT WANTS TO START USING A SERVER (SERVICE), THE CLIENT MUST FIRST OBTAIN A TICKET. THE CLIENT COMPOSES A REQUEST TO SEND TO THE TGS: sealed with TGS key TGS Ticket Authenticator sealed with session key Server Name

TGS RESPONSE THE TGS DECRYPTS THE TICKET USING IT’S SECRET KEY. INSIDE IS THE TGS SESSION KEY. THE TGS DECRYPTS THE AUTHENTICATOR USING THE SESSION KEY. THE TGS CHECK TO MAKE SURE LOGIN NAMES, CLIENT ADDRESSES AND TGS SERVER NAME ARE ALL OK. TGS MAKES SURE THE AUTHENTICATOR IS RECENT.

TGS RESPONSE ONCE EVERYTHING CHECKS OUT - THE TGS: BUILDS A TICKET FOR THE CLIENT AND REQUESTED SERVER. THE TICKET IS SEALED WITH THE SERVER KEY. CREATES A SESSION KEY SEALS THE ENTIRE MESSAGE WITH THE TGS SESSION KEY AND SENDS IT TO THE CLIENT.

CLIENT ACCESSES SERVER THE CLIENT NOW DECRYPTS THE TGS RESPONSE USING THE TGS SESSION KEY. THE CLIENT NOW HAS A SESSION KEY FOR USE WITH THE NEW SERVER, AND A TICKET TO USE WITH THAT SERVER. THE CLIENT CAN CONTACT THE NEW SERVER USING THE SAME FORMAT USED TO ACCESS THE TGS.

THE APPLICATION SERVER

TICKETS EACH REQUEST FOR A SERVICE REQUIRES A TICKET. A TICKET PROVIDES A SINGLE CLIENT WITH ACCESS TO A SINGLE SERVER.

TICKETS (cont.) TICKETS ARE DISPENSED BY THE “TICKET GRANTING SERVER” (TGS), WHICH HAS KNOWLEDGE OF ALL THE ENCRYPTION KEYS. TICKETS ARE MEANINGLESS TO CLIENTS, THEY SIMPLY USE THEM TO GAIN ACCESS TO SERVERS.

TICKETS (cont.) THE TGS SEALS (ENCRYPTS) EACH TICKET WITH THE SECRET ENCRYPTION KEY OF THE SERVER. SEALED TICKETS CAN BE SENT SAFELY OVER A NETWORK - ONLY THE SERVER CAN MAKE SENSE OUT OF IT. EACH TICKET HAS A LIMITED LIFETIME (A FEW HOURS).

TICKET CONTENTS CLIENT NAME (USER LOGIN NAME) SERVER NAME CLIENT HOST NETWORK ADDRESS SESSION KEY FOR CLIENT/SERVER TICKET LIFETIME CREATION TIMESTAMP

SESSION KEY RANDOM NUMBER THAT IS SPECIFIC TO A SESSION. SESSION KEY IS USED TO SEAL CLIENT REQUESTS TO SERVER. SESSION KEY CAN BE USED TO SEAL RESPONSES (APPLICATION SPECIFIC USAGE).

AUTHENTICATORS AUTHENTICATORS PROVE A CLIENT’S IDENTITY. INCLUDES: CLIENT USER NAME. CLIENT NETWORK ADDRESS. TIMESTAMP. AUTHENTICATORS ARE SEALED WITH A SESSION KEY.

RECAP EACH TIME A CLIENT WANTS TO CONTACT A SERVER, IT MUST FIRST ASK THE 3RD PARTY (TGS) FOR A TICKET AND SESSION KEY. IN ORDER TO REQUEST A TICKET FROM THE TGS, THE CLIENT MUST ALREADY HAVE A TG TICKET AND A SESSION KEY FOR COMMUNICATING WITH THE TGS!

THE TICKET GRANTING SERVICE

KERBEROS SUMMARY EVERY SERVICE REQUEST NEEDS A TICKET. TICKETS COME FROM THE TGS (EXCEPT THE TICKET FOR THE TGS!). WORKSTATIONS CANNOT UNDERSTAND TICKETS, THEY ARE ENCRYPTED USING THE SERVER KEY. EVERY TICKET HAS AN ASSOCIATED SESSION KEY. TICKETS ARE REUSABLE.

KERBEROS SUMMARY (cont.) TICKETS HAVE A FINITE LIFETIME. AUTHENTICATORS ARE ONLY USED ONCE (NEW CONNECTION TO A SERVER). AUTHENTICATORS EXPIRE FAST ! SERVER MAINTAINS LIST OF AUTHENTICATORS (PREVENT STOLEN AUTHENTICATORS). THERE IS A LOT MORE TO KERBEROS!!!

WEAKNESSES AND SOLUTIONS IF TGT STOLEN, CAN BE USED TO ACCESS NETWORK SERVICES. ONLY A PROBLEM UNTIL TICKET EXPIRES IN A FEW HOURS. SUBJECT TO DICTIONARY ATTACK. TIMESTAMPS REQUIRE HACKER TO GUESS IN 5 MINUTES. VERY BAD IF AUTHENTICATION SERVER COMPROMISED. PHYSICAL PROTECTION FOR THE SERVER.

YOUR SECURITY IS IN YOUR OWN HANDS….

REFERENCES CRYPTOGRAPHY AND NETWORK SECURITY – WILLIAM STALLINGS THE MORONS GUIDE TO KERBEROS – VERSION 1.2.2 UNDERSTANDING KERBEROS V5 AUTHENTICATION PROTOCOL FABRICE KAH GIAC SECURITY ESSENTIALS CERTIFICATION (GSEC) - NOVEMBER 2003 THE KERBEROS NETWROK AUTHENTICATION SERVICE (V5) – J KOHL, C NEWMAN – 1993 KERBEROS: AN AUTHENTICATION SERVICE FOR COMPUTER NETWORKS B. CLIFFORD NEUMAN AND THEODORE TS'O – 2001 http://www.kerberos.isi.edu/ - THE KERBEROS HOMEPAGE

QUESTIONS??? THANK YOU….