Kerberos Guilin Wang School of Computer Science 03 Dec. 2007.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Advertisements

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
The Authentication Service ‘Kerberos’ and It’s Limitations
A less formal view of the Kerberos protocol J.-F. Pâris.
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications
NETWORK SECURITY.
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
Key Agreement Guilin Wang School of Computer Science 12 Nov
Chapter 21 Distributed System Security Copyright © 2008.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.
Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
KERBEROS SYSTEM Kumar Madugula.
1 Example security systems n Kerberos n Secure shell.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.
Cryptography and Network Security
CSCE 715: Network Systems Security
Authentication Applications
Authentication Protocol
CSCE 715: Network Systems Security
Kerberos Part of project Athena (MIT).
Authentication Applications
Presentation transcript:

Kerberos Guilin Wang School of Computer Science 03 Dec. 2007

Outline ■ Password-based key agreement protocols (Continuing our last lecture). ■ Kerberos authentication protocol.

0. Password-based Protocols ■ In the NS protocol, both parties need to share long- term secrets with the server. For humans, long secret keys are not easy to memorize. ■ One naïve approach is to set long-term secrets as passwords. ■ For example, let K bs =P bs, a password shared btw B and S in the NS protocol.

0. Password-based Protocols ■ However, this approach suffers off-line dictionary attack. ■ That is, an attacker can try each possible P’ to decrypt E P-bs (K, A). If P’ is likely the correct password.

0. Password-based Protocols ■ Off-line dictionary attack works since passwords are short strings with low entropy. ■ Countermeasures: - Enhance the strength of passwords by requiring certain length, format, and randomness. - Combine the password with a security token.

0. Password-based Protocols The following Encrypted Key Exchange (EKE) protocol can resist the off-line dictionary attack: ■ PK is an ephemeral public key generated by A. ■ B transfers K to A by using double encryptions. ■ Why EKE protocol is immune to the off-line dictionary attack?

1. Authentication & Key Exchange ■ The purpose of entity authentication is to prevent impersonation attack. ■ Authentication is important in key exchange. E.g, the DH protocol suffers the MITM attack. ■ Actually, key exchange techniques can also be used to realize authentication. Kerberos is such an example. ■ In the literature, the differences btw authentication and key exchange are not very clear sometimes.

1. Authentication & Key Exchange ■ Key exchange usually requires authentication. Otherwise, you are not sure with whom you are agreeing on a session key. ■ However, authentication does not necessarily involve key exchange. ■ For example, a successful authentication can enable a client to enjoy a service without encryption.

2. Kerberos: What is it? ■ In Greek mythology, Kerberos is the guardian of Hades, a dog with three heads. ■ In security community, Kerberos denotes the distributed authentication protocol developed from MIT's project Athena in 1980s.

2. Kerberos: What is it? ■ Kerberos has been widely accepted in industry. ■ Kerberos has been integrated into Windows and many many versions of Unix systems. ■ Full specification of Kerberos Version 5 is given by a draft Internet Standard RFC ■ Free source codes for different releases of Kerberos are available at the Kerberos website:

2. Kerberos: Motivations In this scenario of distributed networks, there exist at least three threats: ■ User impersonation: A dishonest user may pretend to be another user from the same workstation. ■ Network address impersonation: A dishonest user can changes the network address of his/her workstation to impersonate another workstation. ■ Eavesdropping, replay attack, and so on. Attackers may try their best to access network service by mounting different attacks.

2.1 Kerberos: Basic Ideas Kerberos uses symmetric mechanisms to realize entity authentication and key exchange. Basically, Kerberos uses two kinds of credentials: ■ Tickets: Issued by a trusted administration server that shows who is granted to access a specific service. ■ Authenticators: Used to prove the identity of a communicating client.

2.1 Kerberos: Basic Ideas This is similar to the following immigration policy, which allows a foreigner to enter a country: ■ Visa (=tickets in Kerberos): Specifies who is allowed to entry this country for how many days. ■ Passport (=Authenticators in Kerberos): Shows your identity, i.e., who are you.

2.1 Kerberos: Basic Ideas In Kerberos system, there are three kinds of servers: ■ Kerberos authentication server (AS): A centralized trusted authentication server for the whole system, who issues long lifetime tickets. ■ Ticket-granting servers (TGS): Issue short lifetime tickets. ■ Service server S: Provide different service.

2.1 Kerberos: Basic Ideas

2.2 The Protocol Kerberos (Version 5) can be divided into three procedures from the view point of a client: ■ obtaining ticket-granting ticket, ■ obtaining service ticket, and ■ obtaining a concrete service. We now discuss the details.

2.2 The Protocol

Here: ■ K_c is derived from the client’s password, which is shared with the AS. ■ K_tgs is a secret key shared btw the AS and the TGS. ■ K_1 is session key that enables the client to authenticate itself to the TGS server.

2.2 The Protocol Here: ■ A1 is an authenticator using K1. ■ K2 is a session key that enables the client to authenticate itself to the server S. ■ Ks is a secret key shared btw the TGS and a server S.

2.2 The Protocol Here: ■ A1 is an authenticator using K2. ■ K3 is a session key for coming secure communications. ■ The server S authenticates itself to the client in step 6.

2.3 Kerberos: Its Limitations ■ Single Failure Problem: If the AS is down, no user can access any resources. So Kerberos is prone to denial-of-service (DoS) attacks. - Duplicated AS? Possible, but not easy to maintain. ■ Clock Synchronization is needed, since timestamps are used. Reasonable time interval for clock skew? - Too short: Rejecting many valid requests. - Too long: Suffering replay attack.

2.3 Kerberos: Its Limitations ■ Limited Scalability: Usually, the AS can support with hundreds of thousands users. Suitable for a university but not for the Internet, where PKIs with digital certificates are better. ■ Off-line Password Attacks: Kerberos is vulnerable to this kind of attacks since a message is encrypted with a key derived from the client's password.

3. Summary ■ Introduced off-line dictionary attack. ■ Briefly discussed the relation btw entity authentication and key exchange. ■ Reviewed a practice-oriented authentication protocol: Kerberos. - Basic ideas - Technical mechanisms - Limitations

Questions and Comments?