Download presentation
Presentation is loading. Please wait.
Published byHarry Timbs Modified over 10 years ago
1
1 Kerberos Anita Jones November, 2006
2
2 Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted –Users wish to access services on servers –Need to restrict access to authorized users –Need to authenticate requests for service * Greek mythology – many headed dog who guards the entrance to Hades * Implemented at MIT as part of Project Athena
3
3 Kerberos : Objective Provide authentication service Provide authentication service –Clients to servers –Servers to clients
4
4 Kerberos: Strategy What NOT to do: What NOT to do: –Does not rely on workstation OS to assure identity of clients/users –Does not rely on server to provide stand- alone authentication service –Does not force clients to prove identity over and over –Does not rely on client to determine identity of each service invoked Provide an authentication service Provide an authentication service
5
5 When is authentication useful? –Once per creation of new user Once per user logon session Once per user logon session Once per type of service Once per type of service Once per service session Once per service session –Once per service request Kerberos provides the middle three services
6
6 Kerberos: Strategy Knows about the existence of users and servers Knows about the existence of users and servers –Shares (different) symmetric key with each More recent versions of Kerberos use public/private keys More recent versions of Kerberos use public/private keys We will not discuss key distribution here We will not discuss key distribution here Uses capabilities – calls them tickets Uses capabilities – calls them tickets –Key property – tickets are unforgeable Passes out tickets on request Passes out tickets on request –Key points – form of the tickets, when they are useful, and where they are useful
7
7 Kerberos: Strategy – more detail Kerberos has a table of Kerberos has a table of –Identity of users & servers –Net address of clients & servers –Current user password Key/password distribution, i.e. initialization & update discussed earlier in course Key/password distribution, i.e. initialization & update discussed earlier in course Uses DES for encryption Uses DES for encryption Kerberos provides a Ticket granting server (tgs). Tickets that it creates must be Kerberos provides a Ticket granting server (tgs). Tickets that it creates must be –Unforgeable –Non-replayable –Authenticated
8
8 Assumption – key sharing Kerberos composed of AS plus TGS Kerberos composed of AS plus TGS AS (authentication server) shares a secret key with each user AS (authentication server) shares a secret key with each user –Typically called ID C – C is the client machine TGS (ticket granting server) TGS (ticket granting server) –TGS shares secret key with each known server –Server machine and server software notated as the same Each user and service share a secret key Each user and service share a secret key
9
9 Three authentication services Transactions: Transactions: –Authenticate user – client machine talks to AS (authentication service) when user logs on User receives authentication ticket (ticket-granting ticket) User receives authentication ticket (ticket-granting ticket) –Get ticket to use a server – client machine talks to TGS when user first wants to use a particular service User receives a service-granting ticket User receives a service-granting ticket –Service session – client workstation proffers ticket to server that is good for the session User may require server to authenticate self to user User may require server to authenticate self to user
10
10 Protocol 1 – get ticket-granting ticket simple illustration Once per client logon session: Once per client logon session: 1 C AS: ID C, ID tgs 2 AS C: E KC [ ticket tgs ] Notes: comma indicates concatenation AS is authentication service of Kerberos ID C – name of the user on client C ID tgs – client C is asking for TGS service from Kerberos E KC is encryption with key derived from Cs password ticket tgs – ticket C uses to get service from TGS
11
11 Ticket (ticket-granting ticket) from TGS ticket tgs = E Ktgs [ ID C, AD C, ID tgs, Time 1, Lifetime 1 ] Notes: E Ktgs – key known only to AS and TGS ID C – identity of client C AD C – network address of C Time 1 – TGS-created time stamp Lifetime 1 – ticket lifetime
12
12 Protl 2 – get service-granting ticket simple illustration Get service-granting ticket – at first request for a particular service Get service-granting ticket – at first request for a particular service 1 C TGS: ID C, ID v, ticket tgs 2 TGS C: ticket v Notes: ticket V is ticket that server V will accept as valid TGS knows whether ID C is allowed to use service V ticket V has same form as ticket tgs
13
13 Ticket (service V) from TGS ticket V = E KVTGS [ ID C, AD C, ID V, Time 2, Lifetime 2 ] Notes: E KVtgs – key known only to TGS and V ID C – identity of user on client C AD C – network address of C Time 2 – TGS created time stamp Lifetime 2 – ticket lifetime
14
14 Protocol 3 – to obtain the service simple illustration Once per service session: Once per service session: 1 C V: ID C, ticket V Note: C gives user name & submits ticket for Vs service
15
15 It aint quite that simple It aint quite that simple Tickets are a little more complex Tickets are a little more complex –Time stamps – limit replay of requests for tickets –Ensure clocks of various computers are sufficiently in synch –Tickets have a lifetime validity stamp We have not dealt with users who rove among multiple workstations We have not dealt with users who rove among multiple workstations –Client/user and the clients workstation OS are not the same thing
16
16 Protocol 1 – more complete get ticket-granting ticket Once per client logon session: Once per client logon session: 1 C AS: ID C, ID tgs, Time 1 2 AS C: E KC [K C,tgs, ID tgs, Time 2, Lifetime 2, ticket tgs ] Notes: Time1 is time from Cs clock; AS assures that clocks are sufficiently in synch E KC – encryption with key derived from ID C s password K C,tgs – session key created by TGS; permits secure exchange for AS & ID C for the session
17
17 Full Ticket-granting ticket ticket tgs = E Ktgs [ K C,tgs, ID C, AD C, ID tgs, Time 2, Lifetime 2 ] Notes: E Ktgs – key known only to AS and TGS K C,tgs – session key available to user; permits secure exchange for TGS & C for the session ID C – identifier for user on machine C AD C – network address of machine C Time 2 – time stamp created for this ticket Lifetime 2 – ticket lifetime
18
18 Protl 2 – get service-granting ticket fuller illustration Get service-granting ticket – at first request for a particular service Get service-granting ticket – at first request for a particular service 1 C TGS: ID v, ticket tgs, auth C 2 TGS C: E KC,tgs [K C,V, ID V, Time 4, ticket V ] Note: ticket V – ticket that server will accept as valid and then deliver service K C,V – secure session key that C and server V use auth C – generated by user to validate ticket; encrypted with K C,tgs
19
19 Full service-granting ticket ticket v = E KVtgs [ K C,V, ID C, AD C, ID V, Time 4, Lifetime 4 ] Notes: E KVtgs – key derived from servers password; known only to TGS and V; prevents tampering K C,V – session key available to user; permits secure exchange for V & ID C for the session ID C – identifier of user on C; ditto V AD C – network address of C Time 4 – time stamp created for this ticket Lifetime 4 – ticket lifetime
20
20 Authenticator (auth C ) auth C = E KC,tgs [ ID C, AD C, Time 3 ] Notes: Authenticator created by user to assure TGS that ticket presenter is same as user for whom ticket was issued; intended for one time use; timestamp limits replay K C,tgs – session key available to user; permits secure exchange for TGS &ID C for the session Time 3 – time stamp created for this authenticator
21
21 Protocol 3 – to gain service fuller illustration Once per service session: Once per service session: 1 C V: ticket V, auth C 2 V C: E Kc,v [Time 5 + 1] Note: Step 2 is for server V to authenticate to client C auth C is similar to that in protocol 2; includes Time 5
22
22 Authenticator (auth C ) auth C = E KC,V [ ID C, AD C, Time 5 ] Notes: Authenticator created by user to assure V that ticket presenter is same as user for whom ticket was issued; intended for one time use; timestamp limits replay K C,V – session key available to user and V permits secure session exchange for V & ID C Time 5 – time stamp created for this authenticator
23
23 Kerberos – End
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.