An Introduction to Kerberos - PowerPoint PPT Presentation

About This Presentation
Title:

An Introduction to Kerberos

Description:

Title: Presentation: An Introduction to Kerberos Subject: Kerberos Author: Shumon Huque Keywords: Kerberos, Network Security, Authentication Last modified by – PowerPoint PPT presentation

Number of Views:132
Avg rating:3.0/5.0
Slides: 61
Provided by: Shumon8
Category:

less

Transcript and Presenter's Notes

Title: An Introduction to Kerberos


1
An Introduction to Kerberos
  • Shumon Huque
  • ISC Networking Telecommunications
  • University of Pennsylvania
  • March 19th 2003

2
What this talk is about
  • A high-level view of how Kerberos works
  • How Kerberos differs from some other
    authentication systems
  • SSH password auth, SSH public key auth, SSL
  • Target audience
  • LSPs, computing staff, others?

3
What this talk is not about
  • Details of Penns Kerberos deployment plans
  • How to get PennKeys, which Kerberos enabled
    applications do I need to use
  • Writing Kerberized applications
  • In-depth protocol details and packet formats
  • Number Theory Cryptography

4
What is Kerberos?
  • Developed at M.I.T.
  • A secret key based service for providing
    authentication in open networks
  • Authentication mediated by a trusted 3rd party on
    the network
  • Key Distribution Center (KDC)

5
Kerberos etymology
  • The 3-headed dog that guards the entrance to
    Hades
  • Originally, the 3 heads represented the 3 As
  • But one A was work enough!

6
(No Transcript)
7
Fluffy, the 3 headed dog, fromHarry Potter and
the Sorcerers Stone
8
Some Kerberos benefits
  • Standards based strong authentication system
  • Wide support in various operating systems
  • Make strong authentication readily available for
    use with campus computer systems
  • Prevents transmission of passwords over the
    network
  • Provides single-sign-on capability
  • Only 1 password to remember
  • Only need to enter it once per day (typically)

9
So, what is Authentication?
  • The act of verifying someones identity
  • The process by which users prove their identity
    to a service
  • Doesnt specify what a user is allowed or not
    allowed to do (Authorization)

10
Password based Authentication
  • Transmit password in clear over the network to
    the server
  • Main Problem
  • Eavesdropping/Interception

11
Cryptographic Authentication
  • No password or secret is transferred over the
    network
  • Users prove their identity to a service by
    performing a cryptographic operation,usually on a
    quantity supplied by the server
  • Crypto operation based on users secret key

12
Encryption and Decryption
  • Encryption
  • Process of scrambling data using a cipher and a
    key in such a way, that its intelligible only to
    the recipient
  • Decryption
  • Process of unscambling encrypted data using a
    cipher and key (possibly the same key used to
    encrypt the data)

13
Symmetric Key Cryptography
  • Aka, Secret Key cryptography
  • The same key is used for both encryption and
    decryption operations (symmetry)
  • Examples DES, 3-DES, AES

14
Asymmetric Key Cryptography
  • Aka Public key cryptography
  • A pair of related keys are used
  • Public and Private keys
  • Private key cant be calculated from Public key
  • Data encrypted with one can only be decrypted
    with the other
  • Usually, a user publishes his public key widely
  • Others use it to encrypt data intended for the
    user
  • User decrypts using the private key (known only
    to him)
  • Examples RSA

15
Communicating Parties
  • Alice and Bob
  • Alice initiator of the communication
  • Think of her as the client or user
  • Bob correspondent or 2nd participant
  • Think of him as the server
  • Alice wants to access service Bob
  • Baddies
  • Eve, Trudy, Mallory

16
Simple shared-secret based cryptographic
authentication
17
Add mutual authentication
18
Problems with this scheme
  • Poor scaling properties
  • Generalizing the model for m users and n
    services, requires a priori distribution of m x n
    shared keys
  • Possible improvement
  • Use trusted 3rd party, with which each user and
    service shares a secret key m n keys
  • Also has important security advantages

19
Mediated Authentication
  • A trusted third party mediates the authentication
    process
  • Called the Key Distribution Center (KDC)
  • Each user and service shares a secret key with
    the KDC
  • KDC generates a session key, and securely
    distributes it to communicating parties
  • Communicating parties prove to each other that
    they know the session key

20
Mediated Authentication
  • Nomenclature
  • Ka Master key for alice, shared by alice and
    the KDC
  • Kab Session key shared by alice and bob
  • Tb Ticket to use bob
  • Kdata data encrypted with key K

21
(No Transcript)
22
Mediated Authentication
23
Mediated Authentication
24
Kerberos uses timestamps
  • Timestamps as nonces are used in the mutual
    authentication phase of the protocol
  • This reduces the number of total messages in the
    protocol
  • But it means that Kerberos requires reasonably
    synchronized clocks amongst the users of the
    system

25
Kerberos (almost)
26
Kerberos (roughly)
27
Needham-Schroeder Protocol
28
Kerberos (detailed)
  • Each user and service registers a secret key with
    the KDC
  • Everyone trusts the KDC
  • Put all your eggs in one basket, and then watch
    that basket very carefully - Anonymous Mark
    Twain
  • The users key is derived from a password, by
    applying a hash function
  • The service key is a large random number, and
    stored on the server

29
Kerberos principal
  • A client of the Kerberos authentication service
  • A user or a service
  • Format
  • name/instance_at_REALM
  • Examples
  • peggy_at_UPENN.EDU
  • ftp/pobox.upenn.edu_at_UPENN.EDU

30
Kerberos without TGS
  • A simplified description of Kerberos without the
    concept of a TGS (Ticket Granting Service)

31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
Combining 2 previous diags

35
(No Transcript)
36
Review Kerberos Credentials
  • Ticket
  • Allows user to use a service (actually
    authenticate to it)
  • Used to securely pass the identity of the user to
    which the ticket is issued between the KDC and
    the application server
  • Kbalice, Kab, lifetime
  • Authenticator
  • Proves that the user presenting the ticket is the
    user to which the ticket was issued
  • Proof that user knows the session key
  • Prevents ticket theft from being useful
  • Prevents replay attacks (timestamp encrypted with
    the session key) Kabtimestamp, in combination
    with a replay cache on the server

37
Ticket Granting Service (TGS)
  • Motivation

38
(No Transcript)
39
(No Transcript)
40
Kerberos with TGS
  • Ticket Granting Service (TGS)
  • A Kerberos authenticated service, that allows
    user to obtain tickets for other services
  • Co-located at the KDC
  • Ticket Granting Ticket (TGT)
  • Ticket used to access the TGS and obtain service
    tickets
  • Limited-lifetime session key TGS sessionkey
  • Shared by user and the TGS
  • TGT and TGS session-key cached on Alices
    workstation

41
TGS Benefits
  • Single Sign-on (SSO) capability
  • Limits exposure of users password
  • Alices workstation can forget the password
    immediately after using it in the early stages of
    the protocol
  • Less data encrypted with the users secret key
    travels over the network, limiting attackers
    access to data that could be used in an offline
    dictionary attack

42
(No Transcript)
43
(No Transcript)
44
(No Transcript)
45
(No Transcript)
46
Levels of Session Protection
  • Initial Authentication only
  • Safe messages
  • Authentication of every message
  • Keyed hashing with session key
  • Private messages
  • Encryption of every message
  • With session key, or mutually negotiated
    subsession keys
  • Note Application can choose other methods

47
Pre-authentication
  • Kerberos 5 added pre-authentication
  • Client is required to prove its identity to the
    Kerberos AS in the first step
  • By supplying an encrypted timestamp (encrypted
    with users secret key)
  • This prevents an active attacker being able to
    easily obtain data from the KDC encrypted with
    any users key
  • Then able to mount an offline dictionary attack

48
(No Transcript)
49
Kerberos Two-factor auth
  • In addition to a secret password, user is
    required to present a physical item
  • A small electronic device h/w authentication
    token
  • Generates non-reusable numeric responses
  • Called 2-factor authentication, because it
    requires 2 things
  • Something the user knows (password)
  • Something the user has (hardware token)

50
Cross Realm Authentication
51
Hierarchy/Chain of Realms
52
Kerberos and PubKey Crypto
  • Proposed enhancements
  • Public key crypto for Initial Authentication
  • PKINIT
  • Public key crypto for Cross-realm Authentication
  • PKCROSS

53
Kerberos summary
  • Authentication method
  • Users enter password on local machine only
  • Authenticated via central KDC once per day
  • No passwords travel over the network
  • Single Sign-on (via TGS)
  • KDC gives you a special ticket, the TGT,
    usually good for rest of the day
  • TGT can be used to get other service tickets
    allowing user to access them (when presented
    along with authenticators)

54
Advantages of Kerberos (1)
  • Passwords arent exposed to eavesdropping
  • Password is only typed to the local workstation
  • It never travels over the network
  • It is never transmitted to a remote server
  • Password guessing more difficult
  • Single Sign-on
  • More convenient only one password, entered once
  • Users may be less likely to store passwords
  • Stolen tickets hard to reuse
  • Need authenticator as well, which cant be reused
  • Much easier to effectively secure a small set of
    limited access machines (the KDCs)

55
Advantages of Kerberos (2)
  • Easier to recover from host compromises
  • Centralized user account administration

56
Kerberos caveats
  • Kerberos server can impersonate anyone
  • KDC is a single point of failure
  • Can have replicated KDCs
  • KDC could be a performance bottleneck
  • Everyone needs to communicate with it frequently
  • Not a practical concern these days
  • Having multiple KDCs alleviates the problem
  • If local workstation is compromised, users
    password could be stolen by a trojan horse
  • Only use a desktop machine or laptop that you
    trust
  • Use hardware token pre-authentication

57
Kerberos caveats (2)
  • Kerberos vulnerable to password guessing attacks
  • Choose good passwords!
  • Use hardware pre-authentication
  • Hardware tokens, Smart cards etc

58
References
  • Kerberos An Authentication Service for Open
    Network Systems
  • Steiner, Neuman, Schiller, 1988, Winter USENIX
  • Kerberos An Authentication Service for Computer
    Networks
  • Neuman and Tso, IEEE Communications, Sep 1994
  • A Morons guide to Kerberos - Brian Tung
  • http//www.isi.edu/gost/brian/security/kerberos.ht
    ml
  • Designing an Authentication System A Dialogue in
    Four Scenes
  • Bill Bryant, 1988
  • http//web.mit.edu/kerberos/www/dialogue.html

59
References (cont)
  • RFC 1510 The Kerberos Network Authentication
    Service (v5)
  • Kohl and Neuman, September 1993
  • draft-ietf-krb-wg-kerberos-clarifications-03.txt
  • IETF Kerberos Working Group rfc1510 revision
  • Using Encryption for Authentication in Large
    Networks of Computers
  • Roger Needham, Michael D. Schroeder
  • CACM, Volume 21, December 1978, pp 993-999

60
Questions or comments?
  • Shumon Huque
  • E-mail ltshuque_at_isc.upenn.edugt
Write a Comment
User Comments (0)
About PowerShow.com