1 / 60

An Introduction to Kerberos

Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003. An Introduction to Kerberos. What this talk is about. A high-level view of how Kerberos works How Kerberos differs from some other authentication systems SSH password auth, SSH public key auth, SSL

artemas
Download Presentation

An Introduction to Kerberos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003 An Introduction to Kerberos

  2. What this talk is about • A high-level view of how Kerberos works • How Kerberos differs from some other authentication systems • SSH password auth, SSH public key auth, SSL • Target audience: • LSPs, computing staff, others?

  3. What this talk is not about • Details of Penn’s Kerberos deployment plans • How to get PennKeys, which Kerberos enabled applications do I need to use • Writing Kerberized applications • In-depth protocol details and packet formats • Number Theory & Cryptography

  4. What is Kerberos? • Developed at M.I.T. • A secret key based service for providing authentication in open networks • Authentication mediated by a trusted 3rd party on the network: • Key Distribution Center (KDC)

  5. Kerberos: etymology • The 3-headed dog that guards the entrance to Hades • Originally, the 3 heads represented the 3 A’s • But one A was work enough!

  6. Fluffy, the 3 headed dog, from“Harry Potter and the Sorcerers Stone”

  7. Some Kerberos benefits • Standards based strong authentication system • Wide support in various operating systems • Make strong authentication readily available for use with campus computer systems • Prevents transmission of passwords over the network • Provides “single-sign-on” capability • Only 1 password to remember • Only need to enter it once per day (typically)

  8. So, what is Authentication? • The act of verifying someone’s identity • The process by which users prove their identity to a service • Doesn’t specify what a user is allowed or not allowed to do (Authorization)

  9. Password based Authentication • Transmit password in clear over the network to the server • Main Problem • Eavesdropping/Interception

  10. Cryptographic Authentication • No password or secret is transferred over the network • Users prove their identity to a service by performing a cryptographic operation,usually on a quantity supplied by the server • Crypto operation based on user’s secret key

  11. Encryption and Decryption • Encryption • Process of scrambling data using a cipher and a key in such a way, that it’s intelligible only to the recipient • Decryption • Process of unscambling encrypted data using a cipher and key (possibly the same key used to encrypt the data)

  12. Symmetric Key Cryptography • Aka, Secret Key cryptography • The same key is used for both encryption and decryption operations (symmetry) • Examples: DES, 3-DES, AES

  13. Asymmetric Key Cryptography • Aka Public key cryptography • A pair of related keys are used: • Public and Private keys • Private key can’t be calculated from Public key • Data encrypted with one can only be decrypted with the other • Usually, a user publishes his public key widely • Others use it to encrypt data intended for the user • User decrypts using the private key (known only to him) • Examples: RSA

  14. Communicating Parties • Alice and Bob • Alice: initiator of the communication • Think of her as the “client” or “user” • Bob: correspondent or 2nd participant • Think of him as the “server” • “Alice” wants to access service “Bob” • Baddies: • Eve, Trudy, Mallory

  15. Simple shared-secret based cryptographic authentication

  16. Add mutual authentication

  17. Problems with this scheme • Poor scaling properties • Generalizing the model for m users and n services, requires a priori distribution of m x n shared keys • Possible improvement: • Use trusted 3rd party, with which each user and service shares a secret key: m + n keys • Also has important security advantages

  18. Mediated Authentication • A trusted third party mediates the authentication process • Called the Key Distribution Center (KDC) • Each user and service shares a secret key with the KDC • KDC generates a session key, and securely distributes it to communicating parties • Communicating parties prove to each other that they know the session key

  19. Mediated Authentication • Nomenclature: • Ka = Master key for “alice”, shared by alice and the KDC • Kab = Session key shared by “alice” and “bob” • Tb = Ticket to use “bob” • K{data} = “data” encrypted with key “K”

  20. Mediated Authentication

  21. Mediated Authentication

  22. Kerberos uses timestamps • Timestamps as nonce’s are used in the mutual authentication phase of the protocol • This reduces the number of total messages in the protocol • But it means that Kerberos requires reasonably synchronized clocks amongst the users of the system

  23. Kerberos (almost)

  24. Kerberos (roughly)

  25. Needham-Schroeder Protocol

  26. Kerberos (detailed) • Each user and service registers a secret key with the KDC • Everyone trusts the KDC • “Put all your eggs in one basket, and then watch that basket very carefully” - Anonymous Mark Twain • The user’s key is derived from a password, by applying a hash function • The service key is a large random number, and stored on the server

  27. Kerberos “principal” • A client of the Kerberos authentication service • A user or a service • Format: • name/instance@REALM • Examples: • peggy@UPENN.EDU • ftp/pobox.upenn.edu@UPENN.EDU

  28. Kerberos without TGS • A simplified description of Kerberos without the concept of a TGS (Ticket Granting Service)

  29. Combining 2 previous diags • …

  30. Review: Kerberos Credentials • Ticket • Allows user to use a service (actually authenticate to it) • Used to securely pass the identity of the user to which the ticket is issued between the KDC and the application server • Kb{“alice”, Kab, lifetime} • Authenticator • Proves that the user presenting the ticket is the user to which the ticket was issued • Proof that user knows the session key • Prevents ticket theft from being useful • Prevents replay attacks (timestamp encrypted with the session key): Kab{timestamp}, in combination with a replay cache on the server

  31. Ticket Granting Service (TGS) • Motivation

  32. Kerberos with TGS • Ticket Granting Service (TGS): • A Kerberos authenticated service, that allows user to obtain tickets for other services • Co-located at the KDC • Ticket Granting Ticket (TGT): • Ticket used to access the TGS and obtain service tickets • Limited-lifetime session key: TGS sessionkey • Shared by user and the TGS • TGT and TGS session-key cached on Alice’s workstation

  33. TGS Benefits • Single Sign-on (SSO) capability • Limits exposure of user’s password • Alice’s workstation can forget the password immediately after using it in the early stages of the protocol • Less data encrypted with the user’s secret key travels over the network, limiting attacker’s access to data that could be used in an offline dictionary attack

  34. Levels of Session Protection • Initial Authentication only • Safe messages: • Authentication of every message • Keyed hashing with session key • Private messages: • + Encryption of every message • With session key, or mutually negotiated subsession keys • Note: Application can choose other methods

  35. Pre-authentication • Kerberos 5 added pre-authentication • Client is required to prove it’s identity to the Kerberos AS in the first step • By supplying an encrypted timestamp (encrypted with users secret key) • This prevents an active attacker being able to easily obtain data from the KDC encrypted with any user’s key • Then able to mount an offline dictionary attack

  36. Kerberos & Two-factor auth • In addition to a secret password, user is required to present a physical item: • A small electronic device: h/w authentication token • Generates non-reusable numeric responses • Called 2-factor authentication, because it requires 2 things: • Something the user knows (password) • Something the user has (hardware token)

  37. Cross Realm Authentication

More Related