Presentation is loading. Please wait.

Presentation is loading. Please wait.

A less formal view of the Kerberos protocol J.-F. Pâris.

Similar presentations


Presentation on theme: "A less formal view of the Kerberos protocol J.-F. Pâris."— Presentation transcript:

1 A less formal view of the Kerberos protocol J.-F. Pâris

2 Dramatis personae The client logged on a workstation The client logged on a workstation The Kerberos server The Kerberos server The Ticket Granting Service The Ticket Granting Service A server s the client wants to access A server s the client wants to access

3 The three acts Talk to Kerberos and get a reply Talk to Kerberos and get a reply Talk to TGS and get a reply Talk to TGS and get a reply Talk to server s Talk to server s

4 Act One WS K S TGS Ticket granting service KerberosServer Client c on workstation WS 1

5 Act One Client sends to Kerberos a message Client sends to Kerberos a message Hello! Hello! I am client c I am client c I want a ticket for TGS I want a ticket for TGS

6 Act One WS K S TGS Ticket granting service KerberosServer Client c on workstation WS 2 1

7 Act One Kerberos replies Kerberos replies Here are the ticket and an encrypted session password Kc,tgs Here are the ticket and an encrypted session password Kc,tgs

8 What if the client lied to Kerberos? He still gets the ticket but this ticket is worthless He still gets the ticket but this ticket is worthless Why? Why?

9 What guarantees ticket integrity?

10 How is Kc,tgs encrypted?

11 How is Kc,tgs passed to the TGS?

12 How long is the ticket valid?

13 Why? Kerberos cannot revoke individual tickets Kerberos cannot revoke individual tickets It can only revoke all tickets It can only revoke all tickets

14 Act Two WS K S TGS Ticket granting service KerberosServer Client c on workstation WS 2 1 3

15 Act Two Client sends to TGS Client sends to TGS A request for server s A request for server s The ticket he/she got from Kerberos The ticket he/she got from Kerberos An authenticator encrypted with Kc,tgs and stating An authenticator encrypted with Kc,tgs and stating Who sent the ticket Who sent the ticket From which address From which address At which time At which time

16 Act Two TGS TGS Decrypts ticket using its Ktgs key Decrypts ticket using its Ktgs key Checks that ticket is valid Checks that ticket is valid Extracts session key Kc,tgs from ticket Extracts session key Kc,tgs from ticket Checks that ticket is not a duplicate by looking at timestamp inside authenticator Checks that ticket is not a duplicate by looking at timestamp inside authenticator

17 Detecting duplicates TGS will reject all tickets accompanied with authenticators whose timestamps are TGS will reject all tickets accompanied with authenticators whose timestamps are Too old Too old Same as the timestamp of a recently sent authenticator Same as the timestamp of a recently sent authenticator

18 Act Two WS K S TGS Ticket granting service KerberosServer Client c on workstation WS

19 Act Two TGS replies TGS replies Here is the ticket for server s and an encrypted session password Kc,s Here is the ticket for server s and an encrypted session password Kc,s

20 What guarantees ticket integrity?

21 How is Kc,s encrypted?

22 How is Kc,s passed to server s?

23 How long is the ticket valid? For a limited time as all ticket should For a limited time as all ticket should

24 Act Three WS K S TGS Ticket granting service KerberosServer Client c on workstation WS

25 Act Three Client sends to server s Client sends to server s The ticket he/she got from the TGS The ticket he/she got from the TGS An authenticator encrypted with Kc,s and stating An authenticator encrypted with Kc,s and stating Who sent the ticket Who sent the ticket From which address From which address At which time At which time

26 Act Three Server s processes ticket and authenticator as TGS did in act two Server s processes ticket and authenticator as TGS did in act two

27 Act Three WS K S TGS Ticket granting service KerberosServer Client c on workstation WS

28 Act Three If mutual authentication is needed, server s sends to client If mutual authentication is needed, server s sends to client Authenticator it received from c with Authenticator it received from c with Timestamp incremented by one Timestamp incremented by one

29 Why? It proves to the client that s can decrypt the authenticator It proves to the client that s can decrypt the authenticator Requires being able to decrypt the ticket issued by TGS Requires being able to decrypt the ticket issued by TGS Requires knowledge of server key Ks Requires knowledge of server key Ks


Download ppt "A less formal view of the Kerberos protocol J.-F. Pâris."

Similar presentations


Ads by Google