1. 1 Kerberos Revised: June 21, 2006, Version 2 Team 2 Members John Casarella Dave Fronckowiak Larry Immohr Linda Liu Sandy Westcott

2. 2 Kerberos

3. 3 Computer Network Authentication Protocol developed by MIT Individuals communicating over an unsecured network can prove their identity to one another in a secure manner Prevents eavesdropping or replay attacks Ensures data integrity

4. 4 Kerberos Provides mutual authentication Both the user and the service verify each other's identity Relies on secret keys for its authentication Encryption keys are created using a pseudo- random number generator

5. 5 Kerberos Requires a Trusted Third Party consisting of: An Authentication Server A Ticket Granting Server Kerberos works on the basis of "tickets" which serve to prove the identity of users

6. 6 Kerberos Kerberos Encryption User's encryption key is derived from their password Uses the data encryption standard Symmetric cryptography The Kerberos Ticket Ticket Granting Server

7. 7 Kerberos Key Elements A = user requesting the service B = the service requested TGS = Ticket Granting Server issues proof of identity tickets AS = Authentication Server verifies users during login S = session key t = timestamp K = key (encryption, decryption)

8. 8 Kerberos schematic Figure 1 – The Kerberos Operational Schematic [A. Tannebaum. Computer Networks, 4th Ed, p.797]

9. 9 Kerberos Login Alice logs into a computer workstation Workstation forwards the network ID to the Authentication Server (AS) unencrypted AS sends a message which is encrypted with Alices key K(A) Contains a session key K(S) and a ticket for the TGS

10. 10 Ticket Granting Alice sends the following to the TGS: Ticket received from the AS Name of server she wishes to access (Bob) Timestamp which has been encrypted with K(S) The TGS returns two tickets to Alice Each key has the session key K(AB) which allows Alice and Bob to communicate

11. 11 User – Client Session Alice sends Bobs ticket together with an time- stamp encrypted with K(AB) to Bob Bob confirms receipt by adding 1 to the time- stamp, which is encrypted with K(AB) and sent to Alice Alice and Bob can now freely conduct transaction using K(AB) as the symmetric shared key

12. 12 Obtaining additional tickets Kerberos caches tickets and encryption keys (collectively called credentials) Have a limited life Allows a user to obtain tickets and encryption keys without requiring the re-entry of the user's password

13. 13 Cross-Realm Authentication Kerberos does not scale very well Realm Subset of the users and servers registered with a particular authentication server Cross-realm authentication Allows a user to prove their identity to a server registered in a different realm

14. 14 Limitations of Kerberos Not effective against password guessing attacks Kerberos requires a trusted path

15. 15 The Future of Kerberos Addition of public-key support

16. 16 References [1] S. M. Bellovin and M. Merritt. Limitations of the Kerberos Authentication System. Computer Communication Review, 20(5):119-132, October 1990. Despite all of Kerbeross many strengths, the authors present the limitations and shows that it has some weaknesses. They show some of these are due to the specifics of the MIT environment, while others represent deficiencies in the protocol design. A number of problems are presented, along with possible solutions. Overall, the article was very valuable in presenting additional background material in addition to addressing Kerbeross shortcomings. [2] J. T. Kohl and B. C. Neuman. The Kerberos network authentication service. Internet RFC 1510, September 1993. texttext This document gives an overview and specification of Version 5 of the protocol for the Kerberos network authentication system. This RFC describes the concepts and model upon which the Kerberos network authentication system is based. This is a primary reference, providing a detail explanation of Kerberos and how it functions.

17. 17 References [3] J. T. Kohl, B. C. Neuman, and T. Y. T'so. The evolution of the Kerberos authentication system. In Distributed Open Systems, pages 78-94. IEEE Computer Society Press, 1994. text text The Kerberos Authentication Service has been widely adopted by other organizations to identify clients of network services across an insecure network and to protect the privacy and integrity of communication with those services; extensions were needed to allow its wider application in environments with different characteristics than that at MIT. This paper discusses some of the limitations of Version 4 of Kerberos and presents the solutions provided by Version 5. This is used as a primary reference to gain a better understanding of Kerberos. [4] MIT Kerberos Web Site. MIT.MIT This MIT website covers what Kerberos is, security releases, downloads documentation and contact information about the Kerberos protocol. This is where you would go to obtain the source for use in a network environment. Good general information about Kerberos and detailed implementation information.

18. 18 References [5] R. M. Needham and M. D. Schroeder. Using encryption for authentication in large networks of computers. Communication of the ACM, 21(12):993-999, December 1978. This article discusses the use of encryption to achieve authenticated communication in computer networks. It presents example protocols for the establishment of authenticated connections, for management of authenticated mail and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are presented. This article is referenced by the majority of the other articles and websites; it provides the background into the basis of Kerberos. [6] B. C. Neuman and Theodore Tso. Kerberos: An Authentication Service for Computer Networks. IEEE Communications, 32(9):33-38. September 1994. htmlhtml This article discusses the use of authentication based on cryptography and that an attacker listening to the network will gain no information which would enable it to falsely claims another's identity. It contends that password based authentication is not suitable for use on computer networks; that passwords sent across the network can be intercepted and subsequently used by eavesdroppers to impersonate the user. It presents Kerberos as the most commonly used example of this type of authentication technology. This provided the starting point in the research in learning about Kerberos.

19. 19 References [7] J. G. Steiner, B. C. Neuman, and J. I. Schiller. Kerberos: An authentication service for Open Network Systems. In Proceedings of the Winter 1988 Usenix Conference, pages 191-201, February 1988. texttext In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. This paper gives an overview of the Kerberos authentication model as implemented for MIT's Project Athena. It describes the protocols used by clients, servers, and Kerberos to achieve authentication. It also describes the management and replication of the database required. The views of Kerberos as seen by the user, programmer, and administrator are described. This was an important primary reference. [8] Andrew S. Tannebaum. Computer Networks, 4th Ed. Prentice-Hall PTR, Upper Saddle River, NJ 07458. 2003. Although this is a text book which introduces networks and networking concepts, it provided a very succinct explanation of how a Kerberos ticket is requested, obtained and used. The book also provided a nice graphic which was used as a pictorial reference. An importance reference for this presentation. [9] Brian Tung. The Moron's Guide to Kerberos. HtmlHtml This is a brief guide to Kerberos: what it's for, how it works, how to use it. This reference provided minimal new or additional information. It was of minimal use.