Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kerberos Guilin Wang School of Computer Science 03 Dec. 2007.

Published byValerie Fox Modified over 8 years ago

Similar presentations

Presentation on theme: "Kerberos Guilin Wang School of Computer Science 03 Dec. 2007."— Presentation transcript:

1 Kerberos Guilin Wang School of Computer Science 03 Dec. 2007

2 Outline ■ Password-based key agreement protocols (Continuing our last lecture). ■ Kerberos authentication protocol.

3 0. Password-based Protocols ■ In the NS protocol, both parties need to share long- term secrets with the server. For humans, long secret keys are not easy to memorize. ■ One naïve approach is to set long-term secrets as passwords. ■ For example, let K bs =P bs, a password shared btw B and S in the NS protocol.

4 0. Password-based Protocols ■ However, this approach suffers off-line dictionary attack. ■ That is, an attacker can try each possible P’ to decrypt E P-bs (K, A). If P’ is likely the correct password.

5 0. Password-based Protocols ■ Off-line dictionary attack works since passwords are short strings with low entropy. ■ Countermeasures: - Enhance the strength of passwords by requiring certain length, format, and randomness. - Combine the password with a security token.

6 0. Password-based Protocols The following Encrypted Key Exchange (EKE) protocol can resist the off-line dictionary attack: ■ PK is an ephemeral public key generated by A. ■ B transfers K to A by using double encryptions. ■ Why EKE protocol is immune to the off-line dictionary attack?

7 1. Authentication & Key Exchange ■ The purpose of entity authentication is to prevent impersonation attack. ■ Authentication is important in key exchange. E.g, the DH protocol suffers the MITM attack. ■ Actually, key exchange techniques can also be used to realize authentication. Kerberos is such an example. ■ In the literature, the differences btw authentication and key exchange are not very clear sometimes.

8 1. Authentication & Key Exchange ■ Key exchange usually requires authentication. Otherwise, you are not sure with whom you are agreeing on a session key. ■ However, authentication does not necessarily involve key exchange. ■ For example, a successful authentication can enable a client to enjoy a service without encryption.

9 2. Kerberos: What is it? ■ In Greek mythology, Kerberos is the guardian of Hades, a dog with three heads. ■ In security community, Kerberos denotes the distributed authentication protocol developed from MIT's project Athena in 1980s.

10 2. Kerberos: What is it? ■ Kerberos has been widely accepted in industry. ■ Kerberos has been integrated into Windows and many many versions of Unix systems. ■ Full specification of Kerberos Version 5 is given by a draft Internet Standard RFC 1510. ■ Free source codes for different releases of Kerberos are available at the Kerberos website: http://web.mit.edu/Kerberos/

11 2. Kerberos: Motivations In this scenario of distributed networks, there exist at least three threats: ■ User impersonation: A dishonest user may pretend to be another user from the same workstation. ■ Network address impersonation: A dishonest user can changes the network address of his/her workstation to impersonate another workstation. ■ Eavesdropping, replay attack, and so on. Attackers may try their best to access network service by mounting different attacks.

12 2.1 Kerberos: Basic Ideas Kerberos uses symmetric mechanisms to realize entity authentication and key exchange. Basically, Kerberos uses two kinds of credentials: ■ Tickets: Issued by a trusted administration server that shows who is granted to access a specific service. ■ Authenticators: Used to prove the identity of a communicating client.

13 2.1 Kerberos: Basic Ideas This is similar to the following immigration policy, which allows a foreigner to enter a country: ■ Visa (=tickets in Kerberos): Specifies who is allowed to entry this country for how many days. ■ Passport (=Authenticators in Kerberos): Shows your identity, i.e., who are you.

14 2.1 Kerberos: Basic Ideas In Kerberos system, there are three kinds of servers: ■ Kerberos authentication server (AS): A centralized trusted authentication server for the whole system, who issues long lifetime tickets. ■ Ticket-granting servers (TGS): Issue short lifetime tickets. ■ Service server S: Provide different service.

15 2.1 Kerberos: Basic Ideas

16 2.2 The Protocol Kerberos (Version 5) can be divided into three procedures from the view point of a client: ■ obtaining ticket-granting ticket, ■ obtaining service ticket, and ■ obtaining a concrete service. We now discuss the details.

17 2.2 The Protocol

18 Here: ■ K_c is derived from the client’s password, which is shared with the AS. ■ K_tgs is a secret key shared btw the AS and the TGS. ■ K_1 is session key that enables the client to authenticate itself to the TGS server.

19 2.2 The Protocol Here: ■ A1 is an authenticator using K1. ■ K2 is a session key that enables the client to authenticate itself to the server S. ■ Ks is a secret key shared btw the TGS and a server S.

20 2.2 The Protocol Here: ■ A1 is an authenticator using K2. ■ K3 is a session key for coming secure communications. ■ The server S authenticates itself to the client in step 6.

21 2.3 Kerberos: Its Limitations ■ Single Failure Problem: If the AS is down, no user can access any resources. So Kerberos is prone to denial-of-service (DoS) attacks. - Duplicated AS? Possible, but not easy to maintain. ■ Clock Synchronization is needed, since timestamps are used. Reasonable time interval for clock skew? - Too short: Rejecting many valid requests. - Too long: Suffering replay attack.

22 2.3 Kerberos: Its Limitations ■ Limited Scalability: Usually, the AS can support with hundreds of thousands users. Suitable for a university but not for the Internet, where PKIs with digital certificates are better. ■ Off-line Password Attacks: Kerberos is vulnerable to this kind of attacks since a message is encrypted with a key derived from the client's password.

23 3. Summary ■ Introduced off-line dictionary attack. ■ Briefly discussed the relation btw entity authentication and key exchange. ■ Reviewed a practice-oriented authentication protocol: Kerberos. - Basic ideas - Technical mechanisms - Limitations

24 Questions and Comments?

Download ppt "Kerberos Guilin Wang School of Computer Science 03 Dec. 2007."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
1 Kerberos Anita Jones November, 2006. 2 Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
The Authentication Service ‘Kerberos’ and It’s Limitations

The Authentication Service ‘Kerberos’ and It’s Limitations
A less formal view of the Kerberos protocol J.-F. Pâris.

A less formal view of the Kerberos protocol J.-F. Pâris.
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Authentication Applications

Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
NETWORK SECURITY.

NETWORK SECURITY.
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google