Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

Kerberos  An authentication service developed by MIT.  Distributed environment: workstations and servers distributed throughout the network  Users at workstations access to services on servers  provides centralised authentication  Employment of conventional encryption.  two versions in use: 4 & 5

 first published report identified its requirements as:  security  reliability  transparency  scalability  implemented using an authentication protocol based on Needham-Schroeder

A simple authentication dialogue  Each server authenticates users who apply the server’s services.  When a user applies a service from a server, the server can authenticate the user.  There is too much burden for the servers.  Authentication Server  shares a secret key with each server.  Be Responsible for authentication of users.  Other servers is free of authentication burden.

(1) C  AS: ID C || P C || ID V (2) AS  C: Ticket (3) C  V : ID C || Ticket Ticket=E K V [ID C ||AD C || ID V ] C: client AS : Authentication Server V : server ID C : identifier of user on C ID V : identifier of V P C : password of user on C AD C : network address of C K V : secret key shared between AS and server V CV AS (1) (2) (3)

 Problems  Password is transmitted as a plaintext from workstation to AS.  Users have to re-enter passwords from time to time.  Solutions  ticket reusable  Employment of ticket-granting server, TGS

Improved protocol Once per user logon session: (1) C  AS : ID C || ID tgs (2) AS  C : E K C [Ticket tgs ] Once per type of service (3) C  TGS : ID C || ID v || Ticket tgs (4) TGS  C : Ticket V Once per service session (5) C  V : ID C || Ticket V Ticket tgs = E K tgs [ID C ||AD C ||ID tgs ||TS 1 ||Lifetime 1 ] Ticket V = E K V [ID C ||AD C ||ID V ||TS 2 ||Lifetime 2 ] CV AS (1)(2) (3) TGS (4) (5) Kerberos

Details (1) Client applies for a ticket-granting ticket from AS by sending identity of the user and identity of TGS (ID C, ID TGS ) to AS. (2) AS returns an encrypted ticket with a key derived from the user ’ s password. Ticket TGS =[ID C, AD, ID TGS, TS, Lifetime] (3) The client applies for a service-granting ticket from TGS by sending (ID C, ID V, Ticket TGS ). (4) TGS verifies the validness of Ticket TGS by decryption of the ticket, and grant Ticket V. (5) The client presents (ID C, Ticket V ) to the server. (6) Server V verifies the validness of Ticket V and provide services to the user.

Two problems  Lifetime of Ticket TGS ；  If too short, the user will be asked for password frequently.  If too long, Eve may have a greater opportunity to steal the ticket.  When Eve gets Ticket TGS or Ticket V, she will have access to the corresponding service.  Without authentication of the server to the user.  Eve configures a false server to act as a real one  Capture information from the user.  Denial of service.

Solutions  To prove the ticket presenter is just the same user for whom the ticket was issued.  AS acts as KDC to distribute a session key to the Client and TGS.  To proves the identity of the user, the client shows to TGS that he knows the session key shared between the Client and TGS.  TGS acts as KDC to distribute a session key to the Client and Server V.  To proves the identity of the user, the client shows to Server V that he knows the session key shared between the Client and Server V.

Kerberos Realms and Multiple Kerberos  An Kerberos environment consists of  a Kerberos server  A number of users  A number of application servers  Requirement  Users are registered with the Kerberos server. the Kerberos server stores identity of the user and password.  All application servers are registered with the Kerberos server. The Kerberos server must share a secret key with each server.

Kerberos V4 Authentication Service Exchange: to obtain ticket- granting ticket.  (1) C  AS : ID C || ID tgs || TS 1  (2) AS  C : E K C [ K c,tgs || ID tgs || TS 2 || Lifetime 2 || Ticket tgs ] Ticket tgs = E K tgs [ K c,tgs || ID C || AD C || ID tgs || TS 2 || Lifetime 2 ]

Kerberos V4 Ticket-Granting Service Exchange: to obtain service-granting ticket  (3) C  TGS : ID V || Ticket tgs || Authenticator c  (4) TGS  C : E K c,tgs [K c,v || ID V || TS 4 || Ticket v ] Ticket tgs = E K tgs [ K c,tgs || ID C || AD C || ID tgs || TS 2 || Lifetime 2 ] Ticket v = E K V [ K c,v ||ID C ||AD C || ID v ||TS 4 ||Lifetime 4 ] Authenticator c = E K c,tgs [ID c ||AD c ||TS 3 ]

Kerberos V4 Client/Server authentication exchange: to obtain service  (5) C  V : Ticket v || Authenticator c  (6) V  C : E K c,v [TS 5 +1] ( bidirectional authentication) Ticket v = E K V [ K c,v ||ID c ||AD c ||ID v ||TS 4 ||Lifetime 4 ] Authenticator c = E K c,v [ID c ||AD c ||TS 5 ]

Kerberos 4 Overview  a basic third-party authentication scheme  have an Authentication Server (AS)  users initially negotiate with AS to identify self  AS provides a non-corruptible authentication credential (ticket granting ticket TGT)  have a Ticket Granting server (TGS)  users subsequently request access to other services from TGS on basis of users TGT

Kerberos 4 Overview

Kerberos Realms  a Kerberos environment consists of:  a Kerberos server  a number of clients, all registered with server  application servers, sharing keys with server  this is termed a realm  typically a single administrative domain  if have multiple realms, their Kerberos servers must share keys and trust

Multiple Kerberos Realms  An Kerberos environment consists of  a Kerberos server  A number of users  A number of application servers  Requirement  Users are registered with the Kerberos server. the Kerberos server stores identity of the user and password.  All application servers are registered with the Kerberos server. The Kerberos server must share a secret key with each server.  Any two Kerberos servers are registered with each other. The Kerberos server in each interoperating realm shares a secret key with the server in the other realm.

To access an application server in another realm 1. Apply a ticket to access the local TGS ； 2. Local TGS issues a ticket to access the remote TGS; 3. The remote TGS issues a ticket to access the remote application server.

details (1) C  AS :ID C || ID tgs || TS 1 (2) AS  C :E K C [K c,tgs || ID tgs || TS 2 || Lifetime 2 || Ticket tgs ] (3) C  TGS:ID tgsrem || Ticket tgs || Authenticator c (4) TGS  C: E K c,tgs [K c,tgsrem || ID tgsrem || TS 4 || Ticket tgsrem ] (5) C  TGS rem : ID vrem || Ticket tgsrem || Authenticator c (6) TGS  C: E K c,tgsrem [K c,vrem || ID vrem || TS b || Ticket vrem ] (7) C  V rem :Ticket vrem || Authenticator c C ASTGSTGS rem V rem (1) (2) (3) (4) (5) (6) (7)

Kerberos Version 5  developed in mid 1990’s  provides improvements over v4  addresses environmental shortcomings  encryption alg, network protocol, byte order, ticket lifetime, authentication forwarding, interrealm auth  and technical deficiencies  double encryption, non-std mode of use, session keys, password attacks  specified as Internet standard RFC 1510