Kerberos
• Kerberos is an
authentication protocol and a software suite implementing this protocol.
• Kerberos uses symmetric cryptography to authenticate
clients to services and vice versa
. • For example, Windows servers use Kerberos as the primary
authentication mechanism, working in conjunction with Active Directory to
maintain centralized user information.
• Other possible uses of Kerberos include allowing users to
log into other machines in a local-area network, authentication for web
services, authenticating email client and servers, and authenticating the use
of devices such as printers.
• Services using
Kerberos authentication are commonly referred to as “Kerberized”.
Kerberos Tickets
• Kerberos uses the concept of a ticket as a token that
proves the identity of a user.
• Tickets are digital documents that store session keys.
They are typically issued during a login
session and then can be used instead
of passwords for any Kerberized services. During the course of authentication,
a client receives two tickets:
– A ticket-granting ticket (TGT), which acts as a global
identifier for a user and a session key
– A service ticket,
which authenticates a user to a particular service
• These tickets include time stamps that indicate an
expiration time after which they become invalid. This expiration time can be
set by Kerberos administrators depending on the service.
Kerberos Servers
• To accomplish secure authentication, Kerberos uses a
trusted third party known as a key distribution center (KDC), which is composed
of two components, typically integrated into a single server:
– An authentication server (AS), which performs user
authentication
– A ticket-granting server (TGS), which grants tickets to
users
• The authentication server keeps a database storing the
secret keys of the users and services. The secret key of a user is typically
generated by performing a one-way hash of the user-provided password. Kerberos
is designed to be modular, so that it can be used with a number of encryption
protocols, with AES being the default cryptosystem.
• Kerberos aims to centralize authentication for an entire
network—rather than storing sensitive authentication information at each user’s
machine, this data is only maintained in one presumably secure location.
Kerberos
Authentication
• The client and
authentication server authenticate themselves to each other.
• The client and
ticket-granting server authenticate themselves to each other.
• The client and requested service authenticate themselves
to each other, at which point the service will be provided to the client.
Authentication
Details
Kerberos Advantages
• The Kerberos protocol is designed to be secure even when
performed over an insecure network.
• Since each transmission is encrypted using an appropriate
secret key, an attacker cannot forge a valid ticket to gain unauthorized access
to a service without compromising an encryption key or breaking the underlying
encryption algorithm, which is assumed to be secure.
• Kerberos is also designed to protect against replay
attacks, where an attacker eavesdrops legitimate Kerberos communications and
retransmits messages from an authenticated party to perform unauthorized
actions.
– The inclusion of time stamps in Kerberos messages
restricts the window in which an attacker can retransmit messages.
– Tickets may contain
the IP addresses associated with the authenticated party to prevent replaying
messages from a different IP address.
– Kerberized services
make use of a “replay cache,” which stores previous authentication tokens and
detects their reuse.
• Kerberos makes use
of symmetric encryption instead of public-key encryption, which makes Kerberos
computationally efficient
• The availability of
an open-source implementation has facilitated the adoption of Kerberos.
• Kerberos has a single
point of failure: if the Key Distribution Center becomes unavailable, the
authentication scheme for an entire network may cease to function.
– Larger networks
sometimes prevent such a scenario by having multiple KDCs, or having backup
KDCs available in case of emergency.
• If an attacker
compromises the KDC, the authentication information of every client and server
on the network would be revealed.
• Kerberos requires
that all participating parties have synchronized clocks, since time stamps are
used.
Sign up here with your email