Embed Size (px)
Citation preview
Information Security
Depart. of Computer Science and Engineering
刘胜利 ( Liu Shengli)Tel: 62932135
Email: [email protected]
Kerberos
An authentication service developed by MIT. Distributed environment: workstations and
servers distributed throughout the network Users at workstations access to services on
servers provides centralised authentication Employment of conventional encryption. two versions in use: 4 & 5
first published report identified its requirements as: security reliability transparency scalability
implemented using an authentication protocol based on Needham-Schroeder
A simple authentication dialogue
Each server authenticates users who apply the server’s services. When a user applies a service from a server, the server
can authenticate the user. There is too much burden for the servers.
Authentication Server shares a secret key with each server. Be Responsible for authentication of users. Other servers is free of authentication burden.
(1) C AS: IDC || PC || IDV
(2) AS C: Ticket(3) C V : IDC || Ticket
Ticket=EKV[IDC||ADC|| IDV]
C : clientAS : Authentication ServerV : serverIDC : identifier of user on C
IDV : identifier of VPC : password of user on CADC : network address of CKV : secret key shared between AS and server V
C V
AS
(1)(2)
(3)
Problems Password is transmitted as a plaintext
from workstation to AS. Users have to re-enter passwords from
time to time. Solutions
ticket reusable Employment of ticket-granting server,
TGS
Improved protocol
Once per user logon session:(1) C AS : IDC || IDtgs
(2) AS C : EKC[Tickettgs]
Once per type of service(3) C TGS : IDC || IDv || Tickettgs
(4) TGS C : TicketV
Once per service session(5) C V : IDC || TicketV
Tickettgs = EKtgs[IDC||ADC||IDtgs||TS1||Lifetime1]
TicketV = EKV[IDC||ADC||IDV||TS2||Lifetime2]
C V
AS
(1) (2) (3)
TGS
(4)
(5)
Kerberos
Details(1) Client applies for a ticket-granting ticket from AS by sending iden
tity of the user and identity of TGS (IDC, IDTGS) to AS.(2) AS returns an encrypted ticket with a key derived from the user’s
password.
TicketTGS=[IDC, AD, IDTGS, TS, Lifetime](3) The client applies for a service-granting ticket from TGS by sendi
ng (IDC, IDV, TicketTGS).
(4) TGS verifies the validness of TicketTGS by decryption of the ticket, and grant TicketV.
(5) The client presents (IDC, TicketV) to the server.
(6) Server V verifies the validness of TicketV and provide services to the user.
Two problems Lifetime of TicketTGS;
If too short, the user will be asked for password frequently.
If too long, Eve may have a greater opportunity to steal the ticket.
When Eve gets TicketTGS or TicketV, she will have access to the corresponding service.
Without authentication of the server to the user.Eve configures a false server to act as a real one
Capture information from the user. Denial of service.
Solutions
To prove the ticket presenter is just the same user for whom the ticket was issued. AS acts as KDC to distribute a session key to the Client and
TGS. To proves the identity of the user, the client shows to TGS
that he knows the session key shared between the Client and TGS.
TGS acts as KDC to distribute a session key to the Client and Server V.
To proves the identity of the user, the client shows to Server V that he knows the session key shared between the Client and Server V.
Kerberos Realms and Multiple Kerberos
An Kerberos environment consists of a Kerberos server A number of users A number of application servers
Requirement Users are registered with the Kerberos server. the Kerbe
ros server stores identity of the user and password. All application servers are registered with the Kerberos s
erver. The Kerberos server must share a secret key with each server.
Kerberos V4
Authentication Service Exchange: to obtain ticket-granting ticket.
(1) C AS : IDC || IDtgs || TS1
(2) AS C : EKC[Kc,tgs || IDtgs || TS2 || Lifetime2 |
| Tickettgs]
Tickettgs = EKtgs [Kc,tgs || IDC || ADC || IDtgs || TS2 ||
Lifetime2]
Kerberos V4
Ticket-Granting Service Exchange: to obtain service-granting ticket
(3) C TGS : IDV || Tickettgs || Authenticatorc
(4) TGS C : EKc,tgs[Kc,v || IDV || TS4 || Ticketv]
Tickettgs = EKtgs[Kc,tgs|| IDC|| ADC|| IDtgs || TS2 || Lifetime2]
Ticketv = EKV[Kc,v||IDC||ADC|| IDv||TS4||Lifetime4]
Authenticatorc = EKc,tgs[IDc||ADc||TS3]
Kerberos V4
Client/Server authentication exchange: to obtain service
(5) C V : Ticketv || Authenticatorc
(6) V C : EKc,v[TS5+1]
( bidirectional authentication)
Ticketv = EKV[Kc,v||IDc||ADc||IDv||TS4||Lifetime4]
Authenticatorc = EKc,v[IDc||ADc||TS5]
Kerberos 4 Overview
a basic third-party authentication scheme have an Authentication Server (AS)
users initially negotiate with AS to identify self AS provides a non-corruptible authentication
credential (ticket granting ticket TGT) have a Ticket Granting server (TGS)
users subsequently request access to other services from TGS on basis of users TGT
Kerberos 4 Overview
Kerberos Realms
a Kerberos environment consists of: a Kerberos server a number of clients, all registered with server application servers, sharing keys with server
this is termed a realm typically a single administrative domain
if have multiple realms, their Kerberos servers must share keys and trust
Multiple Kerberos Realms An Kerberos environment consists of
a Kerberos server A number of users A number of application servers
Requirement Users are registered with the Kerberos server. the Kerberos se
rver stores identity of the user and password. All application servers are registered with the Kerberos server.
The Kerberos server must share a secret key with each server. Any two Kerberos servers are registered with each other. The
Kerberos server in each interoperating realm shares a secret key with the server in the other realm.
To access an application server in another realm
1. Apply a ticket to access the local TGS;2. Local TGS issues a ticket to access the remo
te TGS;
3. The remote TGS issues a ticket to access the remote application server.
details(1) C AS : IDC || IDtgs || TS1 (2) AS C : EKC
[Kc,tgs || IDtgs || TS2 || Lifetime2 || Tickettgs]
(3) C TGS: IDtgsrem || Tickettgs || Authenticatorc
(4) TGS C: EKc,tgs[Kc,tgsrem || IDtgsrem || TS4 || Tickettgsrem]
(5) C TGSrem: IDvrem || Tickettgsrem || Authenticatorc
(6) TGS C: EKc,tgsrem[Kc,vrem || IDvrem || TSb || Ticketvrem]
(7) C Vrem: Ticketvrem || Authenticatorc
C
AS TGS TGSrem
Vrem
(1) (2)(3)
(4) (5)
(6)
(7)
Kerberos Version 5
developed in mid 1990’s provides improvements over v4
addresses environmental shortcomingsencryption alg, network protocol, byte order, ticket
lifetime, authentication forwarding, interrealm auth and technical deficiencies
double encryption, non-std mode of use, session keys, password attacks
specified as Internet standard RFC 1510
