CS406: Information Security

Introduction

• Kerberos is an authentication protocol that was designed in mid-1980 as part of MIT’s project Athena.
• It works in a C/S model and is based on symmetric key cryptography
• It is widely used in UNIX systems and also the default authentication method for windows 2k and 2k3 and is the de-facto standard for heterogeneous networks.

Kerberos Components

• Key Distribution Center (KDC)
  • Holds all users and services secret key and info about the principles in the database
  • Provides an authentication service with the help of a service called AS
  • Provides key distribution functionality
  • Provides a ticket-granting service (TGS)
• Secret Keys are the keys shared between principle and KDC generally using symmetric key cryptography algorithm that is used to authenticate the principles and communicate securely
• Principles are users, applications, or any network services
• A ticket is a token generated by KDC and given to a principle when one principle need to authenticate another principle
• Realm is a set of principles. A KDC can be responsible for one or more realms. Realms allow an administrator to logically group resources and users.
• Session Keys are the keys shared between the principles that will enable them to communicate security

Kerberos Authentication Process

• The user enters username and password into the workstation (WS)
• The Kerberos s/w on the workstation sends the username to the Authentication Server (AS) on the KDC.
• The AS generates a Ticket Granting Ticket (TGT) encrypting it with the user’s secret key stored in DB with the help of TGT and sends it to the user.
• The password entered by the user is transformed into a secret key using which the ticket (TGT) is decrypted and thus the user gains access to the WS.
• Suppose the user wants to use the printer, the user's system sends the TGT to the TGS on the KDC
• The TGS generates a new ticket with two instances of a session key, one encrypted with the user’s secret key and the other encrypted with the print server’s secret key. This ticket may also contain an authenticator that contains info on the user.
• The new ticket is sent to the user's system which is used to authenticate with the print server.
• The user’s system decrypts and extracts the session key, adds a second authenticator set of identification information to the ticket, and sends the ticket onto the print server.
• The print server receives the ticket, decrypts and extracts the session key, and decrypts and extracts the two authenticators in the ticket. If the printer server can decrypt and extract the session key, it knows that the KDC created the ticket, because only the KDC has the secret key that was used to encrypt the session key. If the authenticator information that the KDC and the user put into the ticket matches, then the print server knows that it received the ticket from the correct principal.

Weakness of Kerberos

• The KDC can be a single point of failure. If the KDC goes down, no one can access needed resources. Redundancy is necessary for the KDC.
• The KDC must be able to handle the number of requests it receives in a timely manner. It must be scalable.
• Secret keys are temporarily stored on the users’ workstation, which means it is possible for an intruder to obtain these cryptographic keys.
• Session keys are decrypted and reside on the users’ workstations, either in a cache or in a key table. Again, an intruder can capture these keys.
• Kerberos is vulnerable to password guessing. The KDC does not know if a dictionary attack is taking place.
• Network traffic is not protected by Kerberos if encryption is not enabled.