Kerberos

1
Kerberos
Kerberos is an authentication protocol for
trusted hosts on untrusted networks
2
Contents

• What is Kerberos?
• Aims of Kerberos.
• Why Kerberos?
• How Kerberos work?
• Firewall vs. Kerberos?
• Applications
• Disadvantages

3
What is Kerberos?

• Is a name of a computer network authentication
  protocol
• Developed at MIT (Massachusetts Institute of
  Technology) in the mid 1980s
• Available as open source or in supported
  commercial software
• Allows individuals communicating over a
  non-secure network to prove their identity to one
  another in a secure manner.
• Its designers aimed primarily at a client-server
  model, and it provides mutual authentication.
• Trusted 3rd party authentication scheme.
• Assumes that hosts are not trustworthy.
• Requires that each client (each request for
  service) prove its identity.
• Does not require user to enter password every
  time a service is requested!

4
(No Transcript)
5
Aims of Kerberos

• The user's password must never travel over the
  network.
• The user's password must never be stored in any
  form on the client machine it must be
  immediately discarded after being used.
• The user's password should never be stored in an
  unencrypted form even in the authentication
  server database.
• The user is asked to enter a password only once
  per work session.
• Authentication information management is
  centralized and resides on the authentication
  server.
• Supports Mutual authentication.
• provides support for the generation and exchange
  of an encryption key to be used to encrypt data.

6
Why Kerberos?

• Sending usernames and passwords in the clear,
  endangers the security of the network.
• Each time a password is sent in the clear, there
  is a chance for interception.
• In addition to the security concern, password
  based authentication is inconvenient users do
  not want to enter a password each time they
  access a network service.
• Most uses of authentication by assertion require
  that a connection originate from a trusted''
  network address, on many networks, addresses are
  themselves simply assertions.
• Stronger authentication methods base on
  cryptography are required.
• Strong authentication technologies are not used
  as often as they should be, although the
  situation is gradually improving.

7
How does Kerberos work?

• Instead of client sending password to application
  server
• Request Ticket from authentication server
• Ticket and encrypted request sent to application
  server
• How to request tickets without repeatedly sending
  credentials?
• Ticket granting ticket (TGT)

8
How does Kerberos work? Ticket Granting Tickets
9
How does Kerberos Work?The Ticket Granting
Service
10
How does Kerberos work?The Application Server
11
Firewall vs. Kerberos?

• Firewalls make a risky assumption that attackers
  are coming from the outside. In reality, attacks
  frequently come from within.
• Kerberos assumes that network connections (rather
  than servers and work stations) are the weak link
  in network security.

12
Applications

• Authentication
• Authorization
• Confidentiality
• Within networks and small sets of networks

13
Disadvantages

• Kerberos makes extensive use of the trusted third
  party, If the third party simply fails,
  availability is lost.
• If two hosts are on different times,
  communication may be difficult or impossible.

14
(No Transcript)
15
Queries