Kerberos - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Kerberos

Description:

The purpose of entity authentication is to prevent impersonation attack. ... User impersonation: A dishonest user may pretend to be another user from the same ... – PowerPoint PPT presentation

Number of Views:660
Avg rating:3.0/5.0
Slides: 25
Provided by: gwa4
Category:

less

Transcript and Presenter's Notes

Title: Kerberos


1
Kerberos
  • Guilin Wang
  • School of Computer Science
  • 03 Dec. 2007

2
Outline
  • Password-based key agreement protocols
    (Continuing our last lecture).
  • Kerberos authentication protocol.

3
0. Password-based Protocols
  • In the NS protocol, both parties need to
    share long-term secrets with the server. For
    humans, long secret keys are not easy to
    memorize.
  • One naïve approach is to set long-term
    secrets as passwords.
  • For example, let KbsPbs, a password
    shared btw B and S in the NS protocol.

4
0. Password-based Protocols
  • However, this approach suffers off-line
    dictionary attack.
  • That is, an attacker can try each possible
    P to decrypt EP-bs (K, A). If
  • P is likely the correct password.

5
0. Password-based Protocols
  • Off-line dictionary attack works since
    passwords are short strings with low entropy.
  • Countermeasures
  • - Enhance the strength of passwords by
    requiring certain length, format, and randomness.
  • - Combine the password with a security
    token.

6
0. Password-based Protocols
  • The following Encrypted Key Exchange (EKE)
    protocol can resist the off-line dictionary
    attack
  • PK is an ephemeral public key generated by
    A.
  • B transfers K to A by using double
    encryptions.
  • Why EKE protocol is immune to the off-line
    dictionary attack?

7
1. Authentication Key Exchange
  • The purpose of entity authentication is to
    prevent impersonation attack.
  • Authentication is important in key
    exchange. E.g, the DH protocol suffers the MITM
    attack.
  • Actually, key exchange techniques can also
    be used to realize authentication. Kerberos is
    such an example.
  • In the literature, the differences btw
    authentication and key exchange are not very
    clear sometimes.

8
1. Authentication Key Exchange
  • Key exchange usually requires
    authentication. Otherwise, you are not sure with
    whom you are agreeing on a session key.
  • However, authentication does not
    necessarily involve key exchange.
  • For example, a successful authentication
    can enable a client to enjoy a service without
    encryption.

9
2. Kerberos What is it?
  • In Greek mythology, Kerberos is the
    guardian of Hades, a dog with three heads.
  • In security community, Kerberos denotes the
    distributed authentication protocol developed
    from MIT's project Athena in 1980s.

10
2. Kerberos What is it?
  • Kerberos has been widely accepted in
    industry.
  • Kerberos has been integrated into Windows
    and many many versions of Unix systems.
  • Full specification of Kerberos Version 5 is
    given by a draft Internet Standard RFC 1510.
  • Free source codes for different releases of
    Kerberos are available at the Kerberos website
  • http//web.mit.edu/Kerberos/

11
2. Kerberos Motivations
  • In this scenario of distributed networks, there
    exist at least three threats
  • User impersonation
  • A dishonest user may pretend to be
    another user from the same workstation.
  • Network address impersonation
  • A dishonest user can changes the network
    address of his/her workstation to impersonate
    another workstation.
  • Eavesdropping, replay attack, and so on.
  • Attackers may try their best to access
    network service by mounting different attacks.

12
2.1 Kerberos Basic Ideas
  • Kerberos uses symmetric mechanisms to realize
    entity authentication and key exchange.
    Basically, Kerberos uses two kinds of
    credentials
  • Tickets
  • Issued by a trusted administration server
    that shows who is granted to access a specific
    service.
  • Authenticators
  • Used to prove the identity of a
    communicating client.

13
2.1 Kerberos Basic Ideas
  • This is similar to the following immigration
    policy, which allows a foreigner to enter a
    country
  • Visa (tickets in Kerberos)
  • Specifies who is allowed to entry this
    country for how many days.
  • Passport (Authenticators in Kerberos)
  • Shows your identity, i.e., who are you.

14
2.1 Kerberos Basic Ideas
  • In Kerberos system, there are three kinds of
    servers
  • Kerberos authentication server (AS)
  • A centralized trusted authentication server
    for the whole system, who issues long lifetime
    tickets.
  • Ticket-granting servers (TGS)
  • Issue short lifetime tickets.
  • Service server S
  • Provide different service.

15
2.1 Kerberos Basic Ideas

16
2.2 The Protocol
  • Kerberos (Version 5) can be divided into three
    procedures from the view point of a client
  • obtaining ticket-granting ticket,
  • obtaining service ticket, and
  • obtaining a concrete service.
  • We now discuss the details.

17
2.2 The Protocol

18
2.2 The Protocol
  • Here
  • K_c is derived from the clients password,
    which is shared with the AS.
  • K_tgs is a secret key shared btw the AS and
    the TGS.
  • K_1 is session key that enables the client to
    authenticate itself to the TGS server.

19
2.2 The Protocol
  • Here
  • A1 is an authenticator using K1.
  • K2 is a session key that enables the client to
    authenticate itself to the server S.
  • Ks is a secret key shared btw the TGS and a
    server S.

20
2.2 The Protocol
  • Here
  • A1 is an authenticator using K2.
  • K3 is a session key for coming secure
    communications.
  • The server S authenticates itself to the
    client in step 6.

21
2.3 Kerberos Its Limitations
  • Single Failure Problem If the AS is down,
    no user can access any resources. So Kerberos is
    prone to denial-of-service (DoS) attacks.
  • - Duplicated AS? Possible, but not easy to
    maintain.
  • Clock Synchronization is needed, since
    timestamps are used. Reasonable time interval for
    clock skew?
  • - Too short Rejecting many valid
    requests.
  • - Too long Suffering replay attack.

22
2.3 Kerberos Its Limitations
  • Limited Scalability Usually, the AS can
    support with hundreds of thousands users.
    Suitable for a university but not for the
    Internet, where PKIs with digital certificates
    are better.
  • Off-line Password Attacks Kerberos is
    vulnerable to this kind of attacks since a
    message is encrypted with a key derived from the
    client's password.

23
3. Summary
  • Introduced off-line dictionary attack.
  • Briefly discussed the relation btw entity
    authentication and key exchange.
  • Reviewed a practice-oriented
    authentication protocol Kerberos.
  • - Basic ideas
  • - Technical mechanisms
  • - Limitations

24
  • Questions and Comments?
Write a Comment
User Comments (0)
About PowerShow.com