Kerberos and Centralised Password Management - PowerPoint PPT Presentation

About This Presentation
Title:

Kerberos and Centralised Password Management

Description:

For a network of a few dozen computers it is possible to synchronise /etc ... Kerberos Developers have included Steve Miller, Clifford Neuman and John Kohl. ... – PowerPoint PPT presentation

Number of Views:98
Avg rating:3.0/5.0
Slides: 30
Provided by: richar219
Category:

less

Transcript and Presenter's Notes

Title: Kerberos and Centralised Password Management


1
Kerberos and Centralised Password Management
  • Introduction to Kerberos
  • History and origin
  • Active directory, Samba and Kerberos
  • Kerberos diagram
  • Definitions of terms
  • Security Protocol Notation and examples
  • The Needham Schroeder Symmetric Protocol
  • The Kerberos protocol in brief and in detail

2
Introduction to Kerberos 1
  • Once an organisation has many users sharing many
    computers, trying to organise security using the
    host-based security systems we have studied so
    far rapidly becomes unmanageable.
  • For a network of a few dozen computers it is
    possible to synchronise /etc/password and
    /etc/shadow files. This can work if all users
    need the same access to all computers. But it
    creates as many or more security issues than it
    solves if attempted on a larger scale.

3
Introduction to Kerberos 2
  • The problem Kerberos solves is the multiplication
    of effort, insecurity and inefficiency within a
    large organisation resulting from the
    decentralised authentication of
  • many users to many services and servers,
  • services and servers to users,
  • workstations to servers,
  • servers to workstations
  • and users to workstations.
  • This isn't an easy problem to solve.

4
Introduction to Kerberos 3
  • Many attacks became possible within larger
    networks
  • Listening for passwords travelling over the
    network cable.
  • Setting up a bogus server on a network to mimic a
    real one to prompt users for passwords and store
    these.
  • Logging into a server years after someone has
    left.
  • Misusing trust by machine A in machine B, e.g.
    based on the physical or logical network address
    of B, when machine C is mimicking machine B.
  • Universities were the first places where many of
    these issues were actively explored. Corporate
    employees are less likely to test or want to
    study the security of a large network involving
    many machines than students and researchers of
    computing subjects.

5
History and origin of Kerberos 1
  • Kerberos is the name given by Greek legend to a 3
    headed dog which guards the gates of Hades.
    Cerberus is the Roman name for the same legendary
    character. (The number of heads varies !)?

6
History and origin of Kerberos 2
  • The Kerberos network security protocol was
    developed at MIT (Massachusetts Institute of
    Technology) as part of Project Athena. Kerberos
    Developers have included Steve Miller, Clifford
    Neuman and John Kohl. It is documented in
    RFC4120.

7
Active Directory and Samba
  • The Microsoft Active Directory product is based
    upon the Kerberos protocol. This replaces the
    previous and insecure NTLM networked password
    authentication system.
  • Some Microsoft additions to the Kerberos suite of
    protocols are documented in RFC 3244 "Microsoft
    Windows 2000 Kerberos Change Password and Set
    Password Protocols".
  • Samba is a free software implementation of
    Microsoft file, print and authentication network
    services. Samba version 4 is being developed to
    implement full Active Directory capabilities in a
    heterogeneous environment.

8
Kerberos Diagram source http//www.xml-dev.com/
9
Definitions of terms
  • AS - Authentication Server. A centralised
    high-availability resource where all system
    secrets are stored. It grants TGTs to clients.
  • TGT - Ticket Granting Ticket. A session key
    typically with validity of a few hours' duration.
  • TGS - Ticket Granting Server. A distributed
    server which grants clients presenting valid TGTs
    with tickets required to access specified
    services.
  • Service - A system providing a service to users
    with valid tickets, e.g. access to a networked
    file or web server.

10
Security Protocol Notation 1source
http//en.wikipedia.org/wiki/Security_protocol_not
ation
  • This standard notation consists of a set of
    individuals (traditionally named Alice, Bob,
    Charlie, and so on) who wish to communicate. They
    may have access to a server S, shared keys K,
    timestamps T, and can generate nonces N for
    authentication purposes.
  • This example states that Alice intends a message
    for Bob consisting of a plain text X1 encrypted
    under shared key KAB.

11
Security Protocol Notation 2
  • This states that Bob intends a message for Alice
    consisting of a Nonce encrypted using public key
    of Alice.
  • A key with two subscripts is a symmetric key
    shared by the two corresponding individuals. A
    key with one subscript is the public key of the
    corresponding individual. A private key is
    represented as the inverse of the public key.

12
The Needham Schroeder Protocols
  • Kerberos is a protocol which is based on the
    Needham Schroeder symmetric key protocol to
    establish a session key. This is achieved by
    using shared secrets, i.e. passwords, or one way
    hashed passwords, which are known both by a
    client or service and by a trusted third party
    (TTP). In the case of Kerberos, the TTP is the
    Authentication Server (AS). The Needham
    Schroeder Symetric Key Protocol enables the
    shared secret to be used to establish a session
    key in a manner that denies anyone monitoring
    traffic between the client and AS knowledge of
    the password or use of the session key.
  • Other versions of the Needham Schroeder Protocol
    and Kerberos use asymmetric cryptography. This
    uses 2 part keys which avoid secrets having to be
    shared.

13
Needham Schroeder Symmetric ProtocolSource
http//en.wikipedia.org/wiki/Needham-Schroeder_pro
tocol
  • Here, Alice (A) initiates the communication to
    Bob (B). Also,
  • S is a server trusted by both parties
  • KAS is a symmetric key known only to A and
    S
  • KBS is a symmetric key known only to B and
    S
  • NA and NB are nonces (numbers used once)?

14
NSSP Message 1
  • The protocol can be specified as follows in
    security protocol notation
  • Alice sends a message to the server
    identifying herself and Bob, telling the server
    she wants to communicate with Bob.

15
NSSP Message 2
  • The server generates KAB and sends back to Alice
    a copy encrypted under KBS for Alice to forward
    to Bob and also a copy for Alice. Since Alice may
    be requesting keys for several different people,
    the nonce assures Alice that the message is fresh
    and that the server is replying to that
    particular message and the inclusion of Bob's
    name tells Alice whom she is to share this key
    with.

16
NSSP Message 3
  • Alice forwards the key to Bob who can decrypt it
    with the key he shares with the server, thus
    authenticating the data.

17
NSSP Message 4
  • Bob sends Alice a nonce encrypted under KAB to
    show that he has the key. This part of the
    protocol is vulnerable to a replay attack. If an
    attacker uses an older compromised value for KAB,
    he can then replay the message to Bob, who will
    accept it, being unable to tell that the key is
    not fresh. This flaw is fixed in the Kerberos
    protocol by the inclusion of a timestamp.

18
NSSP Message 5
  • Alice performs a simple operation on the nonce,
    re-encrypts it and sends it back verifying that
    she is still alive and that she holds the key.

19
Kerberos in briefsource http//en.wikipedia.org/
wiki/Kerberos_(protocol)?
  • AS Authentication Server
  • TGS Ticket Granting Server
  • SS Service Server
  • TGT Ticket Granting Ticket
  • The client authenticates to AS using a long-term
    shared secret and receives a ticket from the AS.
    Later the client can use this ticket to get
    additional tickets for SS without resorting to
    using the shared secret. These tickets can be
    used to prove authentication to SS.

20
In more detail 1source http//en.wikipedia.org/w
iki/Kerberos_(protocol)?
  • User Client-based Logon
  • A user enters a username and password on the
    client machine.
  • The client performs a one-way function (Hash) on
    the entered password, and this becomes the secret
    key of the client/user.
  • The client sends a cleartext message to the AS
    requesting services on behalf of the user. Sample
    message "User XYZ would like to request
    services". Note Neither the secret key nor the
    password is sent to the AS.

21
In more detail 2source http//en.wikipedia.org/w
iki/Kerberos_(protocol)?
  • Client authentication
  • The AS checks to see if the client is in its
    database. If it is, the AS sends back the
    following two messages to the client
  • Message A Client/TGS Session Key encrypted
    using the secret key of the client/user.
  • Message B Ticket-Granting Ticket (which
    includes the client ID, client network address,
    ticket validity period, and the client/TGS
    session key) encrypted using the secret key of
    the TGS.

22
In more detail 3source http//en.wikipedia.org/w
iki/Kerberos_(protocol)?
  • Client authentication continued
  • Once the client receives messages A and B, it
    decrypts message A to obtain the Client/TGS
    Session Key. This session key is used for further
    communications with TGS. (Note The client cannot
    decrypt Message B, as it is encrypted using TGS's
    secret key.) At this point, the client has enough
    information to authenticate itself to the TGS.

23
In more detail 4source http//en.wikipedia.org/w
iki/Kerberos_(protocol)?
  • Client Service Authorization
  • When requesting services, the client sends the
    following two messages to the TGS
  • Message C Composed of the
    Ticket-Granting Ticket from message B and the ID
    of the requested service.
  • Message D Authenticator (which is
    composed of the client ID and the timestamp),
    encrypted using the Client/TGS Session Key.

24
In more detail 5source http//en.wikipedia.org/w
iki/Kerberos_(protocol)?
  • Client Service Authorization continued
  • Upon receiving messages C and D, the TGS
    retrieves message B out of message C. It decrypts
    message B using the TGS secret key. This gives it
    the "client/TGS session key". Using this key, the
    TGS decrypts message D (Authenticator) and sends
    the following two messages to the client
  • Message E Client-to-server ticket
    (which includes the client ID, client network
    address, validity period and Client/Server
    Session Key) encrypted using the service's secret
    key.
  • Message F Client/server session key
    encrypted with the Client/TGS Session Key.

25
In more detail 6source http//en.wikipedia.org/w
iki/Kerberos_(protocol)?
  • Client Service Request
  • Upon receiving messages E and F from TGS, the
    client has enough information to authenticate
    itself to the SS. The client connects to the SS
    and sends the following two messages
  • Message E from the previous step (the
    client-to-server ticket, encrypted using
    service's secret key).
  • Message G a new Authenticator, which
    includes the client ID, timestamp and is
    encrypted using client/server session key.

26
In more detail 7source http//en.wikipedia.org/w
iki/Kerberos_(protocol)?
  • Client service request continued
  • The SS decrypts the ticket using its own secret
    key to retrieve the Client/Server Session Key.
    Using the sessions key, SS decrypts the
    Authenticator and sends the following message to
    the client to confirm its true identity and
    willingness to serve the client
  • Message H the timestamp found in client's
    Authenticator plus 1, encrypted using the
    Client/Server Session Key.

27
In more detail 8source http//en.wikipedia.org/w
iki/Kerberos_(protocol)?
  • Client service request continued
  • The client decrypts the confirmation using the
    Client/Server Session Key and checks whether the
    timestamp is correctly updated. If so, then the
    client can trust the server and can start issuing
    service requests to the server.
  • The server provides the requested services to the
    client.

28
Drawbacks
  • The AS provides a single point of operational
    failure and of security compromise
  • Clocks have to be synchronised
  • Compromising the client can compromise the user
    password, e.g. using a Linux boot CD or USB stick
    that boots into a Windows look-alike login screen
    complete with ltctrlgt ltaltgt ltdelgt behaviour.

29
Further Reading
  • http//en.wikipedia.org/wiki/Kerberos_(protocol)?
  • Wikipedia Kerberos page
  • http//learn-networking.com/network-security/how-k
    erberos-authentication-works
  • How Kerberos authentication works
  • http//www.faqs.org/faqs/kerberos-faq/general/
  • Kerberos FAQ
  • http//tools.ietf.org/html/rfc4120
  • RFC4120 - The current IETF Kerberos standards
    document
Write a Comment
User Comments (0)
About PowerShow.com