MIT - Massachusetts Institute of Technology

KERBEROS Network-authenticated Protocol

Table of Contents…………………………….…………………………………..1

1.0  Introduction……………………………………………………………………..2

2.0 Authentication…………………………………………………………………..3

3.0 Use of session keys……………………………..………….…………..……4-5

4.0 Authentication exchange stages…………………..…..……….………… 6- 10

5.0 Differences between Kerberos 4and Kerberos 5…………….………………10

6.0 References………………..………………………………….……………….11

Introduction

Kerberos is a network-authenticated protocol that was developed by Massachusetts institute of technology as a solution to network solution problems. It uses a secret key cryptography to provide strong tool of authentication and strong cryptography over the network to help the client secure the information systems and applications across the entire organisation. It uses a strong cryptography where a client can prove his or her identity to a server on an insecure network connection. Once the server and the client have proved their identity through Kerberos, they can now encrypt all of their communications to guarantee privacy of their data. David Mills,

To use Kerberos in computer security systems, one must authenticate with a Kerberos server to gain access to the key server. To do this requires a Kerberos server on your network and a “Kerberized” version of key access. Users with Kerberos authentication server can authenticate users to key-servers. To gain access to a Kerberized key server, the users must type their known name and password, as kerberos server provides authentic services only. The ticket granting server must with no doubts ascertain that the authentication server identifies the client as the true client he purports to be. S.M. Bellovin 1989. Kerberos is designed such that its authentication protocol demands that there has to be a Kerberos client-side authentication module on each key access client and a server- side authentication module.

Authentication

Kerberos security system uses key distribution center (KDC) to safeguard data and information from access to unauthorized users. A key distribution center is a part of a cryptosystem with symmetric encryption aimed at reducing the risks associated in exchanging keys. It operates in systems within which some users are permitted to use services at some times and not others. An operation with a key distribution center involves the user making a request to use a service, The key distribution center use cryptographic techniques to verify the authentication of the users and whether the user has permission to access to the service requested or not. The server verifies the submitted ticket and if the user meets all the required conditions He or She is permitted access. In most cases, the key distribution center shares a key with each of all the other parties and produces a ticket based on a server key which the client receives and submits it to the appropriate server. G. R. Blakley 1979

In Kerberos, authentication occurs between clients and servers. The client gets the service from the Kerberos service. The key distribution center implements the authentication service and the ticket granting service. The key distribution center maintains a copy of every password associated with every password associated with every principal and hence it is very important that the key distribution center be under tight security. Most key distribution center implementations keep the principals in a database, which is usually manipulated by an administration server. G. R. Blakley 1979.

Time stamping entails provision of a sequence of characters showing the date and time at which an event occurred. The data is presented in a consistent manner allowing easy comparison of two different records and noting progress over time. It is usually used for logging events in which each event is marked with a timestamp. In key distribution center, the time server reads the actual time from a reference clock and distributes the information to the clients using a computer network. This can be done by use of Network Time Protocol (NTP). Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear.

Kerberos allows user-to-user authentication application protocol, which allows user to host secure application services on their machines. User to user authentication allows a user to use a server without keeping a long- lived key on disk. The user instead uses user’s ticket granting service session key, which takes the place of the usual secret key in the server’s authentication. Mills, David L 2006.

Use of Session Keys

Secret sharing refers to any method of sharing a secret amongst a group of participants each of which is allocated a share of the secret. The secret is reconstructed only when the shares are combined together. In secret sharing, there is one server and several clients. The server gives a secret to the clients only when specific conditions are fulfilled. The server does this by giving each player a part, in such a way that only a group of clients can together reconstruct the secret but not a few of them. A secret sharing scheme can be used to secure a secret over multiple servers and remain recoverable even with multiple server failures. Where large secrets are used, it is more worthwhile to encrypt the secrets and then distribute the keys using secret sharing. Adi Shamir 1979.

In any communication network that requires security, it is very important that secrets be protected by use of many keys. Generally, a system of a number of keys can be combined in a numerous ways may allow for the recovery of a unique secrets despite how they are combined. Schemes that have a group of participants who can recover a secret are known as secret sharing schemes. The idea of a secret sharing starts with a secret, dived into pieces called shares, and then distributes the shares amongst users. Only certain authorized groups can reconstruct the original secret. A secret sharing scheme is a method whereby a number of pieces of information called shadows are assigned to a secret key in such a way that the secret way can be reconstructed from certain authorized groups of shares and the secret key can not be reconstructed from authorized group of shares.  G. R. Blakley 1979.

Kerberos authentication occurs between a client and server. The client obtains a ticket from the server and the server decrypts this ticket using its secret key. To prevent crackers from assessing the secret key, user-to-user authentication may be used. In this protocol, one user acts as a server, and the other user acts as a client. With the client user’s demand, the server sends ticket-granting ticket (TGT) to the client user who gets recommendation from the key distribution center, encrypted with the session keys of both ticket granting ticket. The two users can now decrypt the new session key and use it to confirm each other’s identity. The user-to-user scheme has a security advantage in that, the server user exposes only the ticket granting server (TGS) session key, and keeps the password safe.

Kerberos authentication process can be divided into four major stages before the server clearly authenticates that the client is who he claims to be and hence they can share the encryption key for secure communication. The stages are the authentication exchange stage, ticket granting service exchange, client server exchange and the secure communication stage. The stages are explained below.

Stage 1

Request ticket to TGS

Authentication exchange

The client to be authenticated asks the authenticating server to send a ticket to the ticket-granting server. The authenticating server searches for the client in the database. Once confirmed, it generates a session key (SK1) to be used between the client and the ticket-granting server.  The kerberos encrypts the service key 1 using the client’s secret key. The authenticating server uses the ticket granting server secret key, which is only known to the authentication server and the ticket-granting server to create and send to the client, a ticket granting ticket. Mills, David L 2006

Stage 2

Ticket granting service exchange

When the clients receives the ticket granting ticket it decrypts the message and recovers the session key, which it uses to create an authenticator containing the users IP address, his name and a time stamp. It sends the authenticator together with the ticket granting ticket to the ticket-granting server. This is to request access to the target server. Once the ticket granting server decrypts the ticket granting ticket, it uses the session key1inside the ticket granting ticket to decrypt the authenticator. The ticket granting server verifies the information in the authenticator, the client’s network address, the ticket and the timestamp whether they match. If they match, it creates a new session key 2 for the client service server. It encrypts it using session key1 and then sends it to the client. The ticket granting service encrypts the target server’s secret key and the name of the server, with a new ticket containing the clients name the network address, the time stamp and the expiration time for the ticket. Mills, David L 2006.

Request access send session ticket from TGS

Stage 3

Client

Auhentication

Client server exchange

Once the client gets the session key 2, it decrypts the message and sends it to the target server. The client creates a new authenticator encrypted with SK2 .It then sends the session ticket and the encrypted authenticator. This proves that the client knows the key. The encrypted time stamp prevents the recording of both ticket and the authenticator from being recorded .The target server decrypts and checks for application that requires two-way authentication. To prove to the client that the sever knows its own secret key, the server sends it a message containing time stamp plus1 encrypted with SK2. Mills, David L 2006.

Client

Targt Server

Stage 4

Session key 2

Secure communications.

At this point, the target server is now convinced of the authentication of the client and that the client is the intended one.  The target server and the client can now share an encryption key. They now both assume that any message encrypted in that key comes from the other party.    S. P. Meyn, 2007.

A session key is a temporary one- off symmetric key used to encrypt a message or data for the current session only. Session keys keep the secret keys more secret as they are not directly used in encrypting the data. They are used to derive session keys using methods that join arbitrary numbers from either the client or the server or both. They bring in complications in an encrypting system. The cryptanalytic attacks are made easier as more materials encrypted with a definite key are available. This limit the materials processed using a single key, making the attack more difficulty. The keys are usually distributed securely before encryption can be used. This makes them faster for practical encrypting. Adi Shamir 1979.

Session keys must be randomly chosen to make it hard to be predicted by an attacker. Ticket granting ticket is a Kerberos ticket for the ticket granting service. When a user first authenticates to Kerberos, he or she talks to the authentication service on the key-distributing center to get a ticket granting ticket, which is usually encrypted with the user’s password. When the user wants to use the service, He or She uses ticket-granting ticket to talk to the ticket granting service, which runs on the key distribution center. The ticket granting service verifies the true user’s identity using the ticket granting Ticket and issues a ticket for desired service. Ticket Granting Ticket assists the user in that he or she doesn’t have to enter in their passwords every time they want to connect to a kerberized service or keep a copy of their password. Adi Shamir 1979.

Differences between Kerberos 4 and Kerberos 5

Kerberos 4 authentication system however had some limitations. These limitations had to be overcome if a good authentication system was to be developed. This fact necessitated the development of Kerberos 5. Kerberos 5 was developed with adjustments that were supposed to address Kerberos 4 weaknesses. The major difference is that in Kerberos 4, the instance separator is a period (.) while in kerberos 5 a forward slash (/) is used. In Kerberos 4 the entire principal name is not used. In kerberos 5, the key salt algorithm has been changed to use the entire host name. The network protocol has been revised to use ASN.1 process of encoding. G. R. Blakley, 1979.

In Kerberos 5, it is now possible to forward, renew and postdate tickets. It is now possible for tickets to contain multiple IP addresses and for different types of networking protocols unlike in Kerberos 4. Kerberos 5 does not support replay caches and hence authenticators cannot replay. In Kerberos 5, a generic crypto interface module is used and so it can support other encryption algorithms

References

G. R. Blakley, “Safeguarding cryptographic keys”, in proceedings of the National Computer Conference, 48, pp 313–317, 1979.

The Art of Computer Programming, Volume 2: Seminumerical Algorithms, Third Edition. Addison-Wesley, 1997.

S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.

S. P. Meyn, 2007.

Follow us