ahmad ibrahim - virginia techcourses.cs.vt.edu › ... › student-presentations ›...
TRANSCRIPT
![Page 1: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/1.jpg)
1
Kerberos – Private Key System
Ahmad Ibrahim
![Page 2: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/2.jpg)
HistoryCerberus, the hound of Hades, (Kerberos in Greek)Developed at MIT in the mid 1980sAvailable as open source or supported commercial software
CS 5204 – Fall, 2009 2
Combination of topics covered previously in class
![Page 3: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/3.jpg)
What do we want to do?
Want to be able to access all resources from anywhere on the network.Don't want to be entering password to authenticate for each access to a network service.
Time consumingInsecure
CS 5204 – Fall, 2009 3
![Page 4: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/4.jpg)
Ingredients
Confidentiality
CS 5204 – Fall, 2009 4
Integrity
AuthenticationAuthorization
![Page 5: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/5.jpg)
Review: Cryptology
Cryptology is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, authentication, and non-repudiation
CS 5204 – Fall, 2009 5
![Page 6: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/6.jpg)
Review: Cryptology (cont)
CS 5204 – Fall, 2009 6
Private Key Mechanism A single secret key (Y) is used for both encryption and decryption by the partiesSymmetric Algorithm
M
DY(C)EY(M)
M
![Page 7: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/7.jpg)
Review: AuthenticationAuthentication is a mechanism that verifies a claim of identityVarious systems provide means to reliably authenticate
Difficult to reproduce artifact; digital signaturesShared secret; symmetric key systemsElectronic signature; private key infrastructure
CS 5204 – Fall, 2009 7
Needham-Schroeder with Denning-Sacco modification
![Page 8: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/8.jpg)
Review: Authorization
Authorization is the process of giving individuals access to system objects based on their identity
CS 5204 – Fall, 2009 8
![Page 9: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/9.jpg)
Putting it all together
CS 5204 – Fall, 2009 9
User's passwords are never sent across the networkSecret keys are only passed across the network in encrypted formClient and server systems mutually authenticate It limits the duration of their users’ authenticationAuthentications are reusable and durable
![Page 10: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/10.jpg)
Kerberos Terminology
Realm: Kerberos “site”Process: clientPrinciple: basic entity: user, service, host
Associated with a key
Instance: optional additional identifier to make associated principles unique within a realmVerifier: application serverAuthenticator: encrypted data structure that confirms identity Ticket: a block of data sent to a service containing a user id, server id, and timestamp and time-to-live, encrypted with secret key
CS 5204 – Fall, 2009 10
![Page 11: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/11.jpg)
Kerberos Structure
CS 5204 – Fall, 2009 1111
Requirements:•each user has a private password known only to the user •a user’s secret key can be computed by a one-way function from the user’s password•the Kerberos server knows the secret key of each user and the tgs•each server has a secret key know by itself and tgs
User (U)
Kerberos Server (K)
Application
Server (S)
Ticket Granting
Server (tgs)
user secret key database
server secret key database
Client (C)
*****
pass
word
u
u*tg
s
s
tgs
s*
![Page 12: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/12.jpg)
Key Distribution Center (KDC)
CS 5204 – Fall, 2009 12
Client (C)
User (U)Kerberos
Server (K)
Application
Server (S)
Ticket Granting
Server (tgs)
user secret key database
server secret key database
authentication authorization
![Page 13: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/13.jpg)
Ticket
Encrypted certificate issued by KDCname of the principle (C)name of server (S)random session key (KC,S)expiration time (lifetime)timestamp
CS 5204 – Fall, 2009 13
Ticket Structure:EK(s) {C, S, KC,S , timestamp, lifetime}
![Page 14: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/14.jpg)
Kerberos Protocol Simplified
Client to Authentication ServerAuthentication request
Authentication to ServerReply with ticket and session key
Client to VerifierUser authenticates to verifierCommunicates with session key
Verifier to ClientOptional, mutual authentication
CS 5204 – Fall, 2009 14
![Page 15: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/15.jpg)
Protocol Overview
CS 5204 – Fall, 2009 15
KerberosServer (K)
Ticket Granting
Server (tgs)Client (C)
Server
2. Tu,tgs
1. U: user id
3. (Tu,tgs, S)
4. TC,S
5. (TC,S, request) ( 6. T' )
User (U)
![Page 16: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/16.jpg)
Kerberos: Phase 1
CS 5204 – Fall, 2009 16
1. The user logs on to the client and the client asks for credentials for the user from Kerberos
U --> C : U (user id) C --> K: (U, tgs)
2. Kerberos constructs a ticket for U and tgs and a credential for the user and returns them to the client
Tu,tgs = EK(tgs) { U, tgs, Ku,tgs , ts, lt} K --> C: EK(u) {Tu,tgs , Ku,tgs , ts, lt}
The client obtains the user's password, P, and computes:
K'(u) = f(P) The user is authenticated to the client if and only if K'(u) decryptsthe credential.
![Page 17: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/17.jpg)
Kerberos: Phase 2
3. The client constructs an “authenticator” for user U and requests from TGS a ticket for server, S:
AU = E K(u,tgs) {C, ts } C --> TGS : (S, Tu,tgs , AU )
4. The ticket granting server authenticates the request as coming from C and constructs a ticket with which C may use S:
Tc,s = EK(s) { C, S, Kc,s , ts, lt} TGS --> C: EK(u,tgs) {Tc,s , Kc,s , ts, lt }
CS 5204 – Fall, 2009 17
![Page 18: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/18.jpg)
Kerberos: Phase 3
CS 5204 – Fall, 2009 18
5. The client builds an “authenticator” and send it together with the ticket for the server to S:
Ac = EK(c,s) { C, ts } C --> S : (Tc,s , Ac )
6. The server (optionally) authenticates itself to the client byreplying:
S --> C: E K(c,s) {ts + 1 }
![Page 19: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/19.jpg)
Final Product
CS 5204 – Fall, 2009 19
![Page 20: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/20.jpg)
Limitations
Every network service must be individually modified for use with KerberosDoesn't work well in time sharing environmentRequires a secure Kerberos ServerRequires a continuously available Kerberos ServerStores all passwords encrypted with a single key Assumes workstations are secureMay result in cascading loss of trustScalability
CS 5204 – Fall, 2009 20
![Page 21: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/21.jpg)
Further Reading
RFC 1510Kerberos web site http://web.mit.edu/kerberos/wwwO'Reilly Kerberos The Definitive Guide by Jason GarmanVideo on Kerberos from Oslo University College
CS 5204 – Fall, 2009 21
![Page 22: Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication](https://reader030.vdocuments.net/reader030/viewer/2022041104/5f03f9317e708231d40bb02a/html5/thumbnails/22.jpg)
Questions
?
CS 5204 – Fall, 2009 22