Chapter 10.ppt

Kerberos • In Greek mythology, Kerberos is 3-headed dog that guards entrance to Hades (Hell) • “Wouldn’t it make more sense to guard the exit?” • In security, Kerberos is an authentication protocol based on symmetric key crypto • Originated at MIT • Based on work by Needham and Schroeder • Relies on a Trusted Third Party (TTP) * purpose of Kerberos • Effiency • Statless Part 3  Protocols 1 Motivation for Kerberos purpose of Kerberos: * Efficiency * Stateless • Authentication using public keys • N users  N key pairs • Authentication using symmetric keys • N users requires (on the order of) N2 keys • Symmetric key case does not scale • Kerberos based on symmetric keys but only requires N keys for N users - Security depends on TTP + No PKI is needed Part 3  Protocols 2 Kerberos KDC • Kerberos Key Distribution Center or KDC • KDC acts as the TTP • TTP is trusted, so it must not be compromised • KDC shares symmetric key KA with Alice, key KB with Bob, key KC with Carol, etc. • And a master key KKDC known only to KDC • KDC enables authentication, session keys • Session key for confidentiality and integrity • In practice, crypto algorithm is DES or AES Part 3  Protocols 3 Kerberos Tickets • KDC issue tickets containing info needed to access network resources • KDC also issues Ticket-Granting Tickets or TGTs that are used to obtain tickets • Each TGT contains • Session key • User’s ID • Expiration time • Every TGT is encrypted with KKDC • So, TGT can only be read by the KDC Part 3  Protocols 4 Kerberized Login • Alice enters her password • Then Alice’s computer does following: • Derives KA from Alice’s password • Uses KA to get TGT for Alice from KDC • Alice then uses her TGT (credentials) to securely access network resources • Plus: Security is transparent to Alice • Minus: KDC must be secure  it’s trusted! Part 3  Protocols 5 Kerberized Login Alice wants Alice’s a TGT password Alice E(SA,TGT,KA) Computer KDC • Key KA = h(Alice’s password) • KDC creates session key SA • Alice’s computer decrypts SA and TGT • Then it forgets KA • TGT = E(“Alice”, SA, KKDC) Part 3  Protocols 6 Alice Requests “Ticket to Bob” I want to talk to Bob REQUEST Talk to Bob REPLY Alice Computer KDC • REQUEST = (TGT, authenticator) • authenticator = E(timestamp, SA) • REPLY = E(“Bob”, KAB, ticket to Bob, SA) • ticket to Bob = E(“Alice”, KAB, KB) • KDC gets SA from TGT to verify timestamp Part 3  Protocols 7 Alice Uses Ticket to Bob ticket to Bob, authenticator E(timestamp + 1, KAB) Alice’s Computer Bob • ticket to Bob = E(“Alice”, KAB, KB) • authenticator = E(timestamp, KAB) • Bob decrypts “ticket to Bob” to get KAB which he then uses to verify timestamp Part 3  Protocols 8 Kerberos • Key SA used in authentication • For confidentiality/integrity • Timestamps for authentication and replay protection • Recall, that timestamps… • Reduce the number of messageslike a nonce that is known in advance • But, “time” is a security-critical parameter Part 3  Protocols 9 Kerberos Questions • When Alice logs in, KDC sends E(SA, TGT, KA) where TGT = E(“Alice”, SA, KKDC) Q: Why is TGT encrypted with KA? A: Extra work for no added security! • In Alice’s “Kerberized” login to Bob, why can Alice remain anonymous? • Why is “ticket to Bob” sent to Alice? • Why doesn’t KDC send it directly to Bob? Part 3  Protocols 10 Kerberos Alternatives • Could have Alice’s computer remember password and use that for authentication • Then no KDC required • But hard to protect passwords • Also, does not scale • Could have KDC remember session key instead of putting it in a TGT • Then no need for TGT • But stateless KDC is major feature of Kerberos Part 3  Protocols 11 Kerberos Keys • In Kerberos, KA = h(Alice’s password) • Could instead generate random KA • Compute Kh = h(Alice’s password) • And Alice’s computer stores E(KA, Kh) • Then KA need not change when Alice changes her password • But E(KA, Kh) must be stored on computer • This alternative approach is often used • But not in Kerberos Part 3  Protocols 12

Document Details

Related

Full Transcript

Upgrade to continue