kerberos
Post on 08-Dec-2014
814 Views
Preview:
DESCRIPTION
TRANSCRIPT
BYAjinkya Patil
KERBEROS AUTHENTICATION PROCESS
Authentication Process
1. Request TGT
2. TGT
3. Request Service Ticket
4. Service Ticket Sent
5. Service Ticket Presented6. Telnet Communication Channel
KEY
D
ISTR
IBU
TIO
N
CEN
TER
AS
TGS
SER
VIC
E
SER
VER
CLIENT MACHINE
Step I (Request TGT)
Client Machin
eAS
• Client enters the credentials User ID and Password
• Client Machine performs a Hash Function on PASSWORD.
Clear text USER ID
• Client sends User ID to the AS (Authentication Server) in clear-text.
Step II (TGT sent)
Client/TGS
Session key.
Message A
• AS creates the Hash of PASSWORD (SECRET KEY).• AS sends 2 messages to client machine:• Message A:
Encrypted by SECRET KEY
• Message B:
• Client ID• Client network address• Validity period• Client/TGS Session Key
Ticket Granting
Ticket (TGT)
Step II continued
• TGS sends Message A & B to Client.• Client Machine is able to decrypt the Messages
A only if SECRET KEY (password) is correct.
• Client machine has Client/ TGS session Key.
• Client cannot decrypt the Message B.
TGT Message BEncrypted by TGS SECRET KEY
• TGT encrypted using TGS secret key.
Step III (Service Ticket Request)
• Message C: (Message B & service ID)
• Message D:
Authenticator Message DEncrypted using Client /TGS
session key
• Message D consist of encrypted Authenticator using Client/TGS Session Key.
• Client ID• Timestamp
Authenticator
*Decryption at TGS
• TGS decrypts Message B from Message C by using TGS SECRET KEY.
Message B
Client/ TGS
session key
Decrypted using TGS secret key
• TGS decrypts Message D using Client/TGS session key.
Message D Authenticator
Decrypted using Client/TGS session key
Step IV (Service Ticket sent)
• TGS sends Service Ticket that consist of 2 messages• Message E:
• Client/server session key
Client/server session
key
• Client ID• Client network address• Validity period• Client/Server Session Key
Client-to-Server Ticket
• Message F:
Step IV continued
• Message E consist of encrypted Client-to-server Ticket using Service Secret Key.
Client-to-Server Ticket
Message E
Encrypted using service secret
key
• Message F consist of encrypted Client-to-server session keyClient-
server session key
Message F
Encrypted using Client/TGS session key
• Message E & F is sent by TGS to Client Machine.
Step V (Service Request)
• Message E: (Above)
•Client ID•Timestamp
New autehnticator
• Message G:
New Authentica
tor
Message G
Encrypted using client/server session key
• Message G consist of encrypted New Authenticator using Client/Server Session Key.
Step VI (Conformation)
• SS decrypts the Message E using its SECRET KEY.
Message E
Client/Server
session key
Decrypted using server
secret key
• Message G is decrypted using client/server session key.
Message G
Authenticator
Decrypted using
client/server session key
Step VI continued
• SS sends Message H encrypted using client/server session key to client as conformation.
Timestamp + 1
Message H
Encrypted using client/server session key
• Client recieves the conformation.• Client request the service and server provides
it.
Message H
Timestamp + 1
Decrypted using
client/server session key
THANK YOU
top related