kerberos
DESCRIPTION
Kerberos. Presented By: Pratima Vijayakumar Rafi Qureshi Vinay Gaonkar CS 616 Course Instructor: Dr. Charles Tappert. Introduction. Kerberos History Kerberos Environment Kerberos Architecture Kerberos Protocols Kerberos Version 5 Kerberos Advantages Kerberos Weaknesses and Solutions. - PowerPoint PPT PresentationTRANSCRIPT
KerberosPresented By
Pratima VijayakumarRafi Qureshi
Vinay Gaonkar
CS 616Course Instructor Dr Charles Tappert
Introduction
Kerberos History Kerberos Environment Kerberos Architecture Kerberos Protocols Kerberos Version 5 Kerberos Advantages Kerberos Weaknesses and Solutions
History Developed at MIT in early 1980rsquos Computing shift from mainframes to
workstations Pools of distributed workstations
connected to servers Concept of rdquoNetwork Credentialsrdquo Commercial versions V4 and V5 Principles and systems are relevant until
today Concepts incorporated in DCE AFS NT
etc
Kerberos Environment (I)
Kerberos Environment (II)
KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the
networkrdquo1048766 Communication ndash rdquoholding a session
between two partiesrdquo
Kerberos Architecture (I)
Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users
and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)
which requested the session and it does not bother the
destination party (B)
Kerberos V5 Protocols (I)Acquiring Network Credentials
1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory
2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)
3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Introduction
Kerberos History Kerberos Environment Kerberos Architecture Kerberos Protocols Kerberos Version 5 Kerberos Advantages Kerberos Weaknesses and Solutions
History Developed at MIT in early 1980rsquos Computing shift from mainframes to
workstations Pools of distributed workstations
connected to servers Concept of rdquoNetwork Credentialsrdquo Commercial versions V4 and V5 Principles and systems are relevant until
today Concepts incorporated in DCE AFS NT
etc
Kerberos Environment (I)
Kerberos Environment (II)
KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the
networkrdquo1048766 Communication ndash rdquoholding a session
between two partiesrdquo
Kerberos Architecture (I)
Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users
and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)
which requested the session and it does not bother the
destination party (B)
Kerberos V5 Protocols (I)Acquiring Network Credentials
1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory
2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)
3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
History Developed at MIT in early 1980rsquos Computing shift from mainframes to
workstations Pools of distributed workstations
connected to servers Concept of rdquoNetwork Credentialsrdquo Commercial versions V4 and V5 Principles and systems are relevant until
today Concepts incorporated in DCE AFS NT
etc
Kerberos Environment (I)
Kerberos Environment (II)
KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the
networkrdquo1048766 Communication ndash rdquoholding a session
between two partiesrdquo
Kerberos Architecture (I)
Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users
and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)
which requested the session and it does not bother the
destination party (B)
Kerberos V5 Protocols (I)Acquiring Network Credentials
1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory
2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)
3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos Environment (I)
Kerberos Environment (II)
KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the
networkrdquo1048766 Communication ndash rdquoholding a session
between two partiesrdquo
Kerberos Architecture (I)
Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users
and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)
which requested the session and it does not bother the
destination party (B)
Kerberos V5 Protocols (I)Acquiring Network Credentials
1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory
2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)
3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos Environment (II)
KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the
networkrdquo1048766 Communication ndash rdquoholding a session
between two partiesrdquo
Kerberos Architecture (I)
Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users
and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)
which requested the session and it does not bother the
destination party (B)
Kerberos V5 Protocols (I)Acquiring Network Credentials
1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory
2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)
3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos Architecture (I)
Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users
and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)
which requested the session and it does not bother the
destination party (B)
Kerberos V5 Protocols (I)Acquiring Network Credentials
1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory
2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)
3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users
and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)
which requested the session and it does not bother the
destination party (B)
Kerberos V5 Protocols (I)Acquiring Network Credentials
1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory
2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)
3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos V5 Protocols (I)Acquiring Network Credentials
1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory
2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)
3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos V5 Protocols (II)Establishing Connection with Server
4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)
5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS
6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional
7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means
before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token
before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement
ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the
TGS before use
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on
More convenient only one password entered once
Stolen tickets hard to reuse Need authenticator as well which canrsquot be
reused Wide support in various operating systems Prevents transmission of passwords over the
network
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC
Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services
Ticket expires in a few hours
Subject to dictionary attack Timestamps require hacker to guess in 5 minutes
Very bad if Authentication Server compromised
KDC is centralized
Physical protection for the server
Replicated KDC