KerberosPresented By

Pratima VijayakumarRafi Qureshi

Vinay Gaonkar

CS 616Course Instructor Dr Charles Tappert

Introduction

Kerberos History Kerberos Environment Kerberos Architecture Kerberos Protocols Kerberos Version 5 Kerberos Advantages Kerberos Weaknesses and Solutions

History Developed at MIT in early 1980rsquos Computing shift from mainframes to

workstations Pools of distributed workstations

connected to servers Concept of rdquoNetwork Credentialsrdquo Commercial versions V4 and V5 Principles and systems are relevant until

today Concepts incorporated in DCE AFS NT

etc

Kerberos Environment (I)

Kerberos Environment (II)

KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the

networkrdquo1048766 Communication ndash rdquoholding a session

between two partiesrdquo

Kerberos Architecture (I)

Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users

and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)

which requested the session and it does not bother the

destination party (B)

Kerberos V5 Protocols (I)Acquiring Network Credentials

1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory

2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)

3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Introduction

Kerberos History Kerberos Environment Kerberos Architecture Kerberos Protocols Kerberos Version 5 Kerberos Advantages Kerberos Weaknesses and Solutions

History Developed at MIT in early 1980rsquos Computing shift from mainframes to

workstations Pools of distributed workstations

connected to servers Concept of rdquoNetwork Credentialsrdquo Commercial versions V4 and V5 Principles and systems are relevant until

today Concepts incorporated in DCE AFS NT

etc

Kerberos Environment (I)

Kerberos Environment (II)

KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the

networkrdquo1048766 Communication ndash rdquoholding a session

between two partiesrdquo

Kerberos Architecture (I)

Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users

and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)

which requested the session and it does not bother the

destination party (B)

Kerberos V5 Protocols (I)Acquiring Network Credentials

1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory

2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)

3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

History Developed at MIT in early 1980rsquos Computing shift from mainframes to

workstations Pools of distributed workstations

connected to servers Concept of rdquoNetwork Credentialsrdquo Commercial versions V4 and V5 Principles and systems are relevant until

today Concepts incorporated in DCE AFS NT

etc

Kerberos Environment (I)

Kerberos Environment (II)

KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the

networkrdquo1048766 Communication ndash rdquoholding a session

between two partiesrdquo

Kerberos Architecture (I)

Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users

and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)

which requested the session and it does not bother the

destination party (B)

Kerberos V5 Protocols (I)Acquiring Network Credentials

1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory

2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)

3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos Environment (I)

Kerberos Environment (II)

KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the

networkrdquo1048766 Communication ndash rdquoholding a session

between two partiesrdquo

Kerberos Architecture (I)

Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users

and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)

which requested the session and it does not bother the

destination party (B)

Kerberos V5 Protocols (I)Acquiring Network Credentials

1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory

2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)

3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos Environment (II)

KRB consists of1048766 AS ndash Authentication Server TGS ndash Ticket Granting Server1048766 DB ndash Database of entity keysSeparation between two actions1048766 Authentication ndash rdquologging into the

networkrdquo1048766 Communication ndash rdquoholding a session

between two partiesrdquo

Kerberos Architecture (I)

Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users

and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)

which requested the session and it does not bother the

destination party (B)

Kerberos V5 Protocols (I)Acquiring Network Credentials

1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory

2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)

3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos Architecture (I)

Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users

and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)

which requested the session and it does not bother the

destination party (B)

Kerberos V5 Protocols (I)Acquiring Network Credentials

1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory

2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)

3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos Architecture (II) Kerberos implements the rdquoInternet Scenariordquo 1048766 User A has password PWA to authenticate to KRB 1048766 KRB stores key KA that is derived from password PWA 1048766 Server B has key KB to authenticate to KRB 1048766 KRB stores key KB that is identical to the serverrsquos key 1048766 Workstations are stateless ndash they donrsquot know the users

and their passwords and they donrsquot have keys 1048766 Kerberos provides tickets to the source party (A+WS)

which requested the session and it does not bother the

destination party (B)

Kerberos V5 Protocols (I)Acquiring Network Credentials

1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory

2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)

3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos V5 Protocols (I)Acquiring Network Credentials

1) User A starts working at workstation WS by entering its name rdquoArdquo and password PWA Workstation WS computes key KA from PWA and it then erases password PWA from its memory

2) Workstation WS contacts Authentication Server (AS) and requests rdquoNetwork Credentialsrdquo to A+WS Workstation WS sends following clear data ndash lt A WS RealmA TGS Times Nonce1gt to AS (where Times gives the time validity interval and Nonce1 is random value)

3) Authentication Server AS replies to A+WS with following two items lt RealmA A TKTTGS gt AND lt KATGS Times Nonce1 RealmTGS TGS gt sealed by key KA (where TKTTGS = lt KATGS RealmA A WS Times gt sealed by key KTGS) Workstation WS now tries to open the sealed item using the computed key KA

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos V5 Protocols (II)Establishing Connection with Server

4) Workstation WS contacts Ticket Granting Server (TGS) and requests ticket for B as follows lt B Times Nonce2 TKTTGS Auth1 gt (where Auth1 = lt A WS RealmA Timestamp1 gt sealed by key KATGS)

5) Ticket Granting Server TGS replies to A+WS with following two items lt RealmA A TKTB gt AND lt KAB Times Nonce2 RealmB B gt sealed by KATGS (where TKTB = lt KAB RealmA A WS Times gt sealed by KB) Workstation WS opens the sealed item using key KATGS

6) Workstation WS requests a session from B by sending lt TKTB Auth2 gt (where Auth2 = lt A WS RealmA Timestamp2 Subkey Seq gt sealed by key KAB) Fields Subkey and Seq are optional

7) Server B opens ticket TKTB with key KB and replies to A+WS with authentication Auth3 = lt Timestamp2 Subkey Seq gt sealed by AB

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos V5 Options and FlagsINITIALIndicates that a ticket was issues by AS and not by a TGSPRE-AUTHENTIndicates that the user was pre-authenticated by some means

before a TGS ticket was issuedHW-AUTHENTIndicates that the user was authenticated with a hardware token

before a TGS ticket was issuedRENEWABLETells TGS that this ticket can be used to obtain a replacement

ticket that expires at a later dateINVALIDIndicates that this ticket is invalid and must be validated by the

TGS before use

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos V5 Options and FlagsMAY-POSTDATETells TGS that a post-dated ticket may be issued based on thisticket-granting ticketPOSTDATEDIndicated that this ticket has been postdatedPROXYABLETells TGS that a new service-granting ticket with a differentnetwork address may be issued based on this ticketFORWARDABLETells TGS that a new ticket-granting ticket with different networkaddress may be issued based on this ticket-granting ticketFORWARDEDIndicates that this ticket has either been forwarded or that it wasissued based on authentication involving a forwarded ticket

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos - Advantages Passwords arenrsquot exposed to eavesdropping Single Sign-on

More convenient only one password entered once

Stolen tickets hard to reuse Need authenticator as well which canrsquot be

reused Wide support in various operating systems Prevents transmission of passwords over the

network

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC

Kerberos - Weaknesses and SolutionsIf TGT stolen can be used to access network services

Ticket expires in a few hours

Subject to dictionary attack Timestamps require hacker to guess in 5 minutes

Very bad if Authentication Server compromised

KDC is centralized

Physical protection for the server

Replicated KDC