100 likes | 308 Views
Kerberos. CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk. Kerberos. Cryptographic authentication for distributed systems Based on symmetric-key authentication with KDC Requirements: Security Reliability Transparency Scalability. Kerberos. Advantages:
E N D
Kerberos CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk Kerberos
Kerberos • Cryptographic authentication for distributed systems • Based on symmetric-key authentication with KDC • Requirements: • Security • Reliability • Transparency • Scalability Kerberos
Kerberos • Advantages: • secure authentication • single sign-on • secure data flow • Applications benefiting from Kerberos: • telnet, ftp • BSD rtools (rlogin, rsh, rcp) • NFS • Others (pine, eudora, etc.) Kerberos
Kerberos Keys • Each “principal” shares a “master key” with KDC • KA: Alice’s master key. Used for initial authentication • SA: Alice’s session key. Created after initial authentication, used instead of KA. • KAB: Alice-Bob session key. • “Ticket Granting Tickets” (TGT): • issued to Alice by KDC after login • contains SA encrypted with KKDC • used to obtain session key KAB Kerberos
Logging into the Network (doesn’t protect against dictionary attacks with eavesdropping) Alice, pwd Alice needs a TGT Alice’s terminal Alice KDC KA{SA, TGT} Kerberos
Logging into the Network (cont’d) The workstation, • converts Alice’s password into a DES key • when receives the credentials from the server, decrypts them using this DES key • if decrypts correctly, authentication is successful • discards Alice’s master key; retains the TGT. • TGT contains all the information KDC needs about Alice’s session; hence KDC can work without remembering any volatile data. Kerberos
Accessing a Remote Principal Afterwards, the traffic between Alice & Bob can be • unprotected • authenticated • encrypted & authenticated “Alice”, “Bob”, TGT, SA{timestamp} rlogin Bob Alice’s workstation KDC SA{“Bob”, KAB, KB{“Alice”, KAB}} Alice KB{“Alice”, KAB}, KAB{timestamp} Bob KAB{timestamp+1} Kerberos
Replicated KDCs • A single KDC would be • a performance bottleneck • a single point of failure • Have multiple replicas of the KDC with the database and the master key • Any replica can serve as KDC for authentication • Only one KDC (the master copy) handles the additions & deletions of principals (for consistency) Kerberos
Multiple Realms • KDCA & KDCB must have registered with each other • Chains longer than two KDCs not allowed (v.4) “Alice”, “KDCB” KDCA ticket to KDCB Alice “Alice”, “Bob” KDCB ticket to Bob Bob AP_REQ Kerberos
Kerberos v5 • Platform-independent coding (ASN.1) • Support for non-IP addresses • “ “ non-DES encryption • Delegation of rights • Hierarchy of realms • Extended ticket lifetime • Has public-key extensions (e.g., SESAME, Win2000) Kerberos