TOPIC HIERARCHY. Distributed Environment. Security. Kerberos

(1)

(2)

TOPIC HIERARCHY

Distributed Environment

Security

Privacy Authentication Authorization Non Repudiation

(3)

ORIGIN

MIT developed Kerberos to protect network services.

Developed under the Project Athena.

Developed at MIT in the mid 1980s.

Network authentication protocol.

Available as open source or in supported commercial

software.

This form of security has been evolving in Unix world

for over a decade and is now becoming a standard.

(4)

KERBEROS FROM CERBURUS

( THE GREEK MYTHOLOGICAL THREE

HEADED DOG)

Kerberos was named after its name.

It is the keeper of Hades (The God of the underworld) .

Originally, the 3 heads represented the 3 A’s

Authentication, Authorization, Access Control.

(5)

WHAT IS KERBEROS ?

A secret key based service for providing authentication in

open networks.

Authentication is mediated by a trusted third party on the

network (KDC : Key Distribution Center).

Kerberos is “secure,

single

-sign-on, trusted service”.

Trusted 3rd party authentication scheme.

(6)

WHY KERBEROS?

Sending usernames and passwords in the clear jeopardizes (harm)

the security of the network.

Each time a password is sent in the clear , there is a chance of an

security attack.

(7)

TYPES OF SECURITY

ATTACKS

Interception: an attack on confidentiality.

Interruption : an attack of availability.

Modification: an attack on integrity.

Fabrication: an attack on authenticity.

(8)

(9)

COMPUTER/NETWORK SECURITY

NEEDS:

Authentication

• Who is requesting access

Authorization

• What user is allowed to do

Auditing (Accessing Control)

• What has user done

Kerberos addresses all of these needs. Mostly it provides

authentication service.

(10)

AUTHENTICATION

Three ways to prove identity

Something you know Something you have Something you are

(11)

WHAT IS KERBEROS GOOD

FOR?

Verify identity of users and servers.

Encrypt communication if desired.

Centralized repository of accounts.

(Kerberos uses ‘realm’ to group accounts)

Local authentication.

Enforce ‘good’ password policy.

Provide an audit trail of usage.

(12)

KERBEROS VERSIONS

Three versions: version 1,2 and 3

Used for internal work in MIT.

Two versions: version 4 and 5

Version 4 makes use of DES (Data Encryption

Standard).

(13)

COMPONENTS

Principals

Realms

Key Distribution Centers (KDC’s).

•Authentication Service (AS). •Ticket Granting Server (TGS).

Tickets

(14)

Principals

Each entity, such as clients or application servers (Service), is represented as a principal

Coupled with a key.

Keys are stored in a database on KDC. Keys must be unique.

(15)

Realms

Companies and Organizations are composed of different departments, each with a different function.

To make things less complex, system administrators represent each department with a realm.

(16)

Key Distribution Centers (KDC’s)

Composed of an AS and TGS.

Has a database that houses all principals and their keys for a given realm At least one KDC per realm

Authentication Service (AS)

• Piece of software that accepts requests from clients.

• Creates TGT’s based on the information in the request (principal names for client and service).

• Establishes the secret session key used for communication between clients and services.

Ticket Granting Server (TGS)

• Clients authenticate themselves once to the AS to get TGT’s, which are presented to the TGS.

• Responsible for accepting Ticket Granting Tickets. • Verifies that the TGT’s are correct.

(17)

Tickets

Tickets serve following purposes:

• To confirm identity of the end participants.

• To establish a short-lived encryption key that both parties can share for secure communication (called the session key).

• Contains valuable data to check the authentication is real. Includes data such as:

• Requesting client’s principal name. • A list of valid IP addresses.

• A secret session key.

Authenticators

Consist of timestamps encrypted with the secret session key. Can only be used once.

Timestamp can’t exceed maximum time frame. Used to prevent replay attacks.

(18)

(19)

KERBEROS DESIGN

User must identify itself once at the beginning of a workstation

session (login session).

Passwords are never sent across the network in clear text (or stored

in memory)

Every user has a password.

Every service has a password.

The only entity that knows all the passwords is the Authentication

(20)

Server

Kerberos

Database

Ticket Granting

Server

Authentication

Server

Workstation

(21)

COMPLETE FUNCTIONALITY

OF KERBEROS

(22)

(23)

WEAKNESSES AND SOLUTIONS

If TGT stolen, can be used to

access network services.

Only a problem until

ticket expires in a

few hours.

Subject to dictionary attack.

Timestamps require

hacker to guess in 5

minutes.

Very bad if Authentication

Server compromised.

Physical protection

for the server.

(24)

THE COMPETITION: SSL

SSL Kerberos

Uses public key encryption Uses private key encryption Is certificate based (asynchronous) Relies on a trusted third party

(synchronous)

Ideal for the WWW Ideal for networked environments Key revocation requires Revocation

Server to keep track of bad certificates

Key revocation can be accomplished by disabling a user at the Authentication Server

Certificates sit on a users hard drive (even if they are encrypted) where they are subject to being cracked.

Passwords reside in users' minds where they are usually not subject to secret attack.

Uses patented material, so the service is not free. Netscape has a profit motive in wide acceptance of the standard.