View
220
Download
0
Category
Tags:
Preview:
Citation preview
11
KerberosKerberosAnita Jones Anita Jones
November, 2006November, 2006
22
Kerberos Kerberos ** : Objective : Objective
Assumed environmentAssumed environment– Open distributed environmentOpen distributed environment– Wireless and EthernettedWireless and Ethernetted– Users wish to access services on serversUsers wish to access services on servers– Need to restrict access to authorized usersNeed to restrict access to authorized users– Need to authenticate requests for serviceNeed to authenticate requests for service
* Greek mythology – many headed dog who guards the entrance to Hades* Implemented at MIT as part of Project Athena
33
Kerberos : ObjectiveKerberos : Objective
Provide authentication serviceProvide authentication service– Clients to serversClients to servers– Servers to clientsServers to clients
44
Kerberos: StrategyKerberos: Strategy
What NOT to do:What NOT to do:– Does not rely on workstation OS to assure Does not rely on workstation OS to assure
identity of clients/usersidentity of clients/users– Does not rely on server to provide stand-Does not rely on server to provide stand-
alone authentication servicealone authentication service– Does not force clients to prove identity over Does not force clients to prove identity over
and overand over– Does not rely on client to determine identity of Does not rely on client to determine identity of
each service invokedeach service invoked Provide an authentication Provide an authentication serviceservice
55
When is authentication When is authentication useful?useful?
– Once per creation of new userOnce per creation of new user Once per user logon sessionOnce per user logon session Once per type of serviceOnce per type of service Once per service sessionOnce per service session
– Once per service requestOnce per service request
Kerberos provides the middle three services
66
Kerberos: StrategyKerberos: Strategy
““Knows” about the existence of users and serversKnows” about the existence of users and servers– Shares (different) symmetric key with eachShares (different) symmetric key with each
More recent versions of Kerberos use public/private keysMore recent versions of Kerberos use public/private keys We will not discuss key distribution hereWe will not discuss key distribution here
Uses “capabilities” – calls them “tickets”Uses “capabilities” – calls them “tickets”– Key property – tickets are unforgeable Key property – tickets are unforgeable
Passes out tickets on requestPasses out tickets on request– Key points – form of the tickets, when they are useful, Key points – form of the tickets, when they are useful,
and where they are usefuland where they are useful
77
Kerberos: Strategy – more detailKerberos: Strategy – more detail
Kerberos has a table ofKerberos has a table of– Identity of users & serversIdentity of users & servers– Net address of clients & serversNet address of clients & servers– Current user passwordCurrent user password
Key/password distribution, i.e. initialization & update Key/password distribution, i.e. initialization & update discussed earlier in coursediscussed earlier in course
Uses DES for encryptionUses DES for encryption Kerberos provides a “Ticket granting server” (tgs). Kerberos provides a “Ticket granting server” (tgs).
Tickets that it creates must beTickets that it creates must be– UnforgeableUnforgeable– Non-replayableNon-replayable– Authenticated Authenticated
88
Assumption – key sharingAssumption – key sharing
Kerberos composed of AS plus TGS Kerberos composed of AS plus TGS AS (authentication server) shares a secret AS (authentication server) shares a secret
key with each userkey with each user– Typically called IDTypically called IDC C – C is the client machine– C is the client machine
TGS (ticket granting server)TGS (ticket granting server)– TGS shares secret key with each known serverTGS shares secret key with each known server– Server machine and server software notated as Server machine and server software notated as
the samethe same Each user and service share a secret keyEach user and service share a secret key
99
Three authentication servicesThree authentication services
Transactions:Transactions:– Authenticate user – client machine talks to AS Authenticate user – client machine talks to AS
(authentication service)(authentication service) when user logs on when user logs on User receives authentication ticket (ticket-granting ticket)User receives authentication ticket (ticket-granting ticket)
– Get ticket to use a server – client machine talks to TGS Get ticket to use a server – client machine talks to TGS when user first wants to use a particular servicewhen user first wants to use a particular service
User receives a service-granting ticketUser receives a service-granting ticket
– Service session – client workstation proffers ticket to Service session – client workstation proffers ticket to server that is good for the sessionserver that is good for the session
User may require server to authenticate self to userUser may require server to authenticate self to user
1010
Protocol 1Protocol 1 – get ticket-granting ticket – get ticket-granting ticket simple illustrationsimple illustration Once per client logon session:Once per client logon session:
1 C AS: IDC , IDtgs
2 AS C: EKC [ tickettgs ]Notes: “comma” indicates concatenation AS is authentication service of Kerberos
IDC – name of the user on client C IDtgs – client C is asking for TGS service from Kerberos EKC is encryption with key derived from C’s password tickettgs – ticket C uses to get service from TGS
1111
Ticket Ticket (ticket-granting ticket)(ticket-granting ticket) from TGS from TGS
tickettgs = EKtgs[ IDC , ADC , IDtgs , Time1 , Lifetime1 ]
Notes: EKtgs – key known only to AS and TGS IDC – identity of client C ADC – network address of C Time1 – TGS-created time stamp Lifetime1 – ticket lifetime
1212
Prot’l 2Prot’l 2 – get service-granting ticket – get service-granting ticket simple illustrationsimple illustration
Get service-granting ticket – at first request for a Get service-granting ticket – at first request for a particular serviceparticular service
1 C TGS: IDC , IDv , tickettgs
2 TGS C: ticketv
Notes: ticketV is ticket that server V will accept as valid TGS knows whether IDC is allowed to use service V ticketV has same form as tickettgs
1313
Ticket Ticket (service V)(service V) from TGS from TGS
ticketV = EKVTGS[ IDC , ADC , IDV , Time2 , Lifetime2 ]
Notes: EKVtgs – key known only to TGS and V IDC – identity of user on client C ADC – network address of C Time2 – TGS created time stamp Lifetime2 – ticket lifetime
1414
Protocol 3Protocol 3 – to obtain the service – to obtain the service simple illustrationsimple illustration
Once per Once per serviceservice session: session:
1 C V: IDC , ticketV
Note: C gives user name & submits ticket for V’s service
1515
It ain’t quite that simple It ain’t quite that simple
Tickets are a little more complexTickets are a little more complex– Time stamps – limit replay of requests for ticketsTime stamps – limit replay of requests for tickets– Ensure clocks of various computers are Ensure clocks of various computers are
sufficiently in synchsufficiently in synch– Tickets have a “lifetime” validity stampTickets have a “lifetime” validity stamp
We have not dealt with users who rove We have not dealt with users who rove among multiple workstationsamong multiple workstations– Client/user and the client’s workstation OS are Client/user and the client’s workstation OS are
not the same thingnot the same thing
1616
Protocol 1Protocol 1 – more complete – more complete get ticket-granting ticket get ticket-granting ticket
Once per client logon session:Once per client logon session:
1 C AS: IDC , IDtgs , Time1
2 AS C: EKC [KC,tgs , IDtgs , Time2 , Lifetime2 , tickettgs]
Notes: Time1 is time from C’s clock; AS assures that clocks are sufficiently in synch EKC – encryption with key derived from IDC’s password KC,tgs – session key created by TGS; permits secure exchange for AS & IDC for the session
1717
Full Ticket-granting ticket Full Ticket-granting ticket
tickettgs = EKtgs[ KC,tgs , IDC , ADC , IDtgs , Time2 , Lifetime2 ]
Notes: EKtgs – key known only to AS and TGS
KC,tgs – session key available to user; permits secure exchange for TGS & C for the session IDC – identifier for user on machine C ADC – network address of machine C Time2 – time stamp created for this ticket Lifetime2 – ticket lifetime
1818
Prot’l 2Prot’l 2 – get service-granting ticket – get service-granting ticket fuller illustrationfuller illustration
Get service-granting ticket – at first request for a Get service-granting ticket – at first request for a particular serviceparticular service
1 C TGS: IDv , tickettgs , authC
2 TGS C: EKC,tgs[KC,V , IDV , Time4 , ticketV ]
Note: ticketV – ticket that server will accept as valid and then deliver service KC,V – secure session key that C and server V use authC – generated by user to validate ticket; encrypted with KC,tgs
1919
Full service-granting ticketFull service-granting ticket
ticketv = EKVtgs[ KC,V , IDC , ADC , IDV , Time4 , Lifetime4 ]
Notes: EKVtgs – key derived from server’s password; known only to TGS and V; prevents tampering KC,V – session key available to user; permits secure exchange for V & IDC for the session
IDC – identifier of user on C; ditto V ADC – network address of C Time4 – time stamp created for this ticket Lifetime4 – ticket lifetime
2020
Authenticator (authAuthenticator (authCC) )
authC = EKC,tgs[ IDC , ADC , Time3 ]
Notes: Authenticator created by user to assure TGS that ticket presenter is same as user for whom ticket was issued; intended for one time use; timestamp limits replay
KC,tgs – session key available to user; permits secure exchange for TGS &IDC for the session
Time3 – time stamp created for this authenticator
2121
Protocol 3Protocol 3 – to gain service – to gain service fuller illustration fuller illustration
Once per service session:Once per service session:
1 C V: ticketV , authC
2 V C: EKc,v[Time5 + 1]
Note: Step 2 is for server V to authenticate to client C authC is similar to that in protocol 2; includes Time5
2222
Authenticator (authAuthenticator (authCC) )
authC = EKC,V[ IDC , ADC , Time5 ]
Notes: Authenticator created by user to assure V that ticket presenter is same as user for whom ticket was issued; intended for one time use; timestamp limits replay
KC,V – session key available to user and V permitssecure session exchange for V & IDC
Time5 – time stamp created for this authenticator
2323
Kerberos – EndKerberos – End
Recommended