KERBEROS LtCdr Samit Mehra (05IT 6018). What is Kerberos? Motivation Why Kerberos? Firewall Vs Kerberos Kerberos assumptions How does Kerberos work? Weakness

  • Published on
    31-Mar-2015

  • View
    215

  • Download
    3

Embed Size (px)

Transcript

  • Slide 1

KERBEROS LtCdr Samit Mehra (05IT 6018) Slide 2 What is Kerberos? Motivation Why Kerberos? Firewall Vs Kerberos Kerberos assumptions How does Kerberos work? Weakness and solutions Conclusion Slide 3 WHAT IS KERBEROS? NETWORK AUTHENTICATION PROTOCOL DEVELOPED AT MIT IN THE MID 1980s AVAILABLE AS OPEN SOURCE OR IN SUPPORTED COMMERCIAL SOFTWARE REQUIRES THAT EACH CLIENT (EACH REQUEST FOR SERVICE) PROVE ITS IDENTITY. DOES NOT REQUIRE USER TO ENTER PASSWORD EVERY TIME A SERVICE IS REQUESTED! Slide 4 WHAT IS KERBEROS? Contd AUTHENTICATION SERVICE FOR INTERACTIVE SERVICES LIKE TELNET,FTP etc. HERE USER PROMPTED FOR PASSWORD AND MUST LOGIN IN REAL TIME SYMMETRIC KEY ENCRYPTION USED IT IS FAST AND ALLOWS REAL TIME AUTHENTICATION Slide 5 Slide 6 MOTIVATION WITHOUT KNOWLEDGE OF IDENTITY OF PERSON REQUESTING AN OPERATION DIFFICULT TO DECIDE IF IT SHOULD BE ALLOWED. TRADITIONAL AUTHENTICATION METHODS ARE NOT SUITABLE FOR USE IN COMPUTER NETWORKS WHERE ATTACKERS CAN MONITOR NETWORK TRAFFIC AND INTERCEPT PASSWORDS. USE OF STRONG AUTHENTICATION METHODS IS IMPERATIVE. Slide 7 MOTIVATION IN A COMMON DISTRIBUTED ARCHIETECTURE THREE APPROACHES TO SECURITY ENVISAGED: RELY ON INDIVIDUAL CLIENT WORK STATIONS TO ASSURE IDENTITY OF USER. REQUIRE CLIENT SYSTEMS TO AUTHENTICATE THEMSELVES TO SERVERS. REQUIRE USER TO PROVE IDENTITY FOR EACH SERVICE INVOKED. Slide 8 MOTIVATION IN A CLOSED ENVIRONMENT WHERE ALL SYSTEMS OWNED AND OPERATED BY SINGLE ORGANISATION FIRST OR SECOND APPROACH MAY SUFFICE. BUT IN AN OPEN ENVIRONMENT THIRD APPROACH (SUPPORTED BY KERBEROS) NEEDED TO PROTECT USER INFORMATION AND RESOURCES HOUSED ON SERVER. Slide 9 WHY KERBEROS? AUTHENTICATION IS A KEY FEATURE IN A MULTI USER ENVIRONMENT. SENDING USERNAMES AND PASSWORDS IN THE CLEAR JEOPARDIZES THE SECURITY OF THE NETWORK. EACH TIME A PASSWORD IS SENT IN THE CLEAR, THERE IS A CHANCE FOR INTERCEPTION. Slide 10 FIREWALL Vs KERBEROS FIREWALLS MAKE A RISKY ASSUMPTION: THAT ATTACKERS ARE COMING FROM THE OUTSIDE. IN REALITY, ATTACKS FREQUENTLY COME FROM WITHIN. KERBEROS ASSUMES THAT NETWORK CONNECTIONS (RATHER THAN SERVERS AND WORK STATIONS) ARE THE WEAK LINK IN NETWORK SECURITY. Slide 11 KERBEROS ASSUMPTIONS THE USER WONT USE SIMPLE PASSWORDS LIKE HIS OWN USER NAME ETC WHICH CAN BE EASILY BROKEN BY A PASSWORD CRACKER IN FACT NO AUTHENTICATION MECHANISM TILL DATE CAN COPE FOR PASSWORD GUESSING. THE WORKSTATIONS OR MACHINES ARE MORE OR LESS SECURE I.E. THERE IS NO WAY FOR AN ATTACKER TO INTERCEPT COMMUNICATION BETWEEN A USER AND A CLIENT (USER PROCESS). Slide 12 KERBEROS DESIGN USER MUST IDENTIFY HIMSELF ONCE AT THE BEGINNING OF A WORKSTATION SESSION (LOGIN SESSION). PASSWORDS ARE NEVER SENT ACROSS THE NETWORK IN CLEARTEXT (OR STORED IN MEMORY) Slide 13 KERBEROS DESIGN (CONT.) EVERY USER HAS A PASSWORD. EVERY SERVICE HAS A PASSWORD. THE ONLY ENTITY THAT KNOWS ALL THE PASSWORDS IS THE AUTHENTICATION SERVER. Slide 14 ServerServer ServerServer ServerServer ServerServer KerberosDatabase Ticket Granting Server Server Ticket Granting Server Server Authentication Authentication WorkstationWorkstation Kerberos Key Distribution Service Slide 15 SECRET KEY CRYPTOGRAPHY THE ENCRYPTION USED BY KERBEROS IMPLEMENTATIONS IS DES, ALTHOUGH KERBEROS V5 ALLOWS OTHER ALGORITHMS CAN BE USED. ENCRYPTION PLAINTEXTCIPHERTEXT KEY CIPHERTEXT PLAINTEXT DECRYPTION Slide 16 HOW DOES KERBEROS WORK? INSTEAD OF CLIENT SENDING PASSWORD TO APPLICATION SERVER: REQUEST TICKET FROM AUTHENTICATION SERVER TICKET AND ENCRYPTED REQUEST SENT TO APPLICATION SERVER HOW TO REQUEST TICKETS WITHOUT REPEATEDLY SENDING CREDENTIALS? TICKET GRANTING TICKET (TGT) Slide 17 AUTHENTICATION SERVER THE CLIENT SENDS A PLAINTEXT REQUEST TO THE AS ASKING FOR A TICKET IT CAN USE TO TALK TO THE TGS. REQUEST: LOGIN NAME TGS NAME SINCE THIS REQUEST CONTAINS ONLY WELL- KNOWN NAMES, IT DOES NOT NEED TO BE SEALED. Slide 18 AUTHENTICATION SERVER THE AS FINDS THE KEYS CORRESPONDING TO THE LOGIN NAME AND THE TGS NAME. THE AS CREATES A TICKET: LOGIN NAME TGS NAME CLIENT NETWORK ADDRESS TGS SESSION KEY THE AS SEALS THE TICKET WITH THE TGS SECRET KEY. Slide 19 AUTHENTICATION SERVER RESPONSE THE AS ALSO CREATES A RANDOM SESSION KEY FOR THE CLIENT AND THE TGS TO USE. THE SESSION KEY AND THE SEALED TICKET ARE SEALED WITH THE USER (LOGIN NAME) SECRET KEY. TGS session key Ticket: login name TGS name net address TGS session key Sealed with user key Sealed with TGS key Slide 20 ACCESSING THE TGS THE CLIENT DECRYPTS THE MESSAGE USING THE USERS PASSWORD AS THE SECRET KEY. THE CLIENT NOW HAS A SESSION KEY AND TICKET THAT CAN BE USED TO CONTACT THE TGS. THE CLIENT CANNOT SEE INSIDE THE TICKET, SINCE THE CLIENT DOES NOT KNOW THE TGS SECRET KEY. Slide 21 TICKET GRANTING TICKETS Slide 22 WHEN A CLIENT WANTS TO START USING A SERVER (SERVICE), THE CLIENT MUST FIRST OBTAIN A TICKET. THE CLIENT COMPOSES A REQUEST TO SEND TO THE TGS: ACCESSING A SERVER TGS Ticket Authenticator Server Name sealed with TGS key sealed with session key Slide 23 TGS RESPONSE THE TGS DECRYPTS THE TICKET USING ITS SECRET KEY. INSIDE IS THE TGS SESSION KEY. THE TGS DECRYPTS THE AUTHENTICATOR USING THE SESSION KEY. THE TGS CHECK TO MAKE SURE LOGIN NAMES, CLIENT ADDRESSES AND TGS SERVER NAME ARE ALL OK. TGS MAKES SURE THE AUTHENTICATOR IS RECENT. Slide 24 TGS RESPONSE ONCE EVERYTHING CHECKS OUT - THE TGS: BUILDS A TICKET FOR THE CLIENT AND REQUESTED SERVER. THE TICKET IS SEALED WITH THE SERVER KEY. CREATES A SESSION KEY SEALS THE ENTIRE MESSAGE WITH THE TGS SESSION KEY AND SENDS IT TO THE CLIENT. Slide 25 CLIENT ACCESSES SERVER THE CLIENT NOW DECRYPTS THE TGS RESPONSE USING THE TGS SESSION KEY. THE CLIENT NOW HAS A SESSION KEY FOR USE WITH THE NEW SERVER, AND A TICKET TO USE WITH THAT SERVER. THE CLIENT CAN CONTACT THE NEW SERVER USING THE SAME FORMAT USED TO ACCESS THE TGS. Slide 26 THE APPLICATION SERVER Slide 27 TICKETS EACH REQUEST FOR A SERVICE REQUIRES A TICKET. A TICKET PROVIDES A SINGLE CLIENT WITH ACCESS TO A SINGLE SERVER. Slide 28 TICKETS (cont.) TICKETS ARE DISPENSED BY THE TICKET GRANTING SERVER (TGS), WHICH HAS KNOWLEDGE OF ALL THE ENCRYPTION KEYS. TICKETS ARE MEANINGLESS TO CLIENTS, THEY SIMPLY USE THEM TO GAIN ACCESS TO SERVERS. Slide 29 TICKETS (cont.) THE TGS SEALS (ENCRYPTS) EACH TICKET WITH THE SECRET ENCRYPTION KEY OF THE SERVER. SEALED TICKETS CAN BE SENT SAFELY OVER A NETWORK - ONLY THE SERVER CAN MAKE SENSE OUT OF IT. EACH TICKET HAS A LIMITED LIFETIME (A FEW HOURS). Slide 30 TICKET CONTENTS CLIENT NAME (USER LOGIN NAME) SERVER NAME CLIENT HOST NETWORK ADDRESS SESSION KEY FOR CLIENT/SERVER TICKET LIFETIME CREATION TIMESTAMP Slide 31 SESSION KEY RANDOM NUMBER THAT IS SPECIFIC TO A SESSION. SESSION KEY IS USED TO SEAL CLIENT REQUESTS TO SERVER. SESSION KEY CAN BE USED TO SEAL RESPONSES (APPLICATION SPECIFIC USAGE). Slide 32 AUTHENTICATORS AUTHENTICATORS PROVE A CLIENTS IDENTITY. INCLUDES: CLIENT USER NAME. CLIENT NETWORK ADDRESS. TIMESTAMP. AUTHENTICATORS ARE SEALED WITH A SESSION KEY. Slide 33 RECAP EACH TIME A CLIENT WANTS TO CONTACT A SERVER, IT MUST FIRST ASK THE 3RD PARTY (TGS) FOR A TICKET AND SESSION KEY. IN ORDER TO REQUEST A TICKET FROM THE TGS, THE CLIENT MUST ALREADY HAVE A TG TICKET AND A SESSION KEY FOR COMMUNICATING WITH THE TGS! Slide 34 THE TICKET GRANTING SERVICE Slide 35 KERBEROS SUMMARY EVERY SERVICE REQUEST NEEDS A TICKET. TICKETS COME FROM THE TGS (EXCEPT THE TICKET FOR THE TGS!). WORKSTATIONS CANNOT UNDERSTAND TICKETS, THEY ARE ENCRYPTED USING THE SERVER KEY. EVERY TICKET HAS AN ASSOCIATED SESSION KEY. TICKETS ARE REUSABLE. Slide 36 KERBEROS SUMMARY (cont.) TICKETS HAVE A FINITE LIFETIME. AUTHENTICATORS ARE ONLY USED ONCE (NEW CONNECTION TO A SERVER). AUTHENTICATORS EXPIRE FAST ! SERVER MAINTAINS LIST OF AUTHENTICATORS (PREVENT STOLEN AUTHENTICATORS). THERE IS A LOT MORE TO KERBEROS!!! Slide 37 WEAKNESSES AND SOLUTIONS IF TGT STOLEN, CAN BE USED TO ACCESS NETWORK SERVICES. ONLY A PROBLEM UNTIL TICKET EXPIRES IN A FEW HOURS. SUBJECT TO DICTIONARY ATTACK. TIMESTAMPS REQUIRE HACKER TO GUESS IN 5 MINUTES. VERY BAD IF AUTHENTICATION SERVER COMPROMISED. PHYSICAL PROTECTION FOR THE SERVER. Slide 38 YOUR SECURITY IS IN YOUR OWN HANDS . Slide 39 REFERENCES CRYPTOGRAPHY AND NETWORK SECURITY WILLIAM STALLINGS THE MORONS GUIDE TO KERBEROS VERSION 1.2.2 UNDERSTANDING KERBEROS V5 AUTHENTICATION PROTOCOL FABRICE KAH GIAC SECURITY ESSENTIALS CERTIFICATION (GSEC) - NOVEMBER 2003 THE KERBEROS NETWROK AUTHENTICATION SERVICE (V5) J KOHL, C NEWMAN 1993 KERBEROS: AN AUTHENTICATION SERVICE FOR COMPUTER NETWORKS B. CLIFFORD NEUMAN AND THEODORE TS'O 2001B. CLIFFORD NEUMAN THEODORE TS'O http://www.kerberos.isi.edu/ - THE KERBEROS HOMEPAGEhttp://www.kerberos.isi.edu/ Slide 40 QUESTIONS??? THANK YOU.