KERBEROS – A NETWORK AUTHENTICATION PROTOCOL

 

 

Almost every company, business, university, etc runs some sort of network.  Thus, security and prevention of unauthorized access is an important issue with networks.  The Internet is an insecure place, since many of the protocols used in the Internet do not provide any protection.   Many tools are available to system crackers, which allow them to obtain access to other users’ passwords off of the network.  Thus, applications that send an unencrypted password over the network are exceptionally defenseless and exposed. As well, client/server applications assume that the client program is being truthful about the identity of the user. Some people use firewalls in attempt to resolve their network security troubles. Regrettably, the firewall technique assumes that all unauthorized users are on the outside, which is a very bad assumption.  Insiders carry out most of the worst damages in computer crime incidents.  Another important drawback to Firewalls is that they limit how the users can use the Internet.   These limitations are sometimes simply impractical and intolerable.

 

Kerberos is a network authentication protocol – a system for authenticating/ validating users and services on a network by using secret-key cryptography.  Kerberos was developed by the Massachusetts Institute of Technology and is also available in many commercial products.  Kerberos assumes the system is insecure, such that information sent through the network can be viewed by an unauthorized user and misrepresented.  Also, false addresses can be used to allow an unauthorized user to be viewed as an authorized one by the network.  Kerberos is a trusted and reliable third-party service, known as the Kerberos server.  The Kerberos server is trusted by all the entities (users and services) on the network, these entities are usually called principals.   

 

In Kerberos vocabulary, a "Kerberos client" is any principal that gets a service ticket for a Kerberos service. A client is classically a user, but any principal can be a client (unless for some reason the administrator has explicitly forbidden this principal to be a client).  The term "Kerberos server" generally refers to the Key Distribution Center (KDC). The KDC implements the Authentication Service (AS) and the Ticket Granting Service (TGS).  The KDC has a reproduction of each password associated with every principal. Therefore, it is absolutely vital that the KDC be secure and protected as possible.  The KDC usually stores the principals in a database, so the term "Kerberos database" is also sometimes applied to the KDC.  For dependability reasons, backup KDCs are usually incorporated in the network. These are referred to as slave servers. The backup KDCs all synchronize their databases from the master KDC.  As well, most Kerberos implementations also include an administration server, which allows inaccessible manipulation of the Kerberos database. The administration server usually runs on the KDC.

 

All principals share an undisclosed password, also known as a key, with the Kerberos server and this enables principals to verify that the messages from the Kerberos server are authentic.  The key is used to ask for permission from the Kerberos server to use a specific service.  All authentications take place between clients and servers.  Therefore, by trusting the Kerberos server, users and services can authenticate each other. After a client and server have used the Kerberos server to confirm their individuality, they can also encrypt all of their interactions to guarantee solitude and data reliability as they go about their business.  After confirming their identity, principals (usually users) obtain tickets from the Kerberos server.  They use the tickets to prove to other principals (usually services) that they are who they claim to be and have been given permission to use that service (Kerberos service).

 

Let us consider the following example to help explain the authentication and ticket obtaining procedure:

 

X (a user) is the originator of the authentication exchange and Y is the service that X wishes to use.  To obtain a ticket for a specific service, in this case service Y, X sends a ticket demand to the Kerberos server.  The request essentially includes X's and Y's names.  The Kerberos server checks that both X and Y are valid principals by verifying their key (passwords).

Having verified the validity of the principals, the Kerberos server generates a packet containing X's and Y's names, X's network address (X@sub{addr}), the current time (@var{t@sub{issue}}), the lifetime of the ticket (life), and a secret session key (K@sub{XY}). This packet is encrypted with Y's secret key (K@sub{Y}). The authentic ticket looks like the following:

 

({X, Y, X@sub{addr}, @var{t@sub{issue}}, life, K@sub{XY}} @var{K@sub{Y}}).

 

The response to X consists of the ticket, Y's name, the current time, the lifetime of the ticket, and the session key, all encrypted in A's secret key:

 

            ({Y, t@sub{issue}, life, K@sub{XY}, @var{T@sub{XY}}}@var{K@sub{X}}).

 

X decrypts the respond and holds on to it for later applications. Prior to transferring a message to Y, an authenticator is generated by X consisting of X's name, X's address, the current time, and a "checksum" chosen by X.   All of which is encrypted within the secret session key:

 

({X, X@sub{addr}, @var{t@sub{current}}, checksum}K@sub{AB}).

 

This secret session key is launched jointly with the ticket established from the kerberos server to Y.  Y decrypts the ticket using Y's secret key.  Seeing as the ticket encloses the session key that the authenticator was encrypted with, Y is now able to decrypt the authenticator. 

 

Finally, Y evaluates the contents of the ticket with that of the authenticator to establish that X really is X.  Y now considers X as appropriately legitimate if everything is equivalent.

 

            Like any security protocol, there are ways one may perceive Kerberos as being penetrable.   However, Kerberos has taken necessary precautions to make these methods either impossible or extremely difficult.  In the example discussed above, an unauthorized user may attempt to impersonate user X.  Z, a fraud user, can steal the authenticator and the ticket as it is broadcasted through the network.  Kerberos is prepared for this scenario since it adds an address in the ticket and the authenticator.  This makes it harder for Z to perform this attack.  To accomplish this attack successfully Z will have to either utilize X’s machine or forge the source addresses of the packets.  With the addition of the time stamp in the authenticator, Z is not given adequate time to perform the necessary procedure.  Z can also impersonate Y by using Y’s network address.  Therefore when X sends the appropriate qualifications to Y, Z acts as if to verify them.  However Z can't be sure that he is talking to X. 

 

Kerberos is equipped with many other defense tactics.  One is the addition of a replay cache to the server.  This strategy is used to identify when a user is attempting to resubmit a previously used message.  All authenticators received in the previous few minutes are saved by the service in order to notice repeat.  The strategy that Kerberos uses to authenticate a service is called mutual authentication.  With mutual authentication, the user can demand that the service sends something back that confirms the service has right of entry to the session key.  The checksum that the user sent as part of the authenticator is an example. One distinctive method is to add one to the checksum, encrypt it with the session key and send it back to the user.

 

In conclusion, network security problems can be addressed using Kerberos Authentication.  Strong cryptography can be obtained over the network to help you protect your data structure across your entire enterprise.  Kerberos is invaluable to the Information Technology architecture.