TOPIC HIERARCHY. Distributed Environment. Security. Kerberos

Transcription

1 KERBEROS

2 TOPIC HIERARCHY Distributed Environment Security Privacy Authentication Authorization Non Repudiation Kerberos

3 ORIGIN MIT developed Kerberos to protect network services. Developed under the Project Athena. Developed at MIT in the mid 1980s. Network authentication protocol. Available as open source or in supported commercial software. This form of security has been evolving in Unix world for over a decade and is now becoming a standard.

4 KERBEROS FROM CERBURUS ( THE GREEK MYTHOLOGICAL THREE HEADED DOG) Kerberos was named after its name. It is the keeper of Hades (The God of the underworld). Originally, the 3 heads represented the 3 A s Authentication, Authorization, Access Control. But one A was work enough!

5 WHAT IS KERBEROS? A secret key based service for providing authentication in open networks. Authentication is mediated by a trusted third party on the network (KDC : Key Distribution Center). Kerberos is secure, single-sign-on, trusted service. Trusted 3rd party authentication scheme.

6 WHY KERBEROS? Sending usernames and passwords in the clear jeopardizes (harm) the security of the network. Each time a password is sent in the clear, there is a chance of an security attack.

7 TYPES OF SECURITY ATTACKS Interception: an attack on confidentiality. Interruption : an attack of availability. Modification: an attack on integrity. Fabrication: an attack on authenticity.

8

9 COMPUTER/NETWORK SECURITY NEEDS: Authentication Who is requesting access Authorization What user is allowed to do Auditing (Accessing Control) What has user done Kerberos addresses all of these needs. Mostly it provides authentication service.

10 AUTHENTICATION Three ways to prove identity Something you know Something you have Something you are Kerberos is something you know, but stronger.

11 WHAT IS KERBEROS GOOD FOR? Verify identity of users and servers. Encrypt communication if desired. Centralized repository of accounts. (Kerberos uses realm to group accounts) Local authentication. Enforce good password policy. Provide an audit trail of usage.

12 KERBEROS VERSIONS Three versions: version 1,2 and 3 Used for internal work in MIT. Two versions: version 4 and 5 Version 4 makes use of DES (Data Encryption Standard). Version 5 is used for cross realm Authentication.

13 COMPONENTS Principals Realms Key Distribution Centers (KDC s). Authentication Service (AS). Ticket Granting Server (TGS). Tickets Authenticators

14 Principals Each entity, such as clients or application servers (Service), is represented as a principal Coupled with a key. Keys are stored in a database on KDC. Keys must be unique.

15 Realms Companies and Organizations are composed of different departments, each with a different function. To make things less complex, system administrators represent each department with a realm. Each realm has its own KDC(s)

16 Key Distribution Centers (KDC s) Composed of an AS and TGS. Has a database that houses all principals and their keys for a given realm At least one KDC per realm Authentication Service (AS) Piece of software that accepts requests from clients. Creates TGT s based on the information in the request (principal names for client and service). Establishes the secret session key used for communication between clients and services. Ticket Granting Server (TGS) Clients authenticate themselves once to the AS to get TGT s, which are presented to the TGS. Responsible for accepting Ticket Granting Tickets. Verifies that the TGT s are correct. Returns application service tickets.

17 Tickets Tickets serve following purposes: To confirm identity of the end participants. To establish a short-lived encryption key that both parties can share for secure communication (called the session key). Contains valuable data to check the authentication is real. Includes data such as: Requesting client s principal name. A list of valid IP addresses. A secret session key. Authenticators Consist of timestamps encrypted with the secret session key. Can only be used once. Timestamp can t exceed maximum time frame. Used to prevent replay attacks.

18

19 KERBEROS DESIGN User must identify itself once at the beginning of a workstation session (login session). Passwords are never sent across the network in clear text (or stored in memory) Every user has a password. Every service has a password. The only entity that knows all the passwords is the Authentication Server.

20 Ticket Granting Server Server Server Server Server Kerberos Database Workstation Authentication Server

21 COMPLETE FUNCTIONALITY OF KERBEROS

22

23 WEAKNESSES AND SOLUTIONS If TGT stolen, can be used to access network services. Subject to dictionary attack. Very bad if Authentication Server compromised. Only a problem until ticket expires in a few hours. Timestamps require hacker to guess in 5 minutes. Physical protection for the server.

24 THE COMPETITION: SSL SSL Uses public key encryption Is certificate based (asynchronous) Ideal for the WWW Key revocation requires Revocation Server to keep track of bad certificates Certificates sit on a users hard drive (even if they are encrypted) where they are subject to being cracked. Uses patented material, so the service is not free. Netscape has a profit motive in wide acceptance of the standard. Kerberos Uses private key encryption Relies on a trusted third party (synchronous) Ideal for networked environments Key revocation can be accomplished by disabling a user at the Authentication Server Passwords reside in users' minds where they are usually not subject to secret attack. Kerberos has always been open source and freely available.

25 ADVANTAGES More efficient authentication to servers Mutual authentication Delegated authentication Simplified trust management Interoperability

26 LIMITATIONS Scalability. Doesn t explicitly protect against Trojan attacks. Is mainly intended for single-user workstations. KDC can be a single point of failure.

27 APPLICATIONS OF KERBEROS: The Kerberos V5 applications are versions of existing UNIX network programs with the Kerberos features added. telnet rlogin FTP rsh rcp Ksu Kerberos is made a default authorization service for windows 2000 as it ensures a trustworthy authorization. Unix, Linux and Mac OS X. WRQ Reflection

28 THANK YOU!