2. What is Kerberos?
• Net wor k
aut hent icat ion prot ocol
• Developed at MI T in
t he mid 1980s
• Available as open
sour ce or in suppor t ed
commer cial sof t war e
3. Why Kerberos?
• Sending usernames and
passwords in t he clear
j eopardizes t he securit y of
t he net work.
• Each t ime a password is sent
in t he clear, t here is a
chance f or int ercept ion.
4. Firewall vs. Kerberos
• Fir ewalls make a risky
assumpt ion: t hat at t acker s are
coming f r om t he out side. I n
realit y, at t acks f requent ly
come f rom wit hin.
• Kerberos assumes t hat net wor k
connect ions (r at her t han
ser vers and wor k st at ions) are
t he weak link in net wor k
secur it y.
5. Design Requirement s
• I nt eract ions bet ween host s
and client s should be
encrypt ed.
• Must be convenient f or
users (or t hey won’t use it ).
• Prot ect against int ercept ed
credent ials.
6. Crypt ography Approach
• Privat e Key: Each part y uses
t he same secr et key t o encode
and decode messages.
• Uses a t rust ed t hir d par t y which
can vouch f or t he ident it y of
bot h par t ies in a t ransact ion.
Secur it y of t hir d par t y is
imperat ive.
7. How does Kerberos work?
• I nst ead of client sending password t o
applicat ion ser ver :
– Request Ticket f rom aut hent icat ion
server
– Ticket and encrypt ed request sent t o
applicat ion server
• How t o request t icket s wit hout
repeat edly sending credent ials?
– Ticket granting ticket (TGT)
10. Applicat ions
• Aut hent icat ion
• Aut horizat ion
• Conf ident ialit y
• Wit hin net works and small
set s of net works
11. Weaknesses and Solut ions
I f TGT st olen, can be used
t o access net work
services.
Only a problem unt il
t icket expires in a
f ew hours.
Subj ect t o dict ionary
at t ack.
Timest amps require
hacker t o guess in 5
minut es.
Very bad if Aut hent icat ion
Server compromised.
Physical prot ect ion
f or t he server.
12. The Compet it ion: SSL
SSL Kerberos
Uses public key encryption Uses private key encryption
Is certificate based (asynchronous) Relies on a trusted third party
(synchronous)
Ideal for the WWW Ideal for networked environments
Key revocation requires Revocation
Server to keep track of bad
certificates
Key revocation can be accomplished by
disabling a user at the Authentication
Server
Certificates sit on a users hard drive
(even if they are encrypted) where
they are subject to being cracked.
Passwords reside in users' minds where
they are usually not subject to secret
attack.
Uses patented material, so the
service is not free. Netscape has a
profit motive in wide acceptance of
the standard.
Kerberos has always been open source
and freely available.
13. Limit at ion: Scalabilit y
• Recent modif icat ions
at t empt t o address t his
problem
• Public key crypt ography f or
Client Aut hent icat ion and
cross realm aut hent icat ion
• I ssues are not resolved