A Normal Authentication Process Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The name "Kerberos" comes from the mythological three-headed dog whose duty it was to guard the entrance to the underworld. The Kerberos security system, on the other hand, guards electronic transmissions that get sent across the Internet. It does this by scrambling the information -- encrypting it -- so that only the computer that's supposed to receive the information can decrypt it. In addition, it makes sure that your password itself never gets sent across the wire.

kerberos has bacamr

Kerberos is necessary because there are people who know how to tap the lines between computers and listen for your password. They do this with programs called "sniffers", and the only way to stop them would be to physically guard every inch of the Internet ... computers, cables and all. This, of course, is impossible. As long as there are physically insecure networks in the world, we'll need something like Kerberos to maintain the integrity and security of our electronic communications


Kerberos gets its name from Greek mythology. Cerberus, also known as Kerberos, was a three headed beast that guarded the Underworld and kept the living from entering the world of the dead. Kerberos protocol design began in the 1983 at the Massachusetts Institute of Technology (MIT), as part of project Athena. The project athena was started for the next generation distributed computing . the project team decided to build it own authenticatin security solution around KDC (key distribution center) based upon the Needham-Schroeder protocol and secure authentication mechanism designed for distributed severs, assuming that the network is unsafe and hacker can sniff the information from the network .so kerberos overcome the short comming of many older authentication systems It enables a client and a server to mutually authenticate before establishing a connection. by 1989 steve miller and clifford neumann came with 4 version of the kerberos and The first public release was Kerberos version 4, which leads to the actual version (v5) in 1993 after a wide public review. It followed the IETF standard process and its specifications are defined in Internet RFC 1510. Originally designed for UNIX, it is now available for all major operating systems, freely from MIT or also through commercial versions.

The problem that the Kerberos addresses is this: Assume an open distributed environment in which users at workstations wish to access services on servers distributed throughout the network. We would like for servers to restrict access to authorized users and to be able to authenticate requests for service. In this environment, a work station cannot be trusted to identify its users correctly to network services. In particular, the following three threats exist:

A user may gain access to a particular workstation and pretend to be another user operating from that workstation.

A user may alter the network address of a workstation so that the requests sent from the altered workstation appear to come from the impersonated workstation.

A user may eavesdrop on exchanges and use a reply attack to gain entrance to a server or to disrupt operations.

In any of these cases, an unauthorized user may be able to gain access to services and data that he or she is not authorized to access. Rather than building in elaborate authentication protocols at each server, Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public -key encryption.

Benefits of using Kerberos

Nothing is easier today than to catch credentials over a network. If we try to run a sniffer in our environment we will see that we certainly get a login/password combination within a few minutes. This could lead to an unauthorized use of our network services and would certainly compromise all data present in our environment; even protected confidential data, as most users are using only one password for every application. Authentication is critical to security. Too many applications use a weak authentication mechanism, like clear text passwords or, even worse, rely on the “honesty” of client applications, known as authentication by assertion. However, it is not the primary role of an application to manage security. Consider a mail server: its role is to deliver email messages over the network to the appropriate recipients, but not to verify the user’s identity! This is where Kerberos comes in. It has the advantage to manage secure authentication from a central location, and for many applications. For each application that requires this service, it is a reliable, simple and easy to manage solution to use Kerberos. Furthermore, it unloads application servers from this time consuming authentication task and allows concentrating on their primary function.


If a set of users is provided with dedicated personal computers that have no network connections, then a user’s resources and files can be protected by physically securing each personal computer. When these users are served by a central time sharing system, the time sharing operation must provide the security. The operating system can enforce access control policies based on user identity and use the logon procedure to identify users.

Today, neither of these scenarios is typical. More common is a distributed architecture consisting of dedicated user work stations (clients) and distributed or centralized servers. In this environment, three approaches of security can be envisioned:

Rely on each individual client workstations to assure the identity of its user or users and rely on each server to enforce a security policy based on user identification (ID). Requires that client systems authenticate themselves to servers, but trust the client system concerning the identity of the user. Requires the user to prove identity fro each service invoked. Also requires that severs prove their identity to clients.

In a small, closed environment, in which all systems are owned and operated by a single organization, the first or perhaps the second strategy may suffice. But in a more open environment, in which network connections to other machines are supported, the third approach is needed to protect user information and resources housed by the server. The third approach is supported b Kerberos. Kerberos assumes distributed client/server architecture and employs one or more Kerberos servers to provide an authentication service.

The first published report on Kerberos [STEI88] listed the following requirements for Kerberos:

Secure: A network eavesdropper should not be able to obtain the necessary information to impersonate a user. More generally, Kerberos should be strong enough that a potential opponent does not find it to be the weak link.

Reliable: For all the services that rely on Kerberos for access control, lack of availability of the Kerberos service means lack of availability of the supported services. Hence, Kerberos should be highly reliable and should employ distributed server architecture, with one system able to back up another.

Transparent: Ideally, the user should not be aware that authentication is taking place, beyond the requirement to enter a password.

Scalable: The system should be capable of supporting large number of clients and servers. This suggests a modular, distributed architecture.

To support these requirements, the overall scheme of Kerberos is that of a trusted third-party authentication service that uses a protocol based on that proposed by Needham and Schroeder [NEED78]. It is trusted in the sense that clients and servers trust Kerberos to mediate their mutual authentication. Assuming the Kerberos protocol is well designed, then the authentication service is secure if the Kerberos server itself is secure.

Kerberos Version 5

Version 4 of Kerberos makes use of DES, in a rather elaborate protocol, to provide the authentication service. It is a property of DES that if cipher text (encrypted data) is decrypted with the same key used to encrypt it, the plaintext (original data) appears. If different encryption keys are used for encryption and decryption, or if the cipher text is modified, the result will be unintelligible, and the checksum in the Kerberos message will not match the data. This combination of encryption and the checksum provides integrity and confidentiality for encrypted Kerberos messages. Viewing the protocol as a whole, it is difficult to see the need for the many elements contained therein. Therefore, we adopt a strategy used by Bill Bryant of Project Athena (BRYA88) and build up to the full protocol by looking first at several hypothetical dialogues. Each successive dialogue adds additional complexity to counter security vulnerabilities revealed in the preceding dialogue.

After examining the protocol, we look at some other aspects of version 4.

A Simple Authentication Dialogue

In an unprotected network environment, any client can apply to any server for service. The obvious security risk is that of impersonation. An opponent can pretend to be another client and obtain unauthorized privileges on server machines. To counter this threat, servers must be able to confirm the identities of clients who request service. Each server can be required to undertake this task for each client/ server interaction, but in an open environment, this places a substantial burden on each server.

An alternative is to use an authentication server (AS) that knows the passwords of all users and stores these in a centralized database. In addition, the AS shares a unique secret key with each server. These keys have been distributed physically or in some other secure manner.

What does Kerberos do?

How does Kerberos allow you to authenticate yourself? Let us try and co-relate this to how does one authenticate himself in real life? Typically, you show your driver's license--or ID card, if you're not of driving age

What does this show? It shows that there is an agency (the one that issued the license or card) that has linked a given identity to a physical likeness. This physical likeness usually consists of a photo and some physical stats, and is considered to be uncopiable.

The identity consists of a name and an address, and some other information, such as a birth date. In addition, there may be some restrictions on what the named person can do; for instance, he or she may be required to wear corrective lenses while driving. (In many cases, this restriction is implicit: one can't drink until the age of 21, based on the birth date on the card.) Finally, the identification has a limited lifetime, represented by the expiration date on the card.

Note that this demonstration of identity is contingent on a number of things. First of all, the card must not be tampered with (such as changing the birth date, or the name, or the photo). Secondly, the person performing the authentication must accept the agency that issued the card. (Many supermarkets won't accept out-of-state or even out-of-town ID's when verifying checks.) There are some other concerns, such as that the person being authenticated really hasn't changed in appearance or name, or that the card is stolen, and so forth.

Kerberos works in basically the same way. It's typically used when a user on a network is attempting to make use of a network service, and the service wants assurance that the user is who he says he is. To that end, the user presents a ticket that is issued by the Kerberos authentication server (AS), much as a driver's license is issued by the RTO. The service then examines the ticket to verify the identity of the user. If all checks out, then the user is accepted.

Therefore, this ticket must contain information linking it in a fool proof manner to the user. Since the user and the service don't meet face to face, a photo is of no use. Therefore, the ticket must demonstrate that the bearer knows something only its intended user would know, such as a password. Furthermore, there must be safeguards against an attacker stealing the ticket, and using it later.

Assumptions Kerberos Makes

Kerberos does make some assumptions about the environment it lives in. It assumes that users won't make poor choices for passwords. If a user selects a password like ``password'' or ``nothing,'' then an attacker who intercepts a few encrypted messages will be able to mount a dictionary attack, in which he tries password after password to see if it decrypts messages correctly. Success means that the user's password has been guessed and that the attacker can now impersonate the user to any verifier.

Similarly, Kerberos assumes that the workstations or machines are more or less secure, that only the network connections are vulnerable to compromise. In other words, Kerberos assumes that there is no way for an attacker to position himself between the user and the client in order to obtain the password in that manner.

Assumptions Kerberos Makes