This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The Kerberos is a secret key security system which is used to authenticate a client on a un trusted network and allow him to access the requested resources distributed over the network ,in distributed computing the services are hosted on the various servers which requires the client to authenticated himself again and again for every service it request ,Kerberos help in removing the overhead of re-authentication for each service by granting service tickets for the desired service and it also resists the transfer of the user credentials over the network.
" Kerberos " the name actually come from the mythological three headed dog whose duty was to safe guard entrance to the underworld. Well the name is correctly proposed by MIT ,Kerberos work in the similar fashion of three headed guard protecting the information and user credential by encryption and only allowing the access to the legitimated users. And the best part is user password is never transmitted over the communication channel. Kerberos makes it possible by using the secret key encryption.
The need of Kerberos authentication has risen up as the hacker and attacker keep a track on the packet flow . They keep on listening to the communication channel using software called "Sniffers", thus in case the user sends it credentials over the network then there are chances that he can be impersonated . so it becomes necessary to safeguard the credentials on the physical insecure network . sp we required an authentication system like Kerberos to maintain the integrity and security .
Kerberos is derived from the Greek mythology , Cerberus ,also known as Kerberos ,was a three headed beast that guarded the underworld and kept the living from entering the world of the dead.
The Kerberos authentication system came into existence when the project team of Athena encountered the authentication problem. The Athena was a next generation distributed computing being developed at MIT . They decided to use the Needham Schroeder protocol ,assumes that and build their own secure authentication mechanism using KDC Key distribution Center . The designing of the Kerberos system started in year 1983 ,they main objective was to over co me the short coming of the existing authentication systems . The Kerberos came up with a solution that both client and server should authenticate themselves to each other before they establish a connection.
The first public release was Kerberos 4 ,which lead to the actual version V5 in 1993 . The Kerberos follow the IEFT standard process and it specifications are defined in the Internet RFC 1510. Originally the Kerberos was developed for the Linux system but now it is freely available for all the major operating systems
The Kerberos authentication system makes assumption that the user works on a workstation in an open distributed environment and the services are distributed throughout the network . The server restricts the use of the services only to the legitimate users and they must be authenticated before they request for the service ,as the user is in a open distributed network so the workstation can be used to authenticated its user. In particular ,following threats exist :
1. A user can impersonate the other user knowing his credentials, gaining access to a particular workstation ,requesting for the services he is not authorized to.
2. A user may alter the workstations network address and make the request coming from a impersonated system to the server.
3. User can even keep a track on the message exchange on the network and use a reply attack to gain entrance to a server or may disrupt the operations.
So in any if these possible cases the ,an unauthorized user may gain access to the data whom he is not allowed to . So as a solution the Kerberos rely on the symmetric encryption authenticating the users and server to each others ,through a centralize server.
Benefits of using Kerberos
The latest trends in the technology has made easier the hacker to sniff the packets from the communication channel and extract information from it. "sniffers " programs can monitor the ongoing packets and can easily get user id and password combinations or private information . This might lead to unauthorized access to the network services and resources .authentication is very critical to security of the network .
The Kerberos eliminates the need to transmitting the password on the network for authentication process. And communication is always encrypted . So even if the attacker sniffs the packet ,he will not be able to extract any information .
The Kerberos is centralized authentication system and it frees the application servers from the process of authentication. All the services are accessible only to a legitimate user through service tickets . These ticket are issued by the kdc unique for each service . So once the user is granted the ticket he can access the resource.
Now this arise a question "what if the hacker gains access to the ticket ?". Well the Kerberos system authenticated the user to the server and server to the user so even if the hacker gain a ticket and send to the server acting as a legitimated user even though the server will deny the service. Kerberos system allows the user to indentify the server to check he is accessing the authorized server .
Assumption thats kerberos makes
There are some designing assumption that the Kerberos designers at the MIT took . It is very important to be familiar with the assumption before getting deep into its functionality
1. The Kerberos system was only meant to deal with the following three entities
Set of security servers KDC
2. The Kerberos uses the timestamp to protect against the replay attract .so the time is trusted .
3. The security server KDC is always online , as the Kerberos requires the availability of the all the systems as they generate the tokens and tickets.
4. The workstation being used by the user are trusted completely as the Kerberos stores the authentication tokens in the clients cache.
5.the Kerberos system see the user password as the weak entity and tries to minimize it by being exposed to the network .
6. The client is on a distribute network and remotely accessing the resources
Traditional authentication process
Befor procedding into dept it is necessary to undestand the normal authentication process which will better help in understanding the differnces from the Kerberos.the typical authentication process is as follows.
F:\study\advanced e security\New folder\report\5 difference.gif
1. The client send the login credentials ie user id and password to the sever and request for the resource or service.
2. The server than verfify thecredetials in the database and on validation it authenticate the client
3.then the server responces and grants the resource and server to the client.
But we are dissussing about the scenario of distributed computing ie the services and resources are spread over the network ,and problem arrises when the user need to authenticated himself on every services server. So it become overhead for the user of have N user id and password for N no of services ,as a solution if in case the user credential are compromised to the hacker (listening to the communication medium ) then the whole scenario fails. This difficulty can be solved by using the Kerberos authentication system.
The Kerberos transaction has three bodies involved
The Client : who is attempting ot access the resource or service hosted on the distributed network
The Server : which contain the services and resources which the client is requesting
The KDC : which provided the authenticating service . The KCD have two internal services
1. Authenticating server
2. Ticket granting server
as the part of the KDC but both works individual.
F:\study\advanced e security\New folder\report\1.jpg
The Authenticating Server (TGT): the Kerberos contains various separated server which provides different functions .the authenticating server work on the Needham Schroeder principles. The authenticating server authenticated the client on the network without communicating the password on the network. The authenticating server when receives the open request to access any services from the client .the authenticating server checks for the user in the database and its password (the client has only send the user id and request not the password ).
Ticket Granting Server(TGT) : the TGT is a part of the KDC . the TGT generates the ticket for the services which the client is request . The TGT validates the client using the authenticator generated by the as. The main job of the TGT is to grant the service ticket to the client. Which the client can send to the server to access the resources.
At a glance the authentication process can be classified into phases. in this , I have explained in 3 phases.
when a client logon on a workstation using this credentials' is user id and password request for a service hosted on a server.
Login And Requesting TGT : the client send the open ticket request to the KDC .the request contains the unique identifiers of the system and the user .the KDC checks whether the client is is in this database. if found then the client is authenticated and a authenticator is issued .
Requesting Service Grant Ticket : the KDC after authentication the client sends the ticket to the client . the ticket is encrypted by the user hash key and the session keys,( this will be further explained in the net section ).
Contacting Application Server : when the client has got the ticket .it will forward the ticket to the Service provider . the service provider will not authenticate the client as it is already authenticated by the KDC. the Service provider will process the client request and grant the service and resource to it.
kerberos V4 : Authentication Dialogue
Now we will try to go a bit in depth in understanding the concept of the Kerberos authentication , which makes it more secure and reliable choice than other available authentication systems .
There are number of packets are exchanged during the 3 phases of the authentication between the client , KDC and the Service server.
F:\study\advanced e security\New folder\report\3.gif
The figure above show the number of packet flow .these are further explained in the following seven steps.
Step 1 : the client sends a request packet RST to the Authenticating server.
The request packet contains the Client ID and the Service Request ID ie the ID of the service server and the time stamp TS ,which identifies the time at which its is generated.
Step 2 : now the AS on KDC on receiving the request check the client ID in the database ,if found then the client is authentic .the AU then generates a KEY from the User ID and password.
Then the AS sends a packet back to the client which include the ticket to grant ticket TGT and the unique identifiers of the client and the session key and encrypts it with TGS private key i.e. the information can only decrypted by the TGS . And then whole packet is encrypted with the session KEY generated using user id and password.
Step 3 : As the password is not transmitted over the network and only know to the client and AS ,only client and AS know the session key,
The client will generate the Session key and decrypt the packet received . The will extract the ticket and the authenticator and will add the ID and will send it to the TGS.the authenticator is encrypted by the TGS secret key thus can only be decrypted by the TGS the packet received by the client also contains the TGS session key . Client will send the ticket ,id of the service and authenticator ,to the TGS requesting for the service
Step 4 : the TGS receives the packet and extracts the authenticator and TGT and client ID . The TGT then decrypts the rest of the message with his own secret key and extracts the TGT and authenticator then matches it with the credentials send by the user , if the credentials matches then the client is authentic and then TGS generates service ticket which include the ticket ,timestamp and the client id and encrypts it with the secret key of the service server . And sends it back to the client. The client interaction with KDC terminates here ,now the client can directly contact the service provider.
Step 5: the client on receiving the packet add the authenticaor to it and forwards it to the S , service provider.
Step 6: the service provider on receiving the packet extracts the ticket and authenticator ,decrypts it own secret key . Then the S matches the time stamp and other credentials with are given in the authenticator . The S authorises the client if all the cerdential are matched and ticket is still valid ie it is not expired , S send the confiramtion responce to the client to verify itself .
F:\study\advanced e security\New folder\report\4.jpg
Then the client responses with a acknowledgement and increment the timestamp with one and replies to the server i.e. it has verified the server.
Now the service server grants the resources and service to the client. This whole process is automated and taken care by the kerberised system and only takes fraction of seconds to process . The Windows 2000 server is good example of system using Kerberos as it basic authentication system ,which is further extended in the windows 2008 and Asure . Kerberos was initially designed for the Unix systems so it can be used on the Linux platforms and Mac OS easily.
KERBEROS V5 : Authentication Dialogue
The Kerberos version 5 is enhancement over the version 4. as the basic authentication process remains the same but the packet information is changed ,more elements are added to the message packets
Elements Added Are :
Realm : this indicates the realm to which the client belongs ie the node to which KDC , it belongs.
Options: the options are the flags set in the ticket and are used on request
Times : it used by the client to request the following settings
From : time to start the request
Till: expiration time for the requested ticket
Rtill: maximum time by which the ticket must be renewed .
Nonce: it is a random value repeated in the message to sure that the message is not replayed by the opponent.
Authenticator : new elements are added to the authenticator
Sub key : key used for the specified application session .
Sequence number: specifies the sequence number of the message sent to the client during the specified session .
Kerberos V5 Message ExchangeKB V5.jpg
Step 1 : AS_REQ
this is the initial authentication request send to the KDC .the initial packet contains the client id and the other parameters which are used for managing the further message communication between client and KDC.
Step 2 : AS_REP
the authenticating server then responds in the similar fashion as in Kerberos V4 .message packet encrypted in the client hash key and the authenticator , the Nonce will identify the client in the further process.
Step 3 : TGS_REQ
now the client forward the packet received with the option and the id of the Service server and the ticket and authenticator ,the option flags are sent as per the client service need ie. the client might want to get the service ticket urgently or for another specified duration or want to extend the timestamp duration of the ticket.
Step 4 : TGS_REP
The TGS then process the client request and check the validity of the TGT and then further generates the service ticket as per the client need ,the time attribute is added to the packet as it denoted the number of time the client has requested for the specified service.
Step 5 : AP_REQ
The client receives the new Authenticator from the TGS and then forward it to the desired application server from which it is requesting for the service. The request include number of the option which help the client to customize the services he is requesting .
Step 6 : AP_REP
the application server then accepts and grants the client request and then server send back a packet as the acknowledge to the client and generates the sequence which help the client and server to monitor the packets as they are not being repeated or not being replaced by any hacker.
example demonstrating the Kerberos process at a galance
F:\study\advanced e security\New folder\report\Example+Kerberos+Exchange.png
UNDERSTANDING THE DIFFERENCE
Ticket Life Time: lifetime of the ticket was restricted in the version 4 as time was encoded in the 8 bit quantity. but the version 5 has explicit start and end time which increases the time stamp duration
Internet Protocol : the Kerberos v4 uses the ipv4 addressing . V5 can be used with any network address type
Encryption System Dependence : the Kerberos v4 uses the DES ,i.e. it is bounded to one encryption standard .Kerberos v5 provided the flexibility if using any encryption standard. The cipher text is tagged with the encryption technique used
Authentication Forwarding : the version 4 does not allow the credentials to be shared with any other client but the version 5 allows the flexibility to re authenticate the client for example the client issues the print server a print request . Then the print server will forward the authenticator to the file server where the file to be printed is located.
Double Encryption : the ticket provided to the client are twice encrypted in the version 5 ,it is not compulsory but this service can be extended as per the environment it is being implemented .
Session Key: each communication that takes place in version 5 is encrypted in the session key generated each time. This restricts the client to use the existing ticket to reaches the service as the session key keep on changing from session to session . This also improves the security feature of the Kerberos version 5 over the existing version 4 .
Password Attack: well this is the drawback of the Kerberos ,both the version are vulnerable to the password guessing attacks . The message send from the Authenticating Server to the Client is encrypted in the Key generated from the user id and password thus a hacker can try to apply the number of password combination with the user id to crack the encryption.
Encryption : the version 4 uses the PCBC (propagating cipher block chaining ) which is non standard mode of DES ,but the version 5 is enhanced with the standard CBC mode of encryption.
1.Dependency On The System Clock Synchronization
The system clock of the client and the server are need to be synchronized . This is a over head on the KDC server ,if the clocks are not synchronized with the Kerberos server clock than the authentication will fail as the ticket has a time stamp and availability period.
2.Vulnerabilty To Password Guessing Attack
The Kerberos is vulnerable to the password guessing attacks . The authentication message is encrypted with the key generated from user id and the password so if the password is easy to guess than whole security is compromised and the attacker can gain access to the service server.
3.Continous Availability Of Key Distribution Center.
The KDC should be available continuously ,if the KDC is down then the system will suffer from single point of failure issue. So in all scenarios the Kerberos system should be available .
4. Lack Of Proper Standards.
Kerberos has been extended to multiple platforms i.e. Linux ,windows ,Mac os etc . All these systems differ in standards of administration ,as all the systems inherits the Kerberos architecture but they have been altered as per need.
As the distributed network are expanding , authentication has became more critical for the computer security .and to identify and decide which operations should be allowed and which are restricted authentication is very important . As the traditional authentication methods are not appropriate as the attacker monitor the network and can intercept the passwords and other critical information. the strong authentication method safe guards and the systems and disclosure of the password over the network. thus Kerberos is suitable as a authenticating and authorizing system which can be implemented on number of cross platforms .