Kerberos

Kerberos is a protocol of identification network created with the Massachusetts Institute off Technology (MIT). Kerberos uses a system of tickets instead of passwords in clear text. This principle reinforces the safety of the system and prevents that people not - authorized the passwords of the users intercept.

The unit rests on key S secret (symmetrical coding). In the beginning, it was employed on distributed Systèmes Unix. It is with Windows 2000 that it made its return.

The name of Kerberos comes from the Greek Κέρϐερος , “Cerberus”.

Operation

In a simple network using Kerberos, one distinguishes several Entité S:

the customer (C), it has its own private key $K_ {C}$
the waiter (S), it also lays out of a private key $K_ {S}$
the waiter of tickets (TGS for Ticket Granting Server ), it has a private key $K_ {TGS}$ and knows the private key $K_ {S}$ of the waiter
the distribution center of keys (KDC for Key Distribution Center ), it knows the private keys $K_ {C}$ and $K_ {TGS}$

The customer wants to reach at a proposed service by the waiter S.

The first stage for the customer consists in being identified near the waiter of keys (KDC). The customer has a private key $K_ {C}$ , this one is also known by the waiter of keys. The customer sends his name to the waiter of keys and the waiter of tickets indicates to him which interests it. After checking on the identity of the customer (this part depends on the implementations, certain waiters use passwords of single use), the waiter of keys sends then to him a ticket $T_ {TGS}$ . This ticket authorizes the customer to make requests near the waiter of tickets TGS.

This ticket $T_ {TGS}$ is quantified to the waiter of keys with the key of the waiter of tickets ( $K_ {TGS}$ ). It contains in particular information on the customer but also the key used to establish the communication between the customer and the waiter of tickets. This key of session, we will note it $K_ {C, TGS}$ . The customer also receives this key of session $K_ {C, TGS}$ , it however was quantified with the private key $K_ {C}$ of the customer.

At this stage, the customer has a ticket $T_ {TGS}$ (which it cannot decipher) and a key $K_ {C, TGS}$ .

The second phase is the sending by the customer of a request for ticket near the waiter of tickets. This request contains an identifier (information on the customer as well as the date of emission) quantified with the key of session $K_ {C, TGS}$ (which is found by the customer by deciphering the information received since the waiter of keys with its private key). The customer sends also the ticket which had been transmitted to him by the waiter of keys.

The waiter of tickets then receives its ticket and it can decipher it with its private key $K_ {TGS}$ . It recovers the contents of the ticket (the key of session) and can thus decipher the identifier which the customer sent to him and check the authenticity of the requests. The waiter of tickets can then emit a ticket of access to the waiter. This ticket is quantified thanks to the private key of the waiter $K_ {S}$ . The waiter of tickets also sends to the customer another key of session $K_ {C, S}$ for the communications between the final waiter and the customer. This second key of session was quantified using the key $K_ {C, known TGS}$ at the same time by the waiter of tickets and the customer.

The third stage is the dialog between the customer and the waiter. The customer receives the ticket to reach the waiter as well as quantified information containing the key of session between him and the waiter. He deciphers the latter thanks to the key $K_ {C, TGS}$ . He generates a new identifier which he quantifies with $K_ {C, S}$ and that he sends to the waiter accompanied by the ticket.

The waiter checks that the ticket is valid (it deciphers it with its private key $K_ {S}$ ) and authorizes the access to the service if all is correct.

Safety

Once a customer was identified, this one obtains a ticket (generally, a textual file - but its contents can also be stored in a protected storage area). The ticket plays the part of an indentity card to rather short time limitation, eight hours generally. If necessary, this one can be cancelled prematurely. Under systems Kerberos like that of MIT, or Heimdal, this procedure is generally called via the order kdestroy.

The safety of Kerberos rests on the safety of the various machines which it uses. An attack on the waiter of keys would be dramatic because it could make it possible the attacker to seize the private keys of the customers and thus to be made pass for them. Another problem which could occur on the machine of the customer is the flight of the tickets. They could be used by a third person to reach the services offered by the waiters (if the key between the customer and the waiter is known).

The expiry of the ticket makes it possible to limit the problems involved in the flight of the tickets. Moreover, the tickets contain address IP of the customer and the ticket is thus not valid if it is employed since another address. To counter that, the attacker spoofer the IP of the customer should. An attack on the identifiers will fail because Kerberos their additions an element. That avoids the attacks by reference of identifiers which would have been intercepted. The waiters preserve the historical preceding communications and can easily detect a fraudulent sending.

The advantage of Kerberos is to limit the number of identifiers and to be able to work on a not-protected network. The identifications are only necessary for obtaining new tickets of access to the waiter of tickets.

Currently, two implementations of Kerberos version 5 exist for Open LDAP :

MIT krb5
Heimdal

Uses

The identification Kerberos (or GSSAPI) can be used by these protocols/applications:

Apache
Eudora
OpenSSH
Mac OS X (10.2 and following)
Microsoft Windows (2000 and following) uses it as protocol of authentification per defect
NFS
WFP
Samba
SOCKS
FileZilla

See too

Radius
Terminal Access Controller Access-Control System (TACACS)
PKINIT Use of the strong Authentification for Microsoft
Smart card

External bonds

MIT krb5
Kerberos explained visually
Heimdal
rfc4120 describing version 5 of the protocol
Kerberos: The Network Authentication Protocol