Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications using secret-key cryptography. It was developed as part of MIT’s Project Athena and is widely implemented, including in Windows operating systems, where it replaced the NT-LAN Manager (NTLM).
Key Elements of Kerberos
- Authentication: Verifies the identity of users attempting to access the network.
- Authorization: Determines what resources an authenticated user is allowed to access.
- Auditing: Tracks user activities for security and compliance purposes.
Key Features
- Symmetric Key Cryptology: Kerberos relies on symmetric key cryptography for secure communication between clients and servers.
- Confidentiality and Integrity: It ensures that data remains confidential and unaltered during transmission.
- Authentication, Not Availability: While it handles authentication well, it doesn’t address availability issues directly.
- Time Synchronization: Kerberos requires synchronized clocks (within a few minutes) across the network to prevent replay attacks.
- Password Protection: Passwords are never sent over the network in plaintext; instead, Kerberos uses hashed passwords for authentication.
Components of Kerberos
- Key Distribution Center (KDC): The central authority in the Kerberos protocol that manages secret keys and tickets. The KDC is a single point of failure.
- Authentication Server (AS): Part of the KDC, responsible for verifying user identities and issuing Ticket Granting Tickets (TGTs).
- Ticket Granting Server (TGS): Also part of the KDC, it issues service tickets based on TGTs, allowing users to access network services.
Kerberos Logon Process
- Initial Logon: The user enters a username and password on the client.
- Request for TGT: The client encrypts the username using AES and sends it to the KDC.
- KDC Response: The KDC verifies the credentials, generates a symmetric key for the client, encrypts it with a hash of the user’s password, and creates a time-stamped TGT.
- Client Action: The client installs the TGT and decrypts the symmetric key using the hashed password.
- Service Access: The client uses the TGT to request service tickets from the TGS, which allows access to specific services.
Benefits of Kerberos
- Cost-Effective: Widely supported across various operating systems and platforms.
- Mature Protocol: Well-established with strong security practices.
- Secure: Passwords are never transmitted in plain text.
Drawbacks of Kerberos
- Administrative Overhead: Complex to set up and maintain.
- Single Point of Failure: The KDC can become a bottleneck or target for attacks, potentially compromising the entire system.
SESAME Overview
- SESAME: Stands for “Secure European System for Applications in a Multi-vendor Environment.” It’s a European alternative to Kerberos, incorporating both symmetric and asymmetric encryption.
- Two Tickets: SESAME uses one ticket for authentication (like Kerberos) and another to define user access privileges, which is known as a Privileged Attribute Certificate (PAC).
- Public Key Cryptology: Unlike Kerberos, SESAME integrates public key cryptography, enhancing security.
Kryptoknight
- IBM’s RACF: Kryptoknight is IBM’s authentication protocol, supporting a peer-to-peer relationship between the KDC and involved parties.
Additional Concepts
- Scripting: Scripts may contain login information for automating user authentication.
- Directory Service: A centralized database (like Active Directory) that includes information about subjects and objects, supporting hierarchical naming and sophisticated security controls.
Kerberos is a robust protocol for secure network authentication but requires careful management and maintenance to prevent vulnerabilities, particularly around the KDC’s central role.