Kerberos - University of Scranton

Download Report

Transcript Kerberos - University of Scranton

Kerberos
Mark Sidnam
What does it do?





Kerberos is a network authentication protocol. It
is designed to provide strong authentication for
client/server applications by using secret-key
cryptography.
Kerberos acts as an extra layer of security for
any application which utilizes Kerberos
Contains its own database of users and
passwords
Transparently authenticates its users to save
time from redundant password entries
Limits accessibility to ‘kerberised’ programs
what can it do?

Kerberos is mostly used in application-level protocols such as
TELNET or FTP, to provide user to host security. It is also used,
though less frequently, as the implicit authentication system of
data stream (such as SOCK_STREAM) or RPC mechanisms. It
could also be used at a lower level for host to host security, in
protocols like IP, UDP, or TCP (ISO model levels 3 and 4),
although such implementations are currently rare, if they exist
at all.

contains utility to recompile programs to run utilizing the
kerberos authentication scheme effectively kerberizing them.

comes with programs with already built in kerberization

ksu, ksh, telnet, etc…
Why does it do it?

Typically a firewall is put in place to prevent malicious
actions wrought against a network, this though,
disregards the threats from within a network

Protects programs that send unencrypted passwords
over a network

Reduces the risk from servers that expect clients to be
‘honest’ about their identity

proves the identity of both the client and the server

prevents replay attacks by utilizing clock
synchronization(not foolproof)
how does it do it?

the ticket system


user requests an initial ticket from KDC
used as basis for all remote access requests
the ticket system

A ticket is a sequence of a few hundred bytes. These
tickets can then be embedded in virtually any other
network protocol, thereby allowing the processes
implementing that protocol to be sure about the identity of
the principals involved.

has a Key Distribution Center (KDC), containing a
database of:



principles (customers and services)
encryption keys
based off the key distribution method by Needham and
Schroeder
steps in the ticket system

1.user sends request to the authentication server to use a
particular program

2. the server generates a session key and proceeds to send to
the user two encrypted replies


the first is encrypted with the users key and contains the
session key

the second(ticket) is encrypted with the service's key and
contains the same session key and the users information
3. the user extracts the session key from the first reply and
sends two messages to the service

the ticket obtained from the server(which the user is unable
to unencrypt)

and the authenticator encrypted with the session key and
containing a time-stamp
the TGT

if that sounded in any way insecure there is an extra step
of security involved which Needham and Schroeder called
the KDC

in the first step rather then obtaining the ticket from the
authentication server, the user obtains a ticket granting
ticket(TGT)

the ticket granting server and authentication server are
collectively referred to as the KDC

steps involved:

user rather then using his secret key to decrypt the first
reply from the AS for each ticket, he/she does so once
for the TGT. After this, whenever a user wishes to use a
service, he/she requests a new ticket with the TGT now
encrypted with the session key
The importance of time
synchronization

To prevent replay attacks, Kerberos utilizes timestamp
policies

all machines desiring to be a part of the kerberos network
must be synced by within five minutes of each other

any time stamp differing from the clock on the
computer by more then 5 minutes causes the service to
disregard the ticket as false

in step 3 of the ticket process a time stamp was created,
this was to block others from using this ticket at another
time

the TGT only lasts for a time set in one of the kerberos
config files
Extra things to do

Cross realm authentication

a principal belonging to one realm(can be referred to as the
domain name) may be authenticated within a different
realm,

kerberos can do this one of two well known ways
 cross realm secret key
 thus in N realms, 2 * ((N - 1) ** 2) secrets will need to
be exchanged in order to cover all possible crossrealm authentication paths.
 transitive cross realm authentication
 you can define a path of realms connected via crossrealm secrets and use this path to "hop" between
realms until you get credentials in the desired realm
more extra things

it is possible to completely kerberize your entire system

adding kinit(command to gain a TGT) to all users login
procedures and kdestroy(command to destroy all cached
tickets) to all logout procedures assures that all users will
have a TGT for the duration of login(assuming that this
login period does not extend beyond the TGT lifetime)

logins can be kerberized as well

rather then the usual login command a kerberos login
can be replaced and as the user logs in he does so
using his kerberos password and gains his TGT for any
services he wishes to use on his machine
more then just one type of ticket

Initial Tickets


Pre-Authenticated Tickets


proves the occurrence of some form of authentication prior
to step 1 in the ticket steps
Invalid Tickets


tickets received from the AS proving a password has been
entered to gain access to it
a ticket with a use date not yet reached. useful for batch
jobs that the administrator wishes to occur without his
presence
(Potentially) Postdated Tickets

allows for requests for postdated tickets(only tickets, no
postdated TGT may be issued this way)
more tickets

Renewable Tickets


Proxy Tickets


rather then have long ticket lifespans(allows higher
opportunity to attacks) or the constant requests for more
TGTs(which also create more opportunity due to constant
password entry) RT request a new TGT depending on an
extra field that tells how much longer the ticket can be
renewed for
when you trust a privileged service to act on your behalf the
service requests a proxy ticket(TGT) which allows the
service to act on another service in the name of the user
Forwarded Tickets

Forwarded tickets are just like proxy tickets, except that they
can authorize issuance of TGTs
Security issues and info


Kerberos assumes trusted hosts and an untrusted network

a compromised host is compromised as far as kerberos is

if an attacker obtains the tickets in transit, he now has to
contend with many other hurtles, one of which is the replay
cache which keeps track of the authenticators used and
blocks its reuse.

so if the KDC is compromised, then the whole of the realm
is compromised
the 'key salt'

when you enter your pass in for the TGT rather then enter
the 56-bit DES key, a program called string2key() hashes
your pass with your principal name to create unique keys for
the same password(improvement over ver4)
more security info

the ip address of the machine granted the ticket is contained
within the ticket adding protection from stolen tickets

user to user authentication

for users hosting services on their workstations such as nfs
and ftp

in the user-to-user protocol, one user acts as a server, and
the other user acts as a client. at the client-user's request,
the server-user sends his TGT (but not his session key) to
the client-user, who then gets credentials from the KDC,
encrypted with the session keys of both TGTs. Both users
can decrypt the new session-key and use it to verify each
other's identity

Kerberos 5 does not offer an API that hides the difference
between desktop servers and physically-secure servers. For
this reason, very few services currently support the user-touser protocol
guess what, more security info

Kerberos vs SSL


If a Verisign certificate issued to a user is compromised
and must be revoked all servers who that user interacts
with must now either have that revocation certificate
cached to compare to, or compare to a third party
'revocation server'
the certificate sits on the hard disk allowing for ample
opportunity for cracking as opposed to the password
system in Kerberos

Kerberos is free

open source, open standards allows room for growth
and evolution
.conf files


krb5.conf

designates realm name and
mapping information if it
differs from your domain
name

logging information

basic ticket information
kdc.conf

very similar in nature to
krb.conf file

contains base realm
information

list of all key/salt
combinations
other information

windows has (in many opinions faulted) implementation of
kerberos on server2000 that can work with GNU/linux clients

an MIT creation(isn't everything...?)

uses Data Encryption Standard(DES)

.conf file stuff

kdc.conf can contain an option to block certain passwords
from a particular dict_file from being used

can block/allow hosts in the hosts config file for added
protection

the kerberos database stores keys, not passwords

most services only check for ticket status upon initializing, not
afterwards. AFS(similar to NFS) on the other hand will block all
access to files when the ticket runs out
sources

http://www.faqs.org/faqs/kerberos-faq/user/

http://cryptnet.net/fdp/admin/kerby-infra/en/kerby-infra.html

http://www.isi.edu/gost/brian/security/kerberos.html

http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html

http://docs.hp.com/en/T1417-90001/ch05s04.html

http://www.itl.nist.gov/fipspubs/fip46-2.htm

http://web.mit.edu/kerberos/www/dialogue.html

http://www.microsoft.com/windows2000/techinfo/planning/security/k
erbsteps.asp

http://web.mit.edu/kerberos/www/