Post on 05-Apr-2018
7/31/2019 White Paper2 Kerberos
1/28
Page|1
CST223 Information Security & Assurance
Kerberos Secure Authentication
Name: LEE KUAN YEH
Metric No: 110957
Course Lecturer: Dr. AMAN JANTAN
7/31/2019 White Paper2 Kerberos
2/28
Page|2
Table of Contents
Abstract ............................................................................................................... 2
Introduction ........................................................................................................ 3
Brief history of Kerberos ................................................................................... 4
Why use Kerberos? .......................................................................................... 6
Kerberos Authentication Architecture .............................................................. 9
Kerberos Ticketing Process ............................................................................. 11
Authentication Steps .................................................................................... 12
Kerberos Operational Principle..................................................................... 17
Kerberos Supported Encryption ................................................................... 18
Limitation of Kerberos .................................................................................. 20
Real World Case................................................................................................ 22
Testing the Kerberos Authentication with Packet Sniffing ................................ 22
Discussion .................................................................................................... 25
Conclusion ........................................................................................................ 26
References ........................................................................................................ 27
Abstract
7/31/2019 White Paper2 Kerberos
3/28
Page|3
In the growth of technology and network. The security has become a big
issues. More importantly, in this paper we will discuss about Kerberos and it
security authentication. Discussion included with Kerberos authentication
protocol with client and server applications. Besides, we will discuss about how
the authentication exchange or ticket-granting exchange occurred between client
and server. Similarly, we will discover how the client communicate with the nodes.
Moreover, through this activities we can comprehend more on network
vulnerabilities, secure client/server authentication and reducing attack risk.
Introduction
7/31/2019 White Paper2 Kerberos
4/28
Page|4
Nowadays globalization culture has spread to every part on earth as well
as computer network. Inside the network, computer system or server provide
services to multiple users and require to identify the user. In old fashion systems,
the user's identity is verified by checking a password typed during login.
This activity of verifying the user's identity is called authentication.
Password based authentication is not suitable for use on computer networks.
Passwords sent across the network can be intercepted and subsequently used
by eavesdroppers to imitate the user also known as MITM (Man in the Middle)
attack. On the other hand, Kerberos provides secret key and used strong
cryptography to prevent such threat and also to prove users identity. It can also
encrypt all of client/server communications to assure privacy and data integrity as
they go into business. Indeed, Kerberos has become a security standard that
provides secure authentication services to users, applications, and network
devices, which eliminates the threats caused by passwords being stored or
transmitted across the network.
Brief History of Kerberos
7/31/2019 White Paper2 Kerberos
5/28
Page|5
Kerberos was started developed in 1980 in MIT (Massachusetts Institude
of Technology). It was originally developed for the distributed computing
environment that MIT deployed in the 1980s as Project Athena (project campus-
wide distributed computing environment for educational use) .
Total of 8 years of research passed before Kerberos, named after the
three-headed Greek mythology. In the mythology, KERBEROS (or Cerberus)
was the gigantic hound which guarded the gates of Haides and posted to prevent
ghosts of the dead from leaving the underworld. Kerberos was described as a
three-headed dog with a serpent's tail, a mane of snakes, and a lion's claws. [1]
Eventually, the name was appropriate because Kerberos was a three-way
process, depending on a third-party service called the Key Distribution Center
(KDC) to verify one computer's identity to another and to set up encryption keys
for a secure connection between them.
As a matter of fact, Kerberos was a part of Project Athena, which started
in 1983 when MIT decided to integrate network computers as part of its campus
curriculum. The goals of Athena were the integration of a SSO (Single Sign-on),
networked file systems, a unified graphical environment, and a naming
convention service. Within 5 years, all these goals had been achieved. In the
year 1987, Kerberos V4 designed and installed at MIT for the project.
Besides, Kerberos also provided a secure replacement for the then widely
used Berkeley Unix networking commands that allowed individuals to
7/31/2019 White Paper2 Kerberos
6/28
7/31/2019 White Paper2 Kerberos
7/28
Page|7
Secure authentication
While logging in the network, user's passwords are never sent across the
network, encrypted or in plain text. The secret keys are only passed across the
network in encrypted form. Thus attackers have not enough information to
impersonate an authenticated user or an authenticated target service (MITM
attack) in the network. Hence, it secure authentication and data stream
encryption for Telnet.
Mutually Authentication
Client and server systems mutually authenticate -- at each step of the process,
both the client and the server systems may be certain that they are
communicating with their authentic counterparts. Thus the authentication is very
reliable.
Attack prevention
This refer to the tickets passed between clients and servers in the Kerberos
authentication model include timestamp and lifetime information. This allows
Kerberos clients and Kerberos servers to limit the duration of their users'
authentication. While the specific length of time for which a user's authentication
7/31/2019 White Paper2 Kerberos
8/28
Page|8
remains valid after his initial ticket issued is implementation dependent, Kerberos
systems typically use small enough ticket lifetimes to prevent brute-force and
replay attacks. In other words, authentication ticket prevent attacker to have
enough time required to crack the encryption of the ticket.
Authentications are reusable and durable.
A user need only authenticate to the Kerberos system once (using his principal
and password). Everytime of his authentication ticket, he may then authenticate
to Kerberized services across the network without re-entering his personal
information. Beisides, with Kerberos manager, it is easier to manage credentials
and realm configurations.
Service session key
The dual-key encryption scheme employed in the Kerberos model, a service-
session key is generated which constitutes a shared secret between a particular
client system and a particular service. This shared secret may be used as a key
for encrypting the conversation between the client and the target service, further
enhancing the security of Kerberized transactions.
Open Source
7/31/2019 White Paper2 Kerberos
9/28
Page|9
Kerberos design is entirely based on open Internet standards. A number of well-
tested and widely-understood reference implementations are available free of
charge to the Internet community. Commercial implementations based on the
accepted standards are also available.
Robust support
Kerberos has a string support which analyzed by many of the top programmers,
cryptologists and security experts in the industry. This public scrutiny has
ensured and continues to ensure that any new weaknesses discovered in the
protocol or its underlying security model will be quickly analyzed and corrected.
Kerberos Authentication Architecture
7/31/2019 White Paper2 Kerberos
10/28
Page|10
In fact, Kerberos is a network authentication protocol. It is designed to
provide strong authentication and encryption for client/server applications by
using secret-key cryptography.
As a matter of fact, it performs authentication as a trusted third party
authentication service by using cryptographic shared secret. Kerberos builds on
symmetric-key cryptography and requires a key distribution center. It provide
mutual authentication where client and server can verify each identity.
Figure1 : The overview of Kerberos Authentication system process
More importantly, Kerberos uses as its basis the Needham-Schroeder
protocol. It is a three way process and works while each computer is sharing a
secret with third party service called KDC (Key Distribution Center). Well KDC
has two components ,which is the Kerberos authentication server (AS)and a
ticket-granting server (TGS). They exchange a series of encrypted message,
TGS
AS
SS
Service
Server
7/31/2019 White Paper2 Kerberos
11/28
Page|11
called tickets with the client. The KDC will generate new encryption keys for each
stage of the authentication process.
Kerberos can verify one computer to another without compromising either
ones computer secret keys and each computer no need to store the keys. As a
consequence, the ticket issued allow client to access the server until the ticket
expires. The encryption and secret key work as a prevention against packet
sniffing or eavesdropping attack.
Figure 2: A relationship of Kerberos protocol .A client take the ticket from
KDC system then Database Server will verify . If authentication success access
are granted.
7/31/2019 White Paper2 Kerberos
12/28
Page|12
Kerberos Ticketing Process
The Key Distribution Center (KDC)
-manage a database of secret keys. Devices like client or a server, shares a
secret key comprehended only to itself and to the KDC. In fact, this key use to
prove the identity of each entity. For communication between two entities, the
KDC generates a session key which they can use to secure their
communications.
KDC contain of two parts , The AS (Authentication Server ) and TGS(Ticket
Granting Server). They verify the client with Ticket or Kerberos Ticket.
Authentication Server(AS)
-Kerberos Authentication Server to check user availability in database. It
generates the secret key by hashing the password of the user found at the
database.
The Ticket Granting Server (TGS)
-Ticket server generate ticket for clients who requested services.
7/31/2019 White Paper2 Kerberos
13/28
Page|13
Authentication Steps:
Figure2.1 Illustrate how client request a Ticket from AS first.
Client side:
- The client sends request to AS asking for services.
KDC side:
- The AS checks to see if the client is in its database. If it is, the AS sends
back the following two messages to the client:
Message A: Client Session Key encrypted (SK1)using the secret
key of the client/user.
Message B: TGT (which includes the client ID, client network
address, ticket validity period, and the Client/TGS Session Key)
encrypted using the secret key of the TGS.
7/31/2019 White Paper2 Kerberos
14/28
Page|14
- AS generate an encrypted session key and send along TGT(Ticket
Granting Ticket) back to client.
Figure2.2 Illustrate how authenticated with TGT and confirm identity with TGS.
Client side:
- Client receives messages A and B, it decrypts Message A (SK1) to obtain
the Client/TGS Session Key. This session key is used for further
communications with TGS.
- The client cannot decrypt Message B(TGT), as it is encrypted using
TGS's secret key.
- It send back Message C TGT(Previously Message B) and Message D
Authenticator (with identity details ID , Timestamp) to TGS.
7/31/2019 White Paper2 Kerberos
15/28
Page|15
KDC side:
- While receiving messages C and D, the TGS read message C.
- It decrypts message C (SK1)using the TGS secret key. This gives it the
Client/TGS Session Key. Using this key, the TGS decrypts Message D
(Authenticator)
- If verification succeed and matched, it sends the following two messages
to the client:
Message E: Client-to-Server ticket (which includes the client ID,
client network address, validity period (time stamp) and Client/Server
Session Key) encrypted using the SS secret key.
Message F: Client/Server Session Key encrypted with the
Client/TGS Session Key(SK2).
7/31/2019 White Paper2 Kerberos
16/28
Page|16
Figure 2.3 Illustration of how Client get authentication with Target server
Client Side:
- While receiving messages E and F from TGS, the client has enough
information to authenticate itself to the SS(Service Server). The client
connects to the SS and sends the following two messages:
Message E: from the previous step (the Client-to-Server ticket,
encrypted using the SS secret key).
Message G: a new Authenticator, which includes the client ID,
timestamp and is encrypted using Client/Server Session Key(SK2).
Service Server Side:
- The SS decrypts the ticket using its own secret key to retrieve
the Client/Server Session Key. Using the sessions key, SS decrypts the
SS
7/31/2019 White Paper2 Kerberos
17/28
7/31/2019 White Paper2 Kerberos
18/28
Page|18
Kerberos Operational Principal
- The KDC have the secret keys of clients and Service server on the network
- KDC read and exchange information with Client and Service servers using
Secret Key. Secret Key help to encrypt the TGT and Session Key.
- Kerberos authenticate a client with TGS by distributing a temporarily session
key. The session key are use for communication in:
Client - KDC
Service Server KDC
Client Service Server
- In fact in the KDC or Service Server use Secret Key use to decrypt session
key, session key use to decrypt Authenticator. All the TGT, session key and
Authenticator are encrypted.
- TGS know when and which Client sends the message by checking the Client
ID and Time Stamp.
- Services Server has its own secret key to read Session key to help to verify
client identity. It checks the Client ID and time stamp.
- Client also checks the time stamp from Service Server before it can trust the
Service Server.
7/31/2019 White Paper2 Kerberos
19/28
Page|19
- Time stamp is useful while client make request, Service Server check the
time stamp provided to limit authentication duration. Hence this will avoid
eavesdropping attack.
Kerberos Encryption
Kerberos uses symmetric key encryption to validate individual user to
various network resources.
Kerberos uses secret-key cryptography, which lets entities communicating
over networks prove their identity to each other while preventing eavesdropping
or replay attacks. It also provides data stream integrity (detection of modification)
and secrecy (preventing unauthorized reading) using Data Encryption Standards
such as DES, 3DES, and AES.
DES (Data Encryption Standard)
-A popular symmetric-key encryption method developed in 1975 and
standardized by ANSI in 1981 as ANSI X.3.92.In DES 8 bits are used solely for
checking parity, and are thereafter discarded. DES uses a 56-bit key and uses
the block cipher method, which breaks text into 64-bit blocks and then encrypts
them.
7/31/2019 White Paper2 Kerberos
20/28
Page|20
3DES (Triple Data Encryption Algorithm)
-The encryption data three times to prevent brute-force attack .It increased the
key size of previous DES. Three 64-bit keys are used, instead of one, for an
overall key length of 192 bits (the first encryption is encrypted with second key,
and the resulting cipher text is again encrypted with a third key).
AES (Advance Encryption Standard)
-A symmetric 128-bit block data encryption technique developed by Belgian
cryptographers Joan Daemen and Vincent Rijmen. It uses the same key is used
for both encrypting and decrypting the data. It replace the DES encryption. AES
operates on a 44 column-major order matrix of bytes, named the state. It works
as a number of repetitions of transformation rounds that convert the input
plaintext into the final output of cipher text.
7/31/2019 White Paper2 Kerberos
21/28
Page|21
Limitation of Kerberos
The Kerberos model does, however, have certain weaknesses:
Weak Encryption in Kerberos IV
- In Kerberos IV all encryption is performed using the DES algorithm. While
DES was considered strong at the time of the release of Kerberos IV. On
the other hand, now with a powerful CPU with a brute Force attack the
code will be decrypted because the DES only use 56bit not strong enough.
Support only single-user Client System.
- Kerberos was designed for use with single-user client systems. If a client
system is a multi-user system, the Kerberos authentication scheme
become a threat to a variety of ticket-stealing and replay attacks. The
overall security of multi-user Kerberos client systems (filesystem security,
memory protection, etc.) is a limiting factor in the security of Kerberos
authentication.
Incompatibility issues
- Some old systems and custom written system are not designed with any
third-party authentication mechanism, and need to be reprogrammed to
support Kerberos authentication.
7/31/2019 White Paper2 Kerberos
22/28
Page|22
Vulnerability of KDC Verison IV
- KDC in Keberos IV is vulnerable to brute-force attacks (the initial ticketing
service and the ticket-granting service). Keberos 4 uses pre
Authentication technique that allow attackers to steal user encrypted
credentials. The entire authentication system depends on the trustability of
the KDC(s), if the KDC is down there is no integrity and lead to
Authentication failure.
7/31/2019 White Paper2 Kerberos
23/28
Page|23
Real World Case
Some people tested the Secure level of Kerberos 5 with WireShark Packet
Sniffing tools. In Windows Active Directory service which created by Microsoft for
Windows domain networks are protected by Kerberos 5 Secure Authentication.
Besides, Active Directory provides a central location for network administration
and security. It authenticates and authorizes all users and computers in a
Windows domain type network. It is assigning and enforcing security policies for
all computers and installing or updating software.
Hence we are going to test and see how the windows protect user
credential from Packet Sniffing attack. Below is activity shown to test the
Kerberos Secure Authentication .
Testing the Kerberos Authentication with Packet Sniffing
TOOLS :
Computer in a Windows network
Operating System Windows XP Service Pack2
Wireshark Packet Sniffing tools
Two user account credentials
7/31/2019 White Paper2 Kerberos
24/28
Page|24
Objectives:
Try to capture user credential from Client and Server communication and
observe the result of Kerberos Authentication
We are going to test the Windows Active Directory Network Server which
defaulted to have Kerberos 5 implementation/
1. At first we use an account to log in computer in domain network. Open
Wireshark for packet capturing. Select your preferered Network Adapter .
2. Next we go to start>All Program > Accessories >System Tools>System
Information.
3. Right click on System Information and click Run As.
4. We are going to run System Information with log in another user account
in a windows domain network.
5. Type another user name and password. Click ok . While the request will
be authenticate by active Directory(Windows Server).
6. In wire Shark tools we can see the tools capture packet in UDP in Network
Transport Layer.
7/31/2019 White Paper2 Kerberos
25/28
Page|25
7. Open the 1st Kerberos Paket with right click the packet and click Follow
the UDP Stream. We can see all the code are unreadable because it is
encrypted session key.
8. Exit the Follow UDP Stream Windows. Go to menu bar, click view, select
Expand all. We drag the packet details at bottom.
9. We go through the details we can see the Kerberos is using Port 88.
10. Besides, we should able to see the time stamp if we go thorught the
details more.
7/31/2019 White Paper2 Kerberos
26/28
Page|26
Discussion
Through the activity above we can understand that the working principal
and the authentication technology of Kerberos. Indeed, Kerberos 5 mitigates the
risk which eliminates the threats caused by passwords being stored or
transmitted across the network.
On the other hand, Kerberos provide secret key and used strong
cryptography to prevent such threat . Yet Kerberos is open source and can be
obtain without any charges . While this authentication technology has widely
adopted by many Internet Servers to protect the communications. In addition if
you use a Telnet program over a network, you are indeed at risk. The FTP and
Telnet use plaintext passwords which are very easy to intercept with the sniffing
tools. Hence, Kerberos help to mitigate such risk and provide secure
authentication.
7/31/2019 White Paper2 Kerberos
27/28
Page|27
Conclusion
In a Proverb, When rogues go in procession, the devil holds the cross. .
In other words, the greater the security yet the vulnerabilities still exists. Similarly,
the Kerberos IV using the DES encryption 30 years ago seems unbreakable.
However today with a powerful CPU and brute force tools we can decrypt it
easily. Consequently, Kerberos 5 release to move away those vulnerabilities
making authentication more secure. Through the observation , we comprehend
that credentials protection is crucially important because there are a lot of threats
in the network. Thus, security technology is an updating process which protect all
the information assets which cannot be ignore from time to time.
7/31/2019 White Paper2 Kerberos
28/28
Page|28
References
http://en.wikipedia.org/wiki/Cerberus
http://www.theworldjournal.com/special/nettech/news/kerberos.htm
http://staff.washington.edu/rlmorgan/talk/kerberos.1999.06/history.html
http://www.duke.edu/~rob/kerberos/kerbasnds.html
http://www.computerworld.com/s/article/46517/Kerberos
http://gost.isi.edu/publications/kerberos-neuman-tso.html
www.giac.org/paper/gsec/1852/network... kerberos...key.../103260
http://www.ericom.com/kerberos.asp
http://simple.wikipedia.org/wiki/Kerberos_(protocol)#Simplified_description_of_th
e_protocol
http://en.wikipedia.org/wiki/Kerberos_(protocol)
http://en.wikipedia.org/wiki/Data_Encryption_Standard
http://www.webopedia.com/TERM/A/AES.html
http://www.webopedia.com/TERM/T/Triple_DES.html
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://www.youtube.com/watch?v=C8kY2SHJYcs
Books:
Applied Crytography: Protocol, Algorithms and Source Code in C ,2nd Edition, By
Bruce Scheier (Wiley,1995)
Principle Of Information Security 2nd Edition Michael and Herbet