A less formal view of the Kerberos protocol
description
Transcript of A less formal view of the Kerberos protocol
A less formal view of the A less formal view of the Kerberos protocolKerberos protocol
J.-F. PJ.-F. Pâârisris
Dramatis personaeDramatis personae
The client logged on a workstationThe client logged on a workstation
The Kerberos serverThe Kerberos server
The Ticket Granting ServiceThe Ticket Granting Service
A server s the client wants to A server s the client wants to accessaccess
The three actsThe three acts
Talk to Kerberos and get a replyTalk to Kerberos and get a reply
Talk to TGS and get a replyTalk to TGS and get a reply
Talk to server sTalk to server s
Act OneAct One
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
1
Act OneAct One
Client sends to Kerberos a messageClient sends to Kerberos a message
Hello!Hello!I am client c I am client c I want a ticket for TGSI want a ticket for TGS
Act OneAct One
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
Act OneAct One
Kerberos repliesKerberos replies
Here are the ticket and an Here are the ticket and an encrypted session password Kc,tgsencrypted session password Kc,tgs
What if the client lied to What if the client lied to Kerberos?Kerberos?
He still gets the ticket but this ticket He still gets the ticket but this ticket is worthlessis worthless
Why?Why?
What guarantees ticket What guarantees ticket integrity?integrity?
How is Kc,tgs encrypted?How is Kc,tgs encrypted?
How is Kc,tgs passed to the How is Kc,tgs passed to the TGS?TGS?
How long is the ticket valid?How long is the ticket valid?
Why?Why?
Kerberos cannot revoke individual Kerberos cannot revoke individual ticketsticketsIt can only revoke all tickets It can only revoke all tickets
ActAct Two Two
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
3
Act Two Act Two
Client sends to TGSClient sends to TGS A request for server sA request for server sThe ticket he/she got from KerberosThe ticket he/she got from KerberosAn authenticator An authenticator encrypted with encrypted with
Kc,tgs Kc,tgs and statingand statingWho sent the ticketWho sent the ticketFrom which addressFrom which addressAt which timeAt which time
Act TwoAct Two
TGSTGSDecrypts ticket using its Ktgs keyDecrypts ticket using its Ktgs keyChecks that ticket is validChecks that ticket is validExtracts session key Kc,tgs from Extracts session key Kc,tgs from
ticketticketChecks that ticket is not a Checks that ticket is not a
duplicate by looking atduplicate by looking attimestamp inside authenticatortimestamp inside authenticator
Detecting duplicatesDetecting duplicates
TGS will reject all tickets TGS will reject all tickets accompanied with authenticators accompanied with authenticators whose timestamps arewhose timestamps are
Too oldToo oldSame as the timestamp of a Same as the timestamp of a
recently sent authenticatorrecently sent authenticator
Act TwoAct Two
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
3 4
Act TwoAct Two
TGS repliesTGS replies
Here is the ticket for server s and Here is the ticket for server s and an encrypted session password an encrypted session password Kc,sKc,s
What guarantees ticket What guarantees ticket integrity?integrity?
How is Kc,s encrypted?How is Kc,s encrypted?
How is Kc,s passed to server How is Kc,s passed to server s?s?
How long is the ticket valid?How long is the ticket valid?
For a limited time as all ticket shouldFor a limited time as all ticket should
Act ThreeAct Three
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
3 4
5
Act Three Act Three
Client sends to server sClient sends to server s
The ticket he/she got from the TGSThe ticket he/she got from the TGSAn authenticator An authenticator encrypted with encrypted with
Kc,s Kc,s and statingand statingWho sent the ticketWho sent the ticketFrom which addressFrom which addressAt which timeAt which time
Act ThreeAct Three
Server s processes ticket and Server s processes ticket and authenticator as TGS did in act twoauthenticator as TGS did in act two
Act ThreeAct Three
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
3 4
5
6
Act ThreeAct Three
If mutual authentication is needed,If mutual authentication is needed,server s sends to clientserver s sends to clientAuthenticator it received from c Authenticator it received from c
withwith Timestamp Timestamp incremented by incremented by oneone
Why?Why?
It proves to the client that s can It proves to the client that s can decrypt the authenticatordecrypt the authenticator
Requires being able to decrypt the Requires being able to decrypt the ticket issued by TGSticket issued by TGS
Requires knowledge of server key KsRequires knowledge of server key Ks