In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted third-party authentication service is used to verify users’ identities. This paper gives an overview of the Kerberos authentication model as implemented for MIT’s Project Athena. It describes the protocols used by clients, servers, and Kerberos to achieve authentication. It also describes the management and replication of database required. Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to provide their identity to one another in a secure manner. Its designers aimed primarily at a client-server model, and it provides mutual authentication – both the user and the server verify each other’s identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. It is designed to provide strong authentication for client-server applications by using secret-key cryptography. In summary, Kerberos is a solution to the network security problems. It provides the tools of authentication and strong cryptography over the network to help user secure his information systems across the entire enterprise.
Computer security has been a problem since the very beginning. Proper authentication and protection using cryptographic methods is a must in today’s electronic communication. Kerberos provides an infrastructure to achieve this using symmetric cryptography.
Kerberos was developed at the Massachusetts Institute of Technology (MIT) during a project intended to integrate computers into the university’s undergraduate curriculum. The project, called Athena, started in 1983 with UNIX timesharing computers, having several terminals connected to each one, but without a network connection. If a student or staff member wanted to use any of the computers, he or she sat down at one of these terminals. As soon as the terminals and old computers were substituted by newer workstations with network connection, the project’s goal was to allow any user to sit down at the workstation of his or her choice accessing his data over the network (which is a very common scenario for every network today). The problem of network eavesdropping became apparent. Since the network has been accessible from all over the campus, nothing prevented students from running network monitoring tools and learning other users and root passwords. Another big problem was some PC/ATs which were lacking even fundamental internal security. To protect the users’ data in the network environment as it had been protected in the timesharing environment Kerberos was invented. Kerberos is an authentication system that uses symmetric key cryptography to protect sensitive information on an open network. It is a ticket based system that issues a ticket encrypted with the user’s password when he or she logs in. The user decrypts the ticket and uses it to obtain tickets for other network services he or she wants to use. Because all information in tickets is encrypted, it is not susceptible to eavesdropping or misappropriation.
MIT developed Kerberos to protect network services provided by Project Athena. The protocol was named after the Greek mythological character Kerberos (or Cerberus), known in Greek mythology as being the monstrous three-headed guard dog of Hades.
In a network of users requiring services from many separate computers, there are three approaches one can take to access control: One can do nothing, relying on the machine to which the user is logged in to prevent unauthorized access; one can require the host to prove its identity, but trust the host’s word as to who the user is; or one can require the user to prove her/his identity for each required service.
In a closed environment where all the machines are under strict control, one can use the first approach. When the organization controls all the hosts communicating over the network, this is a reasonable approach.
In a more open environment, one might selectively trust only those hosts under organizational control. In this case, each host must be required to prove its identity. In those protocols, authentication is done by checking the Internet address from which a connection has been established.
In the Athena environment, we must be able to honor requests from hosts that are not under organizational control. Users have complete control of their workstations: they can reboot them, bring them up standalone, or even boot off their own tapes. As such, the third approach must be taken; the user must prove her/his identity for each desired service. The server must also prove its identity. It is not sufficient to physically secure the host running a network server; someone elsewhere on the network may be masquerading as the given server.
The environment places several requirements on an identification mechanism. First, it must be secure. Circumventing it must be difficult enough that a potential attacker does not find the authentication mechanism to be the weak link. Someone watching the network should not be able to obtain the information necessary to impersonate another user. Second, it must be reliable. Access to many services will depend on the authentication service. If it is not reliable, the system of services as a whole will not be. Third, it should be transparent. Ideally, the user should not be aware of authentication taking place. Finally, it should be scalable. Many systems can communicate with Athena hosts. Not all of these will support the mechanism, but software should not break if they did.
Kerberos is the result of our work to satisfy the above requirements. When a user walks up to a workstation she/he “logs in”. As far as the user can tell, this initial identification is sufficient to prove her/his identity to all the required network servers for the duration of the login session. The security of Kerberos relies on the security of several authentication servers, but not on the system from which users log in, or on the security of the end servers that will be used. The authentication server provides a properly authenticated user with a way to prove her/his identity to servers scattered across the network.
Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The Kerberos protocol is designed to provide reliable authentication over open and insecure networks where communications between the hosts belonging to it may be intercepted. However, one should be aware that Kerberos does not provide any guarantees if the computers being used are vulnerable: the authentication servers, application servers and clients must be kept constantly updated so that the authenticity of the requesting users and service providers can be guaranteed. Thus we can say that: "Kerberos is an authentication protocol for trusted hosts on untrusted networks".
Kerberos is a trusted third-party authentication service based on the model presented by Needham and Schroeder. It is trusted in the sense that each of its clients believes Kerberos’ judgement as to the identity of each of its other clients to be accurate. Timestamps (large numbers representing the current date and time) have been added to the original model to aid in the detection of replay. Replay occurs when a message is stolen off the network and resent later.
Kerberos uses as its basis the symmetric Needham-Schroeder protocol.
1) Needham-Schroeder Authentication
An approach to secure authentication is the Needham-Schroeder protocol. It defines a three-party authentication service and five step message chain. In the very first step the client requests a session key for communication with a certain service. The requested session key and a message encrypted for the service is send back to the client encrypted with the client’s key to protect it in an open network. The client forwards the part for the service (which is encrypted with the service key) to the desired service. After that the service generates a random message which is sent back to the client encrypted with the session key. This random message is transformed in a predefined way and sent back to the server encrypted with the session key as well to prove that A was the sender of message number three. After performing these five steps the service can be sure that the client has authenticated itself correctly, because only the client knows the key to decrypt message two.
This protocol is no longer considered secure as B does not know if the key is fresh. If an attacker obtains an old key he or she can perform a replay attack and convince B that the key they hold is the current key of A.
2) Needham-Schroeder in Kerberos
Kerberos uses a variant of Needham-Schroeder, which uses timestamps on every message to avoid the problem mentioned above. Due to the fact that it is a problem to keep all clocks returning exact the same time in a network environment, every message is valid in a time window from five minutes in the past to five minutes in the future. In a short time slot of ten minutes length replay attacks are impeded by a replay cache held by every service. Messages are cached as long as they are valid and authentication attempts using messages which are already held in cache can be refused.
This section provides the definition of the objects and terms, knowledge of which is essential for the subsequent description of the Kerberos protocol.
The term realm indicates an authentication administrative domain. Its intention is to establish the boundaries within which an authentication server has the authority to authenticate a user, host or service. This does not mean that the authentication between a user and a service that they must belong to the same realm: if the two objects are part of different realms and there is a trust relationship between them, then the authentication can take place. This characteristic is known as Cross-Authentication
Basically, a user/service belongs to a realm if and only if he/it shares a secret (password/key) with the authentication server of that realm.
The name of a realm is case sensitive, i.e. there is a difference between upper and lower case letters, but normally realms always appear in upper case letters. It is also good practice, in an organization, to make the realm name the same as the DNS domain (in upper case letters though). Following these tips when selecting the realm name significantly simplifies the configuration of Kerberos clients, above all when it is desired to establish trust relationships with subdomains. By way of example, if an organization belongs to the DNS domain example.com, it is appropriate that the related Kerberos realm is EXAMPLE.COM.