![Page 1: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/1.jpg)
A less formal view of the A less formal view of the Kerberos protocolKerberos protocol
J.-F. PJ.-F. Pâârisris
![Page 2: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/2.jpg)
Dramatis personaeDramatis personae
The client logged on a workstationThe client logged on a workstation
The Kerberos serverThe Kerberos server
The Ticket Granting ServiceThe Ticket Granting Service
A server s the client wants to A server s the client wants to accessaccess
![Page 3: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/3.jpg)
The three actsThe three acts
Talk to Kerberos and get a replyTalk to Kerberos and get a reply
Talk to TGS and get a replyTalk to TGS and get a reply
Talk to server sTalk to server s
![Page 4: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/4.jpg)
Act OneAct One
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
1
![Page 5: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/5.jpg)
Act OneAct One
Client sends to Kerberos a messageClient sends to Kerberos a message
Hello!Hello!I am client c I am client c I want a ticket for TGSI want a ticket for TGS
![Page 6: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/6.jpg)
Act OneAct One
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
![Page 7: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/7.jpg)
Act OneAct One
Kerberos repliesKerberos replies
Here are the ticket and an Here are the ticket and an encrypted session password Kc,tgsencrypted session password Kc,tgs
![Page 8: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/8.jpg)
What if the client lied to What if the client lied to Kerberos?Kerberos?
He still gets the ticket but this ticket He still gets the ticket but this ticket is worthlessis worthless
Why?Why?
![Page 9: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/9.jpg)
What guarantees ticket What guarantees ticket integrity?integrity?
![Page 10: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/10.jpg)
How is Kc,tgs encrypted?How is Kc,tgs encrypted?
![Page 11: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/11.jpg)
How is Kc,tgs passed to the How is Kc,tgs passed to the TGS?TGS?
![Page 12: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/12.jpg)
How long is the ticket valid?How long is the ticket valid?
![Page 13: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/13.jpg)
Why?Why?
Kerberos cannot revoke individual Kerberos cannot revoke individual ticketsticketsIt can only revoke all tickets It can only revoke all tickets
![Page 14: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/14.jpg)
ActAct Two Two
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
3
![Page 15: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/15.jpg)
Act Two Act Two
Client sends to TGSClient sends to TGS A request for server sA request for server sThe ticket he/she got from KerberosThe ticket he/she got from KerberosAn authenticator An authenticator encrypted with encrypted with
Kc,tgs Kc,tgs and statingand statingWho sent the ticketWho sent the ticketFrom which addressFrom which addressAt which timeAt which time
![Page 16: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/16.jpg)
Act TwoAct Two
TGSTGSDecrypts ticket using its Ktgs keyDecrypts ticket using its Ktgs keyChecks that ticket is validChecks that ticket is validExtracts session key Kc,tgs from Extracts session key Kc,tgs from
ticketticketChecks that ticket is not a Checks that ticket is not a
duplicate by looking atduplicate by looking attimestamp inside authenticatortimestamp inside authenticator
![Page 17: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/17.jpg)
Detecting duplicatesDetecting duplicates
TGS will reject all tickets TGS will reject all tickets accompanied with authenticators accompanied with authenticators whose timestamps arewhose timestamps are
Too oldToo oldSame as the timestamp of a Same as the timestamp of a
recently sent authenticatorrecently sent authenticator
![Page 18: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/18.jpg)
Act TwoAct Two
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
3 4
![Page 19: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/19.jpg)
Act TwoAct Two
TGS repliesTGS replies
Here is the ticket for server s and Here is the ticket for server s and an encrypted session password an encrypted session password Kc,sKc,s
![Page 20: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/20.jpg)
What guarantees ticket What guarantees ticket integrity?integrity?
![Page 21: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/21.jpg)
How is Kc,s encrypted?How is Kc,s encrypted?
![Page 22: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/22.jpg)
How is Kc,s passed to server How is Kc,s passed to server s?s?
![Page 23: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/23.jpg)
How long is the ticket valid?How long is the ticket valid?
For a limited time as all ticket shouldFor a limited time as all ticket should
![Page 24: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/24.jpg)
Act ThreeAct Three
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
3 4
5
![Page 25: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/25.jpg)
Act Three Act Three
Client sends to server sClient sends to server s
The ticket he/she got from the TGSThe ticket he/she got from the TGSAn authenticator An authenticator encrypted with encrypted with
Kc,s Kc,s and statingand statingWho sent the ticketWho sent the ticketFrom which addressFrom which addressAt which timeAt which time
![Page 26: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/26.jpg)
Act ThreeAct Three
Server s processes ticket and Server s processes ticket and authenticator as TGS did in act twoauthenticator as TGS did in act two
![Page 27: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/27.jpg)
Act ThreeAct Three
WSK S
TGS Ticket granting service
Kerberos Server
Client c on workstation WS
2
1
3 4
5
6
![Page 28: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/28.jpg)
Act ThreeAct Three
If mutual authentication is needed,If mutual authentication is needed,server s sends to clientserver s sends to clientAuthenticator it received from c Authenticator it received from c
withwith Timestamp Timestamp incremented by incremented by oneone
![Page 29: A less formal view of the Kerberos protocol J.-F. Pâris](https://reader035.vdocuments.site/reader035/viewer/2022062511/551a1ad455034654788b4681/html5/thumbnails/29.jpg)
Why?Why?
It proves to the client that s can It proves to the client that s can decrypt the authenticatordecrypt the authenticator
Requires being able to decrypt the Requires being able to decrypt the ticket issued by TGSticket issued by TGS
Requires knowledge of server key KsRequires knowledge of server key Ks