KERBEROS: THE MIT’S COMPUTER NETWORK PROTOCOL AND ITS

DEVELOPMENT

KERBEROS

Third Party Authentication

Strong Cryptography

Origin

Greek Mythology

Modern History

Massachusetts's Institute of Technology

Project Athena

Steve Miller and Clifford Neuman

evolutionEarly Kerberos (v1, v2,

v3)

Kerberos 4

Kerberos 5

BASIC DESIGN

Authentication Server

Ticket Granting Server

File Server

Key Distribution Center

CLIENT

BASIC DESIGN

AS

TGS

FS

CLIENT

UserName: gichyPassword: 12345?><

Client Secret Key

One way Hash

BASIC DESIGN

AS

TGS

FS

CLIENT

User gichy wants to use file server

(clear text)

BASIC DESIGN

AS

TGS

FS

CLIENT

Checks if client is in

the database

Generates the Client Secret Key

BASIC DESIGN

AS

TGS

FS

CLIENT

2 Messages being sent

A. Client / TGS Session Key

B. Ticket Granting Ticket

Client decodes A:Using its secret

key

Client CAN’T decode B

BASIC DESIGN

AS

TGS

FS

CLIENT

C. Ticket Granting Ticket

from B

D. Authenticator

TGS decrypts C and gets Ticket Granting Ticket

TGS decrypts D using

Client/TGS Session key and

gets Client ID and Timestamp

TGS checks that Client ID from C

matches Client ID from D and

timestamp does not exceed ticket

validity period

BASIC DESIGN

AS

TGS

FS

CLIENT E. Client-to-FS ticket

F. Client/Server Session KeyClient decodes F

using Client/TGS session key,

obtains Client/Server Session Key

BASIC DESIGN

AS

TGS

FS

CLIENT

E. Client-to-FS ticket

G. AuthenticatorFS decrypts E FS decrypts G FS checks that Client ID from E

matches Client ID from G and

timestamp does not exceed validity

period

BASIC DESIGN

AS

TGS

FS

CLIENT

H. The timestamp

found in G + I encrypted with

the Client/Server Session Key

Client decrypts H

BASIC DESIGN

AS

TGS

FS

CLIENT

Client issues service request

to the FS

FS services the request

CONCLUSION

Thank You