•Key distribution center (KDC) Holds user and service cryptographic
keys (secret keys), provides authentication services, and creates and
distributes session keys.
•Authentication service (AS) Functional component of the KDC that
actually performs the authentication.
•Principals All entities that use the Kerberos protocol for authentication
are referred to as principals, which could be users, applications, resources,
or services.
•Realm A set of principals, which are grouped together logically by an
administrator. A KDC is responsible for one or more realms of principals.
•Ticket granting service (TGS) The part of the KDC that creates and
distributes tickets to the principles containing session keys.
•Ticket An authentication token.
•Secret and session keys Symmetric keys used for authentication
purposes and data encryption.
When a user logs in to the network first thing in the morning, his or her authentication information is sent to the AS, which is part of the KDC. The AS returns an encrypted ticket to the user’s computer, which is decrypted with the
user’s password (secret key). If the user enters the correct password, he is then
properly authenticated to the network and his computer. When the user needs
to access a resource on the network, let’s say a file server, the user’s computer
sends the initial ticket to the TGS. The TGS creates another ticket, containing
the user’s authentication information and two instances of the same session key,
and sends it to the user’s system, as shown in Figure 2-3. One instance of the session key is encrypted with the user’s secret key and the other instance of the
session key is encrypted with the file server’s secret key. The user’s Kerberos software decrypts and extracts one instance of the session key, inserts his or her authentication information into the ticket, and sends it onto the file server. The file
server decrypts the second instance of the session key with its secret key and reviews the user’s authentication information.
These steps are taken because the principals do not directly trust each other,
but they do trust the KDC. Only the KDC is supposed to have a copy of each
principal’s secret key. So, when the file server received a ticket that contained a
session key encrypted with its secret key, it was convinced that the ticket came
from the KDC. The file server also compared the user authentication information
the TGS put into the ticket and what the user inserted into the ticket to ensure the
user’s true identity
need to be aware of:
•Provides authentication, confidentiality, and integrity, but not availability
or nonrepudiation.
•The KDC can be a single-point-of-failure.
•Secret keys are stored on users’ workstations.
•Session keys are stored on users’ workstations in a cache or key tables.
•Kerberos is vulnerable to dictionary attacks.
•Network traffic is not protected if encryption is not enabled.
•KDC must be readily available and support the number of requests
it receives from principals.
•All principals must have Kerberos software installed.
•Requires trusted, synchronized clocks within the network.
•The KDC should not allow any non-Kerberos network activity
to take place.
Kerberos is an authentication technology where users must prove their identities to each application and service before they can actually be used.
No comments:
Post a Comment