Kerberos Flashcards
Password, PIN, images, etc.
Something user knows
Smart cards, keys, tokens
Something user possess
Fingerprint, face, retina
Something user is
Voice pattern, handwriting style, typing rhythm
Something the user does
Method to ensure two similar encrypted passwords have different hash
Salting passwords
If k is compromised, all leaked. Reveals two users have same passowrd
Cannot encrypt all passwords with same key
Protected from passive eavesdroppers and active malicious users
Security in kerberos
Users shouldn’t notice authentication taking place
transparency
large numbers of users and servers
scalability in kerberos
eavesdropping, tampering, replay
malicious user eavesdrops, tampers, or replays other users’ conversation to gain unauthorized access
malicious user with access to workstation pretends to be user from same workstation
user impersonation
malicious user changes network address of his workstation to impersonate another workstation
network address impersonation
trusted authentication service on network
trusted third party
- password can never travel over network
- password cannot be stored in any form on client machine
- password should never be stored in unecrypted form
- user is asked to enter password only once per work session
Kerberos password design objectives
Application server cannot contain authentication info for their users?
- admin can disable account of any user by acting in single location
Both user and application must prove authenticity
mutual authentication
Proves that user has authenticated
ticket
encrypts ticket with key known to server, but not user
authentication server
client cannot ___ or ____ contents of ticket
know or modify
Malicious user may steal service ticket of another user on same workstation
Ticket hijacking
Server must verify that the user who is presenting the ticket is the same user to whom the ticket was issued
Ticket hijacking
Attacker can misconfigure the network so that he receives messages addressed to a legitimate server
No server authentication
Server must prove identity to users
No server authentication
Receving ticket from client is not enough to guarantee authenticity
Replay attack
Client sends _____ where the username and current timestamp are included and encrypts it with the session key
the authenticator
Critical for machines to be time synchronized
Using session key for authentication
Server remembers authenticators which have arrived within the last 2 minutes and reject them if they are replicas
Replay cache
Prove identity once to obtain a special ___ ticket
Ticket Granting Service
Use ___ to get tickets for any network service
TGS
Client cannot forge or tamper with it
TGS ticket
Used to obtain service ticket and short-term session key for each network service
TGS ticket
Network divided into realms
Kerberos in large networks
- Get ticket from home-realm TGS from home-realm KDC
- Get ticket for remote realm TGS from home realm TGS
- Get ticket from remote service from realms TGS
- use remote realm ticket to acccess service
Kerberos in large networks
Separate session key for each user-server pair
Short term session keys
Long-term secrets used only to derive short-term keys
Short term session keys
Used to prevent replays with synchronized clocks
Authenticator
Symmetric cryptography only
Kerberos
Server can access other servers on user’s behalf
Kerberos v5
Better user-server authentication
Kerberos v5
Separate subkey for each user-server session instead of re-using session key contain in ticket
Kerberos v5
Authentication via subkeys, not timestamp increments
Kerberos v5
