Introduction to Kerberos

Kerberos is a network authentication system developed at MIT to address this problem. It enables users communicating over networks to prove their identity to each other while optionally preventing eavesdropping or replay attacks. It provides data secrecy using encryption. Kerberos provides real-time authentication in an insecure distributed environment.

Important Note: Kerberos is a North American technology; because of export restrictions it is not available outside of North America. To solve the same problems and to provide European companies with a compatible product, another project has been started in Europe. Their product is called SESAME, and is fully compatible with Kerberos Version 5.

How Kerberos Works

The Kerberos model is based on a trusted third-party authentication protocol. The original design and implementation of Kerberos was the work of MIT Project Athena staff members. Kerberos is publicly available and has seen wide use.

Kerberos works by providing users or services with “tickets” that they can use to identify themselves, and secret, cryptographic keys for secure communication with network resources. A ticket, which is a sequence of a few hundred bytes, can be embedded in virtually any network protocol. This enables the processes implementing that protocol to be sure about the identity of the principals involved. Although most implementations of Kerberos use TCP/IP, some implementations use other protocols.

Practically speaking, Kerberos usually is used in application-level protocols, such as Telnet or FTP, to provide user-to-host security. Data stream mechanisms, such as SOCK_STREAM or RPC, can also use it as the implicit authentication system. At a lower level, Kerberos also can be used for host-to-host security in protocols such as IP, UDP, or TCP—although such implementations are rare.

Kerberos is only a part of a security implementation. A full security implementation requires authentication, assurance, security policy, and documentation. Kerberos provides services in the first two areas:

• ·It provides mutual authentication and secure communication between principals on an open network.
• ·It manufactures secret keys for any requester and provides a mechanism for these secret keys to be safely propagated through the network.

Using Kerberos on time-sharing machines greatly weakens its protections. A user’s tickets are only as secure as the “root” account. Dumb terminals and most X terminals do not understand the Kerberos protocol. Using Kerberos to authenticate to the local workstation is easily circumvented.

In a Kerberos system, a designated site on the network, called the Kerberos authentication server, performs centralized key management and administrative functions. The server maintains a database that contains all users’ secret keys. It generates session keys whenever two users want to communicate securely and authenticates the identity of a user who requests secured network services. Like other secret-key systems, Kerberos requires trust in a third party—the Kerberos authentication server in this case. If the server is compromised, the integrity of the whole system fails.