CST223 Information Security & Assurance Kerberos Secure Authentication

Name: LEE KUAN YEH

Metric No: 110957

Course Lecturer: Dr. AMAN JANTAN

Page|1

Table of Contents

Abstract ............................................................................................................... 2 Introduction ........................................................................................................ 3 Brief history of Kerberos ................................................................................... 4 Why use Kerberos? .......................................................................................... 6 Kerberos Authentication Architecture .............................................................. 9 Kerberos Ticketing Process ............................................................................. 11 Authentication Steps .................................................................................... 12 Kerberos Operational Principle..................................................................... 17 Kerberos Supported Encryption ................................................................... 18 Limitation of Kerberos .................................................................................. 20 Real World Case................................................................................................ 22 Testing the Kerberos Authentication with Packet Sniffing................................ 22 Discussion .................................................................................................... 25 Conclusion ........................................................................................................ 26 References ........................................................................................................ 27

Abstract
Page|2

In the growth of technology and network. The security has become a big issues. More importantly, in this paper we will discuss about Kerberos and it security authentication. Discussion included with Kerberos authentication protocol with client and server applications. Besides, we will discuss about how the authentication exchange or ticket-granting exchange occurred between client and server. Similarly, we will discover how the client communicate with the nodes. Moreover, through this activities we can comprehend more on network vulnerabilities, secure client/server authentication and reducing attack risk.

Introduction
Page|3

Nowadays globalization culture has spread to every part on earth as well as computer network. Inside the network, computer system or server provide services to multiple users and require to identify the user. In old fashion systems, the user's identity is verified by checking a password typed during login. This activity of verifying the user's identity is called authentication. Password based authentication is not suitable for use on computer networks. Passwords sent across the network can be intercepted and subsequently used by eavesdroppers to imitate the user also known as MITM (Man in the Middle) attack. On the other hand, Kerberos provides secret key and used strong cryptography to prevent such threat and also to prove users identity. It can also encrypt all of client/server communications to assure privacy and data integrity as they go into business. Indeed, Kerberos has become a security standard that provides secure authentication services to users, applications, and network devices, which eliminates the threats caused by passwords being stored or transmitted across the network.

Brief History of Kerberos

Page|4

Kerberos was started developed in 1980 in MIT (Massachusetts Institude of Technology). It was originally developed for the distributed computing environment that MIT deployed in the 1980s as Project Athena (project campuswide distributed computing environment for educational use) . Total of 8 years of research passed before Kerberos, named after the three-headed Greek mythology. In the mythology, KERBEROS (or Cerberus) was the gigantic hound which guarded the gates of Haides and posted to prevent ghosts of the dead from leaving the underworld. Kerberos was described as a three-headed dog with a serpent's tail, a mane of snakes, and a lion's claws.[1] Eventually, the name was appropriate because Kerberos was a three-way process, depending on a third-party service called the Key Distribution Center (KDC) to verify one computer's identity to another and to set up encryption keys for a secure connection between them. As a matter of fact, Kerberos was a part of Project Athena, which started in 1983 when MIT decided to integrate network computers as part of its campus curriculum. The goals of Athena were the integration of a SSO (Single Sign-on), networked file systems, a unified graphical environment, and a naming convention service. Within 5 years, all these goals had been achieved. In the year 1987, Kerberos V4 designed and installed at MIT for the project. Besides, Kerberos also provided a secure replacement for the then widely used Berkeley Unix networking commands that allowed individuals to

Page|5

authenticate and sign on to a Unix network. As long as a user had an account with an account name and password, he or she could access the Unix system. Kerberos also relies on secret keys for its authentication. It uses encryption keys that are created using a pseudo-random number generator rather than relying on the password hash of the user. Besides, user's password is still involved in the process but only in the starting stages of logging on and the password is not transmitted across the network. In fact ,Kerberos 5 is fully standardized and many implementations exist today. While in 1992 Large Scale Kerberos were installed at Universities. The most common implementations are Heimdal Kerberos, MIT Kerberos and Microsofts implementation used in Windows 2000 and later. It became an IETF (Internet Engineering Task Force) Standard in 1993. MIT released its Kerberos software as Open Source in 1987 and been enhancing it ever since. As a result of MITs famous research became widely used as default authentication methods in popular OS (Operating Systems). In 1997 windows used Kerberos in Windows NT5 .Besides, system run on Windows 2000 or later are indeed running Kerberos by default. Moreover, OS such as the Mac OS X also carry the Kerberos protocol. Nevertheless, Kerberos is not just limited to operating systems, however, since it is employed by many of Ciscos routers and switches. Why use Kerberos? Kerberos authentication has many advantages to network and system security:
Page|6

Secure authentication While logging in the network, user's passwords are never sent across the network, encrypted or in plain text. The secret keys are only passed across the network in encrypted form. Thus attackers have not enough information to impersonate an authenticated user or an authenticated target service (MITM attack) in the network. Hence, it secure authentication and data stream encryption for Telnet.

Mutually Authentication Client and server systems mutually authenticate -- at each step of the process, both the client and the server systems may be certain that they are communicating with their authentic counterparts. Thus the authentication is very reliable.

Attack prevention This refer to the tickets passed between clients and servers in the Kerberos authentication model include timestamp and lifetime information. This allows Kerberos clients and Kerberos servers to limit the duration of their users' authentication. While the specific length of time for which a user's authentication
Page|7

remains valid after his initial ticket issued is implementation dependent, Kerberos systems typically use small enough ticket lifetimes to prevent brute-force and replay attacks. In other words, authentication ticket prevent attacker to have enough time required to crack the encryption of the ticket.

Authentications are reusable and durable. A user need only authenticate to the Kerberos system once (using his principal and password). Everytime of his authentication ticket, he may then authenticate to Kerberized services across the network without re-entering his personal information. Beisides, with Kerberos manager, it is easier to manage credentials and realm configurations.

Service session key The dual-key encryption scheme employed in the Kerberos model, a servicesession key is generated which constitutes a shared secret between a particular client system and a particular service. This shared secret may be used as a key for encrypting the conversation between the client and the target service, further enhancing the security of Kerberized transactions.

Open Source
Page|8

Kerberos design is entirely based on open Internet standards. A number of welltested and widely-understood reference implementations are available free of charge to the Internet community. Commercial implementations based on the accepted standards are also available.

Robust support Kerberos has a string support which analyzed by many of the top programmers, cryptologists and security experts in the industry. This public scrutiny has ensured and continues to ensure that any new weaknesses discovered in the protocol or its underlying security model will be quickly analyzed and corrected.

Kerberos Authentication Architecture

Page|9

In fact, Kerberos is a network authentication protocol. It is designed to provide strong authentication and encryption for client/server applications by using secret-key cryptography. As a matter of fact, it performs authentication as a trusted third party authentication service by using cryptographic shared secret. Kerberos builds on symmetric-key cryptography and requires a key distribution center. It provide mutual authentication where client and server can verify each identity.

AS

TGS

SS Service Server

Figure1 : The overview of Kerberos Authentication system process More importantly, Kerberos uses as its basis the Needham-Schroeder protocol. It is a three way process and works while each computer is sharing a secret with third party service called KDC (Key Distribution Center). Well KDC has two components ,which is the Kerberos authentication server (AS)and a ticket-granting server (TGS). They exchange a series of encrypted message,

Page|10

called tickets with the client. The KDC will generate new encryption keys for each stage of the authentication process.

Kerberos can verify one computer to another without compromising either ones computer secret keys and each computer no need to store the keys. As a consequence, the ticket issued allow client to access the server until the ticket expires. The encryption and secret key work as a prevention against packet sniffing or eavesdropping attack.

Figure 2: A relationship of Kerberos protocol .A client take the ticket from KDC system then Database Server will verify . If authentication success access are granted.

Page|11

Kerberos Ticketing Process

The Key Distribution Center (KDC) -manage a database of secret keys. Devices like client or a server, shares a secret key comprehended only to itself and to the KDC. In fact, this key use to prove the identity of each entity. For communication between two entities, the KDC generates a session key which they can use to secure their communications. KDC contain of two parts , The AS (Authentication Server ) and TGS(Ticket Granting Server). They verify the client with Ticket or Kerberos Ticket.

Authentication Server(AS) -Kerberos Authentication Server to check user availability in database. It generates the secret key by hashing the password of the user found at the database.

The Ticket Granting Server (TGS) -Ticket server generate ticket for clients who requested services.

Page|12

Authentication Steps:

Figure2.1 Illustrate how client request a Ticket from AS first. Client side: The client sends request to AS asking for services.

KDC side: The AS checks to see if the client is in its database. If it is, the AS sends back the following two messages to the client: Message A: Client Session Key encrypted (SK1)using the secret key of the client/user. Message B: TGT (which includes the client ID, client network address, ticket validity period, and the Client/TGS Session Key) encrypted using the secret key of the TGS.

Page|13

AS generate an encrypted session key and send along TGT(Ticket Granting Ticket) back to client.

Figure2.2 Illustrate how authenticated with TGT and confirm identity with TGS. Client side: Client receives messages A and B, it decrypts Message A (SK1) to obtain the Client/TGS Session Key. This session key is used for further communications with TGS. The client cannot decrypt Message B(TGT), as it is encrypted using TGS's secret key. It send back Message C TGT(Previously Message B) and Message D Authenticator (with identity details ID , Timestamp) to TGS.
Page|14

KDC side: While receiving messages C and D, the TGS read message C. It decrypts message C (SK1)using the TGS secret key. This gives it the Client/TGS Session Key. Using this key, the TGS decrypts Message D (Authenticator) If verification succeed and matched, it sends the following two messages to the client: Message E: Client-to-Server ticket (which includes the client ID, client network address, validity period (time stamp) and Client/Server Session Key) encrypted using the SS secret key. Message F: Client/Server Session Key encrypted with the Client/TGS Session Key(SK2).

Page|15

SS

Figure 2.3 Illustration of how Client get authentication with Target server Client Side:

While receiving messages E and F from TGS, the client has enough information to authenticate itself to the SS(Service Server). The client connects to the SS and sends the following two messages:

Message E: from the previous step (the Client-to-Server ticket, encrypted using the SS secret key).

Message G: a new Authenticator, which includes the client ID, timestamp and is encrypted using Client/Server Session Key(SK2).

Service Server Side:

The SS decrypts the ticket using its own secret key to retrieve the Client/Server Session Key. Using the sessions key, SS decrypts the
Page|16

Authenticator and sends the following message to the client to confirm its true identity and willingness to serve the client:

Message H: the timestamp found in client's Authenticator plus 1, encrypted using the Client/Server Session Key.

SS

Client Side:

Lastly, client decrypts the confirmation using the Client/Server Session Key and checks whether the timestamp is correctly updated. If verification success, then the client can trust the server and can start issuing service requests to the server.

Page|17

Kerberos Operational Principal The KDC have the secret keys of clients and Service server on the network KDC read and exchange information with Client and Service servers using Secret Key. Secret Key help to encrypt the TGT and Session Key. Kerberos authenticate a client with TGS by distributing a temporarily session key. The session key are use for communication in: Client - KDC Service Server KDC Client Service Server

In fact in the KDC or Service Server use Secret Key use to decrypt session key, session key use to decrypt Authenticator. All the TGT, session key and Authenticator are encrypted.

TGS know when and which Client sends the message by checking the Client ID and Time Stamp.

Services Server has its own secret key to read Session key to help to verify client identity. It checks the Client ID and time stamp.

Client also checks the time stamp from Service Server before it can trust the Service Server.

Page|18

Time stamp is useful while client make request, Service Server check the time stamp provided to limit authentication duration. Hence this will avoid eavesdropping attack.

Kerberos Encryption

Kerberos uses symmetric key encryption to validate individual user to various network resources. Kerberos uses secret-key cryptography, which lets entities communicating over networks prove their identity to each other while preventing eavesdropping or replay attacks. It also provides data stream integrity (detection of modification) and secrecy (preventing unauthorized reading) using Data Encryption Standards such as DES, 3DES, and AES.

DES (Data Encryption Standard) -A popular symmetric-key encryption method developed in 1975 and

standardized by ANSI in 1981 as ANSI X.3.92.In DES 8 bits are used solely for checking parity, and are thereafter discarded. DES uses a 56-bit key and uses the block cipher method, which breaks text into 64-bit blocks and then encrypts them.

Page|19

3DES (Triple Data Encryption Algorithm) -The encryption data three times to prevent brute-force attack .It increased the key size of previous DES. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key).

AES (Advance Encryption Standard) -A symmetric 128-bit block data encryption technique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. It uses the same key is used for both encrypting and decrypting the data. It replace the DES encryption. AES operates on a 44 column-major order matrix of bytes, named the state. It works as a number of repetitions of transformation rounds that convert the input plaintext into the final output of cipher text.

Page|20

Limitation of Kerberos The Kerberos model does, however, have certain weaknesses:

Weak Encryption in Kerberos IV In Kerberos IV all encryption is performed using the DES algorithm. While DES was considered strong at the time of the release of Kerberos IV. On the other hand, now with a powerful CPU with a brute Force attack the code will be decrypted because the DES only use 56bit not strong enough.

Support only single-user Client System. Kerberos was designed for use with single-user client systems. If a client system is a multi-user system, the Kerberos authentication scheme become a threat to a variety of ticket-stealing and replay attacks. The overall security of multi-user Kerberos client systems (filesystem security, memory protection, etc.) is a limiting factor in the security of Kerberos authentication.

Incompatibility issues Some old systems and custom written system are not designed with any third-party authentication mechanism, and need to be reprogrammed to support Kerberos authentication.
Page|21

Vulnerability of KDC Verison IV KDC in Keberos IV is vulnerable to brute-force attacks (the initial ticketing service and the ticket-granting service). Keberos 4 uses pre Authentication technique that allow attackers to steal user encrypted credentials. The entire authentication system depends on the trustability of the KDC(s), if the KDC is down there is no integrity and lead to Authentication failure.

Page|22

Real World Case Some people tested the Secure level of Kerberos 5 with WireShark Packet Sniffing tools. In Windows Active Directory service which created by Microsoft for Windows domain networks are protected by Kerberos 5 Secure Authentication. Besides, Active Directory provides a central location for network administration and security. It authenticates and authorizes all users and computers in a Windows domain type network. It is assigning and enforcing security policies for all computers and installing or updating software. Hence we are going to test and see how the windows protect user

credential from Packet Sniffing attack. Below is activity shown to test the Kerberos Secure Authentication .

Testing the Kerberos Authentication with Packet Sniffing

TOOLS : Computer in a Windows network Operating System Windows XP Service Pack2 Wireshark Packet Sniffing tools Two user account credentials

Page|23

Objectives: Try to capture user credential from Client and Server communication and observe the result of Kerberos Authentication

We are going to test the Windows Active Directory Network Server which defaulted to have Kerberos 5 implementation/ 1. At first we use an account to log in computer in domain network. Open Wireshark for packet capturing. Select your preferered Network Adapter . 2. Next we go to start>All Program > Accessories >System Tools>System Information. 3. Right click on System Information and click Run As. 4. We are going to run System Information with log in another user account in a windows domain network. 5. Type another user name and password. Click ok . While the request will be authenticate by active Directory(Windows Server). 6. In wire Shark tools we can see the tools capture packet in UDP in Network Transport Layer.

Page|24

7. Open the 1st Kerberos Paket with right click the packet and click Follow the UDP Stream. We can see all the code are unreadable because it is encrypted session key.

8. Exit the Follow UDP Stream Windows. Go to menu bar, click view, select Expand all. We drag the packet details at bottom. 9. We go through the details we can see the Kerberos is using Port 88.

10. Besides, we should able to see the time stamp if we go thorught the details more.

Page|25

Discussion

Through the activity above we can understand that the working principal and the authentication technology of Kerberos. Indeed, Kerberos 5 mitigates the risk which eliminates the threats caused by passwords being stored or transmitted across the network. On the other hand, Kerberos provide secret key and used strong cryptography to prevent such threat . Yet Kerberos is open source and can be obtain without any charges . While this authentication technology has widely adopted by many Internet Servers to protect the communications. In addition if you use a Telnet program over a network, you are indeed at risk. The FTP and Telnet use plaintext passwords which are very easy to intercept with the sniffing tools. Hence, Kerberos help to mitigate such risk and provide secure authentication.

Page|26

Conclusion

In a Proverb, When rogues go in procession, the devil holds the cross. . In other words, the greater the security yet the vulnerabilities still exists. Similarly, the Kerberos IV using the DES encryption 30 years ago seems unbreakable. However today with a powerful CPU and brute force tools we can decrypt it easily. Consequently, Kerberos 5 release to move away those vulnerabilities making authentication more secure. Through the observation , we comprehend that credentials protection is crucially important because there are a lot of threats in the network. Thus, security technology is an updating process which protect all the information assets which cannot be ignore from time to time.

Page|27

References http://en.wikipedia.org/wiki/Cerberus http://www.theworldjournal.com/special/nettech/news/kerberos.htm http://staff.washington.edu/rlmorgan/talk/kerberos.1999.06/history.html http://www.duke.edu/~rob/kerberos/kerbasnds.html http://www.computerworld.com/s/article/46517/Kerberos http://gost.isi.edu/publications/kerberos-neuman-tso.html www.giac.org/paper/gsec/1852/network...kerberos...key.../103260 http://www.ericom.com/kerberos.asp http://simple.wikipedia.org/wiki/Kerberos_(protocol)#Simplified_description_of_th e_protocol http://en.wikipedia.org/wiki/Kerberos_(protocol) http://en.wikipedia.org/wiki/Data_Encryption_Standard http://www.webopedia.com/TERM/A/AES.html http://www.webopedia.com/TERM/T/Triple_DES.html http://en.wikipedia.org/wiki/Advanced_Encryption_Standard http://www.youtube.com/watch?v=C8kY2SHJYcs

Books: Applied Crytography: Protocol, Algorithms and Source Code in C ,2nd Edition, By Bruce Scheier (Wiley,1995) Principle Of Information Security 2nd Edition Michael and Herbet

Page|28