|
Kerberos is a computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks, and ensures the integrity of the data. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the service verify each other's identity.
Kerberos builds on symmetric key cryptography and requires a trusted third party.
History and development
The Massachusetts Institute of Technology (MIT) developed Kerberos to protect network services provided by Project Athena. Several versions of the protocol exist; versions 1–3 occurred only internally at MIT.
Steve Miller and Clifford Neuman, the primary designers of Kerberos version 4, published that version in the late 1980s, although they had targeted it primarily for Project Athena.
Version 5, designed by John Kohl and Clifford Neuman, appeared as RFC 1510 in 1993, with the intention of overcoming the limitations and security problems of version 4.
MIT makes an implementation of Kerberos freely available, under copyright permissions similar to those used for BSD.
For some time, authorities in the United States classed Kerberos as a munition and banned its export because it used the DES encryption algorithm (with 56-bit keys). A non-US implementation, developed in Sweden, made the system available outside the US before the US changed its export regulations (circa 2000).
Windows 2000 and Windows XP use Kerberos as their default authentication method.
In 2004 the IETF Kerberos workgroup had started standardizing an updated version (http://www.ietf.org/html.charters/krb-wg-charter.html).
Description
Kerberos uses as its basis the Needham-Schroeder protocol. It makes use of a trusted third party, termed a Key Distribution Center (KDC), which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). Kerberos works on the basis of "tickets" which serve to prove the identity of users.
Kerberos maintains a database of secret keys; each entity on the network — whether a client or a server — shares a secret key known only to itself and to Kerberos. Knowledge of this key serves to prove an entity's identity. For communication between two entities, Kerberos generates a session key which they can use to secure their interactions.
The protocol
One can specify the protocol as follows in security protocol notation, where Alice (A) authenticates herself to Bob (B) using a server S:
<math>A \rightarrow S: A,B<math>
<math>S \rightarrow A: \{T_S, L, K_{AB}, B, \{T_S, L, K_{AB}, A\}_{K_{BS}}\}_{K_{AS}}<math>
<math>A \rightarrow B: \{T_S, L, K_{AB}, A\}_{K_{BS}}, \{A, T_A\}_{K_{AB}}<math>
<math>B \rightarrow A: \{T_A + 1\}_{K_{AB}}<math>
We see here that the security of the protocol relies heavily on timestamps T and lifespans L as reliable indicators of the freshness of a communication (see the BAN logic).
See also
External links
References
- B. Clifford Neuman and Theodore Ts'o, Kerberos: An Authentication Service for Computer Networks, IEEE Communications, 32(9) pp33–38. September 1994. [1] (http://gost.isi.edu/publications/kerberos-neuman-tso.html)
- John T. Kohl, B. Clifford Neuman, and Theodore Y. T'so, The Evolution of the Kerberos Authentication System. Distributed Open Systems, pp78–94. IEEE Computer Society Press, 1994. ftp://athena-dist.mit.edu/pub/kerberos/doc/krb_evol.PS (Postscript format)
| 
