Kerberos and What does the watch dog of Hades do ??
What is Kerberos ?
Kerberos is a computer network authentication protocol. It will build a secure communication link between two trusted hosts across an untrusted network like Internet using tickets. It got it’s name from the Greek word “Cerberus”. If anyone interested in trivia, Cerberus is the three headed guard dog at the gates of Hades who is the god of the underworld according to Greek mythology. It’s a fitting name for this system as it uses a trusted 3rd party name KDC (Key Distribution Center) to authenticate between a server and a client.
As I said earlier Kerberos is an authentication protocol and it will authenticate two hosts using the shared secret authentication technique. It will share a secret among the two hosts that only them and KDC know. We will come to the functionality of the KDC later. But to understand the shared secret technique (symmetric key), if two people share a secret code that only they know they can use that to authenticate themselves. This is called symmetric key encryption, because both parties share the same key which can use to open any message or data that pass between them. In more technical words this single key must be capable of both encryption and decryption.
Communication using a shared secret key
For make it more clear let’s take two persons named Alice and Bob. Let’s suppose that Alice often sends messages to Bob and that Bob needs to be sure that a message from Alice really has arrived from Alice before he acts on it’s information. They decide to solve their problem by selecting a code or a password, and they agree not to share this secret with anyone else. If Alice’s messages can somehow demonstrate that the sender knows the password, Bob knows that the sender is Alice. But now there is a new problem? How does Alice show that she knows the password and she is indeed Alice?
She might simply include it somewhere in her messages. This would be simple and efficient and might even work if Alice and Bob can be sure that no one else is reading their messages. Unfortunately, that is not the case. If she sending this in her message via an unprotected network like Internet, security of that message is really low. Some middle person between those two parties interfere with the message and can get the secret code. So it is not wise to believe that she is indeed Alice just by her word. An important idea in this scenario is that we should identify how does Alice keep this code or key as a secret and also how to present it to Bob without revealing it to anyone else. So in order to prevent these kinds of authentication loopholes Kerberos was born.
The Kerberos protocol solves this problem again with the use of secret key cryptography. Rather than sharing a password, communication partners share a cryptographic key. They use knowledge of this key to verify each other’s identity. For this method of authentication to work, the shared key must be symmetric. One party proves knowledge of the key by encrypting a piece of information, the other by decrypting it. Let’s take this basic concept and understand this in Kerberos way which is basically the same idea, but with some more security features.
Let’s again take the Alice and Bob scenario. If you already know about KDC and how Kerberos work, bear with me I will come to the functionality of it. But for now, let’s take the above scenario and let’s modify it a little bit.
Secure communication way to Alice and Bob
Suppose Alice and Bob decide that before transferring any information between their computers, each will use knowledge of a shared secret key to verify the identity of the party at the other end of the connection. In situations where Alice is the wary guest and Bob is the suspicious host, they agree to follow this protocol:
1. Alice sends Bob a request message with a name tag named which is visible to him only (I’ll explain how to make it visible only to him later) and the Alice containing her name again and the time signature of the request. In here the name part and the the time signature is encrypted. It is encrypted with the secret key she shares with Bob. This to start a secure conversation with Bob by authenticating her self as the “real” Alice. This message has two fields one field contains information about Alice (name). The second field contains the current time on Alice’s computer.
2. Bob receives the message. He sees that it is from someone claiming to be Alice. But he doesn’t trust that and uses the key he shares with Alice he knows to decrypt the request message. He extracts the field that contains the time on Alice’s computer and evaluates the time.
For make this scenario understandable in an easy way let’s say that both Alice’s and Bob’s machine clocks are synchronized. Then let’s assume that time taken to receive a message is never more than five minutes. This way, Bob can compare the time from the message with the current time on his clock. If the difference is greater than five minutes, he can automatically reject the message.
If the time is within the allowable time frame, it’s probable that the authenticator came from Alice. But Bob still does not have proof that it actually came from her. Another person might have been watching the network traffic and might now be replaying an earlier attempt by Alice to establish a connection with Bob. However, if Bob has recorded the times of the messages that were received from Alice during the past five minutes, he can defeat attempts to replay earlier messages by rejecting any message with a time that is the same as or earlier than the time of the last request message. If this message yields a time later than the time of the last message from Alice, then this message must be from Alice.
3. Bob uses the key he shares with Alice to encrypt the time shown on Alice’s message and sends the result back to her.
Bob didn’t send all the information. If he sent back everything, Alice would have no way of knowing whether someone posing as Bob had simply copied the request message from her original request message and sent it back to her unchanged. He sends just a piece of the information in order to tell that he was able to decrypt the message and read the information inside. He chooses the time because that is the one piece of information that is sure to be unique in Alice’s message to him.
4. Alice receives Bob’s reply, decrypts it, and compares the result with the time in her original request message. If the times match, she can be confident that her request message reached someone who knows the secret key needed to decrypt it and extract the time. She shares that key only with Bob, so it must be Bob who received her message and replied.
So the authentication process is a success and they can communicate with proper authentication with each other.
Now let’s understand the technicalities of the above scenario. In this, we can name the message that Alice sent as an authenticator. The special characteristic of the authenticator is that it should change its content every time it’s executed via the protocol. Otherwise, an old authenticator could be reused by anyone who happens to overhear the communication. This will give an opportunity to execute a “Replay Attack”. Replay attacks are a form of network attacks. An attacker will spy the conversation between the sender and receiver and takes the authenticated information in a this kind of attack.
So when the receiver receives the authenticator he/she will check the name of it and will try to decrypt it using the key that is shared between the receiver and the claiming sender. So if the decryption is successful receiver will identify that this message indeed from the claimed sender. Because only two parties know this shared key (KDC knows too. But for this scenario understanding let’s say that only the receiver and the sender know).
But sender still didn’t get a confirmation whether the authenticator has been sent to the intended party or not. So to solve this receiver will send the time stamp and times tamp only to the sender encrypted with the same shared key. So if the sender was able to decrypt the message, the sender will check it against the original one. Then if the time stamps are similar he/she will authenticate the receiver too. That means the receiver has the correct key. The above is the basic method of authentication happens in Kerberos between two parties.
Then now let’s talk about the elephant in the room.
What is KDC and how it contributes itself to the above scenario?
Key Distribution Centre : “The Third Head”
One problem with the simple protocol described above is that it does not explain how or where Alice and Bob get a secret key to use in their communications with each other. Alice might want to talk to many services and will need keys for each of them. Likewise, the service, Bob, might talk to many clients and will need keys for each of them. If each client needs a key for every service and each service needs a key for every client, key distribution can quickly become a difficult problem to solve. Problem gets more serious if we look at it in the following perspective. The need to store and protect so many keys on so many computers presents a huge security risk.
In an earlier paragraph, I described that Kerberos as a 3 headed dog. Up to now, we know two heads. We know the server and the client. In the above scenario, Alice is the client and Bob is the server. So KDC is the third head and this KDC is the one and only trusted party that mediates between the client and server.
KDC is a keeper of secrets. Every registered user has a unique key(master key) shared with the KDC. The essence of Kerberos is handling the key distribution problem that we mentioned above. So the job of the KDC is to distribute a unique session key to each pair of users (technical word is security principals) that want to establish a secure channel. But there is an one assumption. It is that every user must trust KDC. Following scenario will explain how KDC will provide a shared secret for both of them which will only know by them (Bob, Alice, KDC).
Let’s again take the Alice and Bob scenario in a different timeline. In this time period, Alice and Bob don’t have a shared secret key.
1. Alice talks to KDC saying that she wants to talk with Bob. Note that Alice can securely communicate with KDC using their shared secret, The master key.
2. Then after this communication happens, the KDC will create a unique random cryptographic key for Alice and Bob to use. Let’s name this key as ABKey.
3. The KDC will send two copies of ABKey to Alice.
One of the copy is to Alice’s use and it is encrypted using Alice’s master key. The other copy of ABKey is packaged along with Alice’s name in a data structure encrypted with Bob’s master key. This is known as a Ticket. The ABKey we named earlier can be named as the session key for this particular session between Alice and Bob.
This ticket contains a message something like “This is your KDC. Alice wants to talk to you, and here‘s a session key that I’ve created for you and Alice to use. Besides me, only you and Alice could possibly know the value of ABKey(Session key), since I’ve encrypted it with your respective master keys. If your peer can prove knowledge of this key, then you can safely assume it is Alice.”
Then this ticket must be sent by Alice to Bob after adding the authenticator to it. That means adding the time signature and her name. She must make sure to encrypt them using the session key given by the KDC to her and Bob. The Bob will decrypt the message using his master key and will get the session key. Then only he will be able to decrypt the authenticator to get the time stamp.
So this ticket will be the request message that I described earlier. Now we have connected the two time lines and learnt how Kerberos core system works.
Summary
Kerberos is a computer network authentication protocol. Its purpose is to allow users and services to authenticate themselves to each other. That is, it allows them to demonstrate their identity to each other. First Alice must prove herself to Bob that she is indeed Bob by sending something unique to her and encrypt it with the shared secret. Time signature is the unique feature that can be provided by Alice to Bob. Secondly Bob must prove himself to Alice that he is indeed Bob and he got the message safely by decrypting and send timesignature to her back again that only Alice and himself knows.
Anyone who has the Bob’s master key can get this session key. But this is impossible because only Bob and the KDC know about it. So if Alice get the time signature again encrypted with the session key which she can decrypt again, that means it has to be Bob. So after this they have authenticate themselves without sending any password via an insecure network.
Other important points:
- The KDC stores all of the secret keys for user machines and services in its database.
- These secret keys are all stored in the KDC database.
- Kerberos can be interpreted as a system. It contains 3 parts. Authentication server to check the authenticity of the client by checking whether the client has a master key, Ticket Granting Service to grant tickets to authorized users and the database to store the client details.
- The KDC itself is encrypted with a master key to add a layer of difficulty from stealing keys from the database.
So above article explains how KDC works with a client and a server. There are some other technicalities attached to this protocol. But as a starting point above concepts would be really helpful.
If you want to read more about Kerberos, go to this site too → http://www.roguelynn.com/words/explain-like-im-5-kerberos/
