Kerberos (protocol)

from Wikipedia, the free encyclopedia
Kerberos on the TCP / IP protocol stack :
application Kerberos
transport UDP TCP
Internet IP ( IPv4 , IPv6 )
Network access Ethernet Token
bus
Token
ring
FDDI ...

Kerberos is a distributed authentication service ( network protocol ) for open and insecure computer networks (such as the Internet ), which was developed by Steve Miller and Clifford Neuman based on the Needham-Schroeder protocol for authentication (1978). The current version is Kerberos 5. It is defined in RFC 4120 and uses ASN.1 for coding.

Kerberos was created as part of the Athena project at MIT ; only version 4 at the end of the 1980s was also used outside of MIT. Kerberos is intended to offer secure and uniform authentication in an unsecured TCP / IP network on secure host computers. Authentication is carried out by a trustworthy third party (also known as a trusted third party ). This third party is a specially protected Kerberos 5 network service. Kerberos supports single sign-on , which means that a user only needs to log on once. He can then use all available network services without having to enter his password again.

The name is derived from the three-headed hellhound Kerberos from Greek mythology, who guards the entrance to the underworld.

functionality

There are three parties involved in Kerberos:

  • the client
  • the server that the client wants to use
  • the Kerberos server

The Kerberos service authenticates both the server to the client and the client to the server in order to prevent man-in-the-middle attacks . The Kerberos server itself also authenticates itself to the client and the server and verifies their identity itself .

Kerberos uses tickets for authentication. To be able to use the Kerberos service, a client must first register with the Kerberos server. It requests a Ticket Granting Ticket (TGT) from the Kerberos server . For this, the user of the client must either enter a password or the TGT is requested directly when the user logs in. With the TGT, the client is able to request additional tickets for services without having to enter a password again. A session key for communication between the client and the Kerberos server is also negotiated. It can be used to encrypt data traffic .

In order to be able to use a service that supports Kerberos, the client requests another ticket. The client then sends this ticket to the service, which checks whether it should allow the client access. Here, too, a session key is agreed and the identity of the client, server and Kerberos server is checked.

The RFC calls for a time-alignment of the systems involved in order to avoid time differences for five minutes for participating hosts. The use of NTP is recommended here .

Schematic flow of Kerberos authentication

Kerberos authentication process

Explanations for the illustration:

Scenario: User u want to use services, he does not yet have a TGT. The smaller rectangles (light green, light orange, light purple) are data packets that are each encrypted with the key following the asterisk (*). The abbreviation ST stands for: Ticket to use the service s. In the large rectangles (server) and in the ellipse (client), after the arrows, the information that is known to the respective service / client is in white, and the information that is sent in the color of the sender. Kerberos Authentication Server and Ticket Granting Server (TGS) both have access to the key database of their administration area (realm), so they both know all client and server keys. The packets at the end of the arrow were sent first (to enable the following to be decrypted).

A Kerberos server is responsible for a realm , which means that it only manages accounts that belong to its realm. For example, the realm can be the DNS domain name in uppercase letters, such as EXAMPLE.COM . A computer can only ever belong to one realm. In order to be able to access services in other realms via Kerberos, trust relationships must be established between the individual realms. So it is possible that a user from A.EXAMPLE.COM can access services in B.EXAMPLE.COM without having to authenticate again.

With Kerberos4 only DES is supported as a cipher . Kerberos5 is able to negotiate the cipher and the checksum method used .

With Kerberos, users, hosts and services are authenticated using symmetric keys . A name, the Kerberos Principal , is assigned to the key . For hosts, the principal is host / <hostname> @ <REALM> (e.g. host/www.example.com@EXAMPLE.COM ), for services <servicename> / <hostname> @ <REALM> (e.g. imap/www.example.com@EXAMPLE.COM ) and for users <user> / <instanz> @ <REALM> (e.g. mueller/admin@EXAMPLE.COM ). The instance indicates the type of account for a user principal. The user mueller/admin@EXAMPLE.COM is a Kerberos administrator.

By Kerberos particular attacks by passively sniffing prevented, but also spoofing , Dictionary - , Replay - and makes other attacks.

Kerberos support

For a network service to be able to use Kerberos, it is necessary that the service is able to handle Kerberos tickets. A Kerberos client must be installed and configured on the server and client host. Both the client and server software must support Kerberos. For Kerberos5, the client, server and Kerberos server must use a common encryption and checksum method.

There are two different types of Kerberos support: either Kerberos is fully supported or the client sends the server the Kerberos principal and the password in clear text.

The Kerberos module mod_auth_kerb is available for the Apache HTTP Server . In addition, mod_auth_gssapi can also be used.

Implementations

WITH Kerberos
The MIT offers a free implementation of the Kerberos protocol for Unix and Linux on. Versions 4 and 5 are supported. DES , 3DES , AES and RC4 are supported as encryption methods ; MD5 , SHA-1 , HMAC and CRC32 are available as checksum methods.
Heimdal Kerberos
Another free, BSD-licensed Kerberos implementation for Unix, Linux and Mac, called Heimdal , was developed at KTH . The main developer is Love Hörnquist Åstrand . Since Heimdal is compatible with the MIT implementation, the same encryption methods and hash functions are supported. Samba also uses Heimdal with Samba4.
GNU Shishi
Another free Kerberos implementation for Unix and Linux because it is under the GPL is Shishi .
Active Directory
Microsoft uses Kerberos as the standard protocol for authentication from Windows 2000/2003-based networks and for clients from Windows 2000 / XP. This is where the Kerberos keys are stored in Active Directory . Under Windows 2000 , only the encryption with RC4 or DES is supported, this directory service vulnerable to brute force makes attacks. In the versions from Windows XP , SP1, extensions have been implemented that protect the system more strongly against such attacks.

Weak points

With version 5 of Kerberos, many vulnerabilities from version 4 have already been eliminated. Among other things, the login procedure has been improved. In version 4 anyone could request an initial ticket by specifying a user name, which is encrypted with the user's password. The client computer asks the user for the password in order to decrypt the ticket. The problem here is that the user is now in possession of the ticket and can start a dictionary attack on the password offline.

But version 5 also contains some vulnerabilities. The session keys are managed locally on the client computer in the / tmp directory and are deleted after their validity has expired. When the protocol was developed in the Athena project , it was only intended for single-user systems. In multi-user systems it is now possible to steal tickets from other users without any problems. Another major weak point is the masterkey management of the Kerberos Authentication Server. This encrypts all user passwords with the same master key. Since this key is also stored locally on the server's hard drive, all user passwords would have to be renewed if the system was compromised. To replay attacks to prevent, among other things, a time stamp is used. However, this has the consequence that the computers involved agree on a common time and must be synchronized. This enables attackers to manipulate the server's time and thus, if necessary, to use old tickets as still valid ones.

See also

literature

Web links

Individual evidence

  1. rfc: 4120 # section-1.6 - The Kerberos Network Authentication Service (V5) . Environmental Assumptions
  2. mod_auth_kerb
  3. Heimdal. In: h5l.org. Retrieved March 16, 2012 .
  4. Samba & Kerberos. In: SambaWiki. February 26, 2007, accessed June 4, 2012 .
  5. GNU Shishi project page. In: GNU Shishi. Retrieved June 26, 2013 .
  6. Eckert, Claudia. IT security . Oldenbourg, 2014, pp. 522-523.