2. Kerberos es un protocolo de Autenticación.
Creado por Miller, Neuman, Schiller y Saltzer
para el proyecto Athena del MIT, en los años
80.
Basado en el protocolo Needham-Schroeder.
3. The Kerberos Authentication System uses a
series of encrypted messages to prove to a
verifier that a client is running on behalf of a
particular user.
4. Kerberos is a distributed authentication
service that allows a process (a client) running
on behalf of a principal (a user) to prove its
identity to a verifier (an application server, or
just server) without sending data across the
network that might allow an attacker or the
verifier to subsequently impersonate the
principal.
5. exp
1. Kerberos
1 Kc (Kc,v , v, texp , n)
c client
C AS
1.
1. c, (T
as auth. server (kdc)
Kerberos
Kerberos
K v, texp), = K verifier t )
v
n (K , c, (server)
2 v c,v v c,v exp
3 4 Kc (Kc,v , v, texp , n)
1 c, v, Paso 3
c, v,ttexp ,,n
1.1. exp n
Kv (Tc,v ) = Kv (Kc,v , c, texp )
V 2 Kcc(Kc,v ,,v, ttexp,,n)
K (Kc,v v, exp n)
Kc,v (ts, ck, Ks )
1.1. vv(Tc,v))) = 3 vv(Kc,v ,,c, ttexp))
K (Tc,v = K (Kc,v c, exp
K Paso K
Kv (Tc,v
3 Kc,v (ts, ck, Ks )
1.1. Paso 3
1.1. Paso 3
1.2. Paso 4
Kv (Tc,v )
Kc,v (ts, ck, Kss))
Kc,v (ts, ck, K
4 ts, Kc,v
Kv (Tc,v ))
Kv (Tc,v
6. exp
1. Kerberos
1 Kc (Kc,v , v, texp , n)
c client
C AS
1.
1. c, (T
as auth. server (kdc)
Kerberos
Kerberos
K v, texp), = K verifier t )
v
n (K , c, (server)
2 v c,v v c,v exp
3 4 Kc (Kc,v , v, texp , n)
1 c, v, Paso 3
c, v,ttexp ,,n
1.1. exp n
Kv (Tc,v ) = Kv (Kc,v , c, texp )
V 2 Kcc(Kc,v ,,v, ttexp,,n)
K (Kc,v v, exp n)
Kc,v (ts, ck, Ks )
ticket
1.1. vv(Tc,v))) = 3 vv(Kc,v ,,c, ttexp))
K (Tc,v = K (Kc,v c, exp
K Paso K
Kv (Tc,v
3 Kc,v (ts, ck, Ks )
1.1. Paso 3
1.1. Paso 3
1.2. Paso 4
Kv (Tc,v )
Kc,v (ts, ck, Kss))
Kc,v (ts, ck, K
4 ts, Kc,v
Kv (Tc,v ))
Kv (Tc,v
7. exp
1. Kerberos
1 Kc (Kc,v , v, texp , n)
c client
C AS
1.
1. c, (T
as auth. server (kdc)
Kerberos
Kerberos
K v, texp), = K verifier t )
v
n (K , c, (server)
2 v c,v v c,v exp
3 4 Kc (Kc,v , v, texp , n)
1 c, v, Paso 3
c, v,ttexp ,,n
1.1. exp n
Kv (Tc,v )key Kv (Kc,v , c, texp )
session =
V 2 Kcc(Kc,v ,,v, ttexp,,n)
K (Kc,v v, exp n)
Kc,v (ts, ck, Ks )session key
ticket
1.1. vv(Tc,v))) = 3 vv(Kc,v ,,c, ttexp))
K (Tc,v = K (Kc,v c, exp
K Paso K
Kv (Tc,v
3 Kc,v (ts, ck, Ks )
1.1. Paso 3
1.1. Paso 3
1.2. Paso 4
Kv (Tc,v )
Kc,v (ts, ck, Kss))
Kc,v (ts, ck, K
4 ts, Kc,v
Kv (Tc,v ))
Kv (Tc,v
8. exp
1. Kerberos
1 Kc (Kc,v , v, texp , n)
c client
C AS
1.
1. c, (T
as auth. server (kdc)
Kerberos
Kerberos
K v, texp), = K verifier t )
v
n (K , c, (server)
2 v c,v v c,v exp
3 4 Kc (Kc,v , v, texp , n)
1 c, v, Paso 3
c, v,ttexp ,,n
1.1. exp n
Kv (Tc,v )key Kv (Kc,v , c, texp )
session =
V 2 Kcc(Kc,v ,,v, ttexp,,n)
K (Kc,v v, exp n)
Kc,v (ts, ck, Ks )session key
ticket
1.1. vv(Tc,v))) = 3 vv(Kc,v ,,c, ttexp))
K (Tc,v = K (Kc,v c, exp
K Paso K
Kv (Tc,v
authenticator
3 Kc,v (ts, ck, Ks )
1.1. Paso 3
1.1. Paso 3
1.2. Paso 4
Kv (Tc,v )
Kc,v (ts, ck, Kss))
Kc,v (ts, ck, K
4 ts, Kc,v
Kv (Tc,v ))
Kv (Tc,v
9. Ktgs (Tc,tgs ) texp , n)
Kc (Kc,tgs , tgs,
1.2. tgs, ttexp,,)n4
Paso
1 Ktgs (Tc,tgs n
c, tgs, exp
1
solo la
AS c, t , n
v, c,tgs (ts, ..)
K exp
primera vez
2 Kc (Kc,tgs ,,tgs, texp , n)n)
Kc,tgs (Kc,v , v,t exp ,n)
Kc (Kc,tgs tgs, texp ,
2 K (T )
C tgs
K (Tc,tgs
c,tgs
1.1. tgsPaso) 3
1.2. v (Tcvn 4
K t Paso )
v, ,
Ktgs (Tc,tgs )
exp
3 4 3 Kc,tgs (ts, ..)
5 6 1.1. c,tgs (Kc,v3 v, texp , n)
K Paso ,
TGS K (T )
1.3. tgs Paso 4
Paso 5
c,tgs
1.2. (T ) 3
1.1. Paso
Kv, v expcv ..)
t ,n
V 4
Kc,tgs (ts,
Kc,tgs (Kck,,Kst) , n)
(ts, c,v
Kc,v (Tc,tgs ) v, exp
Ktgs
Kc,tgs (ts, ..) 5
1.3. v expc,v ) 4
v, Paso
1.2. v (Tc,v )
K t Paso,n
c
as
client
auth. server 5 Kc,v (ts, c,v ,)v, ts ) , n)
Kc,tgs (K
K tgs (Tc,tgs
ck, K exp
v
tgs
verifier (server)
ticket granting service
1.4. vt(TPaso 46
1.3. Paso 5
1.2. Paso
K cv )
v, ,n
Kv (Tc,v )
exp
Kc,tgs (Kc,v , v, texp , n)
6 Kc,v (ts, ck, Ks )
(ts)
1.3. Paso 5
10. Ktgs (Tc,tgs ) texp , n)
Kc (Kc,tgs , tgs,
1.2. tgs, ttexp,,)n4
Paso
1 Ktgs (Tc,tgs n
c, tgs, exp
1
solo la
AS c, t , n
v, c,tgs (ts, ..)
K exp
primera vez
2 Kc (Kc,tgs ,,tgs, texp , n)n)
Kc,tgs (Kc,v , v,t exp ,n)
Kc (Kc,tgs tgs, texp ,
2 K (T )
C ticket
tgs c,tgs
1.1. tgsPaso) 3
K (Tc,tgs
1.2. v (Tcvn 4
K t Paso )
v, ,
Ktgs (Tc,tgs )
exp
3 4 3 Kc,tgs (ts, ..)
5 6 1.1. c,tgs (Kc,v3 v, texp , n)
K Paso ,
ticket
TGS K (T )
1.3. tgs Paso 4
Paso 5
c,tgs
1.2. (T ) 3
1.1. Paso
Kv, v expcv ..)
t ,n
V 4
Kc,tgs (ts,
Kc,tgs (Kck,,Kst) , n)
(ts, c,v
Kc,v (Tc,tgs ) v, exp
Ktgs
Kc,tgs (ts, ..) 5
ticket
1.3. v expc,v ) 4
v, Paso
1.2. v (Tc,v )
K t Paso,n
c
as
client
auth. server 5 Kc,v (ts, c,v ,)v, ts ) , n)
Kc,tgs (K
K tgs (Tc,tgs
ck, K exp
v
tgs
verifier (server)
ticket granting service
1.4. vt(TPaso 46
1.3. Paso 5
1.2. Paso
ticket
K cv )
v, ,n
Kv (Tc,v )
exp
Kc,tgs (Kc,v , v, texp , n)
6 Kc,v (ts, ck, Ks )
(ts)
1.3. Paso 5
11. Diferencias con
Needham-Schroeder
1. Uso de marcas de tiempo para evitar la reutilización
de los tickets por terceros (Replay Attack) [4].
2. Introducción del Ticket Granting Service, para evitar
volver a autenticar contra el KDC en cada uso.
3. Permite el uso entre distintos realms de
autenticación.
13. Desventajas Problemas
1. Sensible a la elección de las claves
2. La distribución de claves debe ser segura
3. KDC centraliza las claves
3.1.Puede comprometer a toda la red
3.2.Solo funciona si el KDC está online
4. Requiere sincronización de tiempos
5. Necesidad de adaptar las aplicaciones
6. Implementaciones no interoperables [5]
14. Implementaciones
Microsoft Windows
http://msdn.microsoft.com/en-us/library/aa378747(VS.85).aspx
Apple MacOS X
http://developer.apple.com/opensource/kerberosintro.html
Kerberos Infrastructure HOWTO
http://tldp.org/HOWTO/Kerberos-Infrastructure-HOWTO/
Debian
http://www.debian-administration.org/articles/570
http://wiki.debian.org/LDAP/Kerberos
Ubuntu (Samba+Kerberos)
https://help.ubuntu.com/community/Samba/Kerberos
FreeBSD (Heimdal)
http://www.freebsd.org/doc/en/books/handbook/kerberos5.html
15. Bibliografía
1. B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication
Service for Computer Networks, IEEE Communications, 32(9):
33-38. September 1994
2. John Kohl and B. Clifford Neuman. The Kerberos Network
Authentication Service (Version 5). Internet Request for Comments
RFC-1510. September 1993
3. S. M. Bellovin and M. Merritt. Limitations of the kerberos
authenication system. Computer Communication Review, 20(5):
119-132, October 1990
4. D. E. Denning and G. M. Sacco. Timestamps in key distribution
protocols. Communication of the ACM, 24(8):533-536, August 1981
5. Findings of Fact-Allegedly New "Bad" Acts Relating to
Interoperation (139a) New York v. Microsoft Corp., 224 F. Supp. 2d
76 - Dist. Court, Dist. of Columbia 2002