6. Kerberos
Overview
▪ Kerberos is a trusted third-party
authentication protocol designed for
TCP/IP networks (developed at MIT)
▪ A Kerberos service on the network acts
as a trusted arbitrator
▪ Kerberos allows clients to access
different entities (clients/servers) on the
network
Network Security Applications 6
7. Kerberos
The Kerberos Model
▪ Kerberos keeps a database of clients and
their secret keys
▪ Services requiring authentication, as
well as their clients, register their secret
keys with Kerberos
Network Security Applications 7
8. Kerberos
The Kerberos Model
▪ Kerberos creates a shared session key
and gives it to client and server (or two
clients) to encrypt messages
▪ Kerberos uses DES for encryption
▪ Kerberos Version 4 provided a weak
nonstandard mode for authentication
▪ Kerberos Version 5 uses CBC mode
Network Security Applications 8
9. Kerberos
How Kerberos Works
1. A client requests a ticket for a TGS (Ticket-
Granting Service) from Kerberos
2. Kerberos sends the ticket to the client,
encrypted in client’s secret key
3. To use a particular service, client requests a
ticket from TGS
4. TGS issues and send a ticket to the client,
encrypted with server's secret key
Network Security Applications 9
10. Kerberos
How Kerberos Works
- The ticket is used by server to ensure that it is
the same client to whom the ticket was issued
- Client can use the ticket multiple times to
access the server until the ticket expires
5. Client presents ticket to server with an
authenticator (the authenticator contains
client’s name and a timestamp, encrypted with
the shared session key)
Network Security Applications 10
11. Kerberos
How Kerberos Works
- Unlike a ticket, an authenticator can only be
used once
- The client can generate authenticators as
needed using the shared secret key
6. If client credentials (ticket + authenticator)
are correct, server provides access to service
Network Security Applications 11
12. Kerberos
How Kerberos Works
Kerberos TGS
2 3
1 4
Client Server
5
Network Security Applications 12
13. Kerberos
Security of Kerberos
It may be possible to cache and replay old
authenticators. Although timestamps are
supposed to prevent this, replays can be
done during the lifetime of the ticket
Authenticators assume all clocks in the
network are synchronized. If a host is fooled
about the correct time, an old authenticator
can be replayed
Network Security Applications 13
14. Kerberos
Security of Kerberos
Password-guessing attacks: an intruder can
collect tickets and then try to decrypt them.
The average user doesn’t usually choose
good passwords
Malicious software: Kerberos rely on that its
software is trustworthy. It is possible to
replace all client Kerberos software with a
version that records passwords
Network Security Applications 14
15. Kerberos
Security of Kerberos
New enhancements to Kerberos include an
implementation of public-key cryptography
and a smart-card interface for key
management
Network Security Applications 15
17. SSL/TLS
Overview
Web security threats:
▪ Location
● Server or client (System Security)
● Network traffic (Web Security)
▪ Type
● Passive attacks
● Active attacks
Network Security Applications 17
18. SSL/TLS
Overview
▪ Passive attacks include accessing
network traffic between browser and
server, accessing restricted information
on a website, etc.
▪ Active attacks includes impersonating
another user, altering messages in traffic,
altering information on a website, etc.
Network Security Applications 18
19. SSL/TLS
Overview
▪ Netscape originated the SSL (Secure
Socket Layer) protocol to provide a
reliable secure service on TCP
▪ TLS (Transport Layer Service) is the
Internet standard version of SSL
▪ TLS is very similar to SSLv3
Network Security Applications 19
20. SSL/TLS
Connections and Sessions
▪ A connection is a transport that provides
a suitable type of service
▪ An session is an association between a
client and a server
▪ Sessions define a set security parameters
which can be shared among multiple
connections
Network Security Applications 20
21. SSL/TLS
Connections and Sessions
▪ A number of states are associated with
each session
▪ During the handshake, pending read
and write states are created
▪ Upon successful conclusion of the
handshake, the pending states become
the current states
Network Security Applications 21
22. SSL/TLS
SSL Architecture
▪ Layer1 (provides basic security services
to higher-layer protocols such as HTTP):
● Record Protocol
▪ Layer 2 (manages SSL exchanges):
● Handshake Protocol
● Change Cipher Spec Protocol
● Alert Protocol
Network Security Applications 22
24. SSL/TLS
1. Record Protocol
Provides:
▪ Confidentiality: a shared secret key is
used for encryption
▪ Message Integrity: a shared secret key is
used to form a MAC (message
authentication code)
Network Security Applications 24
25. SSL/TLS
1. Record Protocol
1)Fragments data into blocks
2)Compresses the data (optional)
3)Applies a MAC
4)Encrypts using a symmetric encryption
such as AES and RC4
5)Adds a header (length, SSL version, etc.)
6)Transmits in a TCP segment
Network Security Applications 25
26. SSL/TLS
1. Record Protocol
Received data are:
1)Decrypted
2)Verified
3)Decompressed
4)Reassembled
5)Delivered to higher levels
Network Security Applications 26
27. SSL/TLS
1. Record Protocol
Network Security Applications 27
28. SSL/TLS
2. Handshake Protocol
Used before any data is transmitted
Allows the server and client to
authenticate each other through a series
of messages. Each message has:
Type: one of 10 types
Length: length in bytes
Content: session id, version, hash, etc.
Network Security Applications 28
31. SSL/TLS
3. Change Cipher Spec
Consists of a single message which
consists of a single byte with the value 1
Copies the pending state into the current
state, which updates the cipher suite to
be used on this connection
Network Security Applications 31
32. SSL/TLS
4. Alert Protocol
Conveys SSL-related alert messages
Each message consists of two bytes:
● Severity
– Warning (1): certificate_expired, etc.
– Fatal (2) - terminates the connection:
handshake_failure, bad_record_mac, etc.
● Code
Network Security Applications 32
34. SSL/TLS
TLS vs SSLv3
Differences include:
Version number: 3.x vs 3
MAC algorithm
Pseudorandom function for key
generation and validation
Alert Codes
Network Security Applications 34
36. Summary
▪ Kerberos is a trusted third-party
authentication protocol that enables
clients and servers to establish
authenticated communication
▪ SSL provides security services between
TCP and applications that use TCP
▪ TLS is the Internet standard version
Network Security Applications 36
37. Summary
▪ SSL/TLS provides confidentiality using
symmetric encryption and message
integrity using a MAC
▪ SSL/TLS enables two TCP users to
determine the security mechanisms and
services they will use
Network Security Applications 37