Successfully reported this slideshow.
Kerberos
Luis Belloch Gómez
SSD - Febrero 2010
Kerberos es un protocolo de Autenticación.


Creado por Miller, Neuman, Schiller y Saltzer
para el proyecto Athena del MIT...
The Kerberos Authentication System uses a
series of encrypted messages to prove to a
verifier that a client is running on b...
Kerberos is a distributed authentication
service that allows a process (a client) running
on behalf of a principal (a user...
exp
                 1.         Kerberos
            1         Kc (Kc,v , v, texp , n)
                                 c ...
exp
                 1.         Kerberos
            1         Kc (Kc,v , v, texp , n)
                                 c ...
exp
                 1.         Kerberos
            1         Kc (Kc,v , v, texp , n)
                                 c ...
exp
                 1.         Kerberos
            1         Kc (Kc,v , v, texp , n)
                                 c ...
Ktgs (Tc,tgs ) texp , n)
                                   Kc (Kc,tgs , tgs,
                                1.2. tgs, tt...
Ktgs (Tc,tgs ) texp , n)
                                   Kc (Kc,tgs , tgs,
                                1.2. tgs, tt...
Diferencias con
       Needham-Schroeder
1. Uso de marcas de tiempo para evitar la reutilización
   de los tickets por ter...
Ampliaciones

Uso de criptografía de clave pública.


One-time passcode.
Desventajas  Problemas
1. Sensible a la elección de las claves
2. La distribución de claves debe ser segura
3. KDC central...
Implementaciones
Microsoft Windows
http://msdn.microsoft.com/en-us/library/aa378747(VS.85).aspx

Apple MacOS X
http://deve...
Bibliografía
1. B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication
   Service for Computer Networks, IEEE C...
Upcoming SlideShare
Loading in …5
×

Kerberos

1,616 views

Published on

Published in: Technology
  • Be the first to comment

Kerberos

  1. 1. Kerberos Luis Belloch Gómez SSD - Febrero 2010
  2. 2. Kerberos es un protocolo de Autenticación. Creado por Miller, Neuman, Schiller y Saltzer para el proyecto Athena del MIT, en los años 80. Basado en el protocolo Needham-Schroeder.
  3. 3. The Kerberos Authentication System uses a series of encrypted messages to prove to a verifier that a client is running on behalf of a particular user.
  4. 4. Kerberos is a distributed authentication service that allows a process (a client) running on behalf of a principal (a user) to prove its identity to a verifier (an application server, or just server) without sending data across the network that might allow an attacker or the verifier to subsequently impersonate the principal.
  5. 5. exp 1. Kerberos 1 Kc (Kc,v , v, texp , n) c client C AS 1. 1. c, (T as auth. server (kdc) Kerberos Kerberos K v, texp), = K verifier t ) v n (K , c, (server) 2 v c,v v c,v exp 3 4 Kc (Kc,v , v, texp , n) 1 c, v, Paso 3 c, v,ttexp ,,n 1.1. exp n Kv (Tc,v ) = Kv (Kc,v , c, texp ) V 2 Kcc(Kc,v ,,v, ttexp,,n) K (Kc,v v, exp n) Kc,v (ts, ck, Ks ) 1.1. vv(Tc,v))) = 3 vv(Kc,v ,,c, ttexp)) K (Tc,v = K (Kc,v c, exp K Paso K Kv (Tc,v 3 Kc,v (ts, ck, Ks ) 1.1. Paso 3 1.1. Paso 3 1.2. Paso 4 Kv (Tc,v ) Kc,v (ts, ck, Kss)) Kc,v (ts, ck, K 4 ts, Kc,v Kv (Tc,v )) Kv (Tc,v
  6. 6. exp 1. Kerberos 1 Kc (Kc,v , v, texp , n) c client C AS 1. 1. c, (T as auth. server (kdc) Kerberos Kerberos K v, texp), = K verifier t ) v n (K , c, (server) 2 v c,v v c,v exp 3 4 Kc (Kc,v , v, texp , n) 1 c, v, Paso 3 c, v,ttexp ,,n 1.1. exp n Kv (Tc,v ) = Kv (Kc,v , c, texp ) V 2 Kcc(Kc,v ,,v, ttexp,,n) K (Kc,v v, exp n) Kc,v (ts, ck, Ks ) ticket 1.1. vv(Tc,v))) = 3 vv(Kc,v ,,c, ttexp)) K (Tc,v = K (Kc,v c, exp K Paso K Kv (Tc,v 3 Kc,v (ts, ck, Ks ) 1.1. Paso 3 1.1. Paso 3 1.2. Paso 4 Kv (Tc,v ) Kc,v (ts, ck, Kss)) Kc,v (ts, ck, K 4 ts, Kc,v Kv (Tc,v )) Kv (Tc,v
  7. 7. exp 1. Kerberos 1 Kc (Kc,v , v, texp , n) c client C AS 1. 1. c, (T as auth. server (kdc) Kerberos Kerberos K v, texp), = K verifier t ) v n (K , c, (server) 2 v c,v v c,v exp 3 4 Kc (Kc,v , v, texp , n) 1 c, v, Paso 3 c, v,ttexp ,,n 1.1. exp n Kv (Tc,v )key Kv (Kc,v , c, texp ) session = V 2 Kcc(Kc,v ,,v, ttexp,,n) K (Kc,v v, exp n) Kc,v (ts, ck, Ks )session key ticket 1.1. vv(Tc,v))) = 3 vv(Kc,v ,,c, ttexp)) K (Tc,v = K (Kc,v c, exp K Paso K Kv (Tc,v 3 Kc,v (ts, ck, Ks ) 1.1. Paso 3 1.1. Paso 3 1.2. Paso 4 Kv (Tc,v ) Kc,v (ts, ck, Kss)) Kc,v (ts, ck, K 4 ts, Kc,v Kv (Tc,v )) Kv (Tc,v
  8. 8. exp 1. Kerberos 1 Kc (Kc,v , v, texp , n) c client C AS 1. 1. c, (T as auth. server (kdc) Kerberos Kerberos K v, texp), = K verifier t ) v n (K , c, (server) 2 v c,v v c,v exp 3 4 Kc (Kc,v , v, texp , n) 1 c, v, Paso 3 c, v,ttexp ,,n 1.1. exp n Kv (Tc,v )key Kv (Kc,v , c, texp ) session = V 2 Kcc(Kc,v ,,v, ttexp,,n) K (Kc,v v, exp n) Kc,v (ts, ck, Ks )session key ticket 1.1. vv(Tc,v))) = 3 vv(Kc,v ,,c, ttexp)) K (Tc,v = K (Kc,v c, exp K Paso K Kv (Tc,v authenticator 3 Kc,v (ts, ck, Ks ) 1.1. Paso 3 1.1. Paso 3 1.2. Paso 4 Kv (Tc,v ) Kc,v (ts, ck, Kss)) Kc,v (ts, ck, K 4 ts, Kc,v Kv (Tc,v )) Kv (Tc,v
  9. 9. Ktgs (Tc,tgs ) texp , n) Kc (Kc,tgs , tgs, 1.2. tgs, ttexp,,)n4 Paso 1 Ktgs (Tc,tgs n c, tgs, exp 1 solo la AS c, t , n v, c,tgs (ts, ..) K exp primera vez 2 Kc (Kc,tgs ,,tgs, texp , n)n) Kc,tgs (Kc,v , v,t exp ,n) Kc (Kc,tgs tgs, texp , 2 K (T ) C tgs K (Tc,tgs c,tgs 1.1. tgsPaso) 3 1.2. v (Tcvn 4 K t Paso ) v, , Ktgs (Tc,tgs ) exp 3 4 3 Kc,tgs (ts, ..) 5 6 1.1. c,tgs (Kc,v3 v, texp , n) K Paso , TGS K (T ) 1.3. tgs Paso 4 Paso 5 c,tgs 1.2. (T ) 3 1.1. Paso Kv, v expcv ..) t ,n V 4 Kc,tgs (ts, Kc,tgs (Kck,,Kst) , n) (ts, c,v Kc,v (Tc,tgs ) v, exp Ktgs Kc,tgs (ts, ..) 5 1.3. v expc,v ) 4 v, Paso 1.2. v (Tc,v ) K t Paso,n c as client auth. server 5 Kc,v (ts, c,v ,)v, ts ) , n) Kc,tgs (K K tgs (Tc,tgs ck, K exp v tgs verifier (server) ticket granting service 1.4. vt(TPaso 46 1.3. Paso 5 1.2. Paso K cv ) v, ,n Kv (Tc,v ) exp Kc,tgs (Kc,v , v, texp , n) 6 Kc,v (ts, ck, Ks ) (ts) 1.3. Paso 5
  10. 10. Ktgs (Tc,tgs ) texp , n) Kc (Kc,tgs , tgs, 1.2. tgs, ttexp,,)n4 Paso 1 Ktgs (Tc,tgs n c, tgs, exp 1 solo la AS c, t , n v, c,tgs (ts, ..) K exp primera vez 2 Kc (Kc,tgs ,,tgs, texp , n)n) Kc,tgs (Kc,v , v,t exp ,n) Kc (Kc,tgs tgs, texp , 2 K (T ) C ticket tgs c,tgs 1.1. tgsPaso) 3 K (Tc,tgs 1.2. v (Tcvn 4 K t Paso ) v, , Ktgs (Tc,tgs ) exp 3 4 3 Kc,tgs (ts, ..) 5 6 1.1. c,tgs (Kc,v3 v, texp , n) K Paso , ticket TGS K (T ) 1.3. tgs Paso 4 Paso 5 c,tgs 1.2. (T ) 3 1.1. Paso Kv, v expcv ..) t ,n V 4 Kc,tgs (ts, Kc,tgs (Kck,,Kst) , n) (ts, c,v Kc,v (Tc,tgs ) v, exp Ktgs Kc,tgs (ts, ..) 5 ticket 1.3. v expc,v ) 4 v, Paso 1.2. v (Tc,v ) K t Paso,n c as client auth. server 5 Kc,v (ts, c,v ,)v, ts ) , n) Kc,tgs (K K tgs (Tc,tgs ck, K exp v tgs verifier (server) ticket granting service 1.4. vt(TPaso 46 1.3. Paso 5 1.2. Paso ticket K cv ) v, ,n Kv (Tc,v ) exp Kc,tgs (Kc,v , v, texp , n) 6 Kc,v (ts, ck, Ks ) (ts) 1.3. Paso 5
  11. 11. Diferencias con Needham-Schroeder 1. Uso de marcas de tiempo para evitar la reutilización de los tickets por terceros (Replay Attack) [4]. 2. Introducción del Ticket Granting Service, para evitar volver a autenticar contra el KDC en cada uso. 3. Permite el uso entre distintos realms de autenticación.
  12. 12. Ampliaciones Uso de criptografía de clave pública. One-time passcode.
  13. 13. Desventajas Problemas 1. Sensible a la elección de las claves 2. La distribución de claves debe ser segura 3. KDC centraliza las claves 3.1.Puede comprometer a toda la red 3.2.Solo funciona si el KDC está online 4. Requiere sincronización de tiempos 5. Necesidad de adaptar las aplicaciones 6. Implementaciones no interoperables [5]
  14. 14. Implementaciones Microsoft Windows http://msdn.microsoft.com/en-us/library/aa378747(VS.85).aspx Apple MacOS X http://developer.apple.com/opensource/kerberosintro.html Kerberos Infrastructure HOWTO http://tldp.org/HOWTO/Kerberos-Infrastructure-HOWTO/ Debian http://www.debian-administration.org/articles/570 http://wiki.debian.org/LDAP/Kerberos Ubuntu (Samba+Kerberos) https://help.ubuntu.com/community/Samba/Kerberos FreeBSD (Heimdal) http://www.freebsd.org/doc/en/books/handbook/kerberos5.html
  15. 15. Bibliografía 1. B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks, IEEE Communications, 32(9): 33-38. September 1994 2. John Kohl and B. Clifford Neuman. The Kerberos Network Authentication Service (Version 5). Internet Request for Comments RFC-1510. September 1993 3. S. M. Bellovin and M. Merritt. Limitations of the kerberos authenication system. Computer Communication Review, 20(5): 119-132, October 1990 4. D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols. Communication of the ACM, 24(8):533-536, August 1981 5. Findings of Fact-Allegedly New "Bad" Acts Relating to Interoperation (139a) New York v. Microsoft Corp., 224 F. Supp. 2d 76 - Dist. Court, Dist. of Columbia 2002

×