December 16, 2017

The Kerberos Protocol

Key Concepts

"Kerberos uses symmetric-key cryptography to authenticate users to network services" [1]

"The Authentication Server maintain a database of principals and their secret keys." [2]

"The secret key is derived from a password. ==> Opens for password guessing attacks" [2]

"Basing trust on host addresses." [2]

RFC 4120 "The Kerberos Network Authentication Service (V5)" obsoletes RFC 1510

Overview



Client Authentication

"3.1. The Authentication Service (AS) Exchange" [2]

Message direction Message type Section
1. Client to Kerberos KRB_AS_REQ 5.4.1
2. Kerberos to client KRB_AS_REP 5.4.2
  KRB_ERROR 5.9.1

KRB_AS_REQ: cname, realm, from, till, nonce, address, ...  **cleartext message**
    cname, client's principal.
    realm
    from and till, the expiration time
    nonce, Number used only ones
    address, client's network address
   
KRB_AS_REP: {K.c,tgs, realm, from, till, nonce, ...}K.c {T.c,tgs}K.tgs
    {...}K.c encrypted with the Client Secret Key
    K.c,tgs Client/TGS Session Key
    realm
    from and till, the expiration time
    same nonce as in request

    {...}K.tgs encrypted with TGS Secret Key
    T.c,tgs Client-to-TGS (Ticket-Granting Service) Ticket which includes:
        Client principal
        Client network address
        Client/TGS Session Key

Authentication "This is acceptable because nobody but the principal whose identity was given in the request will be able to use the reply." [2]

Client Service Authorization

"3.3. The Ticket-Granting Service (TGS) Exchange" [2]

Message direction Message type Section
1. Client to Kerberos KRB_TGS_REQ 5.4.1
2. Kerberos to client KRB_TGS_REP 5.4.2
  KRB_ERROR 5.9.1

KRB_TGS_REQ: {authenticator, ...}K.c,tgs {T.c,tgs}K.tgs, address, from, till, nonce
    {...}K.c,tgs encrypted with Client/TGS Session Key
    Authenticator (which is composed of the client principal and timestamp)
   
    {T.c,tgs}K.tgs from KRB_AS_REP
   
    address, Service network address
    from and till, the expiration time
    nonce, Number used only ones

KRB_TGS_REP: {K.c,s, address, from, till, nonce, ...}K.c,tgs {T.c,s}K.s
    {...}K.c,tgs encrypted with Client/TGS Session Key
    K.c,s, Client/Service Session Key
    address, Service network address
    from and till, the expiration time
    same nonce as in request

    {...}K.s encrypted with the Service Secret Key.
    T.c,s Client-to-Service-Ticket which includes:
        Client principal
        Client network address
        Validity period
        Client/Server Session Key

Client Service Request

"3.2. The Client/Server Authentication Exchange" [2]

Message direction Message type Section
1. Client to Application KRB_AP_REQ 5.5.1
2. Application server to client KRB_AP_REP 5.5.2
  KRB_ERROR 5.9.1

KRB_AP_REQ: {authenticator, ts, ...}K.c,s {T.c,s}K.s
    {...}K.c,s encrypted with K.c,s Client/Service Session Key
    authenticator, new Authenticator which includes client principal and timestamp
    ts, timestamp
   
    {T.c,s}K.s from KRB_TGS_REP

KRB_AP_REP [Optional]: {ts}K.c,s
    {...}K.c,s encrypted with Client/Service Session Key
    ts, timestamp

keytabs (Key Tables)

Used for service that typical runs as system service and hence have no login. Here keytabs contains K.s.

Reference

[1] Red Hat System-Level Authentication Guide Chapter 11. Using Kerberos
[2] RFC 4120
[3] Kerberos (protocol) - Wikiwand