Kerberos Security

With the advent of computer networking, and especially the internet, security has become an ever-increasing concern. Some solutions to the security, such as password verification, have serious drawbacks. Passwords can be intercepted by someone attempting to break into the network. Many networks employ firewalls to restrict access to their systems, but this solution also restricts network users’ access to external machines. It also does nothing to prevent unauthorized system access from users behind the firewall. Even worse, in a commonly used system called “authentication by assertion,” the server merely relies on the client program to verify the user’s identity. This system will fail to provide adequate security if an attacker can trick the client program or modify it so that it does not require verification. Concerned by the dilemma posed by these shortcomings, computer scientists at MIT in the late 1980s developed a system that would overcome many of these problems. They named their new program Kerberos, after the fierce three-headed dog that guarded Hades in Greek mythology. Although the system does have some drawbacks, Kerberos provides a solution to the security problem that is superior to those provided by many of its predecessors.

The key to the functionality of Kerberos is that a user can prove their identity without actually divulging the information needed to prove it. It uses an authentication server, which stores a password for each user. The password is never passed between the user and the authentication server – in fact, although it is used identically to a password, it is functionally different. A Kerberos password is an encryption key – messages from the authentication server are passed to the client only after being encrypted using this key. The assumption made is that the password is known only to the authorized user, and so the messages are sent from the authentication server without regard to whether the user has entered a correct password. This does of course pose a security risk – one that is a problem with any system that is dependent on a password. If the user divulges their password or sets their password to something easily guessed, the security of the system will be compromised. Another problem with the Kerberos system is that, in its present version, the encryption key and the decryption key are the same, unlike more advanced cryptography schemes such as RSA Public-Key encryption.

The Kerberos authentication server also stores encryption keys known only to it and the servers holding the resources needed by the client. When a user requests access to any resources on the network, the request is sent to the authentication server. If the user is authorized to access the requested resource, the user is sent a Kerberos ticket, which is forwarded to the server. The ticket is encrypted with the server’s encryption key, and includes information about the resource request . It also includes another encryption key – the randomly generated “session key” which will be used only for data transmitted to the client from the resource server. The client also receives a copy of this key, encrypted using the user’s password. Since, theoretically, the user does not know the server key, the information in the ticket cannot be tampered with by the user. The resource server also checks certain information in the ticket before access to the resources is granted to ensure that the ticket has not been modified. The requested data is then transferred to the client, encrypted with the session key so that only the user who has been authenticated and authorized to retrieve the data will be able to access it.

The strength of Kerberos is that failure in any of these steps will result in the user being unable to access the data. Kerberos’s redundant checks and use of many separate encryption keys to validate one transaction provides a highly secure system. If the user enters an incorrect password, they will still receive a session key but will be unable to decrypt it. If the Kerberos ticket is changed before it reaches the resource server, the server will not send the data. If the Kerberos ticket is generated by an authentication server that does not have the authority to grant access to the machine being requested, the server key will not be correct and the server will be unable to decrypt the message and will not send any data. If the encrypted session key is intercepted by an unauthorized user, that user will not have the necessary key to decrypt it.

One problem that has arisen with the Kerberos system is that after the user’s password has been entered, storing it on the user’s PC or workstation is not secure. If this method is used and that system is broken into, then the password – the user’s encryption key – can be stolen. The simplest solution, forcing the user to enter the password each time access to a secure resource is needed, was seen as unacceptable, as it would significantly reduce the user-friendliness of Kerberos and with it, the system’s viability as a solution to the security problem. Instead, the developers chose to set up the authentication server to grant the user a “ticket-granting ticket” upon logon. This ticket contains yet another random encryption key that will be stored on the user’s system. The ticket-granting ticket will only be valid for a short time, usually a few hours. After the ticket-granting ticket is generated, the authentication server will use its encryption code rather than the user’s password to encrypt any session keys sent to the user. This is a compromise, as the key from the ticket-generating ticket is stored on the client system and is therefore vulnerable, but it protects the user’s password from theft.

The latest version of Kerberos, version 5, also provides authentication for users on one network to access resources on a different network. This feature, called “cross-realm authentication,” adds another layer of security. It uses multiple authentication servers, each sharing a security key with the previous authentication servers. One example, provided by Neuman and Ts’o, is that the ISI.EDU realm shares a cross-realm key with the EDU realm, which, in turn, shares a key with the MIT.EDU realm. With this group of keys, it is possible for a user from ISI.EDU to gain access to resources in the MIT.EDU realm. Besides adding more distinct encryption keys to the communication process, the cross-realm Kerberos ticket also includes all the realms that were between the client and the resource requested, and the resource server evaluates this list to make doubly sure that the user can be authorized to access the requested data.

Neuman and Ts’o also propose changes to Kerberos that would solve two of its major security problems. They recommend the use of one-time passwords to make stolen passwords useless because they have already been used. They also recommend the implementation of public-key cryptography to solve the problem of the security key being available at both the user and server ends of the transaction.

Although the system has a few drawbacks, Kerberos provides a security system that is superior to most others. It largely solves the problem of data being intercepted by someone who is not authorized to view it, as only the user who the data is meant for will have the ability to decrypt it. It reduces the possibility of password theft by replacing the password with an encryption key that never needs to be sent across the network. With wide implementation of Kerberos or a system like it, the security problems inherent with the current state of networked computing could be significantly reduced.