0% found this document useful (0 votes)
40 views7 pages

Kerberos: A Private Key System

Kerberos is a network authentication protocol that uses secret-key cryptography to authenticate a user or service to verify its identity over an insecure network. It works in three main phases: (1) the client requests an encrypted ticket for the authentication server (AS) from the Kerberos server, (2) the client uses the ticket to request a ticket for the target server from the AS, and (3) the client sends the ticket for the target server to authenticate with and access the server. This provides secure authentication without sending passwords over the network.

Uploaded by

Umesh Thoriya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
40 views7 pages

Kerberos: A Private Key System

Kerberos is a network authentication protocol that uses secret-key cryptography to authenticate a user or service to verify its identity over an insecure network. It works in three main phases: (1) the client requests an encrypted ticket for the authentication server (AS) from the Kerberos server, (2) the client uses the ticket to request a ticket for the target server from the AS, and (3) the client sends the ticket for the target server to authenticate with and access the server. This provides secure authentication without sending passwords over the network.

Uploaded by

Umesh Thoriya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 7

A Private Key System

KERBEROS

CS5204 – Operating Systems 1


Kerberos

Kerberos: Structure

User (U) Ticket


Kerberos Granting
Server (K) Client (C) Server (tgs)

user secret key server secret key


database Server
database

Requirements:
•each user has a private password known only to the user
•a user’s secret key can be computed by a one-way function from the user’s password
•the Kerberos server knows the secret key of each user and the tgs
•each server has a secret key know by itself and tgs

CS 5204 – Operating Systems 2


Kerberos

Kerberos: Steps

authentication authorization

User (U) Ticket


Kerberos Granting
Server (K) Server (tgs)
Client (C)

user secret key server secret key


database Server database

CS 5204 – Operating Systems 3


Kerberos

Protocol Overview

2. Tu,tgs User (U) 3. (Tu,tgs, S) Ticket


Kerberos
Granting
Server (K) Client (C) Server (tgs)
1. U: user id 4. TC,S

5. (TC,S, request) ( 6. T' )

Server

Ticket Structure:
EK(S) {C, S, KC,S , timestamp, lifetime}

CS 5204 – Operating Systems 4


Kerberos

Kerberos
Phase 1
1. The user logs on to the client and the client asks for credentials
for the user from Kerberos
U ­> C : U (user id)
C ­> K: (U, tgs)
2. Kerberos constructs a ticket for U and tgs and a credential for the
user and returns them to the client
Tu,tgs = EK(tgs) { U, tgs, KU,tgs , ts, lt}
K ­> C: EK(U) {TU,tgs , KU,tgs , ts, lt}
The client obtains the user's password, P, and computes:
K'(U) = f(P)
The user is authenticated to the client if and only if K'(U) decrypts
the credential.
CS 5204 – Operating Systems 5
Kerberos

Kerberos
Phase 2

3. The client constructs an “authenticator” for user U and


requests from TGS a ticket for server, S:
AU = E K(U,tgs) {C, ts }
C ­> TGS : (S, TU,tgs , AU )

4. The server authenticates the request as coming from C and


constructs a ticket with which C may use S:
TC,S = EK(S) { C, S, KC,S , ts, lt}
TGS ­> C: EK(U,tgs) {TC,S , KC,S , ts, lt }

CS 5204 – Operating Systems 6


Kerberos

Kerberos
Phase 3

5. The client builds an authenticator and send it together with


the ticket for the server to S:
AC = EK(C,S) { C, ts }
C ­> S : (TC,S , AC )

6. The server (optionally) authenticates itself to the client by


replying:
S ­> C: E K(C,S) {ts + 1 }

CS 5204 – Operating Systems 7

You might also like