Designing an Authentication System

Kerberos; man’s best

three-headed friend?

What is Kerberos?

• Kerberos is a network authentication protocol.

• It’s also the name of the three-headed dog in Greek mythology.

• Yes, it really is spelt with a ‘K’.

• Questions? No? Good.

Background

Early 1980s:• Timesharing via dumb

terminals• Central processing

and storage• Crap for games

Solution?

• Replace terminals with workstations

• Network all the machines

• Use servers for storage and services

Eek! Security!

Problem:

• How does the server know who you are?

• Authentication by assertion?

Solution:

• Add username & password verification

Multi-password badness

Problem:

• Changing your password

• Password stored in multiple locations

• Just remembering the damn thing

Sounds like we need a network authentication protocol -)

No, it’s not ‘Sharon’

Here’s where it starts to get clever:

• Users have passwords

• Services have passwords

• There’s an auth service that knows all passwords.

• We’ll call it charon

Charon: first draft

• Alice wants her mail.• She asks charon for a

ticket.• Charon encrypts her

username as ticket.• Alice hands ticket to

mail service.

Username squiggle?

The ticket currently contains:

Problem:• How does the service

know if it’s decrypted the ticket properly?

Solution:• Fix the ticket

Stop, thief!

Problem:• What’s to stop someone stealing your ticket?

Solution:• Add another field to the ticket

But I already typed it in…!

Problem:

• We have to enter our password once per service

Solution:

• We add a ticket-granting service, we’ll call it bob.

Bob? Eh?

Here’s how it works:• You request a ticket

from charon for bob.• You can now repeat

steps 2&3 for as many services as you like.

• This ticket is called the ticket-granting ticket. Catchy eh?

I saw that!

Problem:• The password is still

being sent in plain text. Eek.

Solution:• Tweak more stuff.

Thievery, again

Problem:• Someone can steal your ticket, and fake your

username and address after you’ve fled home.

Solution:• Add an expiry time to the ticket.

T’was nae me, officer

Problem:• Someone could use

your ticket before it expires.

Well, let’s look at what’s happening.

It honestly wasn’t

Solution:• Add a session key.• Charon creates a random password for the

session and adds it to the reply.

So, um, how’s this work?

Like this:

• Alice sends 2 things to the mail service:– The service ticket– Her username and address, encrypted with

the session key (a.k.a., the authenticator)

And that’s pretty much it, folks.

My thanks to Bill Bryant

This

Man

Needs

Sleep

Notes to self: replay, bones, lanman, agnosticism, forwarding, mutual auth