![Page 1: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/1.jpg)
The design of a tutorial The design of a tutorial to illustrate the to illustrate the
Kerberos protocolKerberos protocol
Lindy Carter
Supervisors : Prof Wentworth
John Ebden
![Page 2: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/2.jpg)
ObjectivesObjectives
• To design a teaching approach and tutorial to teach complex protocols
• Kerberos as the chosen example
![Page 3: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/3.jpg)
IntroductionIntroduction
• Authentication protocol used to identify principals on a network using only a single sign-on
• Uses authentication based on cryptography and was developed by MIT to replace authentication based on assertion
• Chosen by Microsoft to replace NTLM as the method for authentication in Window 2000
• Name come from the 3 headed dog in Greek mythology – Cerberus –who used to guard the gates of Hades
![Page 4: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/4.jpg)
The problem with The problem with teaching Kerberosteaching Kerberos
• Not easy to conceptualize
• Formal definitions use a “once over” type of approach and are very technical
• Important concepts are presented in the same step
• Formal definitions use complicated notation
![Page 5: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/5.jpg)
What we have done to What we have done to solve the problemsolve the problem
• We have divided our explanation into 2 passes– The first pass uses a concrete metaphor to explain
the 3 message exchanges in the protocol– The second pass is broken down into 3 phases
and uses another metaphor to explain the message exchanges, encryption and key sharing
• We want start with concrete explanations and move towards more abstract ideas
![Page 6: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/6.jpg)
Pass 1Pass 1
• Uses a club membership example
• The process of joining a club and using its affiliated facilities is similar in Kerberos to authenticating yourself and asking to use a resource.
![Page 7: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/7.jpg)
Pass 2Pass 2
• Uses a coloured envelope metaphor
• We chose the envelope metaphor because it illustrates the 2 level structure of tickets.
• The coloured envelopes show encryption key pairs
![Page 8: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/8.jpg)
• Pass is divided into 3 phases– Phase 1 describes the 3 message
exchanges in a trusted environment– Phase 2 introduces long term key sharing– Phase 3 introduces sessions and session
key generation
![Page 9: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/9.jpg)
Pass 1 – Pass 1 – Club membershipClub membership
Club Membership metaphor Kerberos
1 A person wants a membership card to the umbrella body in order for him to use affiliated facilities. The user presents his ID book or student card to prove his identity, pays for certain facilities, and he is then issued with a membership card containing his membership rights.
The user requests a ticket granting ticket to use the ticket granting service. The user is authenticated and the ticket granting ticket containing his access rights is issued to him.
2 When the member wants to use an affiliated facility, he presents his membership card to the facility office. The office checks to see if the member is allowed to use the facility by looking at the member’s membership rights. If the member is allowed to use the facility he is requesting, the office issues him with a facility ticket.
The user wishes to use a resource. He presents his ticket granting ticket to the ticket granting service to ask for a resource ticket. The ticket granting service checks the access rights in the ticket granting ticket and if the user has rights to the resource that he as requested, a resource ticket it issued to the user.
3 To use the facility, the members presents the facility ticket to the gatekeeper of the facility he is wanting to use.
To use the resource, the user presents the resource ticket to the resource server.
![Page 10: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/10.jpg)
Phase 1Phase 1
Authentication Server
Ticket GrantingService
Resource Server
Authentication Server Exchange
![Page 11: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/11.jpg)
Phase 1Phase 1
Authentication Server
Ticket GrantingService
Resource Server
Ticket Granting Service Exchange
![Page 12: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/12.jpg)
Phase 1Phase 1
Authentication Server
Ticket GrantingService
Resource Server
Resource Server Exchange
![Page 13: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/13.jpg)
Some ObservationsSome Observations
• There is no direct communication between the Authentication Server, Ticket Granting Service of the Resource Server
• Tickets are reusable
![Page 14: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/14.jpg)
Problems with Phase 1Problems with Phase 1
• Principals that receive tickets do not actually know who sent the ticket.
• The access rights in the tickets are in plain text and the user is able to change them
![Page 15: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/15.jpg)
Phase 2Phase 2
• First problem is easy to solve - each time the user sends a ticket to a principal, he sends his name along with the ticket
• Second problem a little more involved…
![Page 16: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/16.jpg)
Phase 2Phase 2
• The user needs to authenticate himself to the Authentication Server and the Authentication Server needs to pass information securely back to the user– The user and AS need to share a long term key
(users password (black key)
• The Authentication Server needs to pass information securely to the Ticket Granting Service– AS and TGS need to share a long term key (red
key)
![Page 17: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/17.jpg)
Phase 2Phase 2
• The Ticket Granting Service needs to pass information securely to the Resource Server– TGS and RS need to share a long term key
(blue key)
![Page 18: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/18.jpg)
Long term key sharingLong term key sharing
AuthenticationServer
Ticket GrantingService
Resource Server
Long term Key
![Page 19: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/19.jpg)
Problems with Phase 2Problems with Phase 2
• Some one listening on the network can intercept the message containing the ticket and the users name.– They will be able to change the name and
use the resource
![Page 20: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/20.jpg)
Phase 3Phase 3
• The user should encrypt his name before he sends it to the TGS or RS (this is called an authenticator)– The user needs a communication channel to
communicate with the TGS and RS
• Sessions keys are generated via a third party. – A copy of the key is given to the user in his reply
message for a ticket. – Another copy is embedded in the ticket that the
user is receiving back
![Page 21: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/21.jpg)
Phase 3Phase 3
• When the TGS or RS receive the ticket and authenticator, it is able to decrypt the ticket and retrieve the session key
• TGS or RS is then able to decrypt the authenticator and see who is requesting service.
![Page 22: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/22.jpg)
Key SharingKey Sharing
AuthenticationServer
Ticket GrantingService Resource
Server
Long term Key
Session Key
Generates session key
Generates session key
![Page 23: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/23.jpg)
Finally…Finally…
Authentication Server
Ticket GrantingService
Resource Server
1 2
3
1. AS exchange
2. TGS exchange
3. RS exchange
![Page 24: The design of a tutorial to illustrate the Kerberos protocol](https://reader035.vdocuments.mx/reader035/viewer/2022062422/568135bc550346895d9d206e/html5/thumbnails/24.jpg)
QuestionsQuestions