We have already discussed about Cryptography and Caesar cipher‘. In this post we will explore more about Cryptography by discussing the application of Cryptography – ‘Kerberos authentication protocol’. In today’s insecure online and distributed environment we need stronger authentication mechanism than the classic username/password combination.
‘Kerberos’ was developed in MIT as part of a project named ‘Athena’. Kerberos is a three headed dog in Greek mythology which was used to guard the underworld. The electronic version of Kerberos or the Kerberos authentication protocol is used to guard user’s online data and keep hackers at bay. The Internet being a place which does not hold the three tenets of Information Security – Confidentiality, Integrity and Availability – needed stronger cryptographic algorithms to ensure user’s online privacy. The Kerberos network authentication protocol was created to uphold the three tenets by making use of symmetric key cryptography. Recall: In Symmetric key cryptography, the same key that is used to encrypt data is used to decrypt data as well.
The Kerberos authentication protocol is used to prove your identity in a client/server interaction by making use of “tickets”. Kerberos version 4 was created by Steve Miller and Clifford Neuman. Version 5 release 1.16.3 is the latest version It was created by John Kohl and Clifford Neuman. Kerberos is freely downloadable from the MIT website under copyright permissions. It is also available as a professional product by many vendors. Kerberos is based on the Needham-Schroedar protocol.
Necessity of Kerberos:
Kerberos was created to overcome the following threats in an open distributed network environment:
Here is an extremely high level working of the Kerberos authentication protocol ….the important terms to be aware of before we start discussing the working of Kerberos:
KDC – Key distribution center
TGS – Ticket Granting Service
2. The client receives the encrypted TGT. Recall that Kerberos makes use of symmetric key cryptography. Hence, the encrypted TGT that is received is decrypted using the user’s key(the user’s key is stored in the user’s machine)
3. The TGT stored on the machine will enable a session with the server for a specified amount of time
4. In order to communicate with the server and request more services, the client will use the TGT and ask for a specific service from the KDC server
This is just a simplified version of the Kerberos authentication protocol. It can be inferred from the above description of the Kerberos authentication protocol that the entire functioning is based on “tickets” and encryption and decryption using symmetric key cryptography. No passwords were sent in the entire client/server interaction. It is hoped that stronger authentication standards will be adopted by the industry.
Kerberos. (n.d.). Retrieved May 7, 2014, from Wikipedia.org: http://en.wikipedia.org/wiki/Kerberos_(protocol)#Further_reading
Cryptography and Network Security. In W. Stallings.
What is kerberos and how does kerberos work, from https://www.slashroot.in/what-is-kerberos-and-how-does-kerberos-work