How Kerberos Authentication Works
| Bhaskar S | 04/12/2013 |
Terminology
The following are some of the terms that will be used while introducing the Kerberos authentication protocol:
Authentication Server (AS) - a server that handles authentication requests from users
Service Provider (SP) - a server that hosts service(s) a user wishes to access
Principal (P) - name of either a user or a server
Secret Key (Ki) - a key that is associated and known only to a Principal
Session Key (Sxy) - a shared key used to encrypt/decrypt content between two Principals
Ticket - a proof of identity of a Principal to access a service. It is an encrypted content that includes the Principal of the user, the Principal of SP the user wishes to access, start date and time, expiry lifetime, and a session key
Ticket Granting Server (TGS) - a server that issues identity Tickets to users for accessing any Service Provider
Authentication Steps
Let us set some context before we describe the steps involved in Kerberos protocol. The following are the details:
Alice - is the user with principl A and a secret key Ka
Bob - is the service provider (SP) with principl B and a secret key Kb
Mars - is the authentication server (AS) which is where the initial request for authentication is sent. It is responsible for generating a session key and a ticket to be presented to the ticket granting server (TGS)
Pluto - is the ticket granting server (TGS) with principal P and a secret key Kp
Star - is the database that is accessible to both Mars and Pluto. All the principals A, B, and P along with their corresponding secret keys Ka, Kb, and Kp are stored here. The secret key for a principal is typically the hash of their password. This way no one has access to the actual passwords
Ki(x) - is means the secret key Ki is used to encrypt any content x
Step. 1
Alice logs into a workstation to access the service provided by Bob. This action will send an authentication request to Mars.
The authentication request will look like:
[A, B]
where
A is the principal of Alice
B is the principal of Bob
Step. 2
Mars receives the authentication request from Alice.
Mars will check in Star if both A and B are valid. If either A or B or both are invalid, then an error message will be sent back to Alice. Since both A and B will be valid in our situation, Mars will send an authentication response to Alice.
The authentication response will contain 2 parts - an encrypted session key and an encrypted ticket and will look like:
[Ka(B, TS, LF, Sap), Kp(A, TS, LF, Sap)]
where
Ka is the secret key of Alice
B is the principal of Bob
TS is the start timestamp from when the ticket is valid
LF is the maximum lifetime of the ticket
Sap is the session key to be used between Alice and Pluto
Kp is the secret key of Pluto
A is the principal of Alice
NOTE :: The start timestamp TS and maximum ticket lifetime LS are created by Mars and will be passed along in all the subsequent steps
Step. 3
When Alice receives the authentication response from Mars, it will prompt Alice to enter her password. Once the password is provided, a hash of the password is created which will be same as the secret key Ka of Alice so that she can extract the session key Sap.
To access the service provided by Bob, Alice will need a service ticket from Pluto. In order to get the service ticket, Alice will send a service ticket request to Pluto. The service ticket request contains 3 parts - the principal of the service provide Bob, encrypted identity of Alice, and the encrypted ticket Kp(A, TS, LF, Sap) that Alice got from Mars in the authentication response in Step. 2 and will look like:
[B, Sap(A, TS, LF), Kp(A, TS, LF, Sap)]
where
B is the principal of Bob
Sap is the session key to be used between Alice and Pluto
A is the principal of Alice
TS is the start timestamp
LF is the maximum ticket lifetime
Kp is the secret key of Pluto
Step. 4
Pluto receives the service ticket request from Alice.
Since Pluto knows its secret key Kp, it can decrypt the ticket Kp(A, TS, LF, Sap) from the service ticket request to extract the session key Sap.
Next Pluto will decrypt the encrypted user identity Sap(A, TS, LF) from the service ticket request to extract the principal A and compare it with the principal from the decrypted ticket. If they dont match Pluto will send an error message back to Alice.
Next Pluto will check if the start timestamp TS plus maximum ticket lifetime LF has not expired (less than the current timestamp). If expired, Pluto will send an error message back to Alice.
At this point the identity of Alice has been verified and Pluto will send a service ticket response to Alice.
The service ticket response will contain 2 parts - an encrypted session key and an encrypted ticket and will look like:
[Sap(B, TS, Sab), Kb(A, B, TS, LF, Sab)]
where
Sap is the session key used between Alice and Pluto
B is the principal of Bob
Sab is the session key to be used between Alice and Bob
Kb is the secret key of Bob
A is the principal of Alice
TS is the start timestamp
LF is the maximum ticket lifetime
Step. 5
When the workstation where Alice logged in receives the service ticket response from Pluto, it will decrypt the encrypted session key Sap(B, TS, Sab) using the session key Sap from the service ticket response to extract the session key Sab to be used between Alice and Bob.
Alice now has the service ticket to access the service provided by Bob.
Alice will now send a service request to Bob. The service request contains 2 parts - encrypted identity of Alice and the encrypted ticket Kb(A, B, TS, LF, Sab) from the serice request response from Pluto in Step. 4 and will look like:
[Sab(A, TS, LF), Kb(A, B, TS, LF, Sab)]
where
Sab is the session key to be used between Alice and Bob
A is the principal of Alice
TS is the start timestamp
LF is the maximum ticket lifetime
Kb is the secret key of Bob
B is the principal of Bob
Step. 6
Bob reqceives a service request from Alice.
Since Bob knows its secret key Kb, it can decrypt the ticket Kb(A, B, TS, LF, Sab) from the service request to extract the session key Sab.
Next Bob will decrypt the user identity Sab(A, TS, LF) from the service request using the session key Sab to extract the principal A and compare it with the principal from the decrypted ticket. If they dont match Bob will send an error message back to Alice.
Next, Bob will check if the start timestamp TS plus maximum ticket lifetime LF has not expired (less than the current timestamp). If expired, Bob will send an error message back to Alice.
At this point the identity of Alice has been verified and Bob will send a service response to Alice.
The service response is to prove the identity of Bob and will contain an encrypted identity and will look like:
[Sab(B, TS)]
where
Sab is the session key used between Alice and Bob
B is the principal of Bob
TS is the start timestamp
Step. 7
When the workstation where Alice logged in receives the service response from Bob, it will decrypt the encrypted identity Sab(B, TS) to extract and validate both the principal B of Bob and the start timestamp TS.
At this point Alice has access to the service provided by Bob.