Lecture Notes for Operating Systems

Kerberos, 11 December 2000


  1. kerberos - network security

    1. authentication and some information security

    2. developed at mit for project athena

    3. available for lots of machines

    4. used by osf for dce, microsoft for active directory service

  2. computational model - client-server; (ip) network based

  3. security model

    1. private key

    2. single sign on

    3. central trusted authority - entity-key database

    4. ticket-based certification

  4. three main kerberos functions (protocols)

    1. authentication - log on; key distribution center

    2. service authorization - ticket granting service

    3. service request - client and server

  5. user authentication

    1. client contacts kdc with client id

    2. kdc returns a ticket for the ticket granting service

    3. tickets are stored in the client's certification cache

  6. server request

    1. client contacts the tgs with the tgs ticket and server information

    2. tgs forms and returns a ticket for the server

    3. client stores the server ticket in the certification cache

  7. server authorization

    1. client contacts the server with the server ticket issued by the tgs

    2. server responds with an optional verification

    3. client-server interaction commences

  8. where's the security in all this?

    1. private-key cryptography - two functions

      1. encrypted text = encryption function(plain text, secret key)

      2. plain text = decryption function(encrypted text, secret key)

      3. important properties

        1. pt = df(ef(pt, sk), sk)

        2. pt != df(ef(pt, sk1), sk2) if sk1 != sk2

    2. tickets are encrypted with the server's secret key - the tgs ticket returned by the kdc and the server ticket returned by the tgs

    3. messages from the kdc to the client are encrypted with the client's key

    4. randomly generated session keys are used to protect client-server communication

    5. a ticket: {c, s, c addr, timestamp, lifetime, Kc,s}Ks

  9. the kerberos protocols revisited

    1. user authentication

      1. client to kdc: c, tgs

      2. kdc to client: {Kc,tgs, {Tc,tgs}Ktgs}Kc

    2. server request

      1. client to tgs: s, {Tc,tgs}Ktgs, {Ac}Kc,tgs

      2. the authenticator: {c, c addr, timestamp}Kc,s

      3. tgs to client: {{Tc,s}Ks, Kc,s}Kc, tgs

    3. server authentication

      1. client to server: {Ac}Kc,s, {Tc,s}Ks

      2. server to client: {timestamp + 1}Kc,s


This page last modified on 11 December 2000.