Kerberos Network Authentication System
Kerberos; also spelled Cerberus. n. The watch dog of Hades, whose duty it was to guard the entrance--against whom or what does not clearly appear; . . . it is known to have had three heads. . .
-Ambrose Bierce, The Enlarged Devil's Dictionary
Authentication is critical for the security of computer systems. Without knowledge of the identity of a principal requesting an operation, it's difficult to decide whether the operation should be allowed. Traditional authentication methods are not suitable for use in computer networks where attackers can monitor network traffic and intercept passwords. The use of strong authentication methods that do not disclose passwords is imperative. The Kerberos authentication system supports strong authentication on such networks. [4]
Kerberos is a network authentication system for use on physically insecure networks, based on the key distribution model presented by Needham and Schroeder.[1] It allows entities communicating over networks to prove their identity to each other while preventing eavesdropping or replay attacks. It also provides for data stream integrity (detection of modification) and secrecy (preventing unauthorized reading) using cryptography systems such as DES.
In the United States and Canada, Kerberos is available via anonymous FTP from athena-dist.mit.edu (18.71.0.38) in pub/kerberos. Outside the United States, you can get Bones via anonymous ftp from ftp.funet.fi (128.214.6.100) in pub/unix/security/kerberos.
Bones is a system that provides the Kerberos API without using encryption and without providing any form of security whatsoever. It is a fake that allows the use of software that expects Kerberos to be present when it cannot be.
What is Bones? Kerberos is a network security system which relies on cryptographic methods for its security. Since Kerberos' encryption system, DES, is not exportable, Kerberos itself cannot be exported or used outside of the United States in its original form. As a partial solution to this problem, the Kerberos source code was modified by the addition of #ifdef NOENCRYPTION around all calls to DES functions. Compiling this version with the symbol NOENCRYPTION defined results in a system that looks like Kerberos from an application's point of view but that does not require DES libraries (and, as a result, does not speak the real Kerberos protocol and does not provide any security).
The final piece in this puzzle is a program called "piranha" which takes the Kerberos sources and removes all of the calls to the encryption routines, replacing it with the code which was under #ifdef NOENCRYPTION, producing the system known as Bones. Bones has the property that there is absolutely no question about whether or not it is legal to transport its sources across national boundaries, since it neither has any encryption routines nor any calls to encryption routines. [3]
Kerberos works by providing principals (users or services) with tickets that they can use to identify themselves to other principals and secret cryptographic keys for secure communication with other principals.[2] A ticket is a sequence of a few hundred bytes. These ticket can then be embedded in virtually any other network protocol, thereby allowing the processes implementing that protocol to be sure about the identity of the principals involved.[3] The following two diagrams illustrate how kerberos is used in a telnet session.
In a normal telnet session to a dialup machine, the users's password is sent across the network in clear text, exposing it to eavesdropping. The dialup machine uses this password to obtain Kerberos tickets to authenticate to other servers, so that the user can use NFS, POP mail, Zephyr, etc. [5]The obvious problem here is that the initial connection to the kerberos server (where the password is sent across the network as plain text) is susceptible to being sniffed. The fact that all other communications between the client and server is encrypted is has no relevance if someone has sniffed out your username and password.
In a Kerberos-authenticated telnet session, the client uses the password to obtain Kerberos tickets locally. These tickets are used to authenticate to the dialup server, which lets the user login.[5] In this senario, the security of the username and password is never compromised.
Kerberos is available on a number of different platforms, including many different flavors of UNIX, Macs, DOS, Linix and Windows NT. It is to be used on insecure networks which have multiple users, a university of example. Many applications which require user authentication can be used with kerberos, Zephyr for example.
Having gone through the newsgroup comp.protocols.kerberos I've concluded that a number of different sites use kerberos for authentication and encryption. Some of them include UMBC, MIT, UCDAVIS, and Netcom.
Authentication is critical for the security of computer systems. Without knowledge of the identity of a principal requesting an operation, it's difficult to decide whether the operation should be allowed. Traditional authentication methods are not suitable for use in computer networks where attackers monitor network traffic to intercept passwords. The use of strong authentication methods that do not disclose passwords is imperative. The Kerberos authentication system is well suited for authentication of users in such environments.[8]
B ibliography