Secure Channels

A secure channel provides integrity and confidentiality services to communicating principals. Kerberos offers these services.

Integrity

An integrity service allows principals to determine if the message stream between them has been modified in an unauthorized manner. The Kerberos safe message includes a checksum that is used as an integrity check. Each principal in the Kerberos safe message exchange separately derives this checksum from the message using one of several available algorithms. The algorithms include a one-way message digest hash that has cryptographic strength. The nature of such a checksum is that it cannot be adjusted to conceal a change to the message.

Confidentiality

A confidentiality service is designed to counter passive wire-tapping by restricting the availability of message traffic to an authorized set of principals. The traffic itself and both source and destination addresses of the traffic are of interest. Obviously, the traffic itself can contain confidential information. In particular, Kerberos is specifically designed to minimize the transmission of passwords over the network and encrypt passwords under those few conditions when they are transmitted over the network. Kerberos also provides encryption of an application’s message data if the application desires it.

Network addresses and traffic volume may be used to infer information. Consider that an increase in the traffic between two business partners may predict a merger. The Kerberos private message provides protection for message traffic between principals using the bulk data encryption technology such as the Data Encryption Standard (DES). Kerberos does not provide a defense against traffic analysis.

Authentication

An authentication service permits one principal to determine that the identity of another principal is genuine as represented. It is often important for both sides of an exchange to mutually authenticate. Kerberos currently uses a trusted third party (the Kerberos authentication server) to mediate the exchange of shared secrets between principals in order to authenticate principals to one another.

Access Control

An access control service protects information from disclosure or modification in an unauthorized manner by controlling which principals are granted access. Kerberos does not directly offer this service, although the protocol provides for the inclusion and protection of access control information in messages for use by applications and operating systems.

Nonrepudiation

Nonrepudiation services offer proof to the sender that information was delivered and proof to the recipient as to the origin of the information. Typically, such proof is used by an arbitrator to settle a repudiation-based dispute. For instance, in the case of E-mail between two people or electronic funds transfer between two business entities, a court of law would be the arbitrator that adjudicates repudiation-based disputes that arise. Kerberos offers the basic authentication and integrity services from which a nonrepudiation service could be built. Kerberos does not offer the arbitration services that are required for the complete implementation of such a service.

Availability

Availability services provide an expected level of performance and availability such as error-free bandwidth. Perhaps the best example of an availability problem is a denial of service attack. Consider someone simply disconnecting the cable that connects a network segment to its router. Kerberos does not offer any services to deal with this set of problems.

Summing up, Kerberos is an authentication protocol that has been extended to offer privacy and integrity of network messages. It does not offer protection against traffic analysis or availability services. Since it does offer authentication services, it can serve as a platform on which to build access control and non-repudiation.

APPLYING KERBEROS

The best way to think about Kerberos is as a suite of security services. An individual or program that wants to use Kerberos services must make explicit calls in order to obtain those services. A typical scenario is a user sitting at a workstation who wants to use an application that requires the user to first authenticate himself or herself to the application using Kerberos before the application will respond. First, the user runs a Kerberos utility on the workstation called kinit. Kinit obtains the user’s Kerberos credentials from the Kerberos Authentication Server (AS) and caches them on the user’s workstation. The user’s credentials are now available for any application that demands them.

Here is how this looks for version 4 of Kerberos from MIT under UNIX:

     % kinit
     Zippy Corporation (node 1.zippy.com)
     Kerberos initialization
     kerberos name: george
     Password: a-good-password
     %

For a commercial implementation of version 5 of Kerberos under UNIX, this might look like:

     % kinit
     Password for george@zippy.com: a-good-password
     %

Under VMS, the same operation for version 4 of Kerberos might look like:

     $ KINIT
     Kerberos initialization for “george”
     kerberos name: george
     Password: a-good-password
     $

There are several players in a Kerberos authentication scheme: principals, an AS, and a ticket granting service (TGS). Principals are entities that use Kerberos security services. Principals can be human users or programs — typically users who are logged in at their workstations or the server-based applications that they want to use across the network. The functions of the AS and TGS are usually run on the same machine. This combination of services has come to be called a key distribution center (KDC). (This nomenclature is unfortunate; in cryptographic parlance, a KDC is a center established for the purpose of providing keys to the parties that wish to communicate.) The Kerberos KDC provides a means for authentication between principals.