International Journal of Network Security, Vol.12, No.3, PP.159{170, May 2011 159 An Authentication Protocol Based on Kerberos 5 Eman El-Emam 1, Magdy Koutb 2, Hamdy Kelash 3, and Osama S. Faragallah 3 (Corresponding author: Osama S. Faragallah) Egyptian Space Program, National Authority for Remote Sensing and Space Sciences 1 El-Nozha El-Gedeeda, Cairo, Egypt Department of Industrial Electronics & Control, Faculty of Electronic Engineering, Menouf, Egypt 2 Department of Computer Science & Engineering, Faculty of Electronic Engineering, Menouf, Egypt 3 (Email: fademahmo, [email protected]) (Received Aug. 6, 2009; revised and accepted Feb. 12, 2010) Abstract rights can be assigned to individuals. Authentication is a service related to identi¯cation. It is a fundamental We introduce some modi¯cations to the widely deployed building block for a secure networked environment. If a Kerberos authentication protocol. The principle's secret- server knows the identity of a client, it can decide whether key will be independent of the user password to overcome to provide the service, whether the user should be given the weak passwords chosen by the network principal that special privileges, and so forth. In other words, autho- are susceptible to password guessing attacks, the main rization and accounting schemes can be built on top of drawback of the Kerberos protocol. Instead, the Kerberos authentication resulting in the required security to the Distribution Center saves a pro¯le for every instance in computer network system. its realm to generate the principle's secret-key by hashing Protocols play a major role in cryptography and are es- the pro¯le, and encrypting the output digest. Besides, sential in meeting cryptographic goals. We need protocols the lifetime of the secret-key is controlled using the sys- to apply cryptographic algorithms and techniques among tem clock. Triple-Des is used for encryption, SHA-256 for the communicating parties. Encryption schemes, hash hashing, and Blum Blum Shub for random number gen- functions, and random number generation are among the eration. primitives which may be utilized to build a protocol. A Keywords: Access control, authentication protocols, au- cryptographic protocol is a distributed algorithm de¯ned thorization, computer network security, Kerberos by a sequence of steps precisely specifying the actions re- quired of two or more entities to achieve a speci¯c secu- rity objective. The whole point of using cryptography in 1 Introduction a protocol is to detect or prevent attacks. We will begin with describing the motivation for the An elaborate set of protocols and mechanisms have been Kerberos approach and its environment in Section 2. created to deal with information security issues. The tech- Then, we will present a brief overview of the related work nical means to achieve information security in an elec- in Section 3. After that, we will outline the Kerberos tronic society are provided through cryptography. The messages exchange and we will analyze the publicly re- cryptography is the study of mathematical techniques leased versions of Kerberos Version 4 and Version 5 in related to aspects of information security such as con¯- Section 4. While in Section 5, we will discuss the Ker- dentiality, data integrity, access control, and authentica- beros drawbacks. Then, in Section 6, we will examine the tion. Con¯dentiality is a service used to keep the contents details used in our proposed implementation, address its of information from all but those authorized to have it. associated database, comparing it with the previous ver- There are numerous approaches to provide con¯dentiality, sions, list its security properties and describe our testing e.g. the mathematical algorithms which render data un- environment and our testing results. Finally, we will sum- intelligible. Data integrity is a service that addresses the marize our conclusions and our future work in Section 7. unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes in- 2 Motivation sertion, deletion, and substitution. Access control is the ability to limit the access to authorized users and appli- Today, more common in computer network architec- cations. To achieve this, each entity trying to gain access ture is a distributed architecture consisting of dedicated must ¯rst be identi¯ed, or authenticated, so that access user workstations (clients) and distributed or centralized International Journal of Network Security, Vol.12, No.3, PP.159{170, May 2011 160 servers. In this environment, network connections to 3.2 Kerberos Security other machines are supported. Thus, we need to pro- tect user information and resources housed at the server. Security of Kerberos has been analyzed in many works, The authentication service in these environments can be e.g. [1, 2, 3, 10, 21, 23] and [24]. Most commonly analyzes achieved by using Kerberos. It is one of the most widely identify certain limitations of Kerberos and sometimes used authentication protocols. It addresses an open dis- propose ¯xes. This leads to the evolution of the proto- tributed environment in which users at workstations wish col when a new version patches the known vulnerabilities to access services on servers distributed throughout the of the previous versions. The current version Kerberos V5 network. is already being revised and extended [14, 18], and [17]. Butler, Cervesato, Jaggard, and Scedrov have analyzed Kerberos employs one or more Kerberos servers (KDC: portions of the current version of Kerberos and have for- Kerberos Distribution Center) to provide an authentica- mally veri¯ed that the design of Kerberos' current version tion service. The overall scheme of Kerberos is that of meets the desired goals for the most parts [6]. Boldyreva a trusted third party that uses a protocol based on that and Kumar at 2007 take a close look at Kerberos' encryp- proposed by Needham and Schroeder [12]. It is trusted tion and con¯rm that most of the options in the current in the sense that clients and servers trust Kerberos to version provably provide privacy and authenticity [4]. mediate their mutual authentication. Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Most of the se- 3.3 Kerberos Applications cure routing protocols rely on public key infrastructures Kerberos is also used in wireless applications. Erdem pro- (PKI) to authenticate communicating nodes. Although posed a high speed 2G wireless authentication systems PKI is secure, it is based on asymmetric cryptography based on Kerberos [7]. He used DES, 3DES and AES as and hence requires excessive processing and communica- secret-key crypto algorithms. He also used SHA-1 mes- tion resources [8]. This resource hungry feature makes sage digest algorithm to hash the message blocks. Besides, PKI based systems more susceptible to Denial of Service Pirzada and McDonald discuss how Kerberos is used for attacks. In contra authentication in mobile ad-hoc networks [16]. Kerberos is also introduced to be used in IPv6 net- works. Sakane, Okabey, Kamadaz, and Esakix describe 3 Related Work a method to establish secure communication using Ker- beros in IPv6 networks [19]. They propose a mechanism 3.1 Kerberos History to achieve access control using Kerberos and to deal with address resolution using Kerberos with modi¯cation. Massachusetts Institute of Technology (MIT) developed Nitin et al. present an image based authentication sys- Kerberos to protect network services provided by Project tem using Kerberos protocol at 2008 [15]. That paper is Athena. Several versions of the protocol exist; versions a comprehensive study on the subject of using images as 1-3 occurred only internally at MIT. Many members of a password and the implementation of Jaypee University Project Athena contributed to the design and implemen- of Information Technology (JUIT) Image Based Authen- tation of Kerberos [13]. In [5] there is a dialogue that tication (IBA) system called as JUIT-IBA using Kerberos was written in 1988 to help its readers understand the protocol. fundamental reasons for why the Kerberos V4 protocol Kerberos has grown to become the most widely was the way it was. It was amazing how much this di- deployed system for authentication and authorization alogue was still applicable for the Kerberos V5 protocol. in modern computer networks. Kerberos is currently Although many things were changed, the basic core ideas shipped with all major computer operating systems and of the protocol have remained the same. Miller and Neu- is uniquely positioned to become a universal solution to man are the primary designers of Kerberos Version 4 with the distributed authentication and authorization problem contributions from Saltzer and Schiller [22]. They pub- of communicating parties [9]. lished that version in the late 1980s, although they had targeted it primarily for Project Athena. Version 5, de- signed by Kohl and Neuman, appeared as RFC 1510 in 4 Kerberos Overview 1993 [11] (made obsolete by RFC 4120 in 2005 [14]), with the intention of overcoming the limitations and security 4.1 Kerberos Authentication Dialogue problems of version 4. In 2007, MIT formed the Kerberos Consortium along The Kerberos protocol allows a client to repeatedly be with some of the major vendors and users of Kerberos authenticated to multiple servers assuming that there is such as Sun Microsystems, Apple, Google, Microsoft, etc., a long-term secret key shared between the client and to foster continued development. The MIT Kerberos Con- Kerberos infrastructure. The client long-term secret key sortium was created to establish Kerberos as the univer- was generated using the client's password ([20] describes sal authentication platform for the world's computer net- the password to key transformation technique that is works. presented by the standard speci¯cation). A simpli¯ed International Journal of Network Security, Vol.12, No.3, PP.159{170, May 2011 161 overview of the Kerberos actions is shown in Figure 1.