Scribd
Upload
109 views12 pages

Kerberos Authentication Protocol

Kerberos is a network authentication protocol that allows clients to securely prove their identity to servers across an insecure network. It uses tickets and symmetric encryption to authenticate users. When a client logs in, the authentication server (AS) issues them a ticket-granting ticket (TGT) encrypted with the ticket-granting server's (TGS) key. The client can then use the TGT to request service tickets from the TGS to access specific servers, like a file server. Service tickets contain the client's identity and a session key to securely communicate with that server. This process prevents passwords from being sent in the clear and allows for mutual authentication between clients and servers.

Uploaded by

Ananya Tiwari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
109 views12 pages

Kerberos Authentication Protocol

Kerberos is a network authentication protocol that allows clients to securely prove their identity to servers across an insecure network. It uses tickets and symmetric encryption to authenticate users. When a client logs in, the authentication server (AS) issues them a ticket-granting ticket (TGT) encrypted with the ticket-granting server's (TGS) key. The client can then use the TGT to request service tickets from the TGS to access specific servers, like a file server. Service tickets contain the client's identity and a session key to securely communicate with that server. This process prevents passwords from being sent in the clear and allows for mutual authentication between clients and servers.

Uploaded by

Ananya Tiwari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

KERBEROS

AUTHENTICATION
PROTOCOL
BY:- SEJAL (CSE 5TH SEMESTER)
Roll No:- 2016265
Smart Card ID:- BTBTC20122
INTRODUCTION
WHAT IS KERBEROS?

Kerberos is a computer network security protocol


that authenticates service requests between two
or more trusted hosts across an untrusted network,
like the internet.

THE WORKING OF KERBEROS:

• ALICE – The client workstation


• AUTHENTICATION SERVER (AS) – Verifies the user during login
• TICKET GRANTING SERVER (TGS) – Issues tickets to certify proof of identity
• BOB – Server offering services such as file sharing or application program
ARCHITECTURE
Working of Kerberos
STEP 1: LOGIN
It first creates a user name (Alice) package
and a randomly generated session key (KS). It
encrypts this package with the symmetric key
that the AS shares with the Ticket Granting
Server (TGS). This output of this step is called
the Ticket Granting Ticket (TGT). Alice LOGIN

Id = Alice
NOTE:-
• TGT can only be opened by TGS
• The final output can only be opened
AS
by Alice.
• Alice cannot open the TGT.
Formation of TGT
SESSION
ALICE KEY
A SYMMETRIC KEY
(KS)
SHARED WITH THE
TGS

ENCRPYT

OUTPUT*
Alice

TGT
AS
TGT
SESSION
KEY (AS) SENDS BACK ENCRYPTED
(KS) (KS) AND (TGT) TO ALICE

KS + TGT

THE SYMMETRIC KEY DERIVED


ENCRYPT
FROM ALICE PASSWORDS (KA)

OUTPUT*
STEP 2: Obtaining a Service Granting Ticket (SGT)
Timestamp

ENCRYPT SESSION KEY (KS) Alice Request for SGT

OUTPUT*

ENCRYPTED TGS
TIMESTAMP TGT BOB
(ET)

ALICE SENDS A REQUEST


OUTPUT* FOR AN (SGT) TO THE (TGS)
OUTPUT*
ALICE KAB Alice

TGS
ENCRYPT B’S SECRET KEY

BOB KAB

ENCRYPT SESSION KEY (KS)

OUTPUT*
TGS sends response back to Alice
STEP 3: USER CONTACTS BOB FOR ACCESSING THE SERVER
Timestamp
Alice Sending KAB

OUTPUT*

SECRET KEY TO BE
ENCRYPT SHARED BY ALICE AND
BOB
BOB (KAB)
Alice had received this
from TGS

ENCRYPTED
(ALICE + KAB) ENCRYPTED WITH
TIMESTAMP
BOB’S SECRET KEY
(ET)

OUTPUT* Alice sends KAB securely to Bob


Time stamp sent
by Alice Alice ACKNOWLEDGING (KAB)

ENCRYPTED TIME
STAMP
(ET)*
Bob
ENCRYPT
Secret key shared by
Alice and Bob
(KAB)

ENCRYPTED
TIME STAMP
(ET)*

Bob acknowledges the receipt of KAB


ADVANTAGES
• Passwords are never sent across the network unencrypted.
• Clients and application service mutually authenticated.
• Tickets have a limited lifetime.
• Authentications through the Authentication Server (AS) only has to
happen once.

DISADVANTAGES
• Kerberos only provides authentication for clients and services.
• Vulnerable to users making poor password choices.
CONCLUSION
From this presentation we got to know a detail working of the Kerberos protocol. The
Kerberos protocol is a trusted third party authentication protocol which basically
authenticates the client with the help of the authentication server (AS) and issues a
Ticket Granting Ticket (TGT) to the client, it also issues service ticket to the client. With
the help of the service ticket, client can directly communicate with the server. It provides
The reliable communication over the distributed environment by identifying the client
identities. It is a protocol which authenticates its client with the help of Ticket system.

REFERENCES
• Atul Kahate:- “Cryptography and Network Security” – Mc Graw Hill India(2013)
• https://www.techtarget.com/searchsecurity/definition/Kerberos
• https://www.ijert.org/research/kerberos-protocol-a-review-IJERTV4IS040843.pdf
• https://www.freecodecamp.org/news/how-does-kerberos-work-authentication-protocol/

You might also like