Wednesday, April 19, 2017


Kerberos is an authentication service developed as part of Project Athena at MIT.
The problem that Kerberos addresses is this: Assume an open distributed environment in which users at workstations wish to access services on servers distributed throughout the network. We would like for servers to be able to restrict access to authorized users and to be able to authenticate requests for service. In this environment, a workstation cannot be trusted to identify its users correctly to network
services. In particular, the following three threats exist:
 1. A user may gain access to a particular workstation and pretend to be another user operating from that workstation.
 2. A user may alter the network address of a workstation so that the requests sent from the altered workstation appear to come from the impersonated workstation.
 3. A user may eavesdrop on exchanges and use a replay attack to gain entrance to a server or to disrupt operations.
In any of these cases, an unauthorized user may be able to gain access to services and data that he or she is not authorized to access. Rather than building in elaborate authentication protocols at each server, Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes described in this book, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption.
Two versions of Kerberos are in common use. Version 4 [MILL88, STEI88] implementations still exist. Version 5 [KOHL94] corrects some of the security deficiencies of version 4 and has been issued as a proposed Internet Standard (RFC 4120
and RFC 4121).5
We begin this section with a brief discussion of the motivation for the Kerberos
approach. Then, because of the complexity of Kerberos, it is best to start with a de-
scription of the authentication protocol used in version 4. This enables us to see the
essence of the Kerberos strategy without considering some of the details required to
handle subtle security threats. Finally, we examine version 5.

4“In Greek mythology, a many headed dog, commonly three, perhaps with a serpent’s tail, the guardian of the entrance of Hades.” From Dictionary of Subjects and Symbols in Art, by James Hall, Harper & Row, 1979. Just as the Greek Kerberos has three heads, the modern Kerberos was intended to have three components to guard a network’s gate: authentication, accounting, and audit. The last two heads were never implemented.