What is Kerberos in information security?

Information SecuritySafe & SecurityData Structure

Kerberos is a network authentication protocol designed to support powerful authentication for client/server applications using secret-key cryptography. Kerberos provides the largest level of security to network resources.

Kerberos was produced by MIT as a solution to these network security issues. The Kerberos protocol uses powerful cryptography so that a user can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to determine their identity, they can also encrypt all of their communications to provide privacy and data integrity as they go about their business.

Kerberos is openly accessible from MIT, under copyright authorization very same those used for the BSD operating framework and the X Window System. MIT supports Kerberos in source form so that anyone who need to use it can view over the code for themselves and provide themselves that the code is trustworthy. Furthermore, for those who prefer to base on a professionally supported product, Kerberos is available as a product from some multiple vendors.

Kerberos apply a client/server architecture and supports user-to-server authentication instead of host-to-host authentication. In this model, security and authentication will be depends on secret key technology where each host on the network has its own secret key.

The Kerberos Server/KDC has two main functions including the Authentication Server (AS) and Ticket-Granting Server (TGS). The steps in creating an authenticated session between an application client and the application server are −

  • The Kerberos client software creates a connection with the Kerberos server’s AS function. The AS first authenticates that the client is who it meaning to be. The AS supports the client with a secret key for this login session (the TGS session key) and a Ticket-granting Ticket (TGT), which provides the client permission to talk to the TGS. The ticket has a limited lifetime so that the authentication process is repeated systematically.

  • The client communicates with the TGS to acquire the Application Server’s key so that it (the client) can create a connection to the service it wants. The client supplies the TGS with the TGS session key and TGT. The TGS acknowledge with an Application Session Key (ASK) and an encrypted form of the Application Server’s secret key. This secret key is never transmitted on the network in multiple form.

  • The client has authenticated itself and can determine its identity to the Application Server by supplying the Kerberos ticket, application session key, and encrypted Application Server secret key. The Application Server responds with same encrypted data to authenticate itself to the client. Then the client can originate the intended service requests such as Telnet, FTP, HTTP, or e-commerce transaction session establishment.

Updated on 07-Mar-2022 07:38:00