Search in ISMS Guides


Saturday, July 28, 2007


Kerberos is a trusted, third party authentication protocol that was developed under
Project Athena at MIT. In Greek mythology, Kerberos is a three-headed dog that guards
the entrance to the Underworld.

Using symmetric key cryptography, Kerberos authenticates clients to other entities on a
network of which a client requires services. The rationale and architecture behind
Kerberos can be illustrated by using a university environment as an example. In such
an environment, there are thousands of locations for workstations, local networks, and
PC computer clusters. Client locations and computers are not secure, thus one cannot
assume the cabling is secure. Messages, therefore, are not secure from interception.
However, a few specific locations and servers can be secured and can serve as trusted
authentication mechanisms for every client and service on that network. These
centralized servers implement the Kerberos-trusted Key Distribution Center (KDC),
Kerberos Ticket Granting Service (TGS), and Kerberos Authentication Service (AS).
Windows 2000 provide Kerberos implementations.

The basic principles of Kerberos operation are as follows:
1. The KDC knows the secret keys of all clients and servers on the
2. The KDC initially exchanges information with the client and server
by using these secret keys.
3. Kerberos authenticates a client to a requested service on a server
through TGS, and by issuing temporary symmetric session keys
for communications between the client and KDC, the server and
the KDC, and the client and server.
4. Communication then takes place between the client and the
server using those temporary session keys.

No comments: