Wednesday, November 10, 2021

Kerberos Version 4 Message Exchange

     Kerberos Version 4 Message Exchange Scenario


Figure : Kerberos Version 4 Message Exchange Scenario

Step – 1: The client sends a message to the AS requesting access to the TGS. It includes a timestamp, so that the AS knows that the message is timely.

Step – 2: The AS responds with a message, encrypted with a key derived from the user’s password (KC), that contains the ticket. The encrypted message also contains a copy of the session key, KC, tgs, where the subscripts indicate that this is a session key for C and TGS. Because this session key is inside the message encrypted with KC, only the user’s client can read it. The same session key is included in the ticket, which can be read only by the TGS. Thus, the session key has been securely delivered to both C and the TGS.

Step – 3: C sends TGS a message that includes the ticket plus the ID of the requested service. In addition, C transmits an authenticator, which includes the ID and address of C’s user and a timestamp. The TGS uses the session key to decrypt the authenticator. The TGS can then check the name and address from the authenticator with that of the ticket and with the network address of the incoming message. If all match, then the TGS is assured that the sender of the ticket is indeed the ticket’s real owner.

Step – 4: Reply message from TGS is encrypted with KC, tgs and includes a session key to be shared between C and the server V, the ID of V, and the timestamp of the ticket. The ticket itself includes the same session key.

Step – 5: When C sends ticket and an authenticator. The server can decrypt the ticket, recover the session key, and decrypt the authenticator.

Step – 6: The server returns the value of the timestamp from the authenticator, incremented by 1, and encrypted in the session key. C can decrypt this message to recover the incremented timestamp. Because the message was encrypted by the session key, C is assured that it could have been created only by V. The contents of the message assure C that this is not a replay of an old reply.

Summery of Kerberos version 4 message exchange scenario

To learn more about Kerberos Version 4 message exchange, Click here

   Watch more videos click here.

No comments:

Post a Comment