Author Archive

A Trusted Ticket System for Kerberos

Thursday, September 3rd, 2009 by thardjono

In looking for solutions to deploying Kerberos in different environments I’m always surprised to find interesting work people have done using Kerberos.  A case in point is the Diploma project of Andreas Leicher (at Fraunhofer SIT) on a Kerberos Trusted Ticket System. The proposal put forward in this work is to use the Trusted Platform Module (TPM) hardware to increase the security of the ticket request/issuance process in Kerberos.

For those who don’t follow the efforts of the Trusted Computing Group (TCG), the TPM is a piece of tamper-resistant hardware that is now present in most mid-level to high-end PC computers from all the major OEMs (HP, Dell, Lenovo, etc). The major OEMs have in fact been shipping machines with TPMs for several years now, and the number of TPM’s shipped is today well over 100 million. Its not clear if Apple/MacOS-X has TPM hardware since Apple has not formally declared.  However, bearing in mind that Apple now uses Intel-based hardwares, it should not be surprising if the MacBook Pros also have TPMs.

There are a number of ways that a Kerberos deployment could make use of the TPM on a Client machine or on a KDC machine. The most obvious is to seal the client-side keying material (when not in use) using the TPM, such as the keytab and the credentials cache. Note that currently these are located on the client machine hard-drive, and thus subject to various attacks. In this sealing scenario the TPM is used in its most basic usage-mode, namely a key storage device.  The Kerberos client could simply command the TPM to seal its keying material using a TPM-generated internal key. The resulting (encrypted) blob is returned by the TPM/TSS, and simply placed on the hard-drive or other storage location (e.g. flash).

A more interesting use-case is for the TPM to perform some crypto operations pertaining to Kerberos, such as the encryption/decryption of the relevant parts of a ticket. In this case the TPM could hold the long-term key of the client (and KDC), as well as the session keys. More interestingly though, the TPM could be asked to self-generate the symmetric keys used in Kerberos.  The TPMv1.2 allows keys (upon generation) to be designated as non-migratable, meaning that it is resident and bound to the TPM hardware.  Keys could also be designated as certified migratable, meaning that they could be transferred from one TPM to another TPM using a secure migration protocol. The TCG has published a specification for such a key migration protocol, and a couple of vendors have actually implemented it.

Another use-case is for Kerberos pre-authentication protocols (eg. PKINIT) to use a TPM Certified Signing Key (CSK) to perform the public-key operations related to the pre-auth protocol.  Since a CSK is by definition TPM-resident and is provably bound to a given TPM, the AS/KDC gets the benefits of the certainty that it is speaking with the same TPM.

The solution proposed by Andreas Leicher in his Thesis goes beyond the above ideas, and uses the full potential of the TPMv1.2 (see Chapter 6 of the Thesis).  Among others it is proposing the use of some of the fundamental building blocks in trusted computing:

  • Measurements: Client platform integrity measurements are performed, and the results are reported to the KDC within service-ticket request to the TGS.
  • The TPM Quote is used: The TPM Quote function is called, reporting the status of the Platform Configuration Registers (PCRs) on the Client to the KDC.
  • Signing using AIK: The TPM’s digital signing capabilities are exercised, using the Attestation Identity Keys (AIKs) to signs the measured system state. This signing is part of the TPM reporting behavior and provides integrity protection on the reported measurements as it is delivered from the Client to the KDC.
  • Exercising the Certified Signing Key (CSK):  The TGS uses the TPM CSK key to sign relevant portions of the ticket, thereby ensuring that only the intended TPM can verify (since only that TPM holds the matching RSA private key, which is bound to the TPM hardware).

All in all this is a great Thesis project by Andreas. Its one of those projects that one wishes one had time to do oneself  :-)

Posted in Advanced Kerberos, Cryptography | No Comments »

Welcome to the MIT Kerberos Consortium blog

Tuesday, July 28th, 2009 by thardjono

Welcome to the MIT Kerberos Consortium blog.  The MIT Kerberos Consortium was created to promote and establish Kerberos as a universal authentication platform for the Internet.

Kerberos, originally developed for MIT’s Project Athena, has grown to become the most widely deployed system for authentication and authorization in modern computer networks. Kerberos is currently shipped with all major computer operating systems and is uniquely positioned to become a universal solution to the distributed authentication and authorization problem of permitting universal “single sign-on” within and between federated enterprises and peer-to-peer communities.

The MIT Kerberos Consortium is intended to provide a mechanism by which the numerous organizations that have adopted Kerberos in the last two decades may participate in the continuation of what was previously funded as an internal MIT project. By opening participation in the ongoing Kerberos effort, it will be possible to expand the scope of the work currently performed to encompass numerous important improvements in the Kerberos system, and to engage in much needed evangelism among potential adopters.

Building upon the existing Kerberos protocol suite, we will develop interoperable technologies (specifications, software, documentation and tools) to enable organizations and federated realms of organizations to use Kerberos as the single sign-on solution for access to all applications and services. We will also promote the adoption of these technologies so that ultimately all operating systems, applications, imbedded devices, and Internet based services can utilize Kerberos for authentication and authorization.

Posted in MIT-KC | No Comments »