The main goal of the project will be to identify potential weaknesses in Kerberos implementation and/or configuration. We will try to explore diffrent deployments and examine the current usage of Kerberos in the real world. After identifying potential problems with past and current versions of Kerberos, we will perform an automated assesment of a network and/or configuration file for a specific deployment. The result from this assesment will be a report listing potential security problems and proposing a solution.
Kerberos is an authentication and authorization protocol developed at MIT. It is widely used form of distributed authentication popular amogst educational and financial institutions as well as big enterprises and Fortune 500 companies. Microsoft chose Kerberos as the base protocol for building their Active Directory infrastructure that helps administrators protect sensitive data and secure their networks.
Kerberos attracts interest with the fact that it is a one time authentication service, which allows the user to log in once and use all of the services provided on a network, without the need to reauthenticate. It also prevents people that sniff the network traffic from obtaining user credentials, since the authentication data (passwords) are not transmitted in clear text, rather an encryption algorithm is used to protect the data on the network. Kerberos use tickets that are being passed around the network whenever a user wants to get access to a specific service. This means that user credentials are stored in a central location (the Kerberos Authentication Server) and are not being exposed on the network.
Many existing deployments of Kerberos, including the Microsoft Active Directory implementation are insecure. There are different reasons for this, but main ones are misconfiguration, old version of the protocol in use, or weak encryption algorithm.
There currently exist several known attacks against Kerberos.
The goal of the project is to build a tool to asses the security of a particular Kerberos deployment. The tool will work in two distinct modes. One mode will inspect Kerberos configuration files to spot possible problems and suggest solutions, where the other mode will try to deduce the configuraion based on network traffic without knowledge or access to the configuraion files and policies.
Each configuration option will be mapped onto a premise. This will allow us to combine premises and form conclusion based on them about the security of the current installation being analyzed. Also each security property that Kerberos offers will be evaluated and combined with the premises in order to determine if any of the properties are being violated by specific configuration options.
Our project will not inherently deliver any security properties, rather it will assess security properties of other software, namely Kerberos.
We currently are researching how Kerberos works and trying to come up with methods to formaly evaluate its security properties in a particular installation.