Incident Response, Network Security, TDR

‘Devastating flaws’ in Kerberos authentication protocol

With the rise of Software Defined Networking (SDN), cloud and data centrenetwork technologies driving more of our front end mobile computingexperiences, concerns over the legitimacy and robustness of our ‘back end' havearguably never been higher. In this regard, new fears have surfaced relating tothe Kerberos network authentication protocol.

Secret-key cryptography

Kerberos is designed to provide strong authentication for client/serverapplications by using secret-key cryptography. A free implementation of it hasbeen made available by the Massachusetts Institute of Technology (MIT),although Kerberos is available in many commercial products too.

Kerberos is used by default in Windows networks and provides mutualauthentication and authorisation for clients and servers. It does not require theuse of a password or a ‘hash on the wire'; instead it relies on a trusted third partyfor handling.

MIT itself specifies that Kerberos was created by as a solution to networksecurity problems. This protocol's cryptography is supposed to ensure that aclient can prove its identity to a server (and vice versa) across an insecurenetwork connection.

“After a client and server has used Kerberos to prove their identity, they can alsoencrypt all of their communications to assure privacy and data integrity as theygo about their business,” says MIT.

Devastating consequences

According to Computer Security Incident Response Services (CSIRT) hackery,incident response & forensics blogger @dfirblog, “Although, it is considered asecure protocol, it [Kerberos] has some flaws in Windows environments withdevastating consequences.”

In order to follow this story, we need to define a handful of key acronyms:

  • KDC (Key Distribution Center) – a central entity responsible for all authentication tasks.
  • Ticket-Granting Ticket (TGT) – a ticket is granted by the Authentication Server (AS) for user after initial authentication and is necessary to request service tickets.

The root of the attack

So asks @dfirblog, how do we prove to the KDC that we who we are and requesta TGT?

“Well, we just encrypt current timestamp with our secret key. That's what anormal process looks like. So, if we have an access to the key – we can repeat thisprocess on behalf of the user and gain legitimate Kerberos tickets and thusaccess. Essentially skipping the part of Kerberos authentication, where usersecret key is created from his password,” he asserts.

Writing in a white paper dedicated to protecting Kerberosmonitoring, authors Tal Be'ery, sr. security research manager at Microsoft andMichael Cherny, sr. security researcher also at Microsoft say that we know thatGolden Tickets are Kerberos TGTs forged by attackers.

“The attacker can control every aspect of the forged ticket including the Ticket'suser identity, permissions and ticket life time. Attackers typically set GoldenTickets to have an unusually long lifetime, which allows the possessing entity tokeep using them for a long period without renewal. In addition to the lifetime,other important attributes of the ticket are typically forged to achieve othernefarious goals, such as assigning very high permissions, impersonating otherusers and even using non-existing user names,” write Be'ery and Cherny.

Fraser Kyne, principal systems engineer, at Bromium told that trying to protect the Operating System (OS) fromwithin relies on the integrity of all the security layers you put in place – fromencryption to access controls, via protocols and everything in-between.

“Vulnerabilities in any one of these areas becomes the weak link in the securitychain; and a compromise in a single component can be fatal,” said Kyne.“Instead of just ‘defence in depth”, wise CISOs are considering ‘defence indiversity' whereby they de-risk their reliance on each link in the chain. This ismanifested in an increasing focus on isolation. Networks are isolated andsystems are isolated from each other. We're seeing vendors like Microsoft (andourselves at Bromium) moving towards isolation on the endpoints themselvesby using hardware virtualisation. Microsoft can use Credential Guard to stop thesuccessful compromise from stealing the credentials stored on the system; andBromium can use microvirtualization to isolate the initial attack to stop thecompromise in the first place,” he added.

In summary then, @dfirblog claims that, “Mitigation of most of this attacks is notpossible, as this is simply how Kerberos work in Windows environments. For themost part, you need to focus on protecting privileged accounts at all cost,because this is what attackers are after and protecting everyone is not possible.Otherwise you will lose control of your network really fast. The most effectivemitigation at the moment seems to be Protected Users group and CredentialGuard.”

The protocol itself was named after the Greek mythological characterKerberos (or Cerberus), a ferocious three-headed guard dog or hellhound wholived in Hades.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.