Well, from a few weeks ago till now I’ve been working, in part-time, at the Microelectronics Students’ Group. I’m involved in the IT team that will make the transition of the whole network to CentOS.

The transition process encompasses the creation of a single sign-on system using MIT KerberosV, although this is not the primary objective: as the network is insecure, built inside the wider network of the College Campus without a router behind it, Kerberos provides a very good authentication and encryption mechanism. The ultimate goal is to encrypt every single communication over the network, thus kerberizing all the network services.

The details of the protocol still evade me a little bit, but the important thing to retain is that the network has a single(or most important) point of failure which is the KDC, Key Distribution Center: this is a server (in fact, it is composed by two, but lets ignore that fact), which shares a Key with every user and machine in the network. This is a point of failure because if the machine where the KDC reside gets compromised, the entire security of the network get compromised as well.

The protocol

So, the authentication of a user is pretty straight-forward: the client enters a pass, hashes it, sends it the the KDC, the KDC compares it to the entry he has in its database. The most interesting part it that if the the authentication is successful, the KDC sends back a session Key, duplicated in two messages: the firs is encrypted with the client’s own password, and the second comes encrypted with another server’s (I’ve skipped a few steps, but let’s imagine this server is one which the user wants to communicate, securely, with) key. Recall that KDC shares secret keys with everyone in the network, so it is capable of creating messages that can only be decrypted by certain machines or users….

At this moment, the user, that may want to communicate with a FTP server, has in his possession 2 messages. He can decrypt one, and from that action he get’s a session key to communicate with the said FTP server. What he is going to do with the second message is simply pass it to the FTP server. Recall, that this server shares a key with KDC, and the message he is about to receive is encrypted with that same key. So, the FTP server can decrypt that message, and gets the same session key that the user previously got. At this moment,  they can both communicate securely over an insecure network, using the session key produced by the KDC.

Once we get to know a little more about the protocol (we need more than what I just described) we are capable of acknowledging why this provides a single sing-on system.

The wikipedia page may provide a little help on this.

So, for now, my job is to implement this system in same machines and document the process, so it can be reproducible when the time comes to move everything to CentOS.

I’m confident that this will let me learn a lot about networks…:)

Thanks.