Description
Kerberos is a key distribution and user authentication service. It provides a centralized
server to authenticate users to servers and servers to users. There are different
versions of Kerberos, and in this lab, we are going to implement Version 4, which
makes use of DES.
The detailed steps of message exchanges of Kerberos 4
This is from the slide CIS_3319_Chapter_3.5_Kerberos.pdf of this course, and you
can refer to this slide if you need other information, like what each notation stands for.
Task:
This time, it’s an individual project. Firstly, you need to create a chat program
(socket) to establish the communication between client and servers. Basically, you
will need a client C, and two servers, one of them serves as V, the other serves as both
AS and TGS. After establishing the communication, you can send messages step by
step following the order shown in the figure above. In step 3 and 5, you should check
if the received tickets are still valid (do not expire), which will be explained below.
Note that “||” means concatenation.
Some parameter settings:
1. Use these fixed ID in your codes:
IDc = “CIS3319USERID”
IDv = “CIS3319SERVERID”
IDtgs = “CIS3319TGSID”
2. ADc = “127.0.0.1:{port}” {port} here is the port number you use.
3. TS: Use Unix time (aka. Epoch time) in seconds as timestamp.
4. Lifetime2 = 60 and Lifetime4 = 86400 (in seconds)
5. Keys: Kc, Ktgs, Kv are pre-shared keys between C and AS, AS and TGS, TGS and
V, respectively. Similar to lab 1 and 2, generate the keys in advance and load
them in the proper process. The other keys are generated and transmitted on the
fly.
Check the validity of tickets:
In step 3 and 5, TGS and V need to check if the Tickettgs and Ticketv are expired.
For example, if (current Unix time – TS2) <Lifetime2, then Tickettgs is still valid,
otherwise, it’s expired.
Printout:
Your codes are supposed to show the following information on screen for each step
when executed.
step (1): print out the received message on AS side.
step (2): print out the plaintext of the received ciphertext, as well as Tickettgs on C
side.
step (3): print out the received message and validity (valid or not) of Tickettgs on TGS
side.
step (4): print out the plaintext of the received ciphertext, as well as Ticketv on C side.
step (5): print out the received message and validity (valid or not) of Ticketv on V side.
step (6): print out the plaintext of the received ciphertext, which should be TS5+1 on
C side.
Submission:
Submit the following files in a zip onto Canvas.
1. All of your source code files for this lab.
2. A README file including information:
a) which language and external libraries you use.
b) which IDE you use.
c) other details about how to run your code step by step (if any). TAs will look at
and run your code, and check the printouts.
No demo or report needed.
Due: 5pm on April 10.
