Scribd Logo
Upload

Welcome to Scribd!

  • Kerberos: Gurwinder Singh C07323

    Uploaded by

    123hsp
    7 views23 pages
    Kerberos is a network authentication protocol that allows nodes, services, and users to prove their identity to one another in a secure manner. It uses tickets and secret keys provided by a trusted central authority to authenticate users and allow them secure access to services. Kerberos prevents passwords from being sent across networks in clear text, providing stronger authentication security compared to traditional password-based authentication protocols.

    Original Description:

    Original Title

    Seminar

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Kerberos is a network authentication protocol that allows nodes, services, and users to prove their identity to one another in a secure manner. It uses tickets and secret keys provided by a trusted central authority to authenticate users and allow them secure access to services. Kerberos prevents passwords from being sent across networks in clear text, providing stronger authentication security compared to traditional password-based authentication protocols.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views23 pages

    Kerberos: Gurwinder Singh C07323

    Uploaded by

    123hsp
    Kerberos is a network authentication protocol that allows nodes, services, and users to prove their identity to one another in a secure manner. It uses tickets and secret keys provided by a trusted central authority to authenticate users and allow them secure access to services. Kerberos prevents passwords from being sent across networks in clear text, providing stronger authentication security compared to traditional password-based authentication protocols.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    Kerberos

    Gurwinder Singh
    C07323
    What is Kerberos?
    • Developed by MIT
    • Version 4 and 5.
    • Network authentication protocol
    • Shared secret-based strong 3rd party
    authentication
    • Available as open source or in supported
    commercial software
    • Passwords never sent across network
    Why Kerberos?

    •Sending usernames and passwords in


    the clear jeopardizes the security of the
    network.
    •Each time a password is sent in the
    clear, there is a chance for interception
    .
    Firewall vs. Kerberos?
    •Firewalls make a risky assumption: that
    attackers are coming from the outside.
    In reality, attacks frequently come from
    within.
    •Kerberos assumes that network
    connections (rather than servers and
    work stations) are the weak link in
    network security.
    Design Requirements
    •Interactions between hosts and clients
    should be encrypted.
    •Must be convenient for users (or they
    won’t use it).
    •Use of time stamp.
    •Password should not be send over
    network.
    Cryptography Approach
    •Private Key: Each party uses the same
    secret key to encode and decode
    messages.
    •Uses a trusted third party which can
    vouch for the identity of both parties in a
    transaction. Security of third party is
    imperative.
    Ticket
    Granting
    XYZ Service Think “Kerberos Server” Service

    Key
    Distribution
    Center

    Authen-
    Tication
    Service

    Susan’s
    Desktop
    Susan Computer
    Ticket
    Granting
    XYZ Service Represents something Service
    requiring Kerberos
    authentication (web
    server, ftp server, ssh Key
    server, etc…) Distribution
    Center

    Authen-
    Tication
    Service

    Susan’s
    Desktop
    Susan Computer
    Ticket
    Granting
    XYZ Service Service

    Key
    “I’d like to be allowed to Distribution
    get tickets from the Center
    Ticket Granting Server,
    please.
    Authen-
    Tication
    Service

    Susan’s
    Desktop
    Susan Computer
    Ticket
    Granting
    XYZ Service Service
    “Okay. I locked this box with
    your secret password. If you
    can unlock it, you can use its Key
    contents to access my Ticket Distribution
    Granting Service.” Center

    Authen-
    Tication
    Service

    Susan’s
    Desktop
    Susan Computer
    Ticket
    Granting
    XYZ Service Service

    Key
    Distribution
    Center

    Authen-
    Tication
    TGT Service

    ord Susan’s
    myPassw
    Desktop
    Susan Computer
    Because Susan was able to open the box
    (decrypt a message) from the
    TGT Authentication Service, she is now the
    owner of a shiny “Ticket-Granting Ticket”.

    The Ticket-Granting Ticket (TGT) must be


    presented to the Ticket Granting Service in
    order to acquire “service tickets” for use
    with services requiring Kerberos
    authentication.

    The TGT contains no password


    information.
    “Let me prove I am
    Susan to XYZ Service. Ticket
    Granting
    XYZ Service Here’s a copy of my Service
    TGT!”

    Key
    Distribution
    Center

    Authen-
    TGT Tication
    TGT Service

    Susan’s
    use XYZ Desktop
    Susan Computer
    Hey XYZ:
    Susan is Susan. Ticket
    CONFIRMED: TGS
    Granting
    XYZ Service Service
    You’re Susan.
    Here, take this.
    Key
    Distribution
    Center

    Authen-
    Tication
    TGT Service

    Susan’s
    Desktop
    Susan Computer
    Ticket
    Granting
    XYZ Service I’m Susan. I’ll prove
    Service
    it. Here’s a copy of
    my legit service ticket
    for XYZ.
    Key
    Distribution
    Center

    Authen-
    Hey XYZ:
    Hey XYZ: Tication
    Susan is Susan.
    Susan is Susan.
    TGT Service
    CONFIRMED: TGS
    CONFIRMED: TGS

    Susan’s
    Desktop
    Susan Computer
    That’s Susan alright. Let me
    determine if she is
    Ticket
    authorized to use me.
    Granting
    XYZ Service Service

    Hey XYZ:
    Susan is Susan. Key
    CONFIRMED: TGS Distribution
    Center

    Authen-
    Hey XYZ:
    Tication
    Susan is Susan. TGT Service
    CONFIRMED: TGS

    Susan’s
    Desktop
    Susan Computer
    Authorization checks are performed by the XYZ
    service…

    Just because Susan has authenticated herself


    does not inherently mean she is authorized to
    make use of the XYZ service.
    One remaining note:

    Tickets (your TGT as well as service-specific


    tickets) have expiration dates configured by your
    local system administrator(s). An expired ticket is
    unusable.

    Until a ticket’s expiration, it may be used


    repeatedly.
    Ticket
    ME AGAIN! I’ll prove it. Granting
    XYZ Service Service
    Here’s another copy of
    my legit service ticket
    for XYZ.
    Key
    Distribution
    Center

    Authen-
    Hey XYZ:
    Hey XYZ: Tication
    Susan is Susan.
    Susan is Susan.
    TGT Service
    CONFIRMED: TGS
    CONFIRMED: TGS

    Susan’s
    use XYZ Desktop
    Susan Computer
    That’s Susan… again. Let
    me determine if she is
    Ticket
    authorized to use me.
    Granting
    XYZ Service Service

    Hey XYZ:
    Susan is Susan. Key
    CONFIRMED: TGS Distribution
    Center

    Authen-
    Hey XYZ:
    Tication
    Susan is Susan. TGT Service
    CONFIRMED: TGS

    Susan’s
    Desktop
    Susan Computer
    Weaknesses and Solutions
    If TGT stolen, can be used to access Only a problem until ticket expires in a
    network services. few hours.

    Subject to dictionary attack. Timestamps require hacker to guess in 5


    minutes.

    Very bad if Authentication Server Physical protection for the server.


    compromised.
    References

    • www.google.com
    • www.wikipedia.com
    Questions?

    You might also like