We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAria Brammell
Modified over 4 years ago
Designing an Authentication System Kerberos; mans best three-headed friend?
What is Kerberos? Kerberos is a network authentication protocol. Its also the name of the three-headed dog in Greek mythology. Yes, it really is spelt with a K. Questions? No? Good.
Background Early 1980s: Timesharing via dumb terminals Central processing and storage Crap for games
Solution? Replace terminals with workstations Network all the machines Use servers for storage and services
Eek! Security! Problem: How does the server know who you are? Authentication by assertion? Solution: Add username & password verification
Multi-password badness Problem: Changing your password Password stored in multiple locations Just remembering the damn thing Sounds like we need a network authentication protocol -)
No, its not Sharon Heres where it starts to get clever: Users have passwords Services have passwords Theres an auth service that knows all passwords. Well call it charon
Charon: first draft Alice wants her mail. She asks charon for a ticket. Charon encrypts her username as ticket. Alice hands ticket to mail service.
Username squiggle? The ticket currently contains: Problem: How does the service know if its decrypted the ticket properly? Solution: Fix the ticket
Stop, thief! Problem: Whats to stop someone stealing your ticket? Solution: Add another field to the ticket
But I already typed it in…! Problem: We have to enter our password once per service Solution: We add a ticket-granting service, well call it bob.
Bob? Eh? Heres how it works: You request a ticket from charon for bob. You can now repeat steps 2&3 for as many services as you like. This ticket is called the ticket-granting ticket. Catchy eh?
I saw that! Problem: The password is still being sent in plain text. Eek. Solution: Tweak more stuff.
Thievery, again Problem: Someone can steal your ticket, and fake your username and address after youve fled home. Solution: Add an expiry time to the ticket.
Twas nae me, officer Problem: Someone could use your ticket before it expires. Well, lets look at whats happening.
It honestly wasnt Solution: Add a session key. Charon creates a random password for the session and adds it to the reply.
So, um, hows this work? Like this: Alice sends 2 things to the mail service: –The service ticket –Her username and address, encrypted with the session key (a.k.a., the authenticator)
And thats pretty much it, folks. My thanks to Bill Bryant This Man Needs Sleep Notes to self: replay, bones, lanman, agnosticism, forwarding, mutual auth
1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
The Authentication Service ‘Kerberos’ and It’s Limitations
A less formal view of the Kerberos protocol J.-F. Pâris.
Chapter 10 Real world security protocols
KERBEROS LtCdr Samit Mehra (05IT 6018).
KERBEROS A NETWORK AUTHENTICATION PROTOCOL Nick Parker CS372 Computer Networks.
1 Authentication Applications Ola Flygt Växjö University, Sweden
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
© 2018 SlidePlayer.com Inc. All rights reserved.