Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kerberos 그리스 신화에서 저승의 신 하데스의 문을 지키는 머리가 셋 달린 개

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Kerberos 그리스 신화에서 저승의 신 하데스의 문을 지키는 머리가 셋 달린 개"— Presentation transcript:

1 Kerberos 그리스 신화에서 저승의 신 하데스의 문을 지키는 머리가 셋 달린 개
MIT의 Project Athena 팀에 의해 개발된 인증(authentication) 서비스 커버로스는 제 3의 인증서버를 이용해 사용자간에 인증, 즉, 신분의 확인을 인증서버를 통해 하는 것

2 Access to Services and Servers
사용자는 Kerberos Server 에서 인증 받음 인증 후, Ticket-Granting Server에 서버 접근 권한 요청 얻어낸 Service Ticket을 이용하여 해당 서버에 접근 User U Server Access Request Ticket-Granting Server Service Ticket Session key, Ticket Service Request authentication Unique Key Session Key Kerberos Server Other Server

3 Kerberos 4 entities in Kerberos U (User): A서버에 접근하려 함
KS (Kerberos Server): 사용자 인증 후, ticket 발행 TGS (Ticket-Granting Server): ticket 검사 후 A서버에 접근을 허용하는 ticket 발행 S (Server): A서버 (e.g., 파일 서버, …) Ticket in Kerberos Authenticated token Unforgeable, nonreplayable, authenticated object

4 Kerberos 인증 구성요소 Password 사용자 U의 패스워드. KS(커버로스서버) 에 저장 KKS,TGS
KTGS,S TGS 서버와 서버 S 간의 비밀 키

5 Kerberos Session 의 초기화 User U Kerberos Server Ticket-Granting KKS,TGS
사용자의 ID를 Kerberos Server에 전달 Kerberos Server는 Session Key(S)와 Ticket(TG)를 사용자에 전달하면서, Ticket Granting Server에 Session Key(S)를 등록 User U Kerberos Server Ticket-Granting 1. U’s Identity 2. Session Key (SG) 2. Session Key (SG), Ticket (TG) Encrypted Under Password Encrypted Under KKS,TGS

6 Kerberos 티켓 전달 User U Ticket-Granting Server Encrypted Under SG
초기화 과정에서 얻어낸 Session Key(SG) 와 Ticket(TG) 를 이용하여 Ticket-Granting Server 에 ‘파일 접근 티켓’ 요청 Ticket-Granting Server가 ‘파일 접근 티켓’을 사용자에게 전달 ticket contains U’ id, A’s id, access rights, session key SA, expiration date User U Ticket-Granting Server 2. Ticket to A Server to Access Server A, SA (Encrypted Under KTGS,S), SA 1. Request to Access Server A Encrypted Under SG

7 Kerberos 의 장점 No Password communicated in the network
Protection against spoofing Limited period of validity(8hrs) Timestamps to prevent replay attacks Mutual authentication

8 Kerberos 의 단점 Requires continuous availability of a trusted TGS
Authenticity of servers requires a trusted relationship between the TGS and every server Requires timely transactions

9 Kerberos KERBEROS Kerberos System from MIT
Trusted Third-Party stores all the passwords KERBEROS User Logon Ticket Granting Ticket Authentication Server (AS) Client Ticket Granting Ticket Service Granting Ticket Service Granting Ticket Service for the Client Ticket Granting Server (TG) Application Server

10 Kerberos Authentication Server Client Ticket Granting Server (TG)
ID = ‘Alice’ Alice, Password Client Alice’s Password => K{Alice} Ticket-granting Ticket = EK1 ( ‘Alice’, K{Alice-TG} ) EK{Alice} ( K{Alice-TG}, Ticket-granting Ticket ) Service-granting Ticket EK{Alice-AS} ( Timestamp ) Ticket-granting Ticket EK {Alice-TG} ( Timestamp ) Ticket Granting Server (TG) Application Server (AS) Service-granting Ticket = EK2( ‘Alice’, K{Alice-AS}, ..) EK{Alice-TG} (K{Alice-AS}, Service-granting Ticket )

Download ppt "Kerberos 그리스 신화에서 저승의 신 하데스의 문을 지키는 머리가 셋 달린 개"

Similar presentations

Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller Massachusetts Institute of Technology.

Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller Massachusetts Institute of Technology.
1 Kerberos Anita Jones November, 2006. 2 Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
CS5204 – Operating Systems 1 A Private Key System KERBEROS.

CS5204 – Operating Systems 1 A Private Key System KERBEROS.
A less formal view of the Kerberos protocol J.-F. Pâris.

A less formal view of the Kerberos protocol J.-F. Pâris.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
KERBEROS www.unix.org.ua/orelly/networking/puis/ch19_06.htm.

KERBEROS
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M030 17 th November, 2008.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Kerberos Part 1 CNS 4650 Fall 2004 Rev. 2. The Name Greek Mythology Cerberus Gatekeeper of Hates Only allowed in dead Prevented dead from leaving Spelling.

Kerberos Part 1 CNS 4650 Fall 2004 Rev. 2. The Name Greek Mythology Cerberus Gatekeeper of Hates Only allowed in dead Prevented dead from leaving Spelling.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

Similar presentations

Ads by Google