Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open."— Presentation transcript:

1 Kerberos Jean-Anne Fitzpatrick Jennifer English

2 What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software

3 Why Kerberos? Sending usernames and passwords in the clear jeopardizes the security of the network. Each time a password is sent in the clear, there is a chance for interception.

4 Firewall vs. Kerberos? Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within. Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network security.

5 Design Requirements Interactions between hosts and clients should be encrypted. Must be convenient for users (or they won’t use it). Protect against intercepted credentials.

6 Cryptography Approach Private Key: Each party uses the same secret key to encode and decode messages. Uses a trusted third party which can vouch for the identity of both parties in a transaction. Security of third party is imperative.

7 How does Kerberos work? Instead of client sending password to application server: –Request Ticket from authentication server –Ticket and encrypted request sent to application server How to request tickets without repeatedly sending credentials? –Ticket granting ticket (TGT)

8 How does Kerberos work?: Ticket Granting Tickets

9 How does Kerberos Work?: The Ticket Granting Service

10 How does Kerberos work?: The Application Server

11 Applications Authentication Authorization Confidentiality Within networks and small sets of networks

12 Weaknesses and Solutions If TGT stolen, can be used to access network services. Only a problem until ticket expires in a few hours. Subject to dictionary attack.Timestamps require hacker to guess in 5 minutes. Very bad if Authentication Server compromised. Physical protection for the server.

13 The Competition: SSL

14 Limitation: Scalability Recent modifications attempt to address this problem Public key cryptography for Client Authentication and cross realm authentication Issues are not resolved

15 Questions?

Download ppt "Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
KERBEROS LtCdr Samit Mehra (05IT 6018).

KERBEROS LtCdr Samit Mehra (05IT 6018).
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
KERBEROS www.unix.org.ua/orelly/networking/puis/ch19_06.htm.

KERBEROS
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M030 17 th November, 2008.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Authentication & Kerberos

Authentication & Kerberos

Similar presentations

Ads by Google