Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kerberos: Man’s Best Friend. Introduction and Summary The Authentication Problem Password-Based Authentication Kerberos Comparison Conclusion.

Published byCassandra Walton Modified over 8 years ago

Similar presentations

Presentation on theme: "Kerberos: Man’s Best Friend. Introduction and Summary The Authentication Problem Password-Based Authentication Kerberos Comparison Conclusion."— Presentation transcript:

1 Kerberos: Man’s Best Friend

2 Introduction and Summary The Authentication Problem Password-Based Authentication Kerberos Comparison Conclusion

3 The Authentication Problem Users and Services Who are you? What do you want? Why do you keep touching me?

4 Password-Based Authentication Users and Services Redux Password Files and Hashing One User, One Password, One Service Password Synchronization Methods

5 Kerberos Why the Silly Name? A Bit of History General Aims and Goals

6 Building Security: A Real World Example Authentication: The Guards Know You Services: Why You Don’t Show Your Badge at the Water Cooler

7 Encryption: How to Use Your Password Without Using Your Password Everything is a Number Public-Key vs. Private-Key (Conventional) Passwords = Shared Knowledge

8 Basics of a Kerberos Transaction Son of Users and Services Everybody Gets a Password Centralized Password Authority A Sample Packet: Example Ticket password{user:client:service:expires:time}

9 Session Keys and Services Why Do We Need Session Keys? –Replay Attacks –Passwords != Shared Knowledge –Authenticating the Authenticator A Sample Packet: User Authentication session{username:address} + password{session:user:client:service:expires:time}

10 Ticket-Granting Tickets (And Other Self-Referential Nonsense) Tickets Are a Service Too –Ticket-Granting Servers Grant Tickets –Timestamps Stamp Times –Expiration Expires One User, One Password, Many Services

11 Realms Kerberos’ Scalability Problems Remote Ticket-Granting Servers Hierarchical Encapsulation

12 Why You Should Use Kerberos (An Unbiased Review) Unified Password Schemes and Psychology Synchronization Issues Disappear Secure Passwords are Secure Administrators Save Time and Energy

13 Problems with Kerberos Unified Password Schemes and Psychology Public Terminals and Replay Attacks Supported Applications

14 General Security Problems (Users Aren’t Too Bright) Bad Passwords are Bad Good Passwords are Bad Security Workarounds for Convenience

15 Conclusion: Is Kerberos Right for Me? Size Does Matter (A Little) Predicting the Future for Fun and Profit Windows 2000: Engulfed in Evil

16 Any Questions? Thank you for enduring my presentation. Those of you with questions, please ask them. The rest of you may watch a dancing monkey:

Download ppt "Kerberos: Man’s Best Friend. Introduction and Summary The Authentication Problem Password-Based Authentication Kerberos Comparison Conclusion."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
KERBEROS www.unix.org.ua/orelly/networking/puis/ch19_06.htm.

KERBEROS
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Designing an Authentication System Kerberos; mans best three-headed friend?

Designing an Authentication System Kerberos; mans best three-headed friend?
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M030 17 th November, 2008.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
Authentication & Kerberos

Authentication & Kerberos

Similar presentations

Ads by Google