Presentation is loading. Please wait.

Presentation is loading. Please wait.

Designing an Authentication System Kerberos; mans best three-headed friend?

Published byAria Brammell Modified over 10 years ago

Similar presentations

Presentation on theme: "Designing an Authentication System Kerberos; mans best three-headed friend?"— Presentation transcript:

1 Designing an Authentication System Kerberos; mans best three-headed friend?

2 What is Kerberos? Kerberos is a network authentication protocol. Its also the name of the three-headed dog in Greek mythology. Yes, it really is spelt with a K. Questions? No? Good.

3 Background Early 1980s: Timesharing via dumb terminals Central processing and storage Crap for games

4 Solution? Replace terminals with workstations Network all the machines Use servers for storage and services

5 Eek! Security! Problem: How does the server know who you are? Authentication by assertion? Solution: Add username & password verification

6 Multi-password badness Problem: Changing your password Password stored in multiple locations Just remembering the damn thing Sounds like we need a network authentication protocol -)

7 No, its not Sharon Heres where it starts to get clever: Users have passwords Services have passwords Theres an auth service that knows all passwords. Well call it charon

8 Charon: first draft Alice wants her mail. She asks charon for a ticket. Charon encrypts her username as ticket. Alice hands ticket to mail service.

9 Username squiggle? The ticket currently contains: Problem: How does the service know if its decrypted the ticket properly? Solution: Fix the ticket

10 Stop, thief! Problem: Whats to stop someone stealing your ticket? Solution: Add another field to the ticket

11 But I already typed it in…! Problem: We have to enter our password once per service Solution: We add a ticket-granting service, well call it bob.

12 Bob? Eh? Heres how it works: You request a ticket from charon for bob. You can now repeat steps 2&3 for as many services as you like. This ticket is called the ticket-granting ticket. Catchy eh?

13 I saw that! Problem: The password is still being sent in plain text. Eek. Solution: Tweak more stuff.

14 Thievery, again Problem: Someone can steal your ticket, and fake your username and address after youve fled home. Solution: Add an expiry time to the ticket.

15 Twas nae me, officer Problem: Someone could use your ticket before it expires. Well, lets look at whats happening.

16 It honestly wasnt Solution: Add a session key. Charon creates a random password for the session and adds it to the reply.

17 So, um, hows this work? Like this: Alice sends 2 things to the mail service: –The service ticket –Her username and address, encrypted with the session key (a.k.a., the authenticator)

18 And thats pretty much it, folks. My thanks to Bill Bryant This Man Needs Sleep Notes to self: replay, bones, lanman, agnosticism, forwarding, mutual auth

Download ppt "Designing an Authentication System Kerberos; mans best three-headed friend?"

Similar presentations

1 Kerberos Anita Jones November, 2006. 2 Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
A less formal view of the Kerberos protocol J.-F. Pâris.

A less formal view of the Kerberos protocol J.-F. Pâris.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
KERBEROS LtCdr Samit Mehra (05IT 6018).

KERBEROS LtCdr Samit Mehra (05IT 6018).
KERBEROS A NETWORK AUTHENTICATION PROTOCOL Nick Parker CS372 Computer Networks.

KERBEROS A NETWORK AUTHENTICATION PROTOCOL Nick Parker CS372 Computer Networks.
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M030 17 th November, 2008.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Similar presentations

Ads by Google