Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

Published byTobias Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity."— Presentation transcript:

1 1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity protection version 5 changes

2 2 Introduction provides cryptographic authentication for distributed systems –secure authentication –single sign-on –secure data flow used for applications: –telnet, ftp –BSD rtools (rlogin, rsh, rcp) –NFS –Others (pine, eudora, etc.) based on the work of Needham and Schroeder at MIT uses symmetric-key authentication with KDC first three versions are no longer in use, we’ll study versions 4 and 5

3 3 Terms and Configuration configuration –Alice (human) uses secure terminals with no user-related information to access resources over insecure network –Bob (application server) holds the resources –Alice uses KDC to authenticate herself to Bob terms –principal – a user or resource that use Kerberos –master key – a long-term secret shared between KDC and each principal –KDC is also known as Authentication Server (AS) and Ticket Granting Server (TGS), has the database of secrets for the principals, encrypted for security (why?) with KDC’s master key (that KDC shares with no one “for now”) –authenticator – a timestamp encrypted by a key: proves the receiver that the sender knows the key clocks in network need to be somewhat synchronized servers tolerate clock skew (about 5mins)

4 4 Sessions, Keys, Tickets a session is the process of continuous interaction between entities Alice has two types of sessions –with KDC: session proceeds from login to logout –with Bob: when she needs his services, Alice may have multiple sessions with multiple application servers during login keys –K A - Alice’s master key (shared with KDC) and derived from her password –S A - session key with KDC –K AB - session key with Bob –K KDC - KDC’s master key ticket granting ticket (TGT) - a ticket that Alice’s workstation during the session with KDC and presents to KDC to initiate a session with Bob a key + ticket to a certain server is the client credentials to this server –what credentials may Alice have?

5 5 Logging into Network potentially Alice’s workstation can keep K A during Alice’s session with KDC every time Alice needs to talk to Bob –how? –however, it is considered insecure, why? solution: session key and TGT – a ticket that Alice’s workstation keeps and presents to KDC for authentication, TGT contains –S A encrypted with K KDC, –timestamp (validity TGT is limited to a few hours) Alice KDC Alice, pwd K A {S A, TGT} Alice’s terminal Alice needs a TGT dictionary attack is possible, how?

6 6 Accessing a Remote Principal authenticator to KDC is not needed (why?) but makes authentication to KDC similar to authentication to Bob App.Ticket is encrypted with K B, it contains contains: “Alice”, K AB, time the ticket was created, lifetime (to determine when the ticket expires what’s the purpose of Bob’s reply to Alice? after authentication, the traffic between Alice and Bob can optionally be encrypted and integrity protected Alice KDC rlogin Bob S A {“Bob”, K AB, App.Ticket} Alice’s workstation “Alice”, “Bob”, TGT, S A {timestamp} Bob App.Ticket, K AB {timestamp} K AB {timestamp+1}

7 7 Replicated KDCs single KDC is –a performance bottleneck –a single point of failure have multiple replicas of the KDC with the database and the master key any replica can serve as KDC for authentication only one KDC (the master copy) handles the additions & deletions of principals (for consistency) –what happens when a master copy KDC goes down? with what scheme does Kerberos share this vulnerability?

8 8 Multiple Realms single-Realm KDC is not scalable –hard to keep track of principals, –single KDC (even with replicas) is a single point of failure/attack solution: multiple Realms –realm administrators decide what principals to allow interrealm connections –for Alice to connect to Bob, Alice becomes a principal in KDC B ‘s realm Chains longer than two KDCs are not allowed KDC B credentials to KDC B Alice “Alice”, “KDC B ” Bob KDC A credentials to Bob “Alice”, “Bob” request to Bob

9 9 Privacy and Integrity in Kerberos block cipher is DES how to ensure privacy and integrity together? doing it properly requires two passes and two separate keys Kerberos version – plain cipher block chaining (PCBC) –both plaintext and ciphertext are XORed to get the next block of the pad –will not resynchronize if the block is lost or tampered what other stream cipher has this property? –puts a recognizable data at the end of the message to confirm lack of tampering –still has problems – if two blocks are swapped, the tail checks out

10 10 Kerberos v5 Platform-independent specification (ASN.1 –data representation language standardized by ISO) allows non-IP addresses allows non-DES encryption delegation of rights – Alice may request Bob to access principals on other servers on her behalf hierarchy of realms ticket flexibility –renewable tickets –post-dated tickets (tickets valid for some time in the future) a set of integrity- and privacy/integrity-protection algorithms avoids possibility of dictionary attack by pre-authenticating the user –in KDC’s database users are marked as specific principals whose TGT should not be given out without pre-authentication has public-key extensions (e.g., SESAME, Win2000)

Download ppt "1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity."

Similar presentations

ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.

ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller Massachusetts Institute of Technology.

Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller Massachusetts Institute of Technology.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
COEN 350 Kerberos.

COEN 350 Kerberos.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
The Authentication Service ‘Kerberos’ and It’s Limitations

The Authentication Service ‘Kerberos’ and It’s Limitations
Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
KERBEROS www.unix.org.ua/orelly/networking/puis/ch19_06.htm.

KERBEROS
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Similar presentations

Ads by Google