Kerberos Authentication Protocol
Upcoming SlideShare
Loading in...5
×
 

Kerberos Authentication Protocol

on

  • 2,183 views

 

Statistics

Views

Total Views
2,183
Slideshare-icon Views on SlideShare
2,183
Embed Views
0

Actions

Likes
0
Downloads
120
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Kerberos Authentication Protocol Kerberos Authentication Protocol Presentation Transcript

    • KerberosAuthenticationProtocolASHOK BASNET (066BCT505)BIBEK SUBEDI (066BCT506)DINESH SUBEDI (066BCT512)
    • What is Kerberos  Network authentication protocol  Developed at MIT in the mid 1980s  Available as open source or in supported commercial software
    • Kerberos vs Firewall  Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within.  Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network security.
    • Why Kerberos  Sending usernames and passwords in the clear jeopardizes the security of the network.  Each time a password is sent in the clear, there is a chance for interception.
    • Architecture It consists of following 3 components1. Client2. Authentication Server or Key Distribution Server (KDC)3. ServerAnd has 3 main exchanges1. Authentication Service (AS) Exchange2. Ticket Granting Service (TGS) Exchange3. Client Server (CS) Exchange
    • AS Exchange Exchange between client and Authentication Server (KDC) Client sends KRB_AS_REQ msg to KDC specifying credentials it wants Server replies with msg KRB_AS_REP containing the ticket and session key The Session key is encrypted with client’s secret key The TGT is encrypted with server’s secret key The encryption type is DES by default
    • TGS Exchange Is used to obtain additional tickets for the servers. Doesn’t need client’s secret key for encryption Transparent to the user TGS must have access to all secret keys But encrypts the ticket using server’s secret key Client sends KRB_TGS_REQ to the TGS server Server replies KRB_TGS_REP to the client with ticket
    • CS Exchange Client contacts with the real server Client sends KRB_AP_REQ to the server specifying the service Server validates client by decrypting ticket with server’s secret key and decrypting authenticator with sessions key contained in ticket Server optionally replies with KRB_AP_REP
    • Implementation Athena Project at MIT Microsoft WIndows
    • Limitations Only provides authentication Central Authentication server Cannot migrate existing password hashes into the Kerberos database Authentication is only as good as the users password Assumes relatively secure hosts on an insecure network Strict time requirements Complicates virtual hosting