By     A.GUNA SEKHAR
Context 1  Introduction2  Aims3  Definition of components and terms  3.1  Realm    3.2  Principal    3.3  Ticket    3.4  E...
Introduction• Network authentication protocol• Developed at MIT in the mid  1980s• Available as open source or in  support...
Why Kerberos• Sending usernames and  passwords in the clear security  problem may raise• Each time a password is sent in  ...
Aims of Kerberos• Password must never travel over network• Password never stored in the client in any  format. It will dis...
Firewall vs. Kerberos?• Firewalls make a risky  assumption: that attackers are  coming from the outside. In  reality, atta...
Terminology we have toknowbefore knowing working ofKerberos
Realm• It indicates Authentication  Administrative Domain• It is used to provide trust relation  ship Between client and s...
Principal• The name is used to give  entries in the authentication  server data base• Principle in Kerberos V will be  lik...
Tickets• Tickets are issued by the  authentication server• these are encrypted using the secret  key of the service they a...
Ticket• The requesting users  principal(username);• The principal of the service it is  intended;• The IP address of the c...
Encryption• Kerberos needs to encrypt and  decrypt the messages (tickets  and authenticators) passing  between the various...
 Key DistributionCenter (KDC)• The authentication server in a  Kerberos environment, based on  its ticket distribution fun...
Kerberos Operation
How does Kerberoswork?: Ticket GrantingTickets
How does KerberosWork?: The TicketGranting Service
How does Kerberoswork?: The ApplicationServer
plications   •   Authentication   •   Authorization   •   Confidentiality   •   Within networks and small       sets of ne...
Weaknesses and SolutionsIf TGT stolen, can be   Only a problemused to access          until ticketnetwork services.       ...
Questions?
THANK YOU
Upcoming SlideShare
Loading in...5
×

Gunaspresentation1

302

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
302
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Gunaspresentation1

  1. 1. By A.GUNA SEKHAR
  2. 2. Context 1  Introduction2  Aims3  Definition of components and terms  3.1  Realm    3.2  Principal    3.3  Ticket    3.4  Encryption    3.5  Key Distribution Center (KDC)4  Kerberos Operation   5  How does Kerberos Work 5.1 TGT (Ticket Granting Ticket) 5.2 TGS (Ticket Granting Service) 5.3 AS (Application Server) 6. Applications 7. Weakness and Solutions
  3. 3. Introduction• Network authentication protocol• Developed at MIT in the mid 1980s• Available as open source or in supported commercial software• Kerberos means dogs in Greek Mythology• This is standard for
  4. 4. Why Kerberos• Sending usernames and passwords in the clear security problem may raise• Each time a password is sent in the clear, there is a chance for interception.• Server stores the password• Client stores the password and name
  5. 5. Aims of Kerberos• Password must never travel over network• Password never stored in the client in any format. It will discarded Immediately• Password never stored in server in an unencrypted format• User id and password may enter only once per session• When a user changes its password, it is changed for all services at the same time
  6. 6. Firewall vs. Kerberos?• Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within.• Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network
  7. 7. Terminology we have toknowbefore knowing working ofKerberos
  8. 8. Realm• It indicates Authentication Administrative Domain• It is used to provide trust relation ship Between client and server and domain and sub domain•  a user/service belongs to a realm if and only if he/it shares a secret (password/key) with the authentication server of that realm.
  9. 9. Principal• The name is used to give entries in the authentication server data base• Principle in Kerberos V will be like this component1/component2/.../componentN@REALM• The instance is optional and is normally used to better qualify
  10. 10. Tickets• Tickets are issued by the authentication server• these are encrypted using the secret key of the service they are intended for•  this key is a secret shared only between the authentication server and the server providing the service, not even the client which requested the ticket can know it or change its contents
  11. 11. Ticket• The requesting users principal(username);• The principal of the service it is intended;• The IP address of the client machine from which the ticket can be used.• The date and time (in timestamp format) when the
  12. 12. Encryption• Kerberos needs to encrypt and decrypt the messages (tickets and authenticators) passing between the various participants in the authentication•  Kerberos uses only symmetrical key encryption 
  13. 13.  Key DistributionCenter (KDC)• The authentication server in a Kerberos environment, based on its ticket distribution function for access to the services, is called Key Distribution Center• KDC Contains the following : Database Authentication Server Time granting server 
  14. 14. Kerberos Operation
  15. 15. How does Kerberoswork?: Ticket GrantingTickets
  16. 16. How does KerberosWork?: The TicketGranting Service
  17. 17. How does Kerberoswork?: The ApplicationServer
  18. 18. plications • Authentication • Authorization • Confidentiality • Within networks and small sets of networks
  19. 19. Weaknesses and SolutionsIf TGT stolen, can be Only a problemused to access until ticketnetwork services. expires in a few hours.Subject to dictionary Timestampsattack. require hacker to guess in 5 minutes.Very bad if PhysicalAuthentication Server protection for thecompromised. server.
  20. 20. Questions?
  21. 21. THANK YOU
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×