SlideShare a Scribd company logo

Chapter 4

Download as PPT, PDF
S
shivz3

Authentication Application

Engineering
1 of 24
Henric Johnson 1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se
Henric Johnson 2 Outline • Security Concerns • Kerberos • X.509 Authentication Service • Recommended reading and Web Sites
Henric Johnson 3 Security Concerns • key concerns are confidentiality and timeliness • to provide confidentiality must encrypt identification and session key info • which requires the use of previously shared private or public keys • need timeliness to prevent replay attacks • provided by using sequence numbers or timestamps or challenge/response
Henric Johnson 4 KERBEROS In Greek mythology, a many headed dog, the guardian of the entrance of Hades
Henric Johnson 5 KERBEROS • Users wish to access services on servers. • Three threats exist: – User pretend to be another user. – User alter the network address of a workstation. – User eavesdrop on exchanges and use a replay attack.
Henric Johnson 6 KERBEROS • Provides a centralized authentication server to authenticate users to servers and servers to users. • Relies on conventional encryption, making no use of public-key encryption • Two versions: version 4 and 5 • Version 4 makes use of DES
Henric Johnson 7 Kerberos Version 4 • Terms: – C = Client – AS = authentication server – V = server – IDc = identifier of user on C – IDv = identifier of V – Pc = password of user on C – ADc = network address of C – Kv = secret encryption key shared by AS an V – TS = timestamp – || = concatenation
Henric Johnson 8 A Simple Authentication Dialogue (1) C  AS: IDc || Pc || IDv (2) AS  C: Ticket (3) C  V: IDc || Ticket Ticket = EKv[IDc || Pc || IDv]
Henric Johnson 9 Version 4 Authentication Dialogue • Problems: – Lifetime associated with the ticket-granting ticket – If too short  repeatedly asked for password – If too long  greater opportunity to replay • The threat is that an opponent will steal the ticket and use it before it expires
Henric Johnson 10 Version 4 Authentication Dialogue Authentication Service Exhange: To obtain Ticket-Granting Ticket (1) C  AS: IDc || IDtgs ||TS1 (2) AS  C: EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs] Ticket-Granting Service Echange: To obtain Service-Granting Ticket (3) C  TGS: IDv ||Tickettgs ||Authenticatorc (4) TGS  C: EKc [Kc,¨v|| IDv || TS4 || Ticketv] Client/Server Authentication Exhange: To Obtain Service (5) C  V: Ticketv || Authenticatorc (6) V  C: EKc,v[TS5 +1]
Henric Johnson 11 Overview of Kerberos
Henric Johnson 12 Request for Service in Another Realm
Henric Johnson 13 Difference Between Version 4 and 5 • Encryption system dependence (V.4 DES) • Internet protocol dependence • Message byte ordering • Ticket lifetime • Authentication forwarding • Interrealm authentication
Henric Johnson 14 Kerberos Encryption Techniques
Henric Johnson 15 PCBC Mode
Henric Johnson 16 Kerberos - in practice • Currently have two Kerberos versions: • 4 : restricted to a single realm • 5 : allows inter-realm authentication, in beta test • Kerberos v5 is an Internet standard • specified in RFC1510, and used by many utilities • To use Kerberos: • need to have a KDC on your network • need to have Kerberised applications running on all participating systems • major problem - US export restrictions • Kerberos cannot be directly distributed outside the US in source format (& binary versions must obscure crypto routine entry points and have no encryption) • else crypto libraries must be reimplemented locally
Henric Johnson 17 X.509 Authentication Service • Distributed set of servers that maintains a database about users. • Each certificate contains the public key of a user and is signed with the private key of a CA. • Is used in S/MIME, IP Security, SSL/TLS and SET. • RSA is recommended to use.
Henric Johnson 18 X.509 Formats
Henric Johnson 19 Typical Digital Signature Approach
Henric Johnson 20 Obtaining a User’s Certificate • Characteristics of certificates generated by CA: – Any user with access to the public key of the CA can recover the user public key that was certified. – No part other than the CA can modify the certificate without this being detected.
Henric Johnson 21 X.509 CA Hierarchy
Henric Johnson 22 Revocation of Certificates • Reasons for revocation: – The users secret key is assumed to be compromised. – The user is no longer certified by this CA. – The CA’s certificate is assumed to be compromised.
Henric Johnson 23 Authentication Procedures
Henric Johnson 24 Recommended Reading and WEB Sites • www.whatis.com (search for kerberos) • Bryant, W. Designing an Authentication System: A Dialogue in Four Scenes. http://web.mit.edu/kerberos/www/dialogue.html • Kohl, J.; Neuman, B. “The Evolotion of the Kerberos Authentication Service” http://web.mit.edu/kerberos/www/papers.html • http://www.isi.edu/gost/info/kerberos/

Recommended

Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
1165839977.pptx
1165839977.pptx1165839977.pptx
1165839977.pptxssuser000e54
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Shumon Huque
 

Recommended

Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
1165839977.pptx
1165839977.pptx1165839977.pptx
1165839977.pptxssuser000e54
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Shumon Huque
 
Chapter 7
Chapter 7Chapter 7
Chapter 7shivz3
 
Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015J.D. Wade
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Kerberos
KerberosKerberos
KerberosRafatSamreen
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideJ.D. Wade
 
module1 network security.pdf
module1 network security.pdfmodule1 network security.pdf
module1 network security.pdfssuser47f7f2
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guideJ.D. Wade
 
Kerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaKerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaJ.D. Wade
 
Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015J.D. Wade
 
kerberos
kerberoskerberos
kerberossameer farooq
 
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015J.D. Wade
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
Kerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetKerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetJ.D. Wade
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windowsniteshitimpulse
 
Kerberos
KerberosKerberos
KerberosMohanasundaram Nattudurai
 
SharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideSharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideJ.D. Wade
 
6. Kerberos.ppt
6. Kerberos.ppt6. Kerberos.ppt
6. Kerberos.pptMadhusatish1
 
Authentication services
Authentication servicesAuthentication services
Authentication servicesGreater Noida Institute Of Technology
 
Kerberos realms & multiple kerberi
Kerberos realms & multiple kerberiKerberos realms & multiple kerberi
Kerberos realms & multiple kerberiManas Nayak
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMhackingtrialpay
 
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...shivz3
 
Bi 7
Bi 7Bi 7
Bi 7shivz3
 

More Related Content

Similar to Chapter 4

Chapter 7
Chapter 7Chapter 7
Chapter 7shivz3
 
Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015J.D. Wade
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideJ.D. Wade
 
module1 network security.pdf
module1 network security.pdfmodule1 network security.pdf
module1 network security.pdfssuser47f7f2
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guideJ.D. Wade
 
Kerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaKerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaJ.D. Wade
 
Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015J.D. Wade
 
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015J.D. Wade
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
Kerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetKerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetJ.D. Wade
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windowsniteshitimpulse
 
SharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideSharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideJ.D. Wade
 
Kerberos realms & multiple kerberi
Kerberos realms & multiple kerberiKerberos realms & multiple kerberi
Kerberos realms & multiple kerberiManas Nayak
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMhackingtrialpay
 

Similar to Chapter 4 (20)

Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
Kerberos
KerberosKerberos
Kerberos
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival Guide
 
module1 network security.pdf
module1 network security.pdfmodule1 network security.pdf
module1 network security.pdf
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guide
 
Kerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaKerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointalooza
 
Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015
 
kerberos
kerberoskerberos
kerberos
 
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 
Kerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetKerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .Net
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windows
 
Kerberos
KerberosKerberos
Kerberos
 
SharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideSharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival Guide
 
6. Kerberos.ppt
6. Kerberos.ppt6. Kerberos.ppt
6. Kerberos.ppt
 
Authentication services
Authentication servicesAuthentication services
Authentication services
 
Kerberos realms & multiple kerberi
Kerberos realms & multiple kerberiKerberos realms & multiple kerberi
Kerberos realms & multiple kerberi
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACM
 

More from shivz3

Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...shivz3
 
Bi 7 (1)
Bi 7 (1)Bi 7 (1)
Bi 7 (1)shivz3
 
Bi (1)
Bi (1)Bi (1)
Bi (1)shivz3
 
Bi (1) (1)
Bi (1) (1)Bi (1) (1)
Bi (1) (1)shivz3
 
Nw sec
Nw secNw sec
Nw secshivz3
 
Chapter 10
Chapter 10Chapter 10
Chapter 10shivz3
 
Chapter 9
Chapter 9Chapter 9
Chapter 9shivz3
 
Chapter 5
Chapter 5Chapter 5
Chapter 5shivz3
 
Chapter 6
Chapter 6Chapter 6
Chapter 6shivz3
 
Chapter 2
Chapter 2Chapter 2
Chapter 2shivz3
 
Chapter 1
Chapter 1Chapter 1
Chapter 1shivz3
 
Chapter 2
Chapter 2Chapter 2
Chapter 2shivz3
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1shivz3
 

More from shivz3 (18)

Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
Influence of-structured--semi-structured--unstructured-data-on-various-data-m...
 
Bi 7
Bi 7Bi 7
Bi 7
 
Bi 7 (1)
Bi 7 (1)Bi 7 (1)
Bi 7 (1)
 
Bi 5
Bi 5Bi 5
Bi 5
 
Bi 4
Bi 4Bi 4
Bi 4
 
Bi 3
Bi 3Bi 3
Bi 3
 
Bi (1)
Bi (1)Bi (1)
Bi (1)
 
Bi (1) (1)
Bi (1) (1)Bi (1) (1)
Bi (1) (1)
 
Bi 6
Bi 6Bi 6
Bi 6
 
Nw sec
Nw secNw sec
Nw sec
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1
 

Recently uploaded

Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 

Recently uploaded (20)

Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 

Chapter 4

  • 1. Henric Johnson 1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se
  • 2. Henric Johnson 2 Outline • Security Concerns • Kerberos • X.509 Authentication Service • Recommended reading and Web Sites
  • 3. Henric Johnson 3 Security Concerns • key concerns are confidentiality and timeliness • to provide confidentiality must encrypt identification and session key info • which requires the use of previously shared private or public keys • need timeliness to prevent replay attacks • provided by using sequence numbers or timestamps or challenge/response
  • 4. Henric Johnson 4 KERBEROS In Greek mythology, a many headed dog, the guardian of the entrance of Hades
  • 5. Henric Johnson 5 KERBEROS • Users wish to access services on servers. • Three threats exist: – User pretend to be another user. – User alter the network address of a workstation. – User eavesdrop on exchanges and use a replay attack.
  • 6. Henric Johnson 6 KERBEROS • Provides a centralized authentication server to authenticate users to servers and servers to users. • Relies on conventional encryption, making no use of public-key encryption • Two versions: version 4 and 5 • Version 4 makes use of DES
  • 7. Henric Johnson 7 Kerberos Version 4 • Terms: – C = Client – AS = authentication server – V = server – IDc = identifier of user on C – IDv = identifier of V – Pc = password of user on C – ADc = network address of C – Kv = secret encryption key shared by AS an V – TS = timestamp – || = concatenation
  • 8. Henric Johnson 8 A Simple Authentication Dialogue (1) C  AS: IDc || Pc || IDv (2) AS  C: Ticket (3) C  V: IDc || Ticket Ticket = EKv[IDc || Pc || IDv]
  • 9. Henric Johnson 9 Version 4 Authentication Dialogue • Problems: – Lifetime associated with the ticket-granting ticket – If too short  repeatedly asked for password – If too long  greater opportunity to replay • The threat is that an opponent will steal the ticket and use it before it expires
  • 10. Henric Johnson 10 Version 4 Authentication Dialogue Authentication Service Exhange: To obtain Ticket-Granting Ticket (1) C  AS: IDc || IDtgs ||TS1 (2) AS  C: EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs] Ticket-Granting Service Echange: To obtain Service-Granting Ticket (3) C  TGS: IDv ||Tickettgs ||Authenticatorc (4) TGS  C: EKc [Kc,¨v|| IDv || TS4 || Ticketv] Client/Server Authentication Exhange: To Obtain Service (5) C  V: Ticketv || Authenticatorc (6) V  C: EKc,v[TS5 +1]
  • 12. Henric Johnson 12 Request for Service in Another Realm
  • 13. Henric Johnson 13 Difference Between Version 4 and 5 • Encryption system dependence (V.4 DES) • Internet protocol dependence • Message byte ordering • Ticket lifetime • Authentication forwarding • Interrealm authentication
  • 14. Henric Johnson 14 Kerberos Encryption Techniques
  • 16. Henric Johnson 16 Kerberos - in practice • Currently have two Kerberos versions: • 4 : restricted to a single realm • 5 : allows inter-realm authentication, in beta test • Kerberos v5 is an Internet standard • specified in RFC1510, and used by many utilities • To use Kerberos: • need to have a KDC on your network • need to have Kerberised applications running on all participating systems • major problem - US export restrictions • Kerberos cannot be directly distributed outside the US in source format (& binary versions must obscure crypto routine entry points and have no encryption) • else crypto libraries must be reimplemented locally
  • 17. Henric Johnson 17 X.509 Authentication Service • Distributed set of servers that maintains a database about users. • Each certificate contains the public key of a user and is signed with the private key of a CA. • Is used in S/MIME, IP Security, SSL/TLS and SET. • RSA is recommended to use.
  • 19. Henric Johnson 19 Typical Digital Signature Approach
  • 20. Henric Johnson 20 Obtaining a User’s Certificate • Characteristics of certificates generated by CA: – Any user with access to the public key of the CA can recover the user public key that was certified. – No part other than the CA can modify the certificate without this being detected.
  • 21. Henric Johnson 21 X.509 CA Hierarchy
  • 22. Henric Johnson 22 Revocation of Certificates • Reasons for revocation: – The users secret key is assumed to be compromised. – The user is no longer certified by this CA. – The CA’s certificate is assumed to be compromised.
  • 24. Henric Johnson 24 Recommended Reading and WEB Sites • www.whatis.com (search for kerberos) • Bryant, W. Designing an Authentication System: A Dialogue in Four Scenes. http://web.mit.edu/kerberos/www/dialogue.html • Kohl, J.; Neuman, B. “The Evolotion of the Kerberos Authentication Service” http://web.mit.edu/kerberos/www/papers.html • http://www.isi.edu/gost/info/kerberos/