SlideShare a Scribd company logo

Towards Securing Computer Network Environment By Using Kerberos-based Network Authentication Protocol

Download as PPTX, PDF
F
FATIN FAZAIN MOHD AFFANDI

Final Year Project Presentation 1

Education
1 of 39
TOWARDS SECURING COMPUTER NETWORK ENVIRONMENT BY USING KERBEROS-BASED NETWORK AUTHENTICATION PROTOCOL
Hello! FATIN FAZAIN BINTI MOHD AFFANDI Presentation of Final Year Project 1 BTBL15040127 Bachelor of Computer Science (Network Security) with Honours DR. AHMAD NAZARI BIN MOHD ROSE
Introduction1
◇ Authorized user VS Unauthorized user ◇ Data access control been taken by who ? ◇ Password attacks ( eg : MITM attack (Ettercap), Packet sniffing (Wireshark etc) ------ Gain username and password ◇ Need a secure authentication network protocol when transmitting password over an insecure network
◇ Proposed environment ? ◇ How authentication protocol works? ◇ How to test out the protocol in real-world settings ? (Configuring it in the UniSZA’s network)
Authentication Protocol A type of computer communications protocol / cryptographic protocol that are specifically designed for transferring of authentication data between two entities.
Problem statements2
1) An unauthorized user is accessing the data without the permission of authorized user, making the security, integrity and confidentiality of the data to be broken. 2) An intruder can easily intercept the network and gain the password easily using the sniffing tools available as the password is sent in a plaintext format and not being encrypted.
Objectives3
1) To study Kerberos-based network protocol. 2) To configure a pragmatic way of network protocol. 3) To test and evaluate the network authentication protocol in real- world settings.
LET’S GO TO THE NEXT SLIDE 
Literature review4
Gray Password Authentication Protocol (PAP) Black
Gray Challenge Handshake Authentication Protocol (CHAP) Black
Gray Kerberos Black
Literature Review AUTHOR / YEAR DESCRIPTION ADVANTAGES Santosh Khamitkar, Yaser Fuad Al-Dubai, Parag Bhalchandra, Pawan Wasnik / June 2015 Kerberos Authentication with Role Based Access Control (KARBAC) - Provides a policy specification module. - Stores and generate access control decisions. - Provide single sign-on. - To prevent against DDOS attacks. - Filtering against unauthorized access and reduce the burden, computation and memory usage. - As a trusted 3rd party between cloud servers and clients.
Literature Review AUTHOR / YEAR DESCRIPTION ADVANTAGES Sarah Pillai / 2013 What is Kerberos and how does Kerberos work - Prevents clients from storing passwords on their machines.
Literature Review AUTHOR / YEAR DESCRIPTION ADVANTAGES Xu Yang, Xun Yi, Hui Cui, Xuechao Yang, Surya Nepal, Xinyi Huang, Yali Zeng / 2017 Practical authentication protocol for anonymous web browsing - Achieve the user anonymity. - Robust security. - High efficiency. Zakariae Tbatou, Ahmed Asimi, Younes Asimi, Yassine Sadqi, Azidine Guezzaz / November 2017 A new mutual Kerberos authentication protocol for distributed systems based upon Kerberos V5 and Diffie Hell-man models. - Enabling the design and reliable exchange of client's authentication parameters to the authentication server side. - Creates a secure the communication channel between client and server of services. - Efficient against the dictionary and brute force attacks.
Literature Review AUTHOR / YEAR DESCRIPTION ADVANTAGES Book : The FreeRADIUS Implementation Guide, page (23-43) / 2014 FreeRADIUS Authentication - Password Authentication Protocol (PAP) is the simplest and easiest to configure. - Challenge-Handshake Authentication Protocol (CHAP) never sent the password in a packet instead it will create a random string (challenge) and performs a MD5 to combine the challenge with the password.
Methodology Some explaination on related research of the methodology involved. Analysis of data about the researches that had been done recently. 5 What will be covered? 1) Flow of the research 2) Architecture of the Kerberos 3) Method/Techniques used 4) Framework of the Kerberos 5) Project requirements
Flow of the Research
Architecture of the Kerberos
The three server that will be used as the master-slaves
Enter default Kerberos version 5 realm. In the above example, it set INF.ED.AC.UK as the default realm to be used in all the servers.
◇ The integrity check is known as a checksum or term MIC (message integrity code). ◇ Three of them are required to be supported by implementations. The other two are optional. ◇ rsa-md5-des (required) ◇ des-mac (required) ◇ des-mac-k (required) ◇ rsa-md4-des (optional) ◇ rsa-md4-des-k (optional) Method/Techniques
Format of the ticket encryption (in generally):
Framework of the Kerberos
There will be a total of 3 Secret keys (1 for Client, 1 for File Server, 1 for KDC itself. This secret keys will never ever travels over the network. Client Machine File Server Machine KDC Machine Client Key Yes Yes Server Key Yes Yes KDC Key Yes
There will be a total of two session keys, that will be generated during the process and only valid in a certain time of session. ◇ Session Key 1 : Client - KDC communication ◇ Session Key 2 : Client - Service Server communication
Software Requirements ◇ Oracle VM VirtualBox version 5.2.8 ◇ Ubuntu 14.04 ◇ Microsoft Word 2013 ◇ Microsoft Office PowerPoint 2013 ◇ Windows 10
Hardware Requirements ◇ Laptop (4GB RAM, Intel Core i5- 5200U, CPU 2.7 GHz, x64-base processor) ◇ Mouse ◇ Printer
Conclusion6
◇ Expected result ? ◇ Which one of the protocol will be chosen ? ◇ Is validating the user and server successful and how about the security ? ◇ Hope from this proposed project
Example of the expected output:
Example of the expected output:
References6
1) Santosh Khamitkar et.al (June 2015), Kerberos Authentication With Cloud Computing Access Control, International Journal of Advanced Computational Engineering and Networking, Vol 3(6) 2) Sarah Pillai (2013), What is Kerberos and how does Kerberos work 3) Xu Yang et.al (2017), A Practical Authentication Protocol for Anonymous Web Browsing 4) Zakariae Tbatou et.al (November 2017), A New Mutual Kerberos Authentication Protocol for Distributed Systems, International Journal of Network Security, Vol.19 (6), PP.889-898 5) (2014), The FreeRADIUS Implementation Guide, page (23-43) 6) https://en.wikipedia.org/wiki/Authentication_protocol#cite_note-1 7) https://en.wikipedia.org/wiki/Password_Authentication_Protocol 8) https://en.wikipedia.org/wiki/Kerberos_%28protocol%29 9) https://en.wikipedia.org/wiki/Authentication_protocol#CHAP_-_Challenge- handshake_authentication_protocol 10) https://www.bloggers-bay.com/single-post/2016/12/20/Kerberos-Architecture 11) https://www.infotechno.net/kerberos 12) http://www.roguelynn.com/words/explain-like-im-5-kerberos/
Thanks! Any questions? You can find me at: ◇ @FATIN FAZAIN(040127) ◇ 040127@putra.unisza.edu.my

Recommended

SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssln|u - The Open Security Community
 
OpenSSL
OpenSSLOpenSSL
OpenSSLTimbal Mayank
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layerdwitigajab
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices WorldDiogo Mónica
 
A Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNA Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNijtsrd
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 

Recommended

SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssln|u - The Open Security Community
 
OpenSSL
OpenSSLOpenSSL
OpenSSLTimbal Mayank
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layerdwitigajab
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices WorldDiogo Mónica
 
A Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNA Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNijtsrd
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
kerberos
kerberoskerberos
kerberossameer farooq
 
Ssl for e commerce
Ssl for e commerceSsl for e commerce
Ssl for e commerceshahab zebari
 
SSl/TLS Analysis
SSl/TLS AnalysisSSl/TLS Analysis
SSl/TLS AnalysisDuduman Bogdan Vlad
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
web security
web securityweb security
web securityChirag Patel
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerAbhishek Gupta
 
Web Security
Web SecurityWeb Security
Web SecurityRam Dutt Shukla
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSpavansmiles
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!OWASP
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders
 
SSL
SSLSSL
SSLDuy Do Phan
 
Network security, firewalls, and vp ns week 5&6vpn fundame
Network security, firewalls, and vp ns week 5&6vpn fundameNetwork security, firewalls, and vp ns week 5&6vpn fundame
Network security, firewalls, and vp ns week 5&6vpn fundameJUST36
 
The Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesThe Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesMichael Hofmann
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDF
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFDEFCON28_2020_EthereumSecurity_PreventingDDoS_VDF
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFGokul Alex
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 

More Related Content

What's hot

SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!OWASP
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders
 
Network security, firewalls, and vp ns week 5&6vpn fundame
Network security, firewalls, and vp ns week 5&6vpn fundameNetwork security, firewalls, and vp ns week 5&6vpn fundame
Network security, firewalls, and vp ns week 5&6vpn fundameJUST36
 
The Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesThe Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesMichael Hofmann
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDF
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFDEFCON28_2020_EthereumSecurity_PreventingDDoS_VDF
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFGokul Alex
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
 

What's hot (20)

kerberos
kerberoskerberos
kerberos
 
Ssl for e commerce
Ssl for e commerceSsl for e commerce
Ssl for e commerce
 
SSl/TLS Analysis
SSl/TLS AnalysisSSl/TLS Analysis
SSl/TLS Analysis
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
web security
web securityweb security
web security
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Web Security
Web SecurityWeb Security
Web Security
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)
 
SSL
SSLSSL
SSL
 
Network security, firewalls, and vp ns week 5&6vpn fundame
Network security, firewalls, and vp ns week 5&6vpn fundameNetwork security, firewalls, and vp ns week 5&6vpn fundame
Network security, firewalls, and vp ns week 5&6vpn fundame
 
The Easy Way to Secure Microservices
The Easy Way to Secure MicroservicesThe Easy Way to Secure Microservices
The Easy Way to Secure Microservices
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
SSL overview
SSL overviewSSL overview
SSL overview
 
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDF
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFDEFCON28_2020_EthereumSecurity_PreventingDDoS_VDF
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDF
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 

Similar to Towards Securing Computer Network Environment By Using Kerberos-based Network Authentication Protocol

Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New A...
Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New A...Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New A...
Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New A...dbpublications
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgEric Vanderburg
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentIRJET Journal
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET Journal
 
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...IRJET Journal
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEEMEMTECHSTUDENTPROJECTS
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...IEEEFINALYEARSTUDENTPROJECT
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...IEEEGLOBALSOFTSTUDENTSPROJECTS
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
A securing symmetric key distribution
A securing symmetric key distributionA securing symmetric key distribution
A securing symmetric key distributionvinothp2k
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
 
Kerberos Security in Distributed Systems
Kerberos Security in Distributed SystemsKerberos Security in Distributed Systems
Kerberos Security in Distributed SystemsIRJET Journal
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 

Similar to Towards Securing Computer Network Environment By Using Kerberos-based Network Authentication Protocol (20)

Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New A...
Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New A...Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New A...
Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New A...
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud Environment
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
 
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
MULTI-FACTOR AUTHENTICATION SECURITY FRAMEWORK USING BlOCKCHAIN IN CLOUD COMP...
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote Access
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 
A securing symmetric key distribution
A securing symmetric key distributionA securing symmetric key distribution
A securing symmetric key distribution
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
 
ITDCC05.ppt
ITDCC05.pptITDCC05.ppt
ITDCC05.ppt
 
Kerberos Security in Distributed Systems
Kerberos Security in Distributed SystemsKerberos Security in Distributed Systems
Kerberos Security in Distributed Systems
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 

Recently uploaded

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 

Recently uploaded (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 

Towards Securing Computer Network Environment By Using Kerberos-based Network Authentication Protocol

  • 1. TOWARDS SECURING COMPUTER NETWORK ENVIRONMENT BY USING KERBEROS-BASED NETWORK AUTHENTICATION PROTOCOL
  • 2. Hello! FATIN FAZAIN BINTI MOHD AFFANDI Presentation of Final Year Project 1 BTBL15040127 Bachelor of Computer Science (Network Security) with Honours DR. AHMAD NAZARI BIN MOHD ROSE
  • 4. ◇ Authorized user VS Unauthorized user ◇ Data access control been taken by who ? ◇ Password attacks ( eg : MITM attack (Ettercap), Packet sniffing (Wireshark etc) ------ Gain username and password ◇ Need a secure authentication network protocol when transmitting password over an insecure network
  • 5. ◇ Proposed environment ? ◇ How authentication protocol works? ◇ How to test out the protocol in real-world settings ? (Configuring it in the UniSZA’s network)
  • 6. Authentication Protocol A type of computer communications protocol / cryptographic protocol that are specifically designed for transferring of authentication data between two entities.
  • 8. 1) An unauthorized user is accessing the data without the permission of authorized user, making the security, integrity and confidentiality of the data to be broken. 2) An intruder can easily intercept the network and gain the password easily using the sniffing tools available as the password is sent in a plaintext format and not being encrypted.
  • 10. 1) To study Kerberos-based network protocol. 2) To configure a pragmatic way of network protocol. 3) To test and evaluate the network authentication protocol in real- world settings.
  • 16. Literature Review AUTHOR / YEAR DESCRIPTION ADVANTAGES Santosh Khamitkar, Yaser Fuad Al-Dubai, Parag Bhalchandra, Pawan Wasnik / June 2015 Kerberos Authentication with Role Based Access Control (KARBAC) - Provides a policy specification module. - Stores and generate access control decisions. - Provide single sign-on. - To prevent against DDOS attacks. - Filtering against unauthorized access and reduce the burden, computation and memory usage. - As a trusted 3rd party between cloud servers and clients.
  • 17. Literature Review AUTHOR / YEAR DESCRIPTION ADVANTAGES Sarah Pillai / 2013 What is Kerberos and how does Kerberos work - Prevents clients from storing passwords on their machines.
  • 18. Literature Review AUTHOR / YEAR DESCRIPTION ADVANTAGES Xu Yang, Xun Yi, Hui Cui, Xuechao Yang, Surya Nepal, Xinyi Huang, Yali Zeng / 2017 Practical authentication protocol for anonymous web browsing - Achieve the user anonymity. - Robust security. - High efficiency. Zakariae Tbatou, Ahmed Asimi, Younes Asimi, Yassine Sadqi, Azidine Guezzaz / November 2017 A new mutual Kerberos authentication protocol for distributed systems based upon Kerberos V5 and Diffie Hell-man models. - Enabling the design and reliable exchange of client's authentication parameters to the authentication server side. - Creates a secure the communication channel between client and server of services. - Efficient against the dictionary and brute force attacks.
  • 19. Literature Review AUTHOR / YEAR DESCRIPTION ADVANTAGES Book : The FreeRADIUS Implementation Guide, page (23-43) / 2014 FreeRADIUS Authentication - Password Authentication Protocol (PAP) is the simplest and easiest to configure. - Challenge-Handshake Authentication Protocol (CHAP) never sent the password in a packet instead it will create a random string (challenge) and performs a MD5 to combine the challenge with the password.
  • 20. Methodology Some explaination on related research of the methodology involved. Analysis of data about the researches that had been done recently. 5 What will be covered? 1) Flow of the research 2) Architecture of the Kerberos 3) Method/Techniques used 4) Framework of the Kerberos 5) Project requirements
  • 21. Flow of the Research
  • 23. The three server that will be used as the master-slaves
  • 24.
  • 25. Enter default Kerberos version 5 realm. In the above example, it set INF.ED.AC.UK as the default realm to be used in all the servers.
  • 26. ◇ The integrity check is known as a checksum or term MIC (message integrity code). ◇ Three of them are required to be supported by implementations. The other two are optional. ◇ rsa-md5-des (required) ◇ des-mac (required) ◇ des-mac-k (required) ◇ rsa-md4-des (optional) ◇ rsa-md4-des-k (optional) Method/Techniques
  • 27. Format of the ticket encryption (in generally):
  • 28. Framework of the Kerberos
  • 29. There will be a total of 3 Secret keys (1 for Client, 1 for File Server, 1 for KDC itself. This secret keys will never ever travels over the network. Client Machine File Server Machine KDC Machine Client Key Yes Yes Server Key Yes Yes KDC Key Yes
  • 30. There will be a total of two session keys, that will be generated during the process and only valid in a certain time of session. ◇ Session Key 1 : Client - KDC communication ◇ Session Key 2 : Client - Service Server communication
  • 31. Software Requirements ◇ Oracle VM VirtualBox version 5.2.8 ◇ Ubuntu 14.04 ◇ Microsoft Word 2013 ◇ Microsoft Office PowerPoint 2013 ◇ Windows 10
  • 32. Hardware Requirements ◇ Laptop (4GB RAM, Intel Core i5- 5200U, CPU 2.7 GHz, x64-base processor) ◇ Mouse ◇ Printer
  • 34. ◇ Expected result ? ◇ Which one of the protocol will be chosen ? ◇ Is validating the user and server successful and how about the security ? ◇ Hope from this proposed project
  • 35. Example of the expected output:
  • 36. Example of the expected output:
  • 38. 1) Santosh Khamitkar et.al (June 2015), Kerberos Authentication With Cloud Computing Access Control, International Journal of Advanced Computational Engineering and Networking, Vol 3(6) 2) Sarah Pillai (2013), What is Kerberos and how does Kerberos work 3) Xu Yang et.al (2017), A Practical Authentication Protocol for Anonymous Web Browsing 4) Zakariae Tbatou et.al (November 2017), A New Mutual Kerberos Authentication Protocol for Distributed Systems, International Journal of Network Security, Vol.19 (6), PP.889-898 5) (2014), The FreeRADIUS Implementation Guide, page (23-43) 6) https://en.wikipedia.org/wiki/Authentication_protocol#cite_note-1 7) https://en.wikipedia.org/wiki/Password_Authentication_Protocol 8) https://en.wikipedia.org/wiki/Kerberos_%28protocol%29 9) https://en.wikipedia.org/wiki/Authentication_protocol#CHAP_-_Challenge- handshake_authentication_protocol 10) https://www.bloggers-bay.com/single-post/2016/12/20/Kerberos-Architecture 11) https://www.infotechno.net/kerberos 12) http://www.roguelynn.com/words/explain-like-im-5-kerberos/
  • 39. Thanks! Any questions? You can find me at: ◇ @FATIN FAZAIN(040127) ◇ 040127@putra.unisza.edu.my