2. Hello!
FATIN FAZAIN BINTI
MOHD AFFANDI
Presentation of Final Year Project 1
BTBL15040127
Bachelor of Computer Science (Network Security) with Honours
DR. AHMAD NAZARI BIN MOHD ROSE
4. ◇ Authorized user VS Unauthorized user
◇ Data access control been taken by who ?
◇ Password attacks ( eg : MITM attack (Ettercap),
Packet sniffing (Wireshark etc)
------ Gain username and password
◇ Need a secure authentication network protocol
when transmitting password over an insecure
network
5. ◇ Proposed environment ?
◇ How authentication protocol works?
◇ How to test out the protocol in real-world
settings ? (Configuring it in the UniSZA’s
network)
6. Authentication
Protocol
A type of computer communications protocol /
cryptographic protocol that are specifically designed
for transferring of authentication data between two
entities.
8. 1)
An unauthorized user is
accessing the data without
the permission of
authorized user, making
the security, integrity and
confidentiality of the data to
be broken.
2)
An intruder can easily
intercept the network and
gain the password easily
using the sniffing tools
available as the password
is sent in a plaintext format
and not being encrypted.
16. Literature Review
AUTHOR /
YEAR
DESCRIPTION ADVANTAGES
Santosh
Khamitkar,
Yaser Fuad
Al-Dubai,
Parag
Bhalchandra,
Pawan
Wasnik /
June 2015
Kerberos
Authentication with Role
Based Access Control
(KARBAC)
- Provides a policy specification
module.
- Stores and generate access
control decisions.
- Provide single sign-on.
- To prevent against DDOS
attacks.
- Filtering against unauthorized
access and reduce the burden,
computation and memory usage.
- As a trusted 3rd party between
cloud servers and clients.
17. Literature Review
AUTHOR /
YEAR
DESCRIPTION ADVANTAGES
Sarah Pillai /
2013
What is Kerberos and
how does Kerberos work - Prevents clients from storing
passwords on their machines.
18. Literature Review
AUTHOR / YEAR DESCRIPTION ADVANTAGES
Xu Yang, Xun Yi, Hui
Cui, Xuechao Yang,
Surya Nepal, Xinyi
Huang, Yali Zeng / 2017
Practical authentication
protocol for anonymous
web browsing
- Achieve the user anonymity.
- Robust security.
- High efficiency.
Zakariae Tbatou, Ahmed
Asimi, Younes Asimi,
Yassine Sadqi, Azidine
Guezzaz / November
2017
A new mutual Kerberos
authentication protocol
for distributed systems
based upon Kerberos V5
and Diffie Hell-man
models.
- Enabling the design and reliable
exchange of client's
authentication parameters to the
authentication server side.
- Creates a secure the
communication channel
between client and server of
services.
- Efficient against the dictionary
and brute force attacks.
19. Literature Review
AUTHOR / YEAR DESCRIPTION ADVANTAGES
Book : The
FreeRADIUS
Implementation
Guide, page (23-43) /
2014
FreeRADIUS
Authentication
- Password Authentication
Protocol (PAP) is the
simplest and easiest to
configure.
- Challenge-Handshake
Authentication Protocol
(CHAP) never sent the
password in a packet
instead it will create a
random string (challenge)
and performs a MD5 to
combine the challenge
with the password.
20. Methodology
Some explaination on related research of the
methodology involved. Analysis of data about
the researches that had been done recently.
5
What will be covered?
1) Flow of the research
2) Architecture of the Kerberos
3) Method/Techniques used
4) Framework of the Kerberos
5) Project requirements
25. Enter default Kerberos version 5 realm. In the above example, it set
INF.ED.AC.UK as the default realm to be used in all the servers.
26. ◇ The integrity check is known as a checksum or
term MIC (message integrity code).
◇ Three of them are required to be supported by
implementations. The other two are optional.
◇ rsa-md5-des (required)
◇ des-mac (required)
◇ des-mac-k (required)
◇ rsa-md4-des (optional)
◇ rsa-md4-des-k (optional)
Method/Techniques
29. There will be a total of 3 Secret keys (1 for Client, 1 for File
Server, 1 for KDC itself.
This secret keys will never ever travels over the network.
Client Machine File Server Machine KDC Machine
Client Key Yes Yes
Server Key Yes Yes
KDC Key Yes
30. There will be a total of two session keys, that will be
generated during the process and only valid in a
certain time of session.
◇ Session Key 1 : Client - KDC communication
◇ Session Key 2 : Client - Service Server
communication
31. Software Requirements
◇ Oracle VM VirtualBox version 5.2.8
◇ Ubuntu 14.04
◇ Microsoft Word 2013
◇ Microsoft Office PowerPoint 2013
◇ Windows 10
34. ◇ Expected result ?
◇ Which one of the protocol will be chosen ?
◇ Is validating the user and server
successful and how about the security ?
◇ Hope from this proposed project
38. 1) Santosh Khamitkar et.al (June 2015), Kerberos Authentication With Cloud Computing
Access Control, International Journal of Advanced Computational Engineering and
Networking, Vol 3(6)
2) Sarah Pillai (2013), What is Kerberos and how does Kerberos work
3) Xu Yang et.al (2017), A Practical Authentication Protocol for Anonymous Web Browsing
4) Zakariae Tbatou et.al (November 2017), A New Mutual Kerberos Authentication Protocol
for Distributed Systems, International Journal of Network Security, Vol.19 (6), PP.889-898
5) (2014), The FreeRADIUS Implementation Guide, page (23-43)
6) https://en.wikipedia.org/wiki/Authentication_protocol#cite_note-1
7) https://en.wikipedia.org/wiki/Password_Authentication_Protocol
8) https://en.wikipedia.org/wiki/Kerberos_%28protocol%29
9) https://en.wikipedia.org/wiki/Authentication_protocol#CHAP_-_Challenge-
handshake_authentication_protocol
10) https://www.bloggers-bay.com/single-post/2016/12/20/Kerberos-Architecture
11) https://www.infotechno.net/kerberos
12) http://www.roguelynn.com/words/explain-like-im-5-kerberos/