Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kerberos

23,069 views

Published on

Kerberos- A Network Security Protocol

Published in: Technology
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi there! Get Your Professional Job-Winning Resume Here - Check our website! http://bit.ly/resumpro
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • it's very nice slide
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Kerberos

  1. 1. ___________________ _ KERBEROS By- •Presented Sudeep Shouche •Guided By- Ms. Vaishali Jetly
  2. 2. INDEX_____________________________ ___  Introduction  History & Development  Need  Needham-Schroeder Protocol  Working  Applications  Weakness
  3. 3. INTRODUCTION_______________________ _ • Kerberos: Network security protocol • Part of project Athena (MIT). • Uses trusted 3rd party authentication scheme. • Assumes that hosts are not trustworthy.
  4. 4. INTRODUCTION_______________________ _ • Requires that each client (each request for service) prove it’s identity. • Does not require user to enter password every time a service is requested! • Uses Needham-Schroeder Algorithm.
  5. 5. HISTORY & DEVELOPMENT______________  SteveMiller and Clifford Neuman designed the primary Kerberos version.  Versions 1–3 occurred only internally at MIT as part of project Athena.  Windows2000 was Microsoft's first system to implement Kerberos security standard.  Version 5, designed by John Kohl and Clifford Neuman, appeared in 1993 .
  6. 6. HISTORY & DEVELOPMENT______________ Recent updates include:  Encryption and Checksum Specifications.  Clarification of the protocol with more detailed and clearer explanation of intended use. A new edition of the GSS-API( Generic Security Service Application Program Interface ) specification.
  7. 7. NEED ________________________________ Authentication- • divide up resources with capabilities between many o users restrict user’s access to resources. o typical authentication mechanism – passwords. o But regular password authentication is • useless in the face of a computer network (as in the Internet) systems crackers (hacker) can easily intercept these o passwords while on the wire.
  8. 8. NEED______________________________ ___  Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within. Assumes “bad guys” are on the outside….while o the really damaging ones can be inside !! Restrict use of Internet. o  Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network security.
  9. 9. NEEDHAM-SCHROEDER PROTOCOL_______  TheNeedham-Schroeder Symmetric Key establishes a session key to protect further communication.  TheNeedham-Schroeder Public-Key Protocol provides mutual authentication.
  10. 10. NEEDHAM-SCHROEDER SYMMETRIC KEY PROTOCOL__________________________ __  Let Alice (A) initiates the communication to Bob (B). S is a server trusted by both parties   KAS is a symmetric key known only to A and S  KBS is a symmetric key known only to B and S  NA and NB are nonces
  11. 11. NEEDHAM-SCHROEDER SYMMETRIC KEY PROTOCOL__________________________ __ A S: A, B, NA S A: {NA, KAB, B, {KAB, A} KBS} KAS A B: {KAB, A} KBS B A: {NB} KAB A B: {NB -1} KAB
  12. 12. NEEDHAM-SCHROEDER PUBLIC KEY PROTOCOL__________________________ __  Alice(A) and Bob (B) use a trusted server (S) to distribute public keys on request. These keys are: KPA & KSA, public and private halves of an encryption  key-pair belonging to A. KPB & KSB, similar belonging to B.  KPS & KSS, similar belonging to S.  Note : KSS is used to encrypt while KPS to decrypt.
  13. 13. NEEDHAM-SCHROEDER PUBLIC KEY PROTOCOL__________________________ __ A S: A, B S A: {KPB, B} KSS A B: {NA , A } KPB B S: B, A S B: {KPA, A} KSS B A: {NA , NB} KPA A B: {NB } KPB
  14. 14. ATTACK ON NEEDHAM-SCHROEDER PROTOCOL__________________________ __ A I: {NA , A } KPI I B: {NA , A } KPB B I: {NA , NB} KPA I A: {NA , NB} KPA A I: {NB} KPI I B: {NB} KPB
  15. 15. ATTACK ON NEEDHAM-SCHROEDER PROTOCOL__________________________ __ Replace : B A: {NA, NB} KPA With B A: {NA , NB, B}KPA The attack was first described by Gavin Lowe in 1995.He also proposed the above mentioned fix.
  16. 16. WORKING___________________________ __
  17. 17. WORKING___________________________ __ Abbreviations Used:  AS Authentication Server. KDC Key Distribution Center.  TGS Ticket Granting Server.  SS Service Server.  TGT Ticket Granting Ticket. 
  18. 18. WORKING___________________________ __ User Client-based Logon Steps:  A user enters a username and password on client machine. The client performs a one-way function on the  entered password, and this becomes the secret key of the client/user.
  19. 19. WORKING___________________________ __ Client Authentication Steps:  The client sends a message to AS requesting services on behalf of the user. If client is in Database, AS sends back message  which Client decrypts to obtain the Client/TGS Session Key for further communications with TGS.
  20. 20. WORKING___________________________ __ Client Service Authorization Steps:  Client sends messages to TGS to get quot;client/TGS session key” using TGS secret key and sends following two messages to the client:  Client-to-server ticket encrypted using the service's secret key. Client/server session key encrypted with the  Client/TGS Session Key.
  21. 21. WORKING___________________________ __ Client Service Request Steps:  The client now can authenticate itself to the SS. The SS decrypts ticket to ultimately retrieve  Authenticator and sends confirmation to client. Client decrypts the confirmation using the  Client/Server Session Key and connection is set up.
  22. 22. APPLICATIONS_______________________ __  Authentication  Authorization  Confidentiality  Within networks and small sets of networks
  23. 23. WEAKNESS ___________________________  Single point of failure.  Requires synchronization of involved host’s clocks.  The administration protocol is not standardized.  Compromise of central server will compromise all users' secret keys. If stolen, TGT can be used to access network services of others.
  24. 24. THANK YOU

×