Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

Slides:

Advertisements

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Advertisements

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.

AUTHENTICATION AND KEY DISTRIBUTION

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

CS5204 – Operating Systems 1 A Private Key System KERBEROS.

Chapter 10 Real world security protocols

KERBEROS A NETWORK AUTHENTICATION PROTOCOL Nick Parker CS372 Computer Networks.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Chapter 14 – Authentication Applications

NETWORK SECURITY.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

Authentication Applications The Kerberos Protocol Standard

SCSC 455 Computer Security

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

1 Kerberos Revised: June 21, 2006, Version 2 Team 2 Members John Casarella Dave Fronckowiak Larry Immohr Linda Liu Sandy Westcott.

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

Authentication & Kerberos

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden

1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.

Authentication Applications

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Kerberos Presented By: Pratima Vijayakumar Rafi Qureshi Vinay Gaonkar CS 616 Course Instructor: Dr. Charles Tappert.

Vitaly Shmatikov CS 361S Kerberos. slide 2 Reading Assignment uKaufman Chapters 13 and 14 u“Designing an Authentication System: A Dialogue in Four Scenes”

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

Chapter 21 Distributed System Security Copyright © 2008.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.

Authentication 3: On The Internet. 2 Readings URL attacks

Key Management. Given a computer network with n hosts, for each host to be able to communicate with any other host would seem to require as many as n*(n-1)

KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.

Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.

Kerberos Guilin Wang School of Computer Science 03 Dec

1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

KERBEROS SYSTEM Kumar Madugula.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

1 Example security systems n Kerberos n Secure shell.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.

Chapter 15 Key Management

Kerberos Kerberos is a network authentication protocol and it is designed to provide strong authentication for client server applications. It uses secret.

Authentication Protocol

CS60002: Distributed Systems

CS 378 Kerberos Vitaly Shmatikov.

Kerberos Part of project Athena (MIT).

Presentation transcript:

Dr. Nermi hamza

 A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop on exchanges and use a reply attack to gain entrance to a server or to disrupt operations.  A user may alter the network address of a workstation so that the requests sent from the altered workstation appear to come from the impersonated workstation. 2

3 ◦ Computer Network Authentication Protocol ◦ Individuals communicating over an unsecured network can prove their identity to one another in a secure manner ◦ Prevents eavesdropping or replay attacks

 provide authentication between any pair of entities  primarily used to authenticate user-at- workstation to server  servers can build authorization and access control services on top of Kerberos

5  A secret key based service for providing authentication in open networks  Authentication mediated by a trusted 3rd party on the network: ◦ Key Distribution Center (KDC)

6  Developed in 1988 at MIT as part of Project Athena. ◦ Athena was started in 1983 with the goal to provide campus-wide access to networked computing services. ◦ Security problems (eavesdropping, forging identities, and so on) made it clear that a security solution was needed; Kerberos was the solution, based on Needham and Schroeder’s secret key protocol, with DES to handle encryption and decryption.  Since then, Kerberos has been used to provide secure access for various networked file systems and computing environments.  There are two commonly available versions of Kerberos, version 4 and version 5.

* AS = Authentication Server * TGS = Ticket Granting Server * SS = Service Server * TGT = Ticket Granting Ticket The client authenticates to AS using a long-term shared secret and receives a ticket from the AS. Later the client can use this ticket to get additional tickets for SS without resorting to using the shared secret. These tickets can be used to prove authentication to SS.

15.8 Key-Distribution Center: KDC Key-distribution center (KDC)

9 ASTGS Client Server KDC

10 ASTGS Client Server KDC TGT Authenticator SK (ticket) Server id.

11 ASTGS Client Server KDC Authenticator SK

12  Alice logs into a computer workstation  Workstation forwards the network ID to the Authentication Server (AS) unencrypted  AS sends a message which is encrypted with Alice’s key K(A) ◦ Contains a session key K(S) and a ticket for the TGS

13  Alice sends the following to the TGS: ◦ Ticket received from the AS ◦ Name of server she wishes to access (Bob) ◦ Timestamp which has been encrypted with K(S)  The TGS returns two tickets to Alice ◦ Each key has the session key K(AB) which allows Alice and Bob to communicate

14  Alice sends Bob’s ticket together with an time-stamp encrypted with K(AB) to Bob  Bob confirms receipt by adding 1 to the time-stamp, which is encrypted with K(AB) and sent to Alice  Alice and Bob can now freely conduct transaction using K(AB) as the symmetric shared key

15  Kerberos caches tickets and encryption keys (collectively called credentials)  Have a limited life  Allows a user to obtain tickets and encryption keys without requiring the re- entry of the user's password

16  Suppose a client C wants to communicate with a server S in a Kerberos version 5 realm. Step 1:  The first step is for the client to authenticate itself with the Kerberos Authentication Service and request a Ticket Granting Ticket.  This requests a ticket for client (C) for the Ticket Granting Service (TGS), with N 1 as a timestamp nonce. C AS C, K C-AS (TGS, N 1 )

17 Step 2:  When the Authentication Service receives the request, it decrypts the request and verifies the client’s identity. It then generates a session key for the client and Ticket Granting Service to use, as well as a ticket. It sends back: where TGT = (C, TGS, T 1, L 1, K C-TGS ) T 1, L 1 are the ticket’s timestamp and lifespan  Since this is encrypted with C’s secret key, only the client can make use of it, and only the Authentication Service could have sent it. C AS E[K C-AS, (K C-TGS, K AS-TGS (TGT),N 1 )]

20 Step 3:  With the client authenticated, it decrypts the response to get a session key for the Ticket Granting Service and a ticket- granting ticket.  When the client needs to contact the server S, it creates a fresh authenticator (AUTH) and requests a ticket from the Ticket Granting Service: where AUTH=(C, ADc, N 3 ) C TGS K C-TGS (AUTH), K AS-TGS (TGT), S, N 2

21 Step 4:  The Ticket Granting Service decrypts the ticket-granting ticket and obtains the session key within it.  The service decrypts the authenticator and compares client identifiers in the authenticator and ticket.  The service generates a new session key for the client and server, as well as a service ticket, and sends: where STK = (C, S, T 2, L 2, K C-S ) T 2, L 2 are the ticket’s timestamp and lifespan  Since this is encrypted with the session key, only the client can make use of it, and only the Ticket Granting Service could have sent it. C TGS K C-TGS (K C-S, K S-AS (STK),N 2 )

25 Step 5:  The client decrypts the response from the Ticket Granting Service to get the session key for the server and a service ticket to use with it.  When the client needs to contact the server S, it creates a fresh authenticator (AUTH) and sends this, along with the service ticket, and its request R: where AUTH=(C, N 5 ) C S K C-S (AUTH), K S-AS (STK), R, N 4

26 Step 6:  The server decrypts the service ticket and obtains the session key within it.  The server decrypts the authenticator and compares client identifiers in the authenticator and ticket.  The server executes request R and replies with answer A, and the nonce in the client’s request.  Since this is encrypted with the session key, only the client can make use of it, and only server could have sent it. The session key can be used for additional requests in this session, and then destroyed. C S K C-S (A, N 4 )

29 C ASTGSS C, K C-AS (TGS, N 1 ) K C-AS (K C-TGS, K AS-TGS (TGT),N 1 ) K C-TGS (AUTH), K AS-TGS (TGT), S, N 2 K C-TGS (K C-S, K S-AS (STK),N 2 ) K C-S (AUTH), K S-AS (STK), R, N 4 K C-S (A, N 4 )

30  Kerberos Encryption ◦ User's encryption key is derived from their password ◦ Uses the data encryption standard ◦ Symmetric cryptography  The Kerberos Ticket  Ticket Granting Server

31  A = user requesting the service  B = the service requested  TGS = Ticket Granting Server issues “proof of identity tickets”  AS = Authentication Server verifies users during login  S = session key  t = timestamp  K = key (encryption, decryption)

32

 Authentication  Authorization  Confidentiality  Within networks and small sets of networks

15.34 The minor differences between version 4 and version 5 are briefly listed below: Kerberos Version 5 1)Version 5 has a longer ticket lifetime. 2)Version 5 allows tickets to be renewed. 3)Version 5 can accept any symmetric-key algorithm. 4)Version 5 uses a different protocol for describing data types. 5)Version 5 has more overhead than version 4.

15.35 Kerberos allows the global distribution of ASs and TGSs, with each system called a realm. A user may get a ticket for a local server or a remote server. The concept of realm can be : is set of managed nodes that share the same Kerberos database Realms

 The Kerberos protocol operates across organizational boundaries. If an organization wants to have local control of authentication of its users, it can run its own Kerberos server. All the users and applications that use a Kerberos server compose a realm. The name of the realm in which a client is registered is part of the client's name and can be used by the application server to decide whether to honor a request.