Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
The Authentication Service ‘Kerberos’ and It’s Limitations
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications
NETWORK SECURITY.
Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Essentials Chapter 4
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Kerberos versions 4 and 5 X.509 Authentication Service
Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)
Authentication applications
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Chapter 21 Distributed System Security Copyright © 2008.
Cryptography and Network Security Chapter 14 Authentication Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed and extended by.
Authentication 3: On The Internet. 2 Readings URL attacks
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
Module 4 Network & Application Security: Kerberos – X509 Authentication service – IP security Architecture – Secure socket layer – Electronic mail security.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.
Kerberos Guilin Wang School of Computer Science 03 Dec
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
KERBEROS SYSTEM Kumar Madugula.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.

Chapter 14. Authentication Applications
Cryptography and Network Security
CSCE 715: Network Systems Security
Authentication Applications
Authentication Protocol
CSCE 715: Network Systems Security
KERBEROS Miah, Md. Saef Ullah.
Kerberos and X.509 Fourth Edition by William Stallings
Authentication Applications
Presentation transcript:

Authentication Applications Kerberos And X.509

Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent – almost invisible to user –Scalable – to many users and servers Two versions –Version 4 – basic ideas –Version 5 – fixes and more variety of algorithms

Kerberos Version 4 Protocol is complex – so –Simplified approach Client asks authentication server for ticket AS grants ticket Client sends ticket to server –Weaknesses Big load on AS (Provide secondary ticket-granting servers) Repeated password entry (Password to AS seldom, tickets from TGS when needed, based on AS authentication)

Strategies and Countermoves What opponents of 4 can do –Wait for long-lived ticket-granting tickets and then reuse –Capture service-granting tickets and then use remaining time Antitheft of ticket-granting tickets –AS provides both client with a secret, securely –Done by sending a session key This procedure also makes service-granting tickets reusable

Kerberos Organization Called a realm, it includes: –Kerberos server, which includes: UID and hashed password for each user Shared secret key with each user –Kerberos server includes both AS and TGS Inter-realm issues –Kerberos servers in each realm are registered with each other (share a secret key) –TGS in server realm issues tickets to client on other realm

Version 5 Avoids DES suspicion by specifying algorithm and key length Avoids IP dependence by specifying net address type and length Allows specifying message byte ordering Tickets contain start and end time Authentication forwarding – server can forward authentication to another server Inter-realm authentication

Version 5 – Continued Avoids double encryptions Avoids PCBC (vulnerable to a cipher block exchange attack) Session and subsession keys Preauthentication – makes password attacks more difficult (but not impossible)

X.509 Service Uses public-key certificates from a CA (certification authority) – Kerberos uses privately distributed keys Obtaining certificate requires access to public key of a CA X.509 service is free-form hierarchical – does this by using forward and reverse certificates Also provides for certificate revocation –Each CA contains a list of revoked but still in-date keys

X.509 Service (Continued) Authentication procedures –One-way Single transfer of information from user to user –Two-way Authenticates each to the other –Three-way Detects replay attacks using nonces (rather than clock synchronization) New versions – more of the same

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.