Chapter 4 - Kerberos Network Security and Management Fall 2014 Dr. Faisal Kakar Office:

Slides:



Advertisements
Similar presentations
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Advertisements

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
SCSC 455 Computer Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
ECE454/CS594 Computer and Network Security
Lecture 5: Cryptographic Hashes
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Mobile and Wireless Communication Security By Jason Gratto.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Key Management. Given a computer network with n hosts, for each host to be able to communicate with any other host would seem to require as many as n*(n-1)
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
ECE-8813 / CS Prof. John A. Copeland fax Office:
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Computer and Network Security - Message Digests, Kerberos, PKI –
1 Some Backgrounds on Network Security Rocky K. C. Chang 12 February 2003.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
1 Example security systems n Kerberos n Secure shell.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Security Outline Encryption Algorithms Authentication Protocols
Advanced Computer Networks
or call for office visit.
Message Security, User Authentication, and Key Management
Presentation transcript:

Chapter 4 - Kerberos Network Security and Management Fall Dr. Faisal Kakar Office: Room no. 01, FICT Building

Kerberos, v4 and v5 Provides a complete protocol for authentication and secure communications for hosts connected by a data communications network Provides secure "tickets" to hosts that can be used to initiate a secure message exchange Standard message formats for encrypted and signed messages, or signed plaintext messages Formats for encoding expiration time, names,... Allows "read-only" slave KDC's (distributed KDCs) 2

Keberos uses Mediated Authentication (with a Key Distribution Center, KDC ) Jack Jip KDC Mary Paul Peter Harry Dick Tom Alice Bob Trudi KDC has unique Secret Keys with all legitimate hosts. K bob K alice 3

Keberos Authentication Dialogue

7 KDC

Master KDC Slave KDC {db;Kmaster} Slave KDC Slave KDC Slave KDC Slave KDC Host Realm Replicated KDCs (slaves) are read only. Entire Host-KDC database is downloaded periodically 8 Version 5

Realm Wonderland KDC (Lion) Lion Lion can also be a "principal" in Wonderland (with the Queen's OK) Realm Oz KDC (Hatter) DorothyAlice Alice wants to talk to Dorothy 9

PlaintextCipher Block Chaining (PPCBC) m1m2m3 IV(+) EEE Key c1c2c3 The 1st 64-bit message segment is XOR'ed with an initial vector (IV). Each following message segment is XOR'ed with the preceding ciphertext and plaintext segments-for privacy & integrity. 10

Kerberos Message Integrity Check (Message Digest) MIC is Hash( ) The Hash algorithm was never published (but source code can be obtained) It is based on a checksum algorithm designed by Juneman to use mod 2^31-1 (prime), but changed to use 2^63-1 (not prime). Cryptographers worry that it might be breakable, or reversible (to get K session ). 11

Network Layer (IP) Addresses in Tickets Only 4 bytes available, so limited to Internet Protocol (Novel, IBM, Appletalk, IPv6... longer) Makes "spoofing" harder, IP address must be stolen from network as well as Ticket from Alice. Prevents delegation, giving the ticket to another host to represent you (which is allowed by Kerberos V5) 12

Why Study Kerberos v4 (Why doesn't everyone switch to v5) Kerberos V4 is working well in many systems Switching to V5 requires stopping the network and upgrading every host at once before restart Kerberos V5 is inefficient in some ways compared to V4 13

Kerberos v5 Cryptographic Algorithms Kerberos v4 used Plaintext Cipher Block Chaining and modified Juneman hash Kerberos v5 can use a variety of encryptions (DES in practice) and hashes (MD4, MD5). Primary MIC (message integrity check) uses { confounder + MD5(confounder & message)}K' K' = Kalice-bob (+) F0F0F0F0F0F0F0F0 A more modern MIC that is not used is MD5(Kalice-bob & message) 14

Password security Do not send in clear except over short secure channels (avoid using Telnet, FTP, http (for passwords), …) Choose had to guess passwords, enforce. Force changing passwords periodically Avoid keeping password in memory longer than necessary to generate the user's key. Send hash of (key+nonce) to KDC for authentication Add salt before hashing passwords for pw database Add realm name to password before hashing for pw db Originally UNIX stored a hash of each User ’ s password in a globally readable account. This can be attacked by hashing all common words for a reverse lookup table. 15

Message Security and Integrity Only exchange messages with authenticated hosts Develop a session key and separate MIC key using initial password exchange Encrypt Diffie-Hellman exchanges to prevent Bucket Brigade (man-in-middle) attacks. Use MICs, especially with self-synchronizing encryptions that survive permuting message blocks (e.g., ECB). Get "random" numbers from true sources Protect Master KDC Key and hashed-key database 16

Concepts Used in Kerberos Central Key Server (KDC) - n rather than n*(n-1)/2 sets of keys. Could enforce “ Connection Policy. ” Distributed KDCs (Slave KDCs) to prevent “ Denial of Service ” (DoS) Attack. Use of password hashes, for verifying password without storing password. “ Dictionary Attack ” - use of “ salt ” to improve security. Message hashes for “ Message Integrity Check ” (MIC). Authentication exchange - “ nonce ” to prevent “ Replay Attack ”. Standard block encryption algorithm (DES) with unique “ cipher feedback. ” Session keys to reduce exposure of primary keys. Version 4 to 5 upgrade difficult. Newer systems (SSL, PGP, SSH) negotiate to find the best common algorithms available to both. 17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.