Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Published byBennett Patterson Modified over 8 years ago

Similar presentations

Presentation on theme: "CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina."— Presentation transcript:

1 CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina

2 10/24/20072 Authentication Applications Developed to support application-level authentication and digital signatures A famous example is Kerberos – a password authentication service

3 10/24/20073 Kerberos Trusted key server system from MIT Provide centralized password third-party authentication in a distributed network allow users access to services distributed through network without needing to trust all workstations instead all trust a central authentication server Two versions in use: 4 & 5

4 10/24/20074 Kerberos Requirements First published report identified its requirements as security reliability transparency scalability Implemented using an authentication protocol based on Needham-Schroeder

5 10/24/20075 Kerberos 4 Overview A basic third-party authentication scheme Have an Authentication Server (AS) users initially negotiate with AS to identify self AS provides a non-corruptible authentication credential (ticket granting ticket, TGT) Have a Ticket-Granting Server (TGS) users subsequently request access to other services from TGS on basis of users TGT

6 10/24/20076 First Design (1)C  AS:ID c ||P c ||ID v (2)AS  C:Ticket (3)C  V:ID c ||Ticket Ticket = E K v [ID c ||AD c ||ID v ]

7 10/24/20077 Problems with First Design User may have to submit password many times in the same logon session Password is transmitted in clear

8 10/24/20078 Second Design Once per user logon session: (1)C  AS:ID c ||ID tgs (2)AS  C: E Kc [Ticket tgs ] Once per type of service: (3)C  TGS:ID c ||ID v ||Ticket tgs (4)TGS  C:Ticket v Once per service session: (5)C  V:ID c ||Ticket v Ticket tgs = E K tgs [ID c ||AD c ||ID tgs ||TS 1 ||Lifetime 1 ] Ticket v = E K v [ID c ||AD c ||ID v ||TS 2 ||Lifetime 2 ]

9 10/24/20079 Problems with Second Design Requirement for server (TGS or application server) to verify that the person using a ticket is the same person to whom ticket was issued Requirement for server to authenticate themselves to users

10 10/24/200710 Kerberos 4 Message Exchange

11 10/24/200711 Kerberos 4 Overview

12 10/24/200712 Kerberos Realms Kerberos environment consists of a Kerberos server a number of clients, all registered with server application servers, sharing keys with server This is termed a “realm” typically within a single administrative domain If have multiple realms, their Kerberos servers must share keys and trust each other

13 10/24/200713 Request Service in Another Realm

14 10/24/200714 Kerberos Version 5 Developed in mid 1990’s Provide improvements over Version 4 addresses environmental shortcomings encryption alg, network protocol, byte order, ticket lifetime, authentication forwarding, interrealm auth and technical deficiencies double encryption, non-std mode of use, session keys, password attacks Specified as Internet standard RFC 1510

15 10/24/200715 Kerberos 5 Message Exchange

16 10/24/200716 Next Class First student presentation! Submit your summary to dropbox before class My next lecture will be about Certificate and authorization Firewall and access control

Download ppt "CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
1 Kerberos Anita Jones November, 2006. 2 Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
The Authentication Service ‘Kerberos’ and It’s Limitations

The Authentication Service ‘Kerberos’ and It’s Limitations
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Authentication Applications

Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Authentication Applications We cannot enter into alliance with neighbouring princes until we are acquainted with their designs. —The Art of War, Sun Tzu.

Authentication Applications We cannot enter into alliance with neighbouring princes until we are acquainted with their designs. —The Art of War, Sun Tzu.
Network Security Essentials Chapter 4

Network Security Essentials Chapter 4

Similar presentations

Ads by Google