Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 715: Network Systems Security

Published byElmer Cummings Modified over 6 years ago

Similar presentations

Presentation on theme: "CSCE 715: Network Systems Security"— Presentation transcript:

1 CSCE 715: Network Systems Security
Chin-Tser Huang University of South Carolina

2 Midterm Exam Everyone gets one extra point After the adjustment
Highest: 20.5 Average: 14.58 10/24/2006

3 Authentication Applications
Developed to support application-level authentication and digital signatures A famous example is Kerberos – a password authentication service 10/24/2006

4 Kerberos Trusted key server system from MIT
Provide centralized password third-party authentication in a distributed network allow users access to services distributed through network without needing to trust all workstations instead all trust a central authentication server Two versions in use: 4 & 5 10/24/2006

5 Kerberos Requirements
First published report identified its requirements as security reliability transparency scalability Implemented using an authentication protocol based on Needham-Schroeder 10/24/2006

6 Kerberos 4 Overview A basic third-party authentication scheme
Have an Authentication Server (AS) users initially negotiate with AS to identify self AS provides a non-corruptible authentication credential (ticket granting ticket, TGT) Have a Ticket-Granting Server (TGS) users subsequently request access to other services from TGS on basis of users TGT 10/24/2006

7 First Design (1) C  AS: IDc||Pc||IDv (2) AS  C: Ticket
(3) C  V: IDc||Ticket Ticket = EKv [IDc||ADc||IDv] 10/24/2006

8 Problems with First Design
User may have to submit password many times in the same logon session Password is transmitted in clear 10/24/2006

9 Second Design Once per user logon session: (1) C  AS: IDc||IDtgs
(2) AS  C: EKc [Tickettgs] Once per type of service: (3) C  TGS: IDc||IDv||Tickettgs (4) TGS  C: Ticketv Once per service session: (5) C  V: IDc||Ticketv Tickettgs = EKtgs [IDc||ADc||IDtgs||TS1||Lifetime1] Ticketv = EKv [IDc||ADc||IDv||TS2||Lifetime2] 10/24/2006

10 Problems with Second Design
Requirement for server (TGS or application server) to verify that the person using a ticket is the same person to whom ticket was issued Requirement for server to authenticate themselves to users 10/24/2006

11 Kerberos 4 Message Exchange
10/24/2006

12 Kerberos 4 Overview 10/24/2006

13 Kerberos Realms Kerberos environment consists of
a Kerberos server a number of clients, all registered with server application servers, sharing keys with server This is termed a “realm” typically within a single administrative domain If have multiple realms, their Kerberos servers must share keys and trust each other 10/24/2006

14 Request Service in Another Realm
10/24/2006

15 Kerberos Version 5 Developed in mid 1990’s
Provide improvements over Version 4 addresses environmental shortcomings encryption alg, network protocol, byte order, ticket lifetime, authentication forwarding, interrealm auth and technical deficiencies double encryption, non-std mode of use, session keys, password attacks Specified as Internet standard RFC 1510 10/24/2006

16 Kerberos 5 Message Exchange
10/24/2006

17 Next Class First student presentation!
Submit your summary to dropbox before class My next lecture will be about Certificate and authorization Firewall and access control 10/24/2006

Download ppt "CSCE 715: Network Systems Security"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Essentials Chapter 4

Network Security Essentials Chapter 4
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Similar presentations

Ads by Google