Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Published byRyder Maunder Modified over 10 years ago

Similar presentations

Presentation on theme: "Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –"— Presentation transcript:

1 Authentication Applications Kerberos And X.509

2 Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent – almost invisible to user –Scalable – to many users and servers Two versions –Version 4 – basic ideas –Version 5 – fixes and more variety of algorithms

3 Kerberos Version 4 Protocol is complex – so –Simplified approach Client asks authentication server for ticket AS grants ticket Client sends ticket to server –Weaknesses Big load on AS (Provide secondary ticket-granting servers) Repeated password entry (Password to AS seldom, tickets from TGS when needed, based on AS authentication)

4 Strategies and Countermoves What opponents of 4 can do –Wait for long-lived ticket-granting tickets and then reuse –Capture service-granting tickets and then use remaining time Antitheft of ticket-granting tickets –AS provides both client with a secret, securely –Done by sending a session key This procedure also makes service-granting tickets reusable

5 Kerberos Organization Called a realm, it includes: –Kerberos server, which includes: UID and hashed password for each user Shared secret key with each user –Kerberos server includes both AS and TGS Inter-realm issues –Kerberos servers in each realm are registered with each other (share a secret key) –TGS in server realm issues tickets to client on other realm

6 Version 5 Avoids DES suspicion by specifying algorithm and key length Avoids IP dependence by specifying net address type and length Allows specifying message byte ordering Tickets contain start and end time Authentication forwarding – server can forward authentication to another server Inter-realm authentication

7 Version 5 – Continued Avoids double encryptions Avoids PCBC (vulnerable to a cipher block exchange attack) Session and subsession keys Preauthentication – makes password attacks more difficult (but not impossible)

8 X.509 Service Uses public-key certificates from a CA (certification authority) – Kerberos uses privately distributed keys Obtaining certificate requires access to public key of a CA X.509 service is free-form hierarchical – does this by using forward and reverse certificates Also provides for certificate revocation –Each CA contains a list of revoked but still in-date keys

9 X.509 Service (Continued) Authentication procedures –One-way Single transfer of information from user to user –Two-way Authenticates each to the other –Three-way Detects replay attacks using nonces (rather than clock synchronization) New versions – more of the same

Download ppt "Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
The Authentication Service ‘Kerberos’ and It’s Limitations

The Authentication Service ‘Kerberos’ and It’s Limitations
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden

Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Authentication Applications

Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
NETWORK SECURITY.

NETWORK SECURITY.
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google