Presentation is loading. Please wait.

Presentation is loading. Please wait.

World-Wide Web and Client-Server Authentication using Kerberos by Phoenix Malizia.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "World-Wide Web and Client-Server Authentication using Kerberos by Phoenix Malizia."— Presentation transcript:

1 World-Wide Web and Client-Server Authentication using Kerberos by Phoenix Malizia

2 Distributed System Communication Issues  Access Control –Authentication –Passwords  Encryption

3 Kerberos  Developed at MIT in mid-80s  Secret key encryption system –Encrypts data –Authenticates users  No unencrypted passwords transmitted

4 Kerberos Server  Authentication Server –Ensures client authenticity –Provides session key to TGS  Ticket-Granting Server –Develops session key for client-server interactions –Encrypts session keys with respective secret keys

5 Kerberos Communication www.isi.edu/gost/publications/kerberos-neuman-tso.html

6 Kerberos Secret-Key Scheme Problem: Scalability My Solution: Public-Key Scheme

7 Public-Key Encryption  Public-Private Key Pair  Confidentiality –Encrypt with receiver’s public key  Authenticity –Encrypt with sender’s private key  Confidentiality and Authenticity –Double-Encrypt, first with sender’s private key, then with receiver’s public key

8 Public Key Kerberos – Initialization Phase  Kerberos Server publishes its public key  Users and service administrators create password, encrypt it with Kerberos server’s public key, and send back to Kerberos Server  For each Kerberos Server creates key pair, then encrypts private key with user’s password  Password discarded!!!

9 Public-Key Kerberos – Normal Usage  On login, Kerberos Client requests user’s private key file from Kerberos Server  User must provide client with password to access his private key  Client creates session key, doubly-encrypts it, and sends it to server  All hosts download public keys as needed; public keys are always encrypted using Kerberos Server’s private key to guarantee authenticity

10 Benefits  Public-Key caching reduces or eliminates queries to Kerberos Server  Caching is per-host, not per-user  Key rings can increase efficiency on small or mid-scale distributed systems  Public-Private key pairs have long expiration dates  Overall speed increase on distributed systems and the World Wide Web

Download ppt "World-Wide Web and Client-Server Authentication using Kerberos by Phoenix Malizia."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
CS5204 – Operating Systems 1 A Private Key System KERBEROS.

CS5204 – Operating Systems 1 A Private Key System KERBEROS.
SCSC 455 Computer Security

SCSC 455 Computer Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.

1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.

1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
Kerberos Authenticating Over an Insecure Network.

Kerberos Authenticating Over an Insecure Network.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Similar presentations

Ads by Google