Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kerberos Authenticating Over an Insecure Network.

Similar presentations


Presentation on theme: "Kerberos Authenticating Over an Insecure Network."— Presentation transcript:

1 Kerberos Authenticating Over an Insecure Network

2 Initial request user Authentication Server service user to service Session key Service name User key Session key User name Service key (only real user can decode)

3 User Agent Kerberos Server Application Server User and Server DB Private keys Authentication Server Ticket Granting Server User asks User requests ticket to interact with Application Server

4 User Agent Kerberos Server Application Server User and Server DB Private keys Authentication Server Ticket Granting Server User agent contacts Authentication Server to begin the process of authenticating the user as being who he says he is

5 User Agent Kerberos Server Application Server User and Server DB Private keys Authentication Server Ticket Granting Server Session Key Auth Server looks up user private key, creates session key to talk to TGS, encrypts with user private key and returns. If not real user.. useless

6 User Agent Kerberos Server Application Server User and Server DB Private keys Authentication Server Ticket Granting Server Session Key User agent prompts user, takes key and decrypts the session key. If not the real user, can’t read. User takes a ticket to access TGS from the prev Step and encrypts appServer request info using Session Key. User password(key)

7 User Agent Kerberos Server Application Server User and Server DB Private keys Authentication Server Ticket Granting Server User agent sends request to the TGS with request encrypted using the Session Key. Session Key

8 User Agent Kerberos Server Application Server User and Server DB Private keys Authentication Server Ticket Granting Server Session Key TGS creates a User/Server session key and encrypts it using the Session Key and a Permission Ticket for User/Server Interaction encrypted using the Appserver key..

9 User Agent Kerberos Server Application Server User and Server DB Private keys Authentication Server Ticket Granting Server User agent decrypts the user/server key using the Session Key and uses The US Session key is sent with the US Ticket to the App Server Session Key

10 User Agent Kerberos Server Application Server User and Server DB Private keys Authentication Server Ticket Granting Server AppServer uses own key to decrypt/authenticate the request and verify The US Ticket to be valid. Then begins communicating with the US Session key.

11 Conclusions No unencrypted messages across net Not able to spoof either client OR server Time stamps on the session keys so that even if eventually decoded, could not use Point of failure is the DB where the Kerberos server is stored.


Download ppt "Kerberos Authenticating Over an Insecure Network."

Similar presentations


Ads by Google