Presentation is loading. Please wait.

Presentation is loading. Please wait.

V.1 Security Services. V.2 Security aspects of RPC Mechanisms: –Private-Key-Method (symmetric) „Data Encryption Standard“ (DES) Use of a „Key Distribution.

Published byAlbert Fox Modified over 8 years ago

Similar presentations

Presentation on theme: "V.1 Security Services. V.2 Security aspects of RPC Mechanisms: –Private-Key-Method (symmetric) „Data Encryption Standard“ (DES) Use of a „Key Distribution."— Presentation transcript:

1 V.1 Security Services

2 V.2 Security aspects of RPC Mechanisms: –Private-Key-Method (symmetric) „Data Encryption Standard“ (DES) Use of a „Key Distribution Center“ with session keys on the base of private keys Setup of conversation contexts during Binding –Public-Key-Method (asymmetric): RSA Identification and authentication –Identification during Binding –Authentication: Verification of identity of a called object instance and also of server during distribution of session keys

3 V.3 Encryption Example:System „Kerberos“ with DES used in OSF DCE KeyRequest (C,S) Response ( {{CS}K2, {CS}}K1 ) Message( { }CS, {CS} K2 ) Response ( { }CS ) Message( { }CS) Client C (with key K1) Server S (with key K2) Key distribution center generates CS(S1,S2) CS {CS} K2 CS

4 V.4 Identification and authentication Identification: –Presentation of a explicit identifier –Assignment and name construction important during Binding (compare with name server) Authentication: –Verification of identity via presentation of a secret identifier –Using of private keys (for instance, from password) –Authentication of the client and of the server via decryption of the (session) key –Key distribution point: authentication service –Additionally: timestamp for prevention of message repeats

5 V.5 Security aspects of RPC Possible guaranties: –Bugging, modification, call repeat and call initiation prevented –Identity of communication partners guaranteed –tolerable performance losses –Traffic density analysis possible Security classes of DCE RPC –Authentication during Binding –Authentication for each call –Authentication for each packet –Defense against message modification (encrypted control sum) –Full-state encryption

6 V.6 Asymmetric crypto-method with public keys KD - secret key for decryption KE - public key for encryption nonreversible function F(KD) = KE Client C secret: KD_C public: KE_S KE_S(M) M=KD_C(KE_C(M)) Server S secret: KD_S public: KE_C M=KD_S(KE_S(M)) KE_C(M) Message M transmission Calculation and delivery of private keys

7 V.7 Authorization Awarding and control of access rights: –Capabilities for Client or –Access control lists for Server RPC Server File Server Name Server MeierMüllerHuber read write - read - write read write „Subject“ „Object“ Access control lists (ACL) Capabilities

8 V.8 Access control list example usr_obj/.:/sec/principal/Meier: rwid foreign_user/.../firm_z.de/sec/principal/Müller: r--- group_obj/.:/sec/group/Dept_1: rwi- DocumentServer Call: dynamic rights control

9 V.9 Implementation example -Control of identity of communication partners -Defense against bugging, manipulation, illegal access -Conformant to standards (for instance, DES and IDEA-algorithms) Security Server Client (Cash desk) Account Server Authori- zation Meier: rx Müller:rwx Encrypted transmission Authentication

10 V.10 Security Service: architecture ACL Manager Application server Authentication protocol ClientSecurity ServiceServer ACL Editor CORBA- runtime-system Security Server Authentication protocol CORBA- runtime-system Application client Authentication protocol Login-Facility CORBA- runtime-system Login-Facility: Password control and generating of a private key Authentication protocol: Processing of distributed authentication ACL Manager: Control of access rights of a client on the server site ACL Editor Definition and manipulation of access rights

11 V.11 Security Service: Authentication Authenticate “ticket granting ticket” (TGT) with encrypted Client Key Client sends authentication query to the Security Service Security Service generates TGT and encrypts that with Client Key (from password) If client identity is correct, then client can encrypt the TGT (inclusive add-on information) Client sends TGT (newly encrypted) to the Privilege Server (Security Service) This is a proof for correct identity; client receives PAC and is authenticated “ticket granting ticket” (TGT) “privilege attribute certificate” (PAC) Client Security Server (Login- Components) (Privilege Server) 1. Phase: Login

12 V.12 Security Service: Authentication Requests a Ticket Ticket Authenticated Client requests a Ticket for the application server from the Security Service Security Service controls identity and awards the Ticket Client carries out a call (internal further steps to mutual authentication) ACL Manager of the server controls the authorization ( in ACL contained?) Server carries out the call and delivers the results Communication generally encrypted (however compromise: security vs. performance) Call (Ticket) Answer Client Security Server (Privilege Server) 2. Phase: Call of a server Application server (ACL Manager)

Download ppt "V.1 Security Services. V.2 Security aspects of RPC Mechanisms: –Private-Key-Method (symmetric) „Data Encryption Standard“ (DES) Use of a „Key Distribution."

Similar presentations

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
CS5204 – Operating Systems 1 A Private Key System KERBEROS.

CS5204 – Operating Systems 1 A Private Key System KERBEROS.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
SCSC 455 Computer Security

SCSC 455 Computer Security
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.

1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M030 17 th November, 2008.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
Authentication & Kerberos

Authentication & Kerberos

Similar presentations

Ads by Google