Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cerberus (from Kerberos, demon of the pit): Monstrous three-headed dog (sometimes said to have fifty or one- hundred heads), (sometimes) with a snake for.

Published byMariah McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "Cerberus (from Kerberos, demon of the pit): Monstrous three-headed dog (sometimes said to have fifty or one- hundred heads), (sometimes) with a snake for."— Presentation transcript:

1 Cerberus (from Kerberos, demon of the pit): Monstrous three-headed dog (sometimes said to have fifty or one- hundred heads), (sometimes) with a snake for a tail and innumerable snake heads on his back. He guarded the gate to Hades (the Greek underworld) and ensured that the dead could not leave and the living could not enter.

2 Kerberos (v.4) Kerberos service has one trusted server. –This server authenticates principals and implements an access control policy. –Each principal has a password-derived master key. –Tickets are encrypted session keys for use between a pair of principals.

3 The KDC The trusted server is referred to as: –AS (authentication server): Authenticates users based on their master keys, hands off session keys for secondary authentication: ticket-granting tickets (TGT). –TGS (ticket granting server): Performs secondary authentication based on the TGT keys, hands off tickets for principals to communicate with kerberized network services.

4 KDC configuration The KDC database is kept encrypted under KDC’s own master key. Users have passwords, their master key is derived from them Kerberized network servers need to store their master key somehow. All master keys are stored in the KDC database (except KDC’s own.)

5 First step: Get a TGT Alice Workstation KDC Alice, password [AS_REQ] [AS_REP]: K A {S A,TGT} Create S A, Compute TGT= K KDC {Alice,S A } Derive K A, Recover TGT, S A

6 Getting a service ticket Alice Workstation KDC rlogin Bob [TGS_REQ]: TGT, auth [TGS_REP]: S A {Bob,K AB,T} S A from TGT, Decrypt auth, check t-stamp, Create K AB, T = K B {Alice, K AB } use S A to Decrypt K AB, T auth = S A {timestamp}

7 Using the ticket Alice’s workstation Bob [AP_REQ]: T = K B {Alice,K AB }, auth’ = K AB {timestamp} [AP_REP] K AB {timestamp+1}

8 Replicating KDCs To alleviate bottlenecks, replicate KDC: One KDC is master database, to add or remove users, and change passwords Other KDCs use database as read-only A master KDC establishes a realm. Inter-realm authentication supported: KDC 1 registers KDC 2 as a principal KDC 1 enables other principals to access KDC 2 as a kerberized service.

9 Inter-realm authentication: 1 Alice@Wonderland Workstation KDC Dorothy@Oz [TGS_REQ]: (for O = Oz’s KDC) TGT, auth [TGS_REP]: S A {O,K AO,T} S A from TGT, Decrypt auth, check t-stamp, Create K AO, T O = K O {Alice, K AO } use S A to Decrypt K AO, T auth = S A {timestamp}

10 Inter-realm authentication: 2 Workstation Oz’s KDC [TGS_REQ]: T O, auth’, Dorothy [TGS_REP]: K AO {Dorothy,K AD,T} S AO from T O, Decrypt auth’, check t-stamp, Create K AD, T = K D {Alice, K AD } use K AO to Decrypt K AD, T auth’ = S AO {timestamp}

Download ppt "Cerberus (from Kerberos, demon of the pit): Monstrous three-headed dog (sometimes said to have fifty or one- hundred heads), (sometimes) with a snake for."

Similar presentations

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.
1 Kerberos Anita Jones November, 2006. 2 Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
COEN 350 Kerberos.

COEN 350 Kerberos.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
KERBEROS www.unix.org.ua/orelly/networking/puis/ch19_06.htm.

KERBEROS
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Designing an Authentication System Kerberos; mans best three-headed friend?

Designing an Authentication System Kerberos; mans best three-headed friend?
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google