Presentation is loading. Please wait.

Presentation is loading. Please wait.

KERBEROS SYSTEM Kumar Madugula.

Similar presentations


Presentation on theme: "KERBEROS SYSTEM Kumar Madugula."— Presentation transcript:

1 KERBEROS SYSTEM Kumar Madugula

2 What is Kerberos? A secure network authentication protocol.
Uses trusted key distribution center Developed at MIT in 80’s

3 What it does? Authenticates the client
Distributes a shared session key between client and application server programs. User enters the password only once. No need to enter password when ever user opens an application.

4 Terminology Principle Authentication Server (AS)
Ticket Granting Server (TGS) Application Server Ticket Granting Ticket (TGT) Ticket Session Key

5 Terminology Authentication Ticket Granting Server Server TGT Ticket
Application Server Client

6 Working Client steps Obtains Ticket Granting Ticket from the Authentication Server Obtains Ticket from the ticket granting server to required application server. Communicate with the application server

7 Client and Authentication Server (AS) interaction
Client sends user name and a request for a ticket to access TGS. Client Authentication Server Name, TGS, nonce

8 Client and Authentication Server interaction
The authentication server looks up the client in its database. Generates a session key (KCT) for use between the client and the TGS. AS encrypts the KCT using the client’s secret key (Kuser). The authentication server also uses the TGS’s secret key to create and send the user a ticket-granting ticket (TGT). Client Authentication Server SK1,TGT SK1={KCT ,nonce} Kuser TGT={user,TGS,t1,t2, KCT} KTGS

9 Client Ticket Granting Server Interaction
Client uses his password to decrypt SK1 to obtain session key. then uses it to create an authenticator containing the user’s name, IP address and a time stamp. The client sends this authenticator, along with the TGT, to the TGS, requesting access to the application server (S). Client Ticket Granting Server AUTH1, TGT, Server, nonce AUTH1={user, ipaddress, timestamp} KCT TGT={user,TGS,t1,t2, KCT} KTGS

10 Client and Ticket granting server interaction
The TGS decrypts the TGT, then uses KCT inside the TGT to decrypt the authenticator. It verifies information in the authenticator (AUTH1) Then the TGS creates a new session key (KCS) for the client and application server to use, encrypts it using KCT. It also creates a new ticket encrypted with the target server’s secret key (KServer) Client Ticket Granting Server SK2, TK SK2={KCS, nonce} KCT TK={user,server,t1,t2, KCS} KServer

11 Client and Server Interaction
Client decrypts SK2 get KCS. creates a new authenticator encrypts with KCS and sends it with ticket to the application server. Application Server Client AUTH2,TK,request,nonce AUTH1={user, ipaddress, timestamp} KCS TK={user,server,t1,t2, KCS} KServer The application server decrypts and checks the ticket then decrypts the authenticator and verifies the user. From now client and server uses KCS as a shared secret key to communicate.

12 Advantages and Weaknesses
User's passwords are never sent across the network, encrypted or in plain text A user need only authenticate to the Kerberos system once Kerberos v5 can use any private key encryption algorithm Windows 2000 uses a modified version of Kerberos which uses public key certificates instead of shared secret keys for initial authentication.

13 Disadvantages Trusting trusted party (TGS and AS)
Kerberos was designed for use with single-user client systems All the existing software's must be Kerberos compatible. vulnerable to brute-force attacks against TGS or AS


Download ppt "KERBEROS SYSTEM Kumar Madugula."

Similar presentations


Ads by Google