SlideShare uma empresa Scribd logo

Kerberos : An Authentication Application

Transferir como PPTX, PDF
V
Vidulatiwari

Network security with authentication application . Kerberos is one of them.

EducaçãoTecnologia
1 de 32
Presented By: Vidula Shukla M.Tech., Computer Science & Engineering Dept. of Computer Science & Engineering Sagar Inst. of Research & Technology Bhopal
Overview  Introduction  Motivation  Requirement  Kerberos Version 4  Kerberos Realms  Kerberos V4 V/s V5  Kerberos Version 5  Strength  Conclusion 7/10/2013 KERBEROS 2
Introduction  Authentication: can be defined as determining an identity to the required level of assurance.  Authentication Application : Deals with the authentication function that have been developed to support application-level authentication 7/10/2013 KERBEROS 3
Introduction to Kerberos  An authentication service developed for Project Athena at MIT  Provides  strong security on physically insecure network  a centralized authentication server which authenticates   Users to servers Servers to users  Relies on conventional encryption rather than public-key encryption 7/10/2013 KERBEROS 4
Why Kerberos is needed ? Problem: Not trusted workstation to identify their users correctly in an open distributed environment 3 Threats:    7/10/2013 Pretending to be another user from the workstation Sending request from the impersonated workstation Replay attack to gain service or disrupt operations KERBEROS 5
Why Kerberos is needed ? Cont. Solution:  Building elaborate authentication protocols at each server  A centralized authentication server (Kerberos) 7/10/2013 KERBEROS 6
Requirements for KERBEROS  Secure:  An opponent does not find it to be the weak link  Reliable:  The system should be able to back up another  Transparent:  An user should not be aware of authentication  Scalable:  The system supports large number of clients and severs 7/10/2013 KERBEROS 7
KERBEROS VERSION 4  Version 4 is most widely used version  Version 4 uses of DES  Version 4 build up to the full protocol by looking at several hypothetical dialogues  Version 5 corrects some of the security deficiencies of Version 4 7/10/2013 KERBEROS 8
 Problem: An opponent can pretend to be another client and obtain unauthorized privileges on server machine.  Solution : Server must be able to confirm the identities of client who request service. 7/10/2013 KERBEROS 9
Kerberos Version 4: Dialog 1- Simple Ticket=E(kv[IDc,ADc,IDv]) 10 7/10/2013 KERBEROS
 Problem: 1. the no. of times the password should be entered should be minimized. 2. Plaintext transmission of password  Solution : 1. Ticket-granting Server; Issues ticket to user who have been authenticated to AS 2. The client can use this ticket to request multiple service granting ticket. 7/10/2013 KERBEROS 11
Kerberos Version 4 : Dialog 2-More Secure ticketTGS=EKtgs[IDc,ADc,IDtgs,TS1,LifeTime1 ] Once per user logon session Once per type of service 4-TicketV 7/10/2013 KERBEROS 12
Kerberos Version 4 : Dialog 2 - More Secure Cont. Once per service session 5- TicketV+ IDc TicketV=EKv[IDc,ADc,IDv,Ts2,Lifetime2] 7/10/2013 KERBEROS 13
 Problem: Lifetime associated with ticket granting ticket 2. Requirement for servers to authenticate themselves to user. 1. 7/10/2013 KERBEROS 14
Kerberos: The Version 4 Authentication Dialog Once per user logon session ticketTGS=EKtgs [Kc.tgs, IDc,ADc,IDtgs,TS2, LifeTi me2 ] 7/10/2013 KERBEROS KERBEROS 15
Kerberos: The Version 4 Authentication Dialog Cont. Once per type of service ticketTGS=EKtgs [Kc.tgs,IDc,ADc,IDtgs, TS2, LifeTime2 ] KERBEROS AuthenticatorC=EKc.tgs[IDc,ADc,TS3] ticketV=EKV[Kc.v,IDc,ADc,IDv, TS4, LifeTime4 ] 3- TicketTGS + AuthenticatorC + IDv 4-EKc.tgs[ Kc.v,IDv,Ts4,Ticketv] 7/10/2013 KERBEROS 16
Kerberos: The Version 4 Authentication Dialog Cont. Once per service session 5- TicketV+ AuthenticatorC 6- EKc.v[TS5+1] TicketV=EKv [Kv.c, IDc, ADc, IDv, TS4, Lifetime4] AuthenticatorC=EKc.v [IDc,ADc,TS5] 7/10/2013 KERBEROS 17
Tickets:  Contains information which must be considered private to the user  Allows user to use a service or to access TGS  Reusable for a period of particular time  Used for distribution of keys securely 7/10/2013 KERBEROS 18
Authenticators  Proves the client’s identity  Proves that user knows the session key  Prevents replay attack  Used only once and has a very short life time  One authenticator is typically built per session of use of a service 7/10/2013 KERBEROS 19
Kerberos Overview 7/10/2013 KERBEROS 20
Kerberos Realms  A single administrative domain includes:  a Kerberos server  a number of clients, all registered with server  application servers, sharing keys with server  What will happen when users in one realm need access to service from other realms?:  Kerberos provide inter-realm authentication 7/10/2013 KERBEROS 21
Inter-realm Authentication:  Kerberos server in each realm shares a secret key with other realms.  It requires  Kerberos server in one realm should trust the one in other realm to authenticate its users  The second also trusts the Kerberos server in the first realm 7/10/2013 KERBEROS 22
Request for Service in another realm: 7/10/2013 KERBEROS 23
KERBEROS Version 5 versus Version4  Environmental shortcomings of Version 4:  Encryption system dependence: DES  Message byte ordering  Internet protocol dependence  Ticket lifetime  Authentication forwarding  Inter-realm authentication 7/10/2013 KERBEROS 24
KERBEROS Version 5 versus Version4  Technical deficiencies of Version 4:  Double encryption  Session Keys  Password attack  Mode of Encryption 7/10/2013 KERBEROS 25
New Elements in Kerberos Version 5  Realm  Indicates realm of the user  Options  Times  From: the desired start time for the ticket  Till: the requested expiration time  Rtime: requested renew-till time  Nonce  A random value to assure the response is fresh 7/10/2013 KERBEROS 26
Kerberos Version 5 Message Exchange:1  To obtain ticket-granting ticket: (1)C  AS : Options || IDc || Realmc || IDtgs ||Times || Nonce1 (2) AS  C : Realmc || IDc || Ticket tgs || EKc [ Kc,tgs || IDtgs || Times || Nonce1 ||| Realm tgs ] Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c || IDc || ADc || Times] 7/10/2013 KERBEROS 27
Kerberos Version 5 Message Exchange:2  To obtain service-granting ticket : (3)C  TGS : Options || IDv || Times || Nonce2 || Ticket tgs ║ Authenticator c (4)TGS  C : Realmc || IDc || Ticket v || EK c,tgs [ Kc,v ║Times|| Nonce2 || IDv ║ Realm v] Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c || IDc || ADc || Times] Ticket v : EK v [Kc,,v ║ Realmc || IDc ║ ADc ║ Times ] Authenticator c : EK c,tgs [IDc ║ Realmc ║ TS1] 7/10/2013 KERBEROS 28
Kerberos Version 5 Message Exchange:3  To obtain service (5) C  S : Options || Ticket v|| Authenticator c (6) S  C : EK c,v [TS2|| Subkey || Seq# ]  Ticket v : EK v [Flags || Kc,v || Realmc || IDc || ADc || Times ]  Authenticator c : EK c,v [IDc || Realmc || TS2 || Subkey|| Seq# ] 7/10/2013 KERBEROS 29
Kerberos : Strengths  User's passwords are never sent across the network, encrypted or in plain text  Secret keys are only passed across the network in encrypted form  Client and server systems mutually authenticate  It limits the duration of their users' authentication.  Authentications are reusable and durable 7/10/2013 KERBEROS 30
Conclusion  Kerberos is an authentication service using convention encryption  Kerberos the solution to network security is a protocol designed to provide centralized authentication whose function is to authenticate user to server and server to user. 7/10/2013 KERBEROS 31
THANK YOU 7/10/2013 KERBEROS 32

Recomendados

Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
Bibek Subedi
 
Kerberos
KerberosKerberos
Kerberos
Sutanu Paul
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
kerberos
kerberoskerberos
kerberos
sameer farooq
 
Kerberos
KerberosKerberos
Kerberos
RafatSamreen
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli
 
Kerberos
KerberosKerberos
Kerberos
Sparkbit
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 

Recomendados

Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
Bibek Subedi
 
Kerberos
KerberosKerberos
Kerberos
Sutanu Paul
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
kerberos
kerberoskerberos
kerberos
sameer farooq
 
Kerberos
KerberosKerberos
Kerberos
RafatSamreen
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli
 
Kerberos
KerberosKerberos
Kerberos
Sparkbit
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
Kerberos
KerberosKerberos
Kerberos
Sudeep Shouche
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
Shafaan Khaliq Bhatti
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
koolkampus
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
raf_slide
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
Ajit Dadresa
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
DarshanPatil82
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
Mohamed El-Serngawy
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
Gopal Sakarkar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptography
Cysinfo Cyber Security Community
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh raj
DBNCOET
 
Kerberos
KerberosKerberos
Kerberos
Sou Jana
 

Mais conteúdo relacionado

Mais procurados

Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
koolkampus
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
raf_slide
 

Mais procurados (20)

public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos
KerberosKerberos
Kerberos
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Key management
Key managementKey management
Key management
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
S/MIME
S/MIMES/MIME
S/MIME
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptography
 

Semelhante a Kerberos : An Authentication Application

1699250.ppt
1699250.ppt1699250.ppt
1699250.ppt
inaamulh66
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
Shashwat Shriparv
 
IS Unit 7_Network Security
IS Unit 7_Network SecurityIS Unit 7_Network Security
IS Unit 7_Network Security
Sarthak Patel
 
Kerberos survival guide SPS Kansas City
Kerberos survival guide SPS Kansas CityKerberos survival guide SPS Kansas City
Kerberos survival guide SPS Kansas City
J.D. Wade
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
limsh
 

Semelhante a Kerberos : An Authentication Application (20)

Rakesh raj
Rakesh rajRakesh raj
Rakesh raj
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case study
 
1699250.ppt
1699250.ppt1699250.ppt
1699250.ppt
 
Kerberos Protocol
Kerberos ProtocolKerberos Protocol
Kerberos Protocol
 
Kerberos realms & multiple kerberi
Kerberos realms & multiple kerberiKerberos realms & multiple kerberi
Kerberos realms & multiple kerberi
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
 
CT UNIT 5 Session 3.ppt User authentication and kerberos protocol
CT UNIT 5 Session 3.ppt User authentication and kerberos protocolCT UNIT 5 Session 3.ppt User authentication and kerberos protocol
CT UNIT 5 Session 3.ppt User authentication and kerberos protocol
 
IS Unit 7_Network Security
IS Unit 7_Network SecurityIS Unit 7_Network Security
IS Unit 7_Network Security
 
module1 network security.pdf
module1 network security.pdfmodule1 network security.pdf
module1 network security.pdf
 
Kerberos using public key cryptography
Kerberos using public key cryptographyKerberos using public key cryptography
Kerberos using public key cryptography
 
Technet.microsoft.com
Technet.microsoft.comTechnet.microsoft.com
Technet.microsoft.com
 
Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Module 4 network and computer security
Module 4 network and computer securityModule 4 network and computer security
Module 4 network and computer security
 
Kerberos survival guide SPS Kansas City
Kerberos survival guide SPS Kansas CityKerberos survival guide SPS Kansas City
Kerberos survival guide SPS Kansas City
 
kerb.ppt
kerb.pptkerb.ppt
kerb.ppt
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
 

Último

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Último (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 

Kerberos : An Authentication Application

  • 1. Presented By: Vidula Shukla M.Tech., Computer Science & Engineering Dept. of Computer Science & Engineering Sagar Inst. of Research & Technology Bhopal
  • 2. Overview  Introduction  Motivation  Requirement  Kerberos Version 4  Kerberos Realms  Kerberos V4 V/s V5  Kerberos Version 5  Strength  Conclusion 7/10/2013 KERBEROS 2
  • 3. Introduction  Authentication: can be defined as determining an identity to the required level of assurance.  Authentication Application : Deals with the authentication function that have been developed to support application-level authentication 7/10/2013 KERBEROS 3
  • 4. Introduction to Kerberos  An authentication service developed for Project Athena at MIT  Provides  strong security on physically insecure network  a centralized authentication server which authenticates   Users to servers Servers to users  Relies on conventional encryption rather than public-key encryption 7/10/2013 KERBEROS 4
  • 5. Why Kerberos is needed ? Problem: Not trusted workstation to identify their users correctly in an open distributed environment 3 Threats:    7/10/2013 Pretending to be another user from the workstation Sending request from the impersonated workstation Replay attack to gain service or disrupt operations KERBEROS 5
  • 6. Why Kerberos is needed ? Cont. Solution:  Building elaborate authentication protocols at each server  A centralized authentication server (Kerberos) 7/10/2013 KERBEROS 6
  • 7. Requirements for KERBEROS  Secure:  An opponent does not find it to be the weak link  Reliable:  The system should be able to back up another  Transparent:  An user should not be aware of authentication  Scalable:  The system supports large number of clients and severs 7/10/2013 KERBEROS 7
  • 8. KERBEROS VERSION 4  Version 4 is most widely used version  Version 4 uses of DES  Version 4 build up to the full protocol by looking at several hypothetical dialogues  Version 5 corrects some of the security deficiencies of Version 4 7/10/2013 KERBEROS 8
  • 9.  Problem: An opponent can pretend to be another client and obtain unauthorized privileges on server machine.  Solution : Server must be able to confirm the identities of client who request service. 7/10/2013 KERBEROS 9
  • 10. Kerberos Version 4: Dialog 1- Simple Ticket=E(kv[IDc,ADc,IDv]) 10 7/10/2013 KERBEROS
  • 11.  Problem: 1. the no. of times the password should be entered should be minimized. 2. Plaintext transmission of password  Solution : 1. Ticket-granting Server; Issues ticket to user who have been authenticated to AS 2. The client can use this ticket to request multiple service granting ticket. 7/10/2013 KERBEROS 11
  • 12. Kerberos Version 4 : Dialog 2-More Secure ticketTGS=EKtgs[IDc,ADc,IDtgs,TS1,LifeTime1 ] Once per user logon session Once per type of service 4-TicketV 7/10/2013 KERBEROS 12
  • 13. Kerberos Version 4 : Dialog 2 - More Secure Cont. Once per service session 5- TicketV+ IDc TicketV=EKv[IDc,ADc,IDv,Ts2,Lifetime2] 7/10/2013 KERBEROS 13
  • 14.  Problem: Lifetime associated with ticket granting ticket 2. Requirement for servers to authenticate themselves to user. 1. 7/10/2013 KERBEROS 14
  • 15. Kerberos: The Version 4 Authentication Dialog Once per user logon session ticketTGS=EKtgs [Kc.tgs, IDc,ADc,IDtgs,TS2, LifeTi me2 ] 7/10/2013 KERBEROS KERBEROS 15
  • 16. Kerberos: The Version 4 Authentication Dialog Cont. Once per type of service ticketTGS=EKtgs [Kc.tgs,IDc,ADc,IDtgs, TS2, LifeTime2 ] KERBEROS AuthenticatorC=EKc.tgs[IDc,ADc,TS3] ticketV=EKV[Kc.v,IDc,ADc,IDv, TS4, LifeTime4 ] 3- TicketTGS + AuthenticatorC + IDv 4-EKc.tgs[ Kc.v,IDv,Ts4,Ticketv] 7/10/2013 KERBEROS 16
  • 17. Kerberos: The Version 4 Authentication Dialog Cont. Once per service session 5- TicketV+ AuthenticatorC 6- EKc.v[TS5+1] TicketV=EKv [Kv.c, IDc, ADc, IDv, TS4, Lifetime4] AuthenticatorC=EKc.v [IDc,ADc,TS5] 7/10/2013 KERBEROS 17
  • 18. Tickets:  Contains information which must be considered private to the user  Allows user to use a service or to access TGS  Reusable for a period of particular time  Used for distribution of keys securely 7/10/2013 KERBEROS 18
  • 19. Authenticators  Proves the client’s identity  Proves that user knows the session key  Prevents replay attack  Used only once and has a very short life time  One authenticator is typically built per session of use of a service 7/10/2013 KERBEROS 19
  • 21. Kerberos Realms  A single administrative domain includes:  a Kerberos server  a number of clients, all registered with server  application servers, sharing keys with server  What will happen when users in one realm need access to service from other realms?:  Kerberos provide inter-realm authentication 7/10/2013 KERBEROS 21
  • 22. Inter-realm Authentication:  Kerberos server in each realm shares a secret key with other realms.  It requires  Kerberos server in one realm should trust the one in other realm to authenticate its users  The second also trusts the Kerberos server in the first realm 7/10/2013 KERBEROS 22
  • 23. Request for Service in another realm: 7/10/2013 KERBEROS 23
  • 24. KERBEROS Version 5 versus Version4  Environmental shortcomings of Version 4:  Encryption system dependence: DES  Message byte ordering  Internet protocol dependence  Ticket lifetime  Authentication forwarding  Inter-realm authentication 7/10/2013 KERBEROS 24
  • 25. KERBEROS Version 5 versus Version4  Technical deficiencies of Version 4:  Double encryption  Session Keys  Password attack  Mode of Encryption 7/10/2013 KERBEROS 25
  • 26. New Elements in Kerberos Version 5  Realm  Indicates realm of the user  Options  Times  From: the desired start time for the ticket  Till: the requested expiration time  Rtime: requested renew-till time  Nonce  A random value to assure the response is fresh 7/10/2013 KERBEROS 26
  • 27. Kerberos Version 5 Message Exchange:1  To obtain ticket-granting ticket: (1)C  AS : Options || IDc || Realmc || IDtgs ||Times || Nonce1 (2) AS  C : Realmc || IDc || Ticket tgs || EKc [ Kc,tgs || IDtgs || Times || Nonce1 ||| Realm tgs ] Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c || IDc || ADc || Times] 7/10/2013 KERBEROS 27
  • 28. Kerberos Version 5 Message Exchange:2  To obtain service-granting ticket : (3)C  TGS : Options || IDv || Times || Nonce2 || Ticket tgs ║ Authenticator c (4)TGS  C : Realmc || IDc || Ticket v || EK c,tgs [ Kc,v ║Times|| Nonce2 || IDv ║ Realm v] Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c || IDc || ADc || Times] Ticket v : EK v [Kc,,v ║ Realmc || IDc ║ ADc ║ Times ] Authenticator c : EK c,tgs [IDc ║ Realmc ║ TS1] 7/10/2013 KERBEROS 28
  • 29. Kerberos Version 5 Message Exchange:3  To obtain service (5) C  S : Options || Ticket v|| Authenticator c (6) S  C : EK c,v [TS2|| Subkey || Seq# ]  Ticket v : EK v [Flags || Kc,v || Realmc || IDc || ADc || Times ]  Authenticator c : EK c,v [IDc || Realmc || TS2 || Subkey|| Seq# ] 7/10/2013 KERBEROS 29
  • 30. Kerberos : Strengths  User's passwords are never sent across the network, encrypted or in plain text  Secret keys are only passed across the network in encrypted form  Client and server systems mutually authenticate  It limits the duration of their users' authentication.  Authentications are reusable and durable 7/10/2013 KERBEROS 30
  • 31. Conclusion  Kerberos is an authentication service using convention encryption  Kerberos the solution to network security is a protocol designed to provide centralized authentication whose function is to authenticate user to server and server to user. 7/10/2013 KERBEROS 31

Notas do Editor

  1. C = clientAS = Authentication serverV = ServerIDc = Identifier of user on CIdv = Identifier of VPc = Password of user on CAdc = Network address of Ckv=Secret Key between AS and V (Server)
  2. The ticket is encrypted with a secret key (Kv) known only to TGS and the server , preventing alteration.
  3. C -> AS : IDc + IDtgs + TS1AS -> C : E(Kc, [Kc,tgs + IDtgs + TS1 + Lifetime2 + Ticket tgs ])C -> TGS :