1 / 19

Kerberos

Kerberos. Authentication protocol. Submitted By. Poonam chauhan. What is Kerberos.

gore
Télécharger la présentation

Kerberos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kerberos Authentication protocol

  2. Submitted By • Poonamchauhan

  3. What is Kerberos • Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. • aimed primarily at a client –server model • Kerberos uses as its basis the symmetric Needham-Schroeder protocol.

  4. It makes use of a trusted third party, termed a key distribution centre (KDC), which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). • The KDC maintains a database of secret keys; each entity on the network — whether a client or a server — shares a secret key known only to itself and to the KDC. • For communication purposes the KDC generates a session key which communicating parties use to encrypt their transmissions. • The security of the protocol relies heavily on short-lived assertions of authenticity called Kerberos tickets.

  5. Working of Kerberos • Kerberos operates by encrypting data with a symmetric key. • When working with the encryption key, the details are actually sent to a key distribution center, or KDC, instead of sending the details directly between each computer.

  6. Continue • The authentication service, or AS, receives the request by the client and verifies that the client is indeed the computer it claims to be. This is usually just a simple database lookup of the user’s ID.

  7. Continue… • Upon verification, a timestamp is created.

  8. continue.. • The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is a simple ticket that is issued by the authentication service.

  9. Continue.. • The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get authenticated.

  10. Continue.. • The TGS creates an encrypted key with a timestamp, and grants the client a service ticket.

  11. Continue.. • The client decrypts the ticket, tells the TGS it has done so, and then sends its own encrypted key to the service.

  12. Continue.. • The service decrypts the key, and makes sure the timestamp is still valid. If it is, the service contacts the key distribution center to receive a session that is returned to the client

  13. Continue.. • The client decrypts the ticket. If the keys are still valid, communication is initiated between client and server.

  14. Challenge response authentication • challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated. • Mutual authentication is performed using a challenge-response handshake in both directions; the server ensures that the client knows the secret, and the client also ensures that the server knows the secret, which protects against a rogue server impersonating the real server.

  15. Continue… • 1. The first system creates a challenge code made up of random numbers. • 2. This code is sent to the second system, which generates a response to the received code. This response and a challenge code of its own are then sent back to the first system. • 3. The first system verifies the response of the second system, and then sends a response to the challenge code it received. • 4. When the second system receives the response, it is verified. If all is well, it notifies the first system that they are indeed mutually authenticated. • Example password storage

  16. Limitation • First and foremost is the need of the Kerberos server. • Next, we have the issue of clock synchronization.

  17. Advantages • Protect against • Man in middle attack • Eavesdropping • Sniffing

  18. Refernces • http://en.wikipedia.org/wiki/Kerberosprotocol

  19. Thank You

More Related