1 / 9

Kerberos: An Authentication Service for Open Network Systems

Kerberos: An Authentication Service for Open Network Systems. Proceedings of the Winter 1988 Usenix Conference. Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller Massachusetts Institute of Technology University of Washington. 3 rd May, 2004 Presented by Sookhyun, yang. Contents.

trung
Télécharger la présentation

Kerberos: An Authentication Service for Open Network Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kerberos: An Authentication Service for Open Network Systems Proceedings of the Winter 1988 Usenix Conference Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller Massachusetts Institute of Technology University of Washington 3rd May, 2004 Presented by Sookhyun, yang

  2. Contents • Motivation • What is Kerberos? • Kerberos Software Component • Kerberos Name • How Kerberos Authentication Works? • Kerberos Database • Conclusion

  3. Kerberos controlled server service authentication authentication server Server Server controlled client server server Motivation • How access control in a network of users requiring services from many separate computers? • Requirement of Authentication in open network • Secure • Reliable • Scalable • Transparent Open network Server Client Service user user1 service Service Login user2 identification?? Service user Server user3 … Server Service user Closed environment Server Client

  4. … … … Session key password What is Kerberos? • Trusted third-party authentication service • Based on Needham and Schroeder key distribution algorithm • Ticket = {server, client, address, timestamp, lifetime, Ks,c}Ks Database Kerberos - Name Private key ExpireDate Private key (at registration) Private key (encrypted password) Service user Service Service user user Service … Client Server … Kerberos client program

  5. Kerberos Software Component Kerberos application library Encryption Library (DES) Database Library (DB management) Administrative Server (KDBM server) Authentication Server (Kerberos server) Database Administration programs Database Propagation Software End-user Programs Applications

  6. Kerberos Name • primary_name.instance@realm • Example • rlogin.priam@ATHENA.MIT.EDU The name of an administrative entity that maintains authentication data in domain Usually the name of the machine on which the server runs The name of the user or the service

  7. 2. Ticket for TGS (Session Key) 4. Ticket for rlogin (Session Key) 3. Request for rlogin ticket 5. Request for service 6. Reply Encrypted How Kerberos Authentication Works? Authentication server Authen- tication service Ticket granting service 1. Request for TGS ticket ftp Login session setup telnet http Server session setup rlogin DoOperation User/Client Server

  8. Kerberos Database • Master-slave structure • Master machine • Read/Write operation to DB • Definitive copies • Slave machine • Read-only to DB • Copies from master machine • Authentication requests - slave/master machine • Administration requests - master machine • Database replication • Each Kerberos realm has a master Kerberos machine • Checksum WS WS WS WS WS WS

  9. Conclusion • Kerberos system is … • Secure • Reliable • Scalable • Transparent • But, • Has many limitations and weaknesses

More Related