Scribd Logo
Upload

Welcome to Scribd!

  • Kerberos: Himanshu Sharma Final Year CSE

    Uploaded by

    Himanshu Sharma
    18 views15 pages
    Kerberos is a network authentication protocol developed at MIT in the 1980s that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It uses symmetric key cryptography and a trusted third party model to authenticate users and services. Kerberos addresses the problem of sending usernames and passwords over the network in plain text by issuing short-term credentials called tickets that can be used to request access to services. This ticket-granting process involves a client first authenticating with an authentication server to obtain a ticket-granting ticket, which can then be used to request service tickets from the Kerberos ticket-granting service.

    Original Description:

    Original Title

    Kerberos

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Kerberos is a network authentication protocol developed at MIT in the 1980s that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It uses symmetric key cryptography and a trusted third party model to authenticate users and services. Kerberos addresses the problem of sending usernames and passwords over the network in plain text by issuing short-term credentials called tickets that can be used to request access to services. This ticket-granting process involves a client first authenticating with an authentication server to obtain a ticket-granting ticket, which can then be used to request service tickets from the Kerberos ticket-granting service.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    18 views15 pages

    Kerberos: Himanshu Sharma Final Year CSE

    Uploaded by

    Himanshu Sharma
    Kerberos is a network authentication protocol developed at MIT in the 1980s that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It uses symmetric key cryptography and a trusted third party model to authenticate users and services. Kerberos addresses the problem of sending usernames and passwords over the network in plain text by issuing short-term credentials called tickets that can be used to request access to services. This ticket-granting process involves a client first authenticating with an authentication server to obtain a ticket-granting ticket, which can then be used to request service tickets from the Kerberos ticket-granting service.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 15

    Kerberos

    Himanshu Sharma
    Final Year
    CSE
    What is Kerberos?
    • Network authentication
    protocol
    • Developed at MIT in the
    mid 1980s
    • Available as open source
    or in supported
    commercial software
    Why Kerberos?

    • Sending usernames and


    passwords in the clear
    jeopardizes the security of the
    network.
    • Each time a password is sent in
    the clear, there is a chance for
    interception.
    Firewall vs. Kerberos?
    • Firewalls make a risky assumption:
    that attackers are coming from the
    outside. In reality, attacks frequently
    come from within.
    • Kerberos assumes that network
    connections (rather than servers and
    work stations) are the weak link in
    network security.
    Design Requirements

    • Interactions between hosts and


    clients should be encrypted.
    • Must be convenient for users (or
    they won’t use it).
    • Protect against intercepted
    credentials.
    Cryptography Approach

    • Private Key: Each party uses the


    same secret key to encode and decode
    messages.
    • Uses a trusted third party which can
    vouch for the identity of both parties
    in a transaction. Security of third
    party is imperative.
    How does Kerberos work?

    • Instead of client sending password to


    application server:
    – Request Ticket from authentication server
    – Ticket and encrypted request sent to application
    server
    • How to request tickets without repeatedly
    sending credentials?
    – Ticket granting ticket (TGT)
    How does Kerberos work?:
    Ticket Granting Tickets
    How does Kerberos Work?: The
    Ticket Granting Service
    How does Kerberos work?: The
    Application Server
    Applications

    • Authentication
    • Authorization
    • Confidentiality
    • Within networks and small sets
    of networks
    Weaknesses and Solutions
    If TGT stolen, can be used to Only a problem until
    access network services. ticket expires in a few
    hours.

    Subject to dictionary attack. Timestamps require


    hacker to guess in 5
    minutes.

    Very bad if Authentication Physical protection for


    Server compromised. the server.
    The Competition: SSL
    SSL Kerberos
    Uses public key encryption Uses private key encryption
    Is certificate based (asynchronous) Relies on a trusted third party
    (synchronous)
    Ideal for the WWW Ideal for networked environments
    Key revocation requires Revocation Key revocation can be accomplished by
    Server to keep track of bad disabling a user at the Authentication
    certificates Server
    Certificates sit on a users hard drive Passwords reside in users' minds where
    (even if they are encrypted) where they are usually not subject to secret
    they are subject to being cracked. attack.

    Uses patented material, so the Kerberos has always been open source
    service is not free. Netscape has a and freely available.
    profit motive in wide acceptance of
    the standard.
    Limitation: Scalability

    • Recent modifications attempt to


    address this problem
    • Public key cryptography for
    Client Authentication and cross
    realm authentication
    • Issues are not resolved
    Questions?

    You might also like