160 likes | 300 Views
ACCESS CONTROL MANAGEMENT. By: Poonam Gupta Sowmya Sugumaran. Project Goal. The primary goal of access control management is to preserve and protect the confidentiality, integrity, and availability of information, systems, and resources. . What is Access Control.
E N D
ACCESS CONTROL MANAGEMENT By: Poonam Gupta Sowmya Sugumaran
Project Goal • The primary goal of access control management is to preserve and protect the confidentiality, integrity, and availability of information, systems, and resources.
What is Access Control • process by which users are identified and granted certain privileges to resources • limits the use of a resource
Types of Access Control • Discretionary-owner • Mandatory-authorities • Role-based-according to role • Rule-based-pre determined rules
Access Control Technologies • Tokens • Smart cards • Encrypted keys • Passwords Popular Technologies
Kerberos • Authentication Protocol • For Client/Server Application • Using Secret Key Cryptography
VPN Gateway Internet ACP (Kerberos)
Kerberos Three thingshappenbetween client and server when client Initiate to allocateresources • AS Exchange • TGS Exchange • Client/Server (CS) Exchange
Technical Details User name Password Policies AS Server KGS Sever 2 3 1 Resource 1 4 Resource 2 4
Technical Details Step 1: User-Client Logon (i)User-username & pswrd-client (ii)client-H(pswrd)-secret key of user Step 2: Client Authentication(Client-AS) (i)Client sends user ID AS generates secret key from database (ii)AS sends 2 messages to client: Msg A- Client/TGS session key encrypted by user’s secret key Msg B- TGT encrypted with TGS’s secret key
Contd.. Step 3: Client Service Authorization(Client-TGS) (i)Client-2 messages to TGS: Msg C- TGT & service ID Msg D- Authenticator(user ID, timestamp) encrypted using client/TGS session key (ii)TGS decrypts TGT & authenticator and sends 2 msgs to client: Msg E-Client-to-Server ticket Msg F-Client/Server session key encrypted with Client/TGS session key.
Step 4: Client Service Request (Client- Service Server) (i)Client sends 2 msgs to SS: Msg E(Client/SS ticket) Msg G-Authenticator (user ID, timestamp, C/S session key) (ii)SS decrypts to get C/S session key SS decrypts authenticator and sends msg to client Msg H-Timestamp in client’s authenticator+1 encrypted using C/S key