1 / 13

Kerberos

Kerberos. Kerberos. Kerberos was a 3-headed dog in Greek mythology Guarded the gates of the dead Decided who might enter Talk about strong security!. Kerberos. Three Parties are Present Kerberos server Applicant host Verifier host. Kerberos Server. Applicant. Verifier. Kerberos.

ronny
Download Presentation

Kerberos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Kerberos

  2. Kerberos • Kerberos was a 3-headed dog in Greek mythology • Guarded the gates of the dead • Decided who might enter • Talk about strong security!

  3. Kerberos • Three Parties are Present • Kerberos server • Applicant host • Verifier host Kerberos Server Applicant Verifier

  4. Kerberos • Kerberos Server shares a symmetric key with each host • Key shared with the Applicant will be called Key AS (Applicant-Server) • Key shared with verifier will be Key VS Kerberos Server Applicant Verifier Key AS Key VS

  5. Kerberos • Applicant sends message to Kerberos server • Logs in and asks for ticket-granting ticket (TGT) • Authenticates the applicant to the server • Server sends back ticket-granting ticket • TGT allows applicant to request connections Kerberos Server TGT RQ Applicant TGT

  6. Kerberos • To connect to the verifier • Applicant asks Kerberos server for credentials to introduce the applicant to the verifier • Request includes the Ticket-Granting Tickets Kerberos Server Credentials RQ Applicant

  7. Kerberos • Kerberos server sends the credentials • Credential include the session Key AV that applicant and verifier will use for secure communication • Encrypted with Key AS so that interceptors cannot read it Kerberos Server Credentials= Session Key AV Service Ticket Applicant

  8. Kerberos • Kerberos server sends the credentials • Credential also include the Service Ticket, which is encrypted with Key VS; Applicant cannot read or change it Kerberos Server Credentials= Session Key AV, Service Ticket Applicant

  9. Kerberos • Applicant sends the Service Ticket plus a Authenticator to the Verifier • Service ticket contains the symmetric session key (Key AV) • Now both parties have Key AV and so can communicate with confidentiality Service Ticket (Contains Key AV) + Authenticator Applicant Verifier

  10. Kerberos • Applicant sends the Service Ticket plus a Authenticator to the Verifier • Authenticator contains information encrypted with Key AV • Guarantees that the service ticket came from the applicant, which alone knows Key AV • Service ticket has a time stamp to prevent replay Service Ticket (Contains Key AV) + Authenticator

  11. Kerberos • Subsequent communication between the applicant and verifier uses the symmetric session key (Key AV) for confidentiality Communication Encrypted with Key AV Applicant Verifier

  12. Kerberos • The Service Ticket can contain more than Key AV • If the applicant is a client and the verifier is a server, service ticket may contain • Verifier’s user name and password • List of rights to files and directories on the server Verifier

  13. Kerberos • Is the basis for security in Microsoft Windows 2000 • Only uses symmetric key encryption for reduced processing cost

More Related