140 likes | 266 Views
PUBLIC-KEY CRYPTOGRAPHY EXTENSIONS INTO KERBEROS. NARAYANI M 2005H103013. AGENDA Public-Key Cryptographic Primer Kerberos Improvement to Kerberos by employing Public-Key Cryptography Public-Key Extensions to Kerberos Performance Analysis. PUBLIC-KEY CRYPTOGRAPHY PRIMER
E N D
PUBLIC-KEY CRYPTOGRAPHY EXTENSIONS INTO KERBEROS NARAYANI M 2005H103013
AGENDA • Public-Key Cryptographic Primer • Kerberos • Improvement to Kerberos by employing Public-Key Cryptography • Public-Key Extensions to Kerberos • Performance Analysis
PUBLIC-KEY CRYPTOGRAPHY PRIMER • Private Key and Public Key • Encryption/Decryption • Key Distribution • Digital Signatures
KERBEROS • Trusted third party authentication service • Authentication of Users and Servers • Ticket • Components • KDC (Key Distribution Center) • AS (Authentication Server) • TGS (Ticket Granting Service)
AS_REQ: • Alice requests a TGT from AS • User ID:Alice AS_REP: • AS verifies Alice with KDC and sends Alice SAlice encrypted with KAlice and TGT • KAlice {use SAlice with TGS} • TGT : KTGS {use SAlice with Alice}
TGS_REQ: • Alice requests a Service Granting Ticket from TGS with her authenticator and TGT • Authenticator: SAlice {Alice,time1} • TGT TGS_REP: • SAlice {use SAB with Bob} • Service ticket: KBob { use SAB with Alice}
AP_REQ: • SAB{Alice,time2} • Service ticket: KBob{use SAB with Alice} • Mutual authentication flag: on/off AP_REP: • SAB{time2}
Kerberos Realms • How can Public-key Cryptography improve Kerberos? • Scalability • Secret Key based stores C*S session keys and C+S private keys • PKC stores only C+S shared public keys • Improved Security • Performance Issues of PKC in Kerberos • Computationally expensive Encryption and Decryption routines • Larger key length
PUBLIC-KEY EXTENSIONS • PKINIT • PKCROSS • PKDA
PKINIT (Public-key Cryptography for Initial Authentication in Kerberos)
PKCROSS (Public-key Cryptography for Cross-Realm Authentication in Kerberos)
PKDA (Public-key based Kerberos for Distributed Authentication)
PERFORMANCE ANALYSIS • PKCROSS vs PKDA • No of realms in Kerberos environment • No of application servers per realm • Loads on application servers and KDCs • Network Delay • PKCROSS achieves better cross-realm performance for networks with two or more application servers in a remote realm