1 / 14

PUBLIC-KEY CRYPTOGRAPHY EXTENSIONS INTO KERBEROS

PUBLIC-KEY CRYPTOGRAPHY EXTENSIONS INTO KERBEROS. NARAYANI M 2005H103013. AGENDA Public-Key Cryptographic Primer Kerberos Improvement to Kerberos by employing Public-Key Cryptography Public-Key Extensions to Kerberos Performance Analysis. PUBLIC-KEY CRYPTOGRAPHY PRIMER

sydnee
Download Presentation

PUBLIC-KEY CRYPTOGRAPHY EXTENSIONS INTO KERBEROS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PUBLIC-KEY CRYPTOGRAPHY EXTENSIONS INTO KERBEROS NARAYANI M 2005H103013

  2. AGENDA • Public-Key Cryptographic Primer • Kerberos • Improvement to Kerberos by employing Public-Key Cryptography • Public-Key Extensions to Kerberos • Performance Analysis

  3. PUBLIC-KEY CRYPTOGRAPHY PRIMER • Private Key and Public Key • Encryption/Decryption • Key Distribution • Digital Signatures

  4. KERBEROS • Trusted third party authentication service • Authentication of Users and Servers • Ticket • Components • KDC (Key Distribution Center) • AS (Authentication Server) • TGS (Ticket Granting Service)

  5. KERBEROS OVERVIEW

  6. AS_REQ: • Alice requests a TGT from AS • User ID:Alice AS_REP: • AS verifies Alice with KDC and sends Alice SAlice encrypted with KAlice and TGT • KAlice {use SAlice with TGS} • TGT : KTGS {use SAlice with Alice}

  7. TGS_REQ: • Alice requests a Service Granting Ticket from TGS with her authenticator and TGT • Authenticator: SAlice {Alice,time1} • TGT TGS_REP: • SAlice {use SAB with Bob} • Service ticket: KBob { use SAB with Alice}

  8. AP_REQ: • SAB{Alice,time2} • Service ticket: KBob{use SAB with Alice} • Mutual authentication flag: on/off AP_REP: • SAB{time2}

  9. Kerberos Realms • How can Public-key Cryptography improve Kerberos? • Scalability • Secret Key based stores C*S session keys and C+S private keys • PKC stores only C+S shared public keys • Improved Security • Performance Issues of PKC in Kerberos • Computationally expensive Encryption and Decryption routines • Larger key length

  10. PUBLIC-KEY EXTENSIONS • PKINIT • PKCROSS • PKDA

  11. PKINIT (Public-key Cryptography for Initial Authentication in Kerberos)

  12. PKCROSS (Public-key Cryptography for Cross-Realm Authentication in Kerberos)

  13. PKDA (Public-key based Kerberos for Distributed Authentication)

  14. PERFORMANCE ANALYSIS • PKCROSS vs PKDA • No of realms in Kerberos environment • No of application servers per realm • Loads on application servers and KDCs • Network Delay • PKCROSS achieves better cross-realm performance for networks with two or more application servers in a remote realm

More Related