CCS354-NETWORK SECURITY:
kerberos
Name :M.Manikandan
Reg.no:951221104020
� KERBEROS:
* Kerberos was created by MIT as a solution to
these network security problems.
* Provides centralised private-key third-party
authentication in a distributed network
* allows users access to services distributed
through network
* without needing to trust all workstations
rather all trust a central authentication
server
* Two versions in use: 4 & 5
� Kerberos Requirements:
* first published report identified its requirements
as:
→security
→reliability
→transparency
→scalability
* implemented using an authentication protocol
based on Needham-Schroeder
� Kerberos 4 Overview:
* a basic third-party authentication scheme
* have an Authentication Server (AS)
→users initially negotiate with AS to identify self
→AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
* have a Ticket Granting server (TGS)
→users subsequently request access to other
services from TGS on basis of users TGT
�working:
�Step-1:
User login and request services on the host. Thus user
requests for ticket-granting service.
Step-2:
Authentication Server verifies user’s access right using
database and then gives ticket-granting-ticket and session key.
Results are encrypted using the Password of the user.
Step-3:
The decryption of the message is done using the password
then send the ticket to Ticket Granting Server. The Ticket contains
authenticators like user names and network addresses.
�Step-4:
Ticket Granting Server decrypts the ticket sent
by User and authenticator verifies the request then
creates the ticket for requesting services from the
Server.
Step-5:
The user sends the Ticket and Authenticator to
the Server.
Step-6:
The server verifies the Ticket and authenticators
then generate access to the service. After this User can
access the services.
�� Kerberos Realms:
* A Kerberos environment consists of:
→a Kerberos server
→a number of clients, all registered with server
→application servers, sharing keys with server
* This is termed a realm
→typically a single administrative domain
* If have multiple realms, their Kerberos servers
must share keys and trust
� Kerberos Version 5:
* developed in mid 1990’s
* provides improvements over v4
Environmental shortcomings:
→encryption alg, network protocol, byte order,
ticket lifetime, authentication forwarding,
interrealm auth
Technical deficiencies:
→double encryption, non-std mode of use,
session keys, password attacks
* specified as Internet standard RFC 1510
�THANK YOU
