Scribd
Upload
67 views

Kerberos

Kerberos is a network authentication protocol developed at MIT in the 1980s that provides strong authentication for client/server applications using secret-key cryptography. It aims to solve the problem of sending usernames and passwords in clear text by using tickets issued by an authentication server to verify a user's identity. Kerberos works by having a client first authenticate with an authentication server to obtain a ticket-granting ticket, which can then be used to request service tickets from a ticket-granting server to access specific services.

Uploaded by

Rushabh Shah
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
67 views

Kerberos

Kerberos is a network authentication protocol developed at MIT in the 1980s that provides strong authentication for client/server applications using secret-key cryptography. It aims to solve the problem of sending usernames and passwords in clear text by using tickets issued by an authentication server to verify a user's identity. Kerberos works by having a client first authenticate with an authentication server to obtain a ticket-granting ticket, which can then be used to request service tickets from a ticket-granting server to access specific services.

Uploaded by

Rushabh Shah
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Kerberos

Kerberos in the ancient greek myth was a three-headed dog that guarded the entrance to underworld {Hackers}

What is Kerberos?
Kerberos is a network authentication protocol that is designed to provide strong authentication for client/server applications using secret-key cryptography. Developed at MIT in the mid 1980s Available as open source or in supported commercial software

Why Kerberos?
Sending usernames and passwords in the clear jeopardizes the security of the network. Each time a password is sent in the clear, there is a chance for interception. Dictum Theres nothing more secure than a computer that is not connected to the network and powered off !!!!

Firewall vs. Kerberos?


Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within. Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network security.

Design Requirements
Consists of following three components - Client - Authentication Server or KDC - Server And has three main exchanges - Authentication Server(AS) Exchange - Ticket Granting Service(TGS) Exchange - Client Server (CS) Exchange

How does Kerberos work?


User requests use of a network service Service wants assurance that user is who he says he is. User presents a ticket that is issued to it by a Kerberos Authentication Server(AS) If the ticket is valid, service is granted. The tickets must be unequivocally linked to the user

How does Kerberos work?: Ticket Granting Tickets

Functions of Kerberos
Authentication Authorization Confidentiality Integrity

Terms Used in Kerberos


Principal is the party whose identity is
verified. Verifier is the party who demands assurance of the principals identity. Ticket a certificate issued by an AS encrypted using the Server Key
Ticket = Rnd Session Key + Name of Principal + Expiration Time +others

The rnd session key is used for authenticating the principal to the Verifier.

Assumptions
Kerberos assumes that the user wont
use passwords like his own user name etc. Though any password is subject to dictionary attack but the timestamp require hacker to guess in 5 minutes.

Thank You!!!

You might also like