11 - Lecture #11 SS G513 Network Security Cryptography and...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture #11 SS G513 Network Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown
Background image of page 2
Chapter 14 – Authentication Applications We cannot enter into alliance with neighboring princes until we are acquainted with their designs. The Art of War , Sun Tzu
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Authentication Applications will consider authentication functions developed to support application-level will consider Kerberos – a private-key authentication service then X.509 directory authentication service
Background image of page 4
Kerberos trusted key server system from MIT provides centralised private-key third-party authentication in a distributed network allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server two versions in use: 4 & 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Kerberos Requirements first published report identified its requirements as: security reliability transparency scalability implemented using an authentication protocol based on Needham-Schroeder
Background image of page 6
Kerberos 4 Overview a basic third-party authentication scheme have an Authentication Server (AS) users initially negotiate with AS to identify self AS provides a non-corruptible authentication credential (ticket granting ticket TGT) have a Ticket Granting server (TGS) users subsequently request access to other services from TGS on basis of users TGT
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Kerberos 4 Overview
Background image of page 8
Kerberos Realms a Kerberos environment consists of: a Kerberos server a number of clients, all registered with server application servers, sharing keys with server this is termed a realm typically a single administrative domain if have multiple realms, their Kerberos servers must share keys and trust
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Kerberos Version 5 developed in mid 1990’s provides improvements over v4 addresses environmental shortcomings encryption alg, network protocol, byte order, ticket lifetime, authentication forwarding, interrealm auth and technical deficiencies double encryption, non-std mode of use, session keys, password attacks specified as Internet standard RFC 1510
Background image of page 10
X.509 Authentication Service part of CCITT X.500 directory service standards distributed servers maintaining some info database defines framework for authentication services directory may store public-key certificates with public key of user signed by certification authority also defines authentication protocols uses public-key crypto & digital signatures algorithms not standardised, but RSA recommended
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
X.509 Certificates issued by a Certification Authority (CA), containing: version (1, 2, or 3) serial number (unique within CA) identifying certificate signature algorithm identifier issuer X.500 name (CA) period of validity (from - to dates) subject X.500 name (name of owner) subject public-key info (algorithm, parameters, key)
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 45

11 - Lecture #11 SS G513 Network Security Cryptography and...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online