L35-Kerberos - Kerberos The Network Authentication Protocol...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Kerberos Kerberos The Network Authentication Protocol The Network Authentication Protocol
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Internet Traffic Internet Traffic • Application-level security – Securing traffic between two communicating entities. – Application-specific protocols. • IP-level security – Securing traffic at the Internet Protocol layer. – Applications don’t have to know about security specifically, they “get it for free !”.
Background image of page 2
Common Themes Common Themes - Authentication • Verify the other party is someone you want to talk to. – Key agreement • Agree on data encryption and integrity protection keys. –Enc ryp
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Kerberos History Kerberos History • Designed as part of MIT’s Project Athena in the 1980’s – Kerberos v4 published in 1987. • Migration to the IETF – RFC 4120 (Kerberos v5, 2005). • Used in a number of products – Example: part of Windows 2000.
Background image of page 4
The Kerberos Components The Kerberos Components • Clients •S e r v e r s • Key Distribution Center (KDC) • Ticket-Granting Server (TGC) • Realm: A “realm” is single trust domain consisting of one or more clients, servers, KDCs.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Key Distribution Key Distribution Center (KDC) Center (KDC) Client Client Kerberos Realm Kerberos Realm Server Server Ticket Granting Ticket Granting Server (TGS) Server (TGS)
Background image of page 6
Joining a Kerberos Realm Joining a Kerberos Realm •O n e - t i m e s e t u p – Each client, server that wishes to participate in the realm shares a secret key with the KDC – If the KDC is compromised, the entire system is cracked • Because the KDC knows everyone’s individual secret key, the KDC can issue credentials to each realm identity.
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Kerberos Credentials Kerberos Credentials
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 25

L35-Kerberos - Kerberos The Network Authentication Protocol...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online