{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

applied cryptography - protocols, algorithms, and source code in c

Applied cryptography second edition protocols

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: e client, encrypted in the client’s secret key. To use a particular server, the client requests a ticket for that server from the TGS. Assuming everything is in order, the TGS sends the ticket back to the client. The client then presents this ticket to the server along with an authenticator. Again, if there’s nothing wrong with the client’s credentials, the server lets the client have access to the service. Table 24.1 Kerberos Table of Abbreviations c s a v t Kx Kx, y {m}Kx Tx, y Ax, y = client = server = client’s network address = beginning and ending validity time for a ticket = timestamp = x‘s secret key = session key for x and y = m encrypted in x‘s secret key = x‘s ticket to use y = authenticator from x to y Credentials Kerberos uses two types of credentials: tickets and authenticators. (The rest of this section uses the notation used in Kerberos documents—see Table 24.1.) A ticket is used to pass securely to the server the identity of the client for whom the ticket was issued. It also contains information that the server can use to ensure that the client using the ticket is the same client to whom the ticket was issued. An authenticator is an additional credential, presented with the ticket. A Kerberos ticket takes this form: Tc, s = s, {c, a, v, Kc, s}Ks A ticket is good for a single server and a single client. It contains the client’s name and network address, the server’s name, a timestamp, and a session key. This information is encrypted with the server’s secret key. Once the client gets this ticket, she can use it multiple times to access the server—until the ticket expires. The client cannot decrypt the ticket (she does not know the server’s secret key), but she can present it to the server in its encrypted form. No one listening on the network can read or modify the ticket as it passes through the network. A Kerberos authenticator takes this form: Ac, s = {c, t, key}Kc, s The client generates it every time she wishes to use a service on the server. The authenticator contains the client’s name, a timestamp, and an optional additio...
View Full Document

{[ snackBarMessage ]}