Multi Kingdom AAA Security using Kerberos v5 - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Multi Kingdom AAA Security using Kerberos v5

Description:

Kingdom1. Kingdom3. Kingdom4. Kingdom2. 10-Dec-2000. HCL Cisco Offshore Development Center ... Kingdom1. Kingdom3. Kingdom4. Kingdom2. AAA exchanges. Kerberos ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 13
Provided by: Kau94
Category:

less

Transcript and Presenter's Notes

Title: Multi Kingdom AAA Security using Kerberos v5


1
Multi Kingdom AAA Security using Kerberos v5
  • Kaushik Narayan

2
Kerberos Operation
3
Associations and Contexts
  • Association is relationship between two
    communication endpoints.
  • Contexts consist of specific context attributes
    that are used to establish, maintains and release
    associations.
  • Context operations.
  • Context attributes.
  • Negotiation attributes.

4
Kerberos Security Contexts
  • Security contexts cover only the Kerberos
    application exchange and not the communication
    with the KDC.
  • Kerberos session keys form the context attributes
    which can be employed by AAA servers for creating
    a secure communication channel.
  • An authentication transaction is a pre-requisite.

5
Modes of Operation
  • End to End mode.
  • Hop by Hop mode.
  • End to End and Hop by Hop mode.
  • Any to Any mode

6
End to End mode
Kingdom4
Kingdom1
Kingdom3
Kingdom2
AAA Server
AAA Server
AAA Server
AAA Server
AAA exchanges
Kerberos End to End Security Context
7
Hop by Hop Mode
Kingdom4
Kingdom1
Kingdom3
Kingdom2
AAA Server
AAA Server
AAA Server
AAA Server
AAA exchanges
Kerberos Hop by Hop Security Context
8
End to End with Hop by Hop
Kingdom4
Kingdom1
Kingdom3
Kingdom2
AAA Server
AAA Server
AAA Server
AAA Server
AAA exchanges
Kerberos Hop by Hop Security Context
Kerberos End to End Security Context
9
Any to Any Mode
Kingdom4
Kingdom1
Kingdom3
Kingdom2
AAA Server
AAA Server
AAA Server
AAA Server
AAA exchanges
Kerberos Hop by Hop Security Context
Kerberos End to End Security Context
10
Dependency on Data Modeling
  • Capabilities of intermediate AAA servers needs to
    be defined.
  • There needs to be a model that defines data that
    intermediate AAA servers with different
    capabilities need to inspect or modify in
    different application scenarios.
  • Use of attribute policies is an alternative.

11
Capabilities Discovery
  • The source AAA server needs to have the knowledge
    of the kingdoms that the request must traverse.
  • Needs to discover capabilities of AAA servers in
    each of these kingdoms.
  • Topology knowledge is not required.

12
Sessions
  • The authentication transaction would perform the
    Kerberos AS and TGS exchange.
  • Kerberos anonymous tickets can be employed to
    create kerberos security contexts with
    intermediate kingdoms.
  • Multiple security contexts can be created and
    destroyed by AAA servers during the lifetime of
    the main session.
  • Security contexts operations would form a session
    and these security context sessions would be
    sub-sessions of the main session.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Multi Kingdom AAA Security using Kerberos v5" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!