DSTA PBL Presentation 2

1
DSTA PBL Presentation 2
Topics SATA vs. PATA, Kerberos, PKI
Presenter Tan Chun You
2
Agenda

• AT Attachment SATA vs. PATA
• Kerberos
• Public Key Infrastructure

3
AT Attachments
4
AT Attachments

• Interface standards for connecting storage
  devices to PC
• Types of AT Attachment cables
• Parallel ATA (PATA)
• Serial ATA (SATA)

PATA Cable
SATA Cable
5
A bit of history

• PATA was the original interface since 1986
• In 2003, SATA was introduced to replace PATA
• PATA was known as ATA before its renaming in
  2003
• Unofficially called the IDE cable

6
About Parallel ATA (PATA)

• Consists of 1 receiver and 2 connectors
• Can connect up to 2 devices in one cable
• Devices must be designated as device 0 and device
  1
• Also informally known as Master and Slave
  drive
• Not official term appearing in ATA specs (devices
  work independently)
• Max Transfer Speed of 133 MBps
• Does not allow hot-swapping

7
About Serial ATA (SATA)

• Consists of a receiver and a connector (11)
• Transfers at its own best speed without any
  sharing
• Introduced in year 2003 to replace PATA
• 100 compatible with existing PATA software and
  hardware
• Max speed of 150/300/600 MBps
• Allows hot-swapping
• Less bulky smaller in size, longer in length

8
Other Differences
9
Benefits of SATA

• SATA uses Advanced Host Controller Interface
  (AHCI)
• This enables hot-swapping and native command
  queuing (NCQ)
• Native Command Queuing
• Technology designed to optimize SATA hard disks
  performances
• Optimizes movement order of read/write command
  executions

Reduces unnecessary drive head movements (Also
slightly decreases the wear of drive)
10
Kerberos
11
Kerberos

• Computer network authentication protocol
• Provides authentication between client and server
• Requires Digital Certificate from a Trusted Third
  Party (TTP)
• TTP is also known as Certificate Authority (CA)
• Provides
• Confidentiality
• Authenticity
• Integrity
• Authorization

12
Kerberos

• Kerberos Protocol handles
• Key Management Problems
• Integrity
• Authentication
• Access Control
• Key Distribution Center (KDC)
• Is a trusted Kerberos server

13
Kerberos Authentication

• Authentication Steps
• System Initialization
• Starting Kerberos Protocol
• KDC Process Request
• Sender processes ticket sends message to
  recipient
• Recipient receives processes senders message
• Recipient compose a reply to sender
• Sender receives recipient reply

14
System Initialization
1

• System initialization requires
• Identity (Login name etc)
• Token (Password/Smart Card/ OTP)
• Plaintext (information to be transmitted to the
  receiver)

15
System Initialization
?
1
Villain
Out-of-band
Out-of-band
KDC
Alice
Bob

• Both Alice and Bob sends their identity and
  passwords to KDC
• Through an out-of-band channel for
  confidentiality
• Out-of-band channel is usually not used for usual
  communication

16
Starting Kerberos Protocol
2
Alice
KDC
Bob
Villain

• Now KDC has both Alice and Bobs Password
• Alice sends a plaintext message to KDC
• Also identifies herself and ask to communicate
  securely with Bob

17
KDC Processes Request
3
creates
TICKET
Bobs Kerberos Ticket
KDC

• KDC starts processing the request
• KDC first creates Bobs Kerberos Ticket

18
KDC Processes Request
3
encrypts
TICKET
Bobs Kerberos Ticket
KDC

• After which, KDC will then encrypt it using Bobs
  password

19
KDC Processes Request
3
creates
TICKET
Alices Kerberos Ticket
KDC

• Next, KDC creates Alices Kerberos Ticket

20
KDC Processes Request
3
encrypts
TICKET
Alices Kerberos Ticket
KDC

• Similarly, KDC will then encrypt it using Bobs
  password