Kerberos - PowerPoint PPT Presentation

About This Presentation
Title:

Kerberos

Description:

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks Contents What is Kerberos? Aims of Kerberos. Why Kerberos? – PowerPoint PPT presentation

Number of Views:100
Avg rating:3.0/5.0
Slides: 16
Provided by: JenniferE159
Category:
Tags: kerberos

less

Transcript and Presenter's Notes

Title: Kerberos


1
Kerberos
Kerberos is an authentication protocol for
trusted hosts on untrusted networks
2
Contents
  • What is Kerberos?
  • Aims of Kerberos.
  • Why Kerberos?
  • How Kerberos work?
  • Firewall vs. Kerberos?
  • Applications
  • Disadvantages

3
What is Kerberos?
  • Is a name of a computer network authentication
    protocol
  • Developed at MIT (Massachusetts Institute of
    Technology) in the mid 1980s
  • Available as open source or in supported
    commercial software
  • Allows individuals communicating over a
    non-secure network to prove their identity to one
    another in a secure manner.
  • Its designers aimed primarily at a client-server
    model, and it provides mutual authentication.
  • Trusted 3rd party authentication scheme.
  • Assumes that hosts are not trustworthy.
  • Requires that each client (each request for
    service) prove its identity.
  • Does not require user to enter password every
    time a service is requested!

4
(No Transcript)
5
Aims of Kerberos
  • The user's password must never travel over the
    network.
  • The user's password must never be stored in any
    form on the client machine it must be
    immediately discarded after being used.
  • The user's password should never be stored in an
    unencrypted form even in the authentication
    server database.
  • The user is asked to enter a password only once
    per work session.
  • Authentication information management is
    centralized and resides on the authentication
    server.
  • Supports Mutual authentication.
  • provides support for the generation and exchange
    of an encryption key to be used to encrypt data.

6
Why Kerberos?
  • Sending usernames and passwords in the clear,
    endangers the security of the network.
  • Each time a password is sent in the clear, there
    is a chance for interception.
  • In addition to the security concern, password
    based authentication is inconvenient users do
    not want to enter a password each time they
    access a network service.
  • Most uses of authentication by assertion require
    that a connection originate from a trusted''
    network address, on many networks, addresses are
    themselves simply assertions.
  • Stronger authentication methods base on
    cryptography are required.
  • Strong authentication technologies are not used
    as often as they should be, although the
    situation is gradually improving.

7
How does Kerberos work?
  • Instead of client sending password to application
    server
  • Request Ticket from authentication server
  • Ticket and encrypted request sent to application
    server
  • How to request tickets without repeatedly sending
    credentials?
  • Ticket granting ticket (TGT)

8
How does Kerberos work? Ticket Granting Tickets
9
How does Kerberos Work?The Ticket Granting
Service
10
How does Kerberos work?The Application Server
11
Firewall vs. Kerberos?
  • Firewalls make a risky assumption that attackers
    are coming from the outside. In reality, attacks
    frequently come from within.
  • Kerberos assumes that network connections (rather
    than servers and work stations) are the weak link
    in network security.

12
Applications
  • Authentication
  • Authorization
  • Confidentiality
  • Within networks and small sets of networks

13
Disadvantages
  • Kerberos makes extensive use of the trusted third
    party, If the third party simply fails,
    availability is lost.
  • If two hosts are on different times,
    communication may be difficult or impossible.

14
(No Transcript)
15
Queries
Write a Comment
User Comments (0)
About PowerShow.com