Introduction of Kerberos - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Introduction of Kerberos

Description:

Introduction of Kerberos What is Kerberos? Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server ... – PowerPoint PPT presentation

Number of Views:389
Avg rating:3.0/5.0
Slides: 24
Provided by: xfa1
Category:

less

Transcript and Presenter's Notes

Title: Introduction of Kerberos


1
Introduction of Kerberos
2
What is Kerberos?
  • Kerberos is a network authentication protocol.
  • It is designed to provide strong authentication
    for client/server applications by using
    secret-key cryptography.

3
Why needs Kerberos?
  • The Internet is an insecure place.
  • Many Internet protocols no security.
  • malicious hackers "sniff" passwords
  • Application
  • Sending unencrypted passwords extremely
    vulnerable.
  • Client/server the client program to be "honest"
  • Client/server the client to restrict its
    activities to those which it is allowed to do

4
Firewall security problems?
  • A very bad assumption that "the bad guys" are on
    the outside Most of the really damaging
    incidents of computer crime are carried out by
    insiders.
  • A significant disadvantage Restrict how your
    users can use the Internet.
  • In many places, these restrictions are simply
    unrealistic and unacceptable.

5
Who Kerberos?
  • 1988,MIT, as a solution to these network security
    problems.
  • The Kerberos protocol uses strong cryptography so
    that a client can prove its identity to a server
    (and vice versa) across an insecure network
    connection.
  • After this, they can also encrypt all of their
    communications to assure privacy and data
    integrity as they go about their business.

6
The Whole Authentication
?
7
Simplified Principle
8
Two Concepts
  • Long-term Key/Master Key
  • ?????Long-termKey???????????????
  • ??????????????,???????????????????????????,??????,
    ?????????Hash??????Hash code, ???Master Key?
  • ??Hash Algorithm?????,???????Master
    Key??????,?????????????,???????Master
    Key??????????????????????
  • Short-term Key/Session Key

9
Where ? Key?
  • Short-termKey
  • Session Key(SServer-Client)
  • Kerberos Distribution Center (KDC)
  • ?????Account Database Master Key

10
KDC ? SServer-Client
Session Ticket
11
? Authenticator
  • ???????????Key?????????????,???????????,??????????
    ????,??,Client???????????,???????????Authenticator
  • Authenticator ClientInfo Timestamp
  • Session Ticket ?Server?Master Key????
    (ClientInfo Session Key )

12
Some Advantages
  • Why Timestamp?
  • Mutual Authentication (????)

13
Authentication
14
How ? Key?
  • Kerberos???????Ticket?????
  • ??????????Server?Master Key???
  • ??Ticket?????Ticket??????
  • Client?Server?????KDC

15
TGT
  • TGTTicket Granting Ticket
  • ?????????KDC?Client??Ticket???,??Kerberos????Ticke
    t Distribution??????
  • Client??KDC ????Ticket??,???????Ticket?????,?Kerbe
    ros????TGTTicket Granting Ticket,TGT???????KDC?

16
How ? TGT
Logon Session Key
17
Why TGT?
  • Client???Session Key(SKDC-Client)?TGT????
  • ??Client????SKDC-Client?KDC????????Server?Ticket,?
    ????Client???Master Key?
  • ???Client?Master Key??Long-term
    Key,SKDC-Client???Short-term Key,???????????,???Ke
    rberos???????????

18
TGT ? Ticket
19
The Whole Authentication
  • ???????3????
  • Client?KDC??TGT(Ticket Granting Ticket)?
  • Client????TGT?DKC??????Server?Ticket?
  • Client?????Server??????????Ticket?

20
The Whole Authentication
  • ???????????Kerberos Authentication????????
  • Kerberos??????3?Sub-Protocol?????????3??????3?sub-
    protocol???
  • Authentication Service Exchange
  • Ticket Granting Service Exchange
  • Client/Server Exchange

21
The Whole Authentication
22
User2User Sub-protocol
23
Kerberos Advantages
  • 1.???Performance
  • 2.???????(Mutual Authentication)
  • 3.?Delegation???
  • Impersonation?Delegation?????????????????Impersona
    tion??Server?????Logon?Account??????,Delegation??S
    erver?logon?Account???????Context????????NTLM??Imp
    ersonation????,?Kerberos????????????(Mutual?Transi
    tive)????????Delegation????
  • 4.????(Interoperability)
Write a Comment
User Comments (0)
About PowerShow.com