160 likes | 313 Views
UNIVERSITY INSTITUTE OF TECHNOLOGY (B.U.)BHOPAL. SEMINAR PRESENTATION APRIL-2011. KERBEROS. SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem ). SUBMITTED TO- Mr. DESHRAJ AHIRWAR. Introduction What is Protocol? Why Kerberos? Firewall vs. Kerberos? Design Requirements
E N D
UNIVERSITY INSTITUTE OF TECHNOLOGY (B.U.)BHOPAL. SEMINAR PRESENTATION APRIL-2011 KERBEROS SUBMITTED BY- PATEL KUMAR C.S.E(8th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR
Introduction • What is Protocol? • Why Kerberos? • Firewall vs. Kerberos? • Design Requirements • Cryptography Approach • How does Kerberos work? • Kerberos Vs SSL • Applications
Introduction • Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. • Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity. • Developed at MIT in the mid 1980s • Available as open source or in supported commercial software.
What is Protocol? • protocol is a set of rules which is used by computers to communicate with each other across a network. • A protocol is a convention or standard that controls or enables the connection, communication, and data transfer between computing endpoints.
Why Kerberos? • Sending usernames and passwords in the clear jeopardizes the security of the network. • Each time a password is sent in the clear, there is a chance for interception.
Firewall vs Kerberos • Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within. • Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network security.
Cryptography Approach Private Key: Each party uses the same secret key to encode and decode messages. Uses a trusted third party which can vouch for the identity of both parties in a transaction. Security of third party is imperative.
How does Kerberos work? • Instead of client sending password to application server: • Request Ticket from authentication server • Ticket and encrypted request sent to application server • How to request tickets without repeatedly sending credentials? • Ticket granting ticket (TGT)
Applications • Authentication: • It is the act of confirming the truth of an attribute of a datum or entity. • Authorization: • It check the user is liggle or not • Confidentiality: • It ensuring that information is accessible only to those authorized to have access. • Within networks and small sets of networks
Limitation • Single point of failure: • It requires continuous availability of a central server. When the Kerberos server is down, no one can log in. • Kerberos has strict time requirements, which means the clocks of the involved hosts must be synchronized within configured limits.
The tickets have a time availability period and if the host clock is not synchronized with the Kerberos server clock, the authentication will fail. • Since all authentication is controlled by a centralized so attacker may attack the user.