SlideShare une entreprise Scribd logo

Gunaspresentation1

Télécharger en tant que PPT, PDF
A
anchalaguna
Technologie
1  sur  21
By A.GUNA SEKHAR
Context 1  Introduction 2  Aims 3  Definition of components and terms   3.1  Realm     3.2  Principal     3.3  Ticket     3.4  Encryption     3.5  Key Distribution Center (KDC) 4  Kerberos Operation    5  How does Kerberos Work 5.1 TGT (Ticket Granting Ticket) 5.2 TGS (Ticket Granting Service) 5.3 AS (Application Server) 6. Applications 7. Weakness and Solutions
Introduction • Network authentication protocol • Developed at MIT in the mid 1980s • Available as open source or in supported commercial software • Kerberos means dogs in Greek Mythology • This is standard for
Why Kerberos • Sending usernames and passwords in the clear security problem may raise • Each time a password is sent in the clear, there is a chance for interception. • Server stores the password • Client stores the password and name
Aims of Kerberos • Password must never travel over network • Password never stored in the client in any format. It will discarded Immediately • Password never stored in server in an unencrypted format • User id and password may enter only once per session • When a user changes its password, it is changed for all services at the same time
Firewall vs. Kerberos? • Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within. • Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network
Terminology we have to know before knowing working of Kerberos
Realm • It indicates Authentication Administrative Domain • It is used to provide trust relation ship Between client and server and domain and sub domain •  a user/service belongs to a realm if and only if he/it shares a secret (password/key) with the authentication server of that realm.
Principal • The name is used to give entries in the authentication server data base • Principle in Kerberos V will be like this component1/component2/.../componentN@REALM • The instance is optional and is normally used to better qualify
Tickets • Tickets are issued by the authentication server • these are encrypted using the secret key of the service they are intended for •  this key is a secret shared only between the authentication server and the server providing the service, not even the client which requested the ticket can know it or change its contents
Ticket • The requesting user's principal(username); • The principal of the service it is intended; • The IP address of the client machine from which the ticket can be used. • The date and time (in timestamp format) when the
Encryption • Kerberos needs to encrypt and decrypt the messages (tickets and authenticators) passing between the various participants in the authentication •  Kerberos uses only symmetrical key encryption 
 Key Distribution Center (KDC) • The authentication server in a Kerberos environment, based on its ticket distribution function for access to the services, is called Key Distribution Center • KDC Contains the following : Database Authentication Server Time granting server 
Kerberos Operation
How does Kerberos work?: Ticket Granting Tickets
How does Kerberos Work?: The Ticket Granting Service
How does Kerberos work?: The Application Server
plications • Authentication • Authorization • Confidentiality • Within networks and small sets of networks
Weaknesses and Solutions If TGT stolen, can be Only a problem used to access until ticket network services. expires in a few hours. Subject to dictionary Timestamps attack. require hacker to guess in 5 minutes. Very bad if Physical Authentication Server protection for the compromised. server.
Questions?
THANK YOU

Recommandé

Kerberos
KerberosKerberos
Kerberos
Prafull Johri
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explained
Dotan Patrich
 
Kerberos
KerberosKerberos
Kerberos
Mohanasundaram Nattudurai
 
Kerberos
KerberosKerberos
Kerberos
Sutanu Paul
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authentication
Suraj Singh
 
Kerberos ppt
Kerberos pptKerberos ppt
Kerberos ppt
OECLIB Odisha Electronics Control Library
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentation
Chris Geier
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
Ajit Dadresa
 

Recommandé

Kerberos
KerberosKerberos
Kerberos
Prafull Johri
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explained
Dotan Patrich
 
Kerberos
KerberosKerberos
Kerberos
Mohanasundaram Nattudurai
 
Kerberos
KerberosKerberos
Kerberos
Sutanu Paul
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authentication
Suraj Singh
 
Kerberos ppt
Kerberos pptKerberos ppt
Kerberos ppt
OECLIB Odisha Electronics Control Library
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentation
Chris Geier
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
Ajit Dadresa
 
Using Kerberos
Using KerberosUsing Kerberos
Using Kerberos
anusachu .
 
Kerberos
KerberosKerberos
Kerberos
Sparkbit
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case study
Mayuri Patil
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
Bibek Subedi
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To Kerberos
Ishan A B Ambanwela
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windows
niteshitimpulse
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
Vidulatiwari
 
SSO with kerberos
SSO with kerberosSSO with kerberos
SSO with kerberos
Claudia Rosu
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
Shumon Huque
 
Kerberos (1)
Kerberos (1)Kerberos (1)
Kerberos (1)
Ana Salas Elizondo
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
Kerberos
KerberosKerberos
Kerberos
Sudeep Shouche
 
Kerberos part 1
Kerberos part 1Kerberos part 1
Kerberos part 1
Spencer Harbar
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh raj
DBNCOET
 
Kerberos
KerberosKerberos
Kerberos
IAM IAM
 
Kerberos
KerberosKerberos
Kerberos
RafatSamreen
 
Kerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsKerberos and its application in cross realm operations
Kerberos and its application in cross realm operations
Arunangshu Bhakta
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival Guide
J.D. Wade
 
kerberos
kerberoskerberos
kerberos
sameer farooq
 
Kerberos
KerberosKerberos
Kerberos
AJINKYA PATIL
 
Why is email security important?
Why is email security important?Why is email security important?
Why is email security important?
NeoCertified
 
Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and Awareness
Sanjiv Arora
 

Contenu connexe

Tendances

Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
Bibek Subedi
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windows
niteshitimpulse
 
Kerberos
KerberosKerberos
Kerberos
IAM IAM
 
Kerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsKerberos and its application in cross realm operations
Kerberos and its application in cross realm operations
Arunangshu Bhakta
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival Guide
J.D. Wade
 

Tendances (20)

Using Kerberos
Using KerberosUsing Kerberos
Using Kerberos
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case study
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To Kerberos
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windows
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
SSO with kerberos
SSO with kerberosSSO with kerberos
SSO with kerberos
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 
Kerberos (1)
Kerberos (1)Kerberos (1)
Kerberos (1)
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos part 1
Kerberos part 1Kerberos part 1
Kerberos part 1
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh raj
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsKerberos and its application in cross realm operations
Kerberos and its application in cross realm operations
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival Guide
 
kerberos
kerberoskerberos
kerberos
 
Kerberos
KerberosKerberos
Kerberos
 

En vedette

Why is email security important?
Why is email security important?Why is email security important?
Why is email security important?
NeoCertified
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 
FireWall
FireWallFireWall
FireWall
rubal_9
 

En vedette (11)

Why is email security important?
Why is email security important?Why is email security important?
Why is email security important?
 
Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and Awareness
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Secure electronic transaction (set)
Secure electronic transaction (set)Secure electronic transaction (set)
Secure electronic transaction (set)
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Simulation and Modeling
Simulation and ModelingSimulation and Modeling
Simulation and Modeling
 
Modelling and simulation
Modelling and simulationModelling and simulation
Modelling and simulation
 
FireWall
FireWallFireWall
FireWall
 

Similaire à Gunaspresentation1

BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
limsh
 
Kerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetKerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .Net
J.D. Wade
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guide
J.D. Wade
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
Shashwat Shriparv
 

Similaire à Gunaspresentation1 (20)

BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
 
Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015
 
Kerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .NetKerberos Survival Guide - St. Louis Day of .Net
Kerberos Survival Guide - St. Louis Day of .Net
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guide
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
 
SharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideSharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival Guide
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
 
6. Kerberos.ppt
6. Kerberos.ppt6. Kerberos.ppt
6. Kerberos.ppt
 
Kerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaKerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointalooza
 
Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015
 
Null talk
Null talkNull talk
Null talk
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate Level
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
kerb.ppt
kerb.pptkerb.ppt
kerb.ppt
 
In the Wake of Kerberoast
In the Wake of KerberoastIn the Wake of Kerberoast
In the Wake of Kerberoast
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptography
 
CT UNIT 5 Session 3.ppt User authentication and kerberos protocol
CT UNIT 5 Session 3.ppt User authentication and kerberos protocolCT UNIT 5 Session 3.ppt User authentication and kerberos protocol
CT UNIT 5 Session 3.ppt User authentication and kerberos protocol
 
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSWalking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Dernier (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Gunaspresentation1

  • 1. By A.GUNA SEKHAR
  • 2. Context 1  Introduction 2  Aims 3  Definition of components and terms   3.1  Realm     3.2  Principal     3.3  Ticket     3.4  Encryption     3.5  Key Distribution Center (KDC) 4  Kerberos Operation    5  How does Kerberos Work 5.1 TGT (Ticket Granting Ticket) 5.2 TGS (Ticket Granting Service) 5.3 AS (Application Server) 6. Applications 7. Weakness and Solutions
  • 3. Introduction • Network authentication protocol • Developed at MIT in the mid 1980s • Available as open source or in supported commercial software • Kerberos means dogs in Greek Mythology • This is standard for
  • 4. Why Kerberos • Sending usernames and passwords in the clear security problem may raise • Each time a password is sent in the clear, there is a chance for interception. • Server stores the password • Client stores the password and name
  • 5. Aims of Kerberos • Password must never travel over network • Password never stored in the client in any format. It will discarded Immediately • Password never stored in server in an unencrypted format • User id and password may enter only once per session • When a user changes its password, it is changed for all services at the same time
  • 6. Firewall vs. Kerberos? • Firewalls make a risky assumption: that attackers are coming from the outside. In reality, attacks frequently come from within. • Kerberos assumes that network connections (rather than servers and work stations) are the weak link in network
  • 7. Terminology we have to know before knowing working of Kerberos
  • 8. Realm • It indicates Authentication Administrative Domain • It is used to provide trust relation ship Between client and server and domain and sub domain •  a user/service belongs to a realm if and only if he/it shares a secret (password/key) with the authentication server of that realm.
  • 9. Principal • The name is used to give entries in the authentication server data base • Principle in Kerberos V will be like this component1/component2/.../componentN@REALM • The instance is optional and is normally used to better qualify
  • 10. Tickets • Tickets are issued by the authentication server • these are encrypted using the secret key of the service they are intended for •  this key is a secret shared only between the authentication server and the server providing the service, not even the client which requested the ticket can know it or change its contents
  • 11. Ticket • The requesting user's principal(username); • The principal of the service it is intended; • The IP address of the client machine from which the ticket can be used. • The date and time (in timestamp format) when the
  • 12. Encryption • Kerberos needs to encrypt and decrypt the messages (tickets and authenticators) passing between the various participants in the authentication •  Kerberos uses only symmetrical key encryption 
  • 13.  Key Distribution Center (KDC) • The authentication server in a Kerberos environment, based on its ticket distribution function for access to the services, is called Key Distribution Center • KDC Contains the following : Database Authentication Server Time granting server 
  • 15. How does Kerberos work?: Ticket Granting Tickets
  • 16. How does Kerberos Work?: The Ticket Granting Service
  • 17. How does Kerberos work?: The Application Server
  • 18. plications • Authentication • Authorization • Confidentiality • Within networks and small sets of networks
  • 19. Weaknesses and Solutions If TGT stolen, can be Only a problem used to access until ticket network services. expires in a few hours. Subject to dictionary Timestamps attack. require hacker to guess in 5 minutes. Very bad if Physical Authentication Server protection for the compromised. server.