10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture)"

Transcription

1 Contents 1 / Kerberos Kerberos V4 Kerberos V World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture) Kerberos V4 / Contents 2 / 55 Kerberos V4 Login via Password Secret Keys (used in Kerberos) Tickets and Ticket-Granting Tickets Replicated KDCs Realms and Inter-realm Authentication Ticket Version Numbers Privacy and Integrity Kerberos 1

2 Kerberos / Introduction 3 / 55 developed by the Massachusetts Institute of Technology (MIT) authentication service secret key based uses KDC (Key Distribution Centre) User logs into workstation with name, password (weak) the workstation establishes authenticated connections Assumptions: network is insecure the KDC is trusted Kerberos / Secret Keys 4 / 55 1) Master Keys K KDC : KDC s master Key this is the KDC s own secret key, known only to the KDC, whoever has this key can encrypt the KDC database. K A : master key of a principal A the KDC shares such a secret key with each principal, nobody else should know this key, e.g.: Alice - K A (known by KDC and Alice). 2

3 Kerberos / Secret Keys 5 / 55 2) Session Keys S WS : a session key the KDC invents such session keys for communication with a workstation (WS), it is valid only during the actual session. K AB : a shared session key the KDC invents shared session keys for communications between principals A and B, e.g.: Alice and Bob share K AB. shared Key s are distributed using Tickets and TGTs (Ticket- Granting Tickets) Kerberos V4 / Login via Password 6 / 55 Consider Alice, a human user who wants to establish a secret connection via a workstation to a principal in the network: Alice can only remember a password (not a strong key). Convert Alice s password into a DES key K A. Alice doesn t want to enter her password for each connection. Use a session key S A for communication between the WS and the KDC. The workstation should not remember Alice s secret. Let the workstation forget Alice s master key K A as soon as possible. 3

4 Kerberos V4 / Login via Password 7 / 55 Alice enters her user name, WS sends AS_REQ (Authentication Server Request), WS receives AS_REP (Authentication Server Reply), WS gets password from Alice and derives K A, WS decrypts AS_REP using K A, WS forgets Alice s Master Key K A (hopefully!). Workstation knows session key S A and a TGT A (Ticket-Granting Ticket). Username: Alice Alice Password: geheim Workstation AS_REQ Alice needs a TGT AS_REP K A (S A, TGT A ) KDC invents key S A finds Alices master key K A TGT A = K KDC ( Alice, S A ) Kerberos V4 / Login via Password 8 / 55 What is the TGT? A ticket to get tickets: Ticket-Granting Ticket. It is advantageous to have no volatile data on the KDC, as this makes KDC replications easier. Thus... KDC does not store the session key, instead, the WS uses the TGT for ticket requests, the TGT contains all data needed by the KDC to identify Alice and encrypt the reply with the suitable session key, an additional authenticator provides for authentication. 4

5 Kerberos V4 / Tickets and Ticket-Granting Tickets Drawbacks of the login protocol: 9 / 55 It is easy to obtain a data for an offline password guessing attack: simply send: Alice needs a TGT remedy in V5: the user has to prove his identity, by sending a pre-authentication. Thus, the workstation knows the user s master key for a slightly longer time, as it needs to know the users password already prior to sending the request. However, this is not considered to significantly decrease the security level. double encrypted Double encryption of the TGT K A (S A, TGT A ) = K A (S A, K KDC ( Alice, S A )) offers no security benefit, but needs computational effort, Kerberos has sometimes been criticised for this minor performance degradation Kerberos V4 / Tickets and Ticket-Granting Tickets Suppose that Alice wants to talk to a remote partner Bob. 10 / 55 Kerberos uses the Needham-Schroeder protocol for authentication, but: timestamps are used instead of Nonces, the TGT and the session key are used instead of Alice s master key Messages involved: TGS_REQ: Ticket-Granting-Service Request TGS_REP: Ticket-Granting-Service Reply AP_REQ: Application Request AP_REP: Application Reply 5

6 Kerberos V4 / Tickets and Ticket-Granting Tickets 11 / 55 Kerberos authentication and session key distribution: Alice s Workstation TGS_REQ Alice wants to talk to Bob TGT A = K KDC { Alice, S A } authenticator = S A {timestamp} TGS_REP S A { Bob, K AB, ticket to Bob} KDC AP_REQ ticket to Bob authenticator = K AB {timestamp} decrypts TGT to get S A decrypts authenticator verifies timestamp finds Bob s master key invents key K AB ticket to Bob = K B {K AB, Alice } Bob AP_REP K AB {timestamp+1} Kerberos V4 / Tickets and Ticket-Granting Tickets 12 / 55 Similar to the Needham-Schroeder protocol: Alice wants to talk to Bob N 1 K A {N 1, Bob, K AB, ticket to Bob} KDC finds Bob s master key invents key K AB ticket to Bob = K B {K AB, Alice } Alice ticket to Bob K AB {N 2 } Bob K AB {N 2-1, N 3 } K AB {N 3-1} 6

7 Kerberos V4 / Replicated KDCs 13 / 55 Problem: The KDC is a bottleneck: if the KDC is down, it will not be possible to access remote resources (single-point-of-failure), if the KDC is overloaded, the whole network performance will be affected. Solution: Replicated KDCs: multiple, interchangeable KDCs, share the same Master KDC key, identical database, use master copy to keep all KDCs identical, all updates are made on this master copy, all other slave KDCs sites update the master copy (periodically or initiated by a human). Kerberos V4 / Replicated KDCs 14 / 55 Updates: an update consists on inserting, deleting, or changing a database entry. a database entry is of the format: < principal, name, K KDC (key)> Download the database to slave KDCs: transmission is done in the clear - an attacker may learn the names of the resources by eavesdropping, - however, all keys are encrypted with the master key of the KDC and are thus of no use for an attacker. To prevent an attacker from re-arranging the data, it is transmitted using the Kerberos integrity protection. - database replay attack is prevented, as the integrity protocol includes a timestamp. 7

8 Kerberos V4 / Realms Remaining problems with replicated KDCs: consider several companies, banks, governments,... in a big network: whoever manages the KDC can access all user master keys, it is hard to find an organisation to manage the KDC that anybody would trust, replicated KDCs are physically located at the different stakeholders sites, and all of them need to be secure and trusted by all stakeholders. 15 / 55 Solution: split network into Realms each realm has its own trusted master KDC database, KDCs in the same realm are equivalent, KDCs of different Realms are different: different KDC master key different principals (and also keys) Kerberos V4 / Interrealm Authentication 16 / 55 Interrealm Authentication: KDC-B = KDC of realm B Problem: suppose Alice wants to talk to Dorothy located in a different realm. How to authenticate Alice to Dorothy? a KDC can be registered as principal in several other realms, assume KDC-B is registered at KDC-A: they share a key K a shared key for different realms are different: K K if the KDC-B receives a ticket generated by a KDC of another realm, it needs to know the source realm in order to use the right key for decryption. The source realm is included in the TGS_REQ. 8

9 Kerberos V4 / Interrealm Authentication 17 / 55 Interrealm Authentication between realms Wonderland and Oz : Alice s Workstation TGS_REQ wants to talk to KDC s Realm = Wonderland TGT = K KDC { Alice, S A } authenticator = S A {timestamp} TGS_REP S A { Oz, K A,Oz, TGT Oz = ticket to Oz} TGS_REQ (interrealm) wants to talk to KDC s Realm = Wonderland TGT Oz = K { Alice, K A,Oz } authenticator = K A,Oz {timestamp} TGS_REP (interrealm) K A,Oz { Dorothy, K AD, ticket to Dorothy} Wonderland KDC Oz KDC decrypts TGT to get S A decrypts authenticator verifies timestamp finds master key of Oz K invents key K A,Oz TGT Oz = ticket to Oz = K { Alice, K A,Oz } determines Wonderland as Realm of source KDC decrypts TGT Oz using K to get K A,Oz decrypts authenticator verifies timestamp finds Dorothy s master key invents key K AD ticket to Dorothy = K D { Alice, K AD } now Alice (her workstation) knows everything needed to talk to Dorothy Kerberos V4 / Interrealm Authentication 18 / 55 Kerberos V4 does not allow to go through a chain of realms. Suppose: realm Wonderland (short W ) and Oz share a key K and, realm Oz and Carolina share a K the realms Wonderland and Carolina do not share a key. Assume now: Alice has already obtained a ticket to the KDC of Carolina as demonstrated before (Dorothy was substituted with Carolina s KDC): TGT Carolina = K { Alice, K A,Carolina } 9

10 Kerberos V4 / Interrealm Authentication 19 / 55 Alice s Workstation TGS_REQ wants to talk to KDC s Realm = Wonderland TGT = K KDC { Alice, S A } authenticator = S A {timestamp} TGS_REP S A { Oz, K A,Oz, TGT Oz = ticket to Oz} Wonderland KDC same as before TGS_REQ (interrealm) wants to talk to KDC s Realm = Wonderland TGT Oz = K { Alice, K A,Oz } authenticator = K A,Oz {timestamp} TGS_REP (interrealm) K A,Oz { Carolina, K A,Carolina, TGT Carolina } Oz KDC decrypts TGT to get S A decrypts authenticator verifies timestamp finds master key of Oz K invents key K A,Oz TGT Oz = ticket to Oz = K { Alice, K A,Oz } determines Wonderland as Realm of source KDC decrypts TGT Oz using K to get K A,Oz decrypts authenticator verifies timestamp finds Carolina s master key K invents key K A, Carolina TGT Carolina = ticket to Carolina = K { Alice, K A,Carolina } now Alice tries to talk to Carolina s KDC... Kerberos V4 / Interrealm Authentication The attempt to obtain a ticket to from the KDC of Carolina will fail, due to mismatching realms: 20 / 55 Alice s home realm is not equal to the entry KDC s realm in the TGS_REQ: Oz is a principal in Wonderland Carolina is a principal in Oz Alice s Workstation TGS_REQ (interrealm) wants to talk to KDC s Realm = Oz TGT Carolina = K { Alice, K A,Carolina } authenticator = K A,Carolina {timestamp} refused Carolina s KDC Carol 10

11 Kerberos V4 / Interrealm Authentication 21 / 55 Alice will not be able to talk to with this TGT: The attempt to get a ticket for Carol from Carolina s KDC will fail because of mismatching realms. A principal can only use TGTs originating from its home KDC to ask for a ticket at any other KDCs. TGT s originating from realms other than the home realm of the requesting principal are refused. Kerberos does not such KDC-chaining! Otherwise a rogue KDC could not only impersonate its own principals, but those of any other realm, when it is (or pretends to be!) a connecting realm (by simple generating a suitable TGT). Kerberos V4 / Key Version Numbers 22 / 55 Problem: if a principal changes its master key, already distributed tickets will become unusable (since they are still encrypted with the old key). this is not practical, especially considering batch jobs! Solution: key version numbers new keys get a new version number, principals remember several old key versions, tickets expire after about 21 hours, thus keys must not be remembered any longer than that, the version number of the used key is included in tickets and TGTs. 11

12 Kerberos V4 / Privacy and Integrity 23 / 55 After authentication the communication is: either in clear text, or privacy and integrity protected (DES encryption), or integrity protected only (Message-Digest). * The combined privacy and integrity protection proves to be difficult and is not fully provided for by Kerberos V4. Kerberos V4 / Privacy and Integrity Privacy and integrity protected communication: DES encryption for long messages, done through modified CBC (Cipher Block Chaining) (referred to as PCBC, Plaintext Cipher Block Chaining), the unmodified CBC provides for privacy, PCBC claims to additionally provide integrity. 24 / 55 m 1 m 2 m 3 m n IV additional operations done in PCBC compared to CBC encrypt with E E E E secret key c 1 c 2 c 3 c n CBC: modification of c i will garble only m i and m i+1 PCBC: modification of c i will garble all following: m i, m i+1,...,m n 12

13 Kerberos V4 / Privacy and Integrity 25 / 55 Integrity check: put some recognisable data at the end (m n ) of a message, check this when receiving the message. Assumption behind this: The last part of the message, e.g. m n, decrypts properly only if the message was not changed. with CBC this assumption does not hold, therefore PCBC was introduced, but: if an attacker exchanges blocks of the message, this assumption will not hold for PCBC as well! Kerberos V4 / Privacy and Integrity 26 / 55 Integrity only protected communication: Kerberos V4 uses a (mathematically questionable) so called modified Jueneman checksum Kerberos V5 uses better methods (MD4, MD5, DES-MAC,...) 13

14 Kerberos V5 / Contents 27 / 55 Kerberos V5 ASN.1 Delegation Long Life Tickets Privacy and Integrity Inter-realm Authentication Kerberos Kerberos V5 28 / 55 Kerberos V4 V5 + more features and flexibility e.g. delegation, ASN.1, realm chaining, + fewer restrictions e.g. longer addresses, long life tickets, + optimisations e.g. enhanced algorithms for privacy and integrity. - But also more overhead. 14

15 Kerberos V5 / ASN.1 29 / 55 ASN.1 is a data representation language ISO standard, looks similar to data structure definitions in programming languages, independent of data representation (such as bit and byte order), allows optional fields, varying of field lengths. More flexibility, but also more overhead Example: Kerberos V5 / Delegation 30 / 55 Problem: consider a batch job (or an agent) running on Bob, that needs to access files of Alice... a login from one remote node Bob into another. Bob needs authorization Solution: Delegation of rights give someone else access to things you are authorized to access delegation is usually limited: in time in scope (subset of resources) 15

16 Kerberos V5 / Delegation 31 / 55 Idea to obtain delegation: send tickets (e.g. a ticket to Carol ) or even the TGT to Bob. in Kerberos V4: network layer address of Alice is included in TGT and tickets, delegation not possible (tickets unusable for Bob) in Kerberos V5: Alice can request tickets ( proxy tickets ) and TGTs containing a network layer address different from her own (e.g. Bob s address), even multiple or no address can be specified (no address ticket usable from any address). delegation possible Kerberos V5 / Delegation 32 / 55 Note: In Kerberos Alice delegates rights to Bob, by allowing Bob to impersonate Alice to the KDC and/or other principals. thus Alice in some sense passes on her identity. Additionally, the AUTHORIZATION-DATA field provides the possibility to restrict the rights of Bob impersonating Alice on the application level. 16

17 Kerberos V5 / Delegation 33 / 55 The possibilities of delegation can be controlled using the flags in the TGT: forwardable (this TGT can be forwarded, means: you can get TGTs with a different address) proxiable (with this TGT its possible to obtain a ticket including a different address) There are additional flags notifying the status of a ticket: a TGT can be marked as forwarded (it originates from a TGT with another address) a ticket can be marked as forwarded (it originates from a forwarded TGT) proxy (it was generated with a different address than the originating TGT) Kerberos V5 / Delegation 34 / 55 forwardable and proxiable flags (4 different settings in a TGT) KDC KDC set forwardable flag? set proxiable flag? TGT Alice s address equal address ticket to Bob Alice s address forwardable TGT Alice s address ticket to Bob Alice s address different addresses (forwardable) (proxiable) TGT Bobs s address forwarded KDC KDC proxiable TGT Alice s address ticket to Bob Alice s address different addresses ticket to Carol Bobs s address proxy proxiable forwardable TGT Alice s address ticket to Bob Alice s address ticket to Carol Bobs s address proxy (forwardable) (proxiable) TGT Bobs s address forwarded 17

18 Kerberos V5 / Delegation / TGT forwarding 35 / 55 forwardable TGT set forwardable flag? YES TGS_REQ Alice s Workstation Alice s address (forwardable) forwardable TGT Bobs s address forwarded send TGT to Bob Bob TGS_REP (forwardable) forwardable TGT Bobs s address forwarded (forwardable) forwardable set forwardable flag? YES TGS_REQ KDC TGT TGS_REP Carol s address forwarded...and so on Kerberos V5 / Delegation 36 / 55 When Alice requests a forwarded TGT, she can specify the desired settings of the forwardable and proxiable flags, the KDC can than decide which flags are actually set. using these flags in a TGT the KDC can control the delegation rights of clients (with higher priority than Alice),... Alice can control the delegation rights of the principal the delegation is given to. 18

19 Kerberos V5 / Delegation 37 / 55 Alice can limit the delegation in 3 different ways: by using the forwardable and proxiable flags, by giving no TGT to Bob, but only proxy tickets for the required services, by using the AUTHORIZATION-DATA field, which is given by Alice when requesting a TGT or ticket,... is added to the TGT or ticket,... is not interpreted by the KDC, but is instead application-specific. Kerberos V5 / Delegation 38 / 55 Furthermore the applications are involved in the delegation: by using the forwarded and proxy flags, when deciding what access to allow, by interpreting the AUTHORIZATION-DATA field. This results in a very flexible, but also very confusing access control. 19

20 Kerberos V5 / Long Life Tickets 39 / 55 In Kerberos V4: four bytes start time, one byte life time (units of 5 minutes)» approx. 21 hours maximum life In Kerberos V5: ASN.1 defined quantity of 17 bytes granularity: 1 second Lifetime is practically unlimited: end time <= 31 dec 9999 Lifetime is specified by: Start time (i.e. postdated tickets are possible) End time Authtime (time when Alice received her initial TGT) Renew-till (necessary for renewable tickets) Disadvantage: Long life time => higher security risk Kerberos V5 / Long Life Tickets 40 / 55 Disadvantage: Long life time => higher security risk Solution: renewable tickets Alice has to renew tickets, say once a day (thus the end time of a ticket is never more than one day ahead) To renew a ticket it has to be presented to the KDC the KDC then changes the end-time, if the ticket is still renewable (renew-till time) this makes revocation possible If Alice is ever late renewing a ticket, the KDC will refuse to renew it. this is due to the fact, that otherwise the KDC has to remember to many not renewed tickets. 20

21 Kerberos V5 / Privacy and Integrity 41 / 55 Cryptographic algorithms: Kerberos V4 uses DES with PCBC for privacy and integrity, modified Jueneman checksum for integrity only. Problems PCBC not safe against cipher block exchange, modified Jueneman checksum is mathematically questionable (though never publicly broken yet). Kerberos V5 / Privacy and Integrity 42 / 55 Kerberos V5 uses the following MICs (Message Integrity Codes) for integrity only: rsa-md5-des (required) des-mac (required) des-mac-k (required) rsa-md4-des (optional) rsa-md4-des-k (optional) rsa-md4-des is mainly rsa-md5-des using MD4. Algorithms ending with -k are old versions not using a modified key K (implemented to provide for backward compatibility). rsa-md5-des and des-mac are described in the following: 21

22 Kerberos V5 / Privacy and Integrity / rsa-md5-des 43 / 55 rsa-md5-des (has nothing to do with RSA other than RSADSI, a company owning rights to MD5!) MIC calculation: 1) choose Confounder = random number (64-bit), 2) X = [Confounder message ], message has variable length, 3) MD = MD5(X), (128 Bits), 4) K = K AB F0F0F0F0F0F0F0 16, 5) Y = [Confounder MD ], (192 Bits), 6) MIC = K (Y), (192-Bits), encrypt in CBC mode using IV = 0 (Initialisation Vector). MIC verification: a) calculate K, b) decrypt MIC = [Confounder MD ] using K, c) X = [Confounder message ], d) if MD = MD5(X ) then message = message, OK. Kerberos V5 / Privacy and Integrity / des-mac 44 / 55 des-mac similar to rsa-md5-des (main difference: Step 3): MIC calculation: 1) choose Confounder = random number (64-bit), 2) X = [Confounder message ], message has variable length, 3) Residue = K AB (X), (64 Bits), encrypt in CBC mode using IV = 0, 4) K = K AB F0F0F0F0F0F0F0 16, 5) Y = [Confounder Residue ], (128 Bits), 6) MIC = K (Y), (128 Bits), encrypt in CBC mode using IV = 0. MIC verification: a) calculate K, b) decrypt MIC = [Confounder Residue ] using K, c) X = [Confounder message ], d) if Residue = K AB (X ) then message = message, OK. 22

23 Kerberos V5 / Privacy and Integrity 45 / 55 For privacy and integrity Kerberos V5 uses the following algorithms: des-cbc-crc (MIC = CRC-32) des-cbc-md4 (MIC = MD4) des-cbc-md5 (MIC = MD5) all algorithms do the following: 32 bits for des-cbc-crc 129 bits for the other algorithms 1) choose Confounder = random number (64-bit), 2) X = [Confounder zeros (length of MIC) message ], 3) Y = [Confounder MIC(X) message ], 4) add padding (64-bit chunks), 5) encrypt the result using DES in CBC mode with IV = 0. Kerberos V5 / Interrealm Authentication 46 / 55 Goal: provide full connectivity Problem: in Kerberos V4: principal in realm A can authenticate with principals in realm B, only if KDC-A is registrated as principal in realm B, hugh registration effort. Approach: allow to go through series of realms. Problem: if one of the KDC in the chain is not trusted, the whole authentication can not be trusted. Idea: list all traversed KDC s in the TRANSITED field, such that no involved KDC can avoid to be listed. it s the clients decision then, if he trusts all traversed KDC s and thus the authentication or not. 23

24 Kerberos V5 / Interrealm Authentication 47 / 55 Its practical to arrange realm in a tree structure. The tree structure often emerges from present address structures (e.g. internet domains). A Possibly allow additional shortcuts (cross links). B G C D shortcut H I E F WWW Security 48 / World Wide Web Security Originally, the Internet was intended to be an open network. HTTP was not designed to provide for security. Today, a secure WWW is crucial. Most current application are using SSL (transport layer!), There are alternative approaches on the application layer. 24

25 WWW Security 49 / 55 Approaches on the application layer: GSS-API (Generic Security Service Application, Interface), PGP-CCI (Pretty Good Privacy - Common Client Interface), S-HTTP (Secure Hypertext Transfer Protocol), SEA (Security Extension Architecture). Only the latter two will be described, in the following. S-HTTP 50 / 55 S-HTTP (not to be confused with https, which corresponds to SSL) is an extension of HTTP, provides end-to-end security, allows to negotiate options between client and server: choice of... - keymanagement mechanism, - security policies, - cryptographic algorithms. Certification Services are not requiered, but supported spontanous communication possible. 25

26 S-HTTP 51 / 55 S-HTTP uses common cryptographical techniques hash functions MD4, MD5, SHA encryption DES-CBC, Triple-DES, IDEA-CFB, RC4, CDMF-CBC signature RSA, DSS message format standards (content types): PKCS, MOSS S-HTTP 52 / 55 S-HTTP is compatible with HTTP: Communication is possible between S-HTTP enabled client and 'normal' HTTP server, and vice versa. Syntax is similar to HTTP S-HTTP messages consist of request or status line, series of header lines, body (may contain an encapsulated content). S-HTTP defines a set of new RFC 822-style headers and, three new Anchor Attributes (DN, NONCE, CRYTOPTS). 26

27 S-HTTP 53 / 55 New Anchor Attributes: DN - Contains the distiguished name (DN) of the principal for whom the request should be encrypted when dereferencing the anchor s URL. NONCE - Contains a nonce that must be returned in a separate header line when the anchor has been de-referenced CRYPTOPTS - Contains the cryptographic 'options' information (e.g., which algorithms are available, etc) S-HTTP 54 / 55 S-HTTP provides message content protection on three orthogonal axes: digital signature (using certificates), authentication, encryption. A message may be protected with all combinations of the above (including no protection). 27

28 SEA 55 / 55 SEA (Security Extension Architecture) initiatedby the W3C (World Wide Web Consortium), SEA for HTTP first published in 1996, uses design principles of S-HTTP and PEP (Protocol Extension Protocol), PEP: allows HTTP client and server to agree on supported extensions, similar to S-HTTP, still subject to ongoing changes. 28

4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.2:

More information

Kerberos. Login via Password. Keys in Kerberos

Kerberos. Login via Password. Keys in Kerberos Kerberos Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos

More information

KERBEROS. Kerberos Authentication Service

KERBEROS. Kerberos Authentication Service KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed

More information

Kerberos V5. Raj Jain. Washington University in St. Louis

Kerberos V5. Raj Jain. Washington University in St. Louis Kerberos V5 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/ 11-1

More information

Authentication Applications

Authentication Applications Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

More information

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1 Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Authentication Applications

Authentication Applications Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service

More information

NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman

NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman The Slow Convergence of PKI and Kerberos At Connectathon 1995 Dan Nessett of Sun Microsystems was quoted saying Kerberos will

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Identification and Authentication Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Authentication and Access Control Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Chapter 15 User Authentication

Chapter 15 User Authentication Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

More information

Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this

More information

4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks

4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Scenario. Roadmap. ! The simplified architecture! The complete architecture Pre-authentication Delegation. Realms

Scenario. Roadmap. ! The simplified architecture! The complete architecture Pre-authentication Delegation. Realms erberos' erberos! erberos is based on the Needham-Schroeder protocol (1978)! erberos was developed at MIT in1980! erberos V4 and erberos V5 (RFC 1510)! erberos if part of OSF DCE and Windows 2 (e later)!

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)

More information

Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 3

Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 3 Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle Network Security Chapter 3 Cryptographic Protocols for Encryption, Authentication and Key Establishment Overview

More information

CS 4803 Computer and Network Security

CS 4803 Computer and Network Security Many-to-Many Authentication CS 4803 Computer and Network Security s? Servers Alexandra (Sasha) Boldyreva Kerberos How do users prove their identities when requesting services from machines on the network?

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 4, Issue 6, November - December (2013), pp. 62-69 IAEME: www.iaeme.com/ijcet.asp Journal

More information

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING

WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING Authors: Tal Be ery, Sr. Security Research Manager, Microsoft Michael Cherny, Sr. Security Researcher, Microsoft November

More information

Standards and Products. Computer Security. Kerberos. Kerberos

Standards and Products. Computer Security. Kerberos. Kerberos 3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2

More information

SYSTEM MODEL KERBEROS OBJECTIVES PHYSICAL SECURITY TRUST: CONSOLIDATED KERBEROS MODEL TRUST: BILATERAL RHOSTS MODEL

SYSTEM MODEL KERBEROS OBJECTIVES PHYSICAL SECURITY TRUST: CONSOLIDATED KERBEROS MODEL TRUST: BILATERAL RHOSTS MODEL INFS 766 Internet Security Protocols Lecture 9 WORK- STATIONS SYSTEM MODEL NETWORK SERVERS NFS GOPHER Prof. Ravi Sandhu LIBRARY KERBEROS 2 PHYSICAL SECURITY KERBEROS OBJECTIVES CLIENT WORKSTATIONS None,

More information

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos KERBEROS TOPIC HIERARCHY Distributed Environment Security Privacy Authentication Authorization Non Repudiation Kerberos ORIGIN MIT developed Kerberos to protect network services. Developed under the Project

More information

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents

More information

Is your data safe out there? -A white Paper on Online Security

Is your data safe out there? -A white Paper on Online Security Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects

More information

Authentication. Agenda. IT Security course Lecture April 14 th 2003. Niels Christian Juul 2. April 14th, 2003

Authentication. Agenda. IT Security course Lecture April 14 th 2003. Niels Christian Juul 2. April 14th, 2003 Authentication IT Security course Lecture April 14 th 2003 Niels Christian Juul Computer Science, building 42.1 Roskilde University Universitetsvej 1 P.O. Box 260 DK-4000 Roskilde Denmark Phone: +45 4674

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

More information

Application Layer (1)

Application Layer (1) Application Layer (1) Functionality: providing applications (e-mail, www, USENET etc) providing support protocols to allow the real applications to function properly security comprising a large number

More information

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5) Network Security Security Crytographic algorithms Security Services Secret key (DES) Public key (RSA) Message digest (MD5) privacy authenticity Message integrity Secret Key Encryption Plain text Plain

More information

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security

More information

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006 CSE331: Introduction to Networks and Security Lecture 29 Fall 2006 Announcements Project 3 is due Today Can submit electronically (mail savi@seas) By midnight Project 4 will be on the web this afternoon

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

What is network security?

What is network security? Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

More information

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

More information

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos SSL, PGP, Kerberos Secure Socket Layer (Web Security), Pretty Good Privacy (Email Security) and Authentication Agenda SSL PGP Kerberos SSL, PGP, Kerberos, v4.4 2 Page 96-1 SSL versus IPsec Application

More information

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn. CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange

More information

NETWORK ADMINISTRATION AND SECURITY

NETWORK ADMINISTRATION AND SECURITY NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define

More information

Nyckelhantering och autentisering

Nyckelhantering och autentisering 1 Nyckelhantering och autentisering Daniel Bosk Avdelningen för informations- och kommunikationssytem (IKS), Mittuniversitetet, Sundsvall. keyauth.tex 1352 2013-10-01 09:25:08Z danbos 2 Översikt 1 Symmetric

More information

Kerberos and Active Directory symmetric cryptography in practice COSC412

Kerberos and Active Directory symmetric cryptography in practice COSC412 Kerberos and Active Directory symmetric cryptography in practice COSC412 Learning objectives Understand the function of Kerberos Explain how symmetric cryptography supports the operation of Kerberos Summarise

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Hooks could have been left around for the imposter to regain control. A.Arpaci-Dusseau. Remove all files from disk and reinstall all software

Hooks could have been left around for the imposter to regain control. A.Arpaci-Dusseau. Remove all files from disk and reinstall all software UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 A. Arpaci-Dusseau Intro to Operating Systems Spring 2000 Security Solutions and Encryption Questions answered in these notes: How does

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Communication Security for Applications

Communication Security for Applications Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer

More information

Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications

Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications Copyright Notice The correct bibliographic citation for this manual is as follows: SAS Institute Inc., Configuring

More information

Network Security Standards. Key distribution Kerberos SSL/TLS

Network Security Standards. Key distribution Kerberos SSL/TLS Network Security Standards Key distribution Kerberos SSL/TLS 1 Many-to-Many Authentication? Users Servers How do users prove their identities when requesting services from machines on the network? Naïve

More information

symmetric key distribution requirements for public key algorithms asymmetric (or public) key algorithms

symmetric key distribution requirements for public key algorithms asymmetric (or public) key algorithms topics: cis3.2 electronic commerce 6 dec 2005 lecture # 18 internet security, part 2 symmetric (single key) and asymmetric (public key) methods different cryptographic systems electronic payment mechanisms

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Kerberos authentication made easy on OpenVMS

Kerberos authentication made easy on OpenVMS Kerberos authentication made easy on OpenVMS Author: Srinivasa Rao Yarlagadda yarlagadda-srinivasa.rao@hp.com Co-Author: Rupesh Shantamurty rupeshs@hp.com OpenVMS Technical Journal V18 Table of contents

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private

More information

OPENID AUTHENTICATION SECURITY

OPENID AUTHENTICATION SECURITY OPENID AUTHENTICATION SECURITY Erik Lagercrantz and Patrik Sternudd Uppsala, May 17 2009 1 ABSTRACT This documents gives an introduction to OpenID, which is a system for centralised online authentication.

More information

CS 494/594 Computer and Network Security

CS 494/594 Computer and Network Security CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Exercise: Chapters 13, 15-18 18 1. [Kaufman] 13.1

More information

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS) Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations

More information

CS 600.443 Final Exam

CS 600.443 Final Exam CS 600.443 Final Exam Name: This exam is closed book and closed notes. You are required to do this completely on your own without any help from anybody else. Feel free to write on the back of any page

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

a. Every machine in UTK is configured with the public key of the root CA.

a. Every machine in UTK is configured with the public key of the root CA. 1. Suppose UTK implements a Top-Down with Name Constraints PKI model with two-level hierarchy. The root CA is pki.utk.edu, which has two delegated CA servers, pki.eecs.utk.edu and pki.math.utk.edu, at

More information

Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

More information

SOMA Cryptography Whitepaper

SOMA Cryptography Whitepaper SOMA Cryptography Whitepaper Draft date: Nov. 1st, 2015 Contents Overview 2 Secure Transport Layer Protocol 3 AES256 Key Generation 3 Login Data Verification 3 Secure Transport Layer Establishment 4 Data

More information

mod_ssl Cryptographic Techniques

mod_ssl Cryptographic Techniques mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

Dashlane Security Whitepaper

Dashlane Security Whitepaper Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.

More information

Q: Why security protocols?

Q: Why security protocols? Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1 Confidentiality and privacy: Protect

More information

Two SSO Architectures with a Single Set of Credentials

Two SSO Architectures with a Single Set of Credentials Two SSO Architectures with a Single Set of Credentials Abstract Single sign-on (SSO) is a widely used mechanism that uses a single action of authentication and authority to permit an authorized user to

More information

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on

More information

Attacking Kerberos Deployments

Attacking Kerberos Deployments Attacking Kerberos Deployments Breaking the Intranet Rachel Engel, Brad Hill and Scott Stender Black Hat USA 2010 https://www.isecpartners.com About Us Who are you? Security Consultants at isec Partners

More information

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610 Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

More information

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

The Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course

More information

Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service

Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service Sazzad Masud and Ram Krishnan University of Texas at San Antonio Sazzad.Masud@gmail.com, Ram.Krishnan@utsa.edu Abstract Cloud

More information