Scribd
Upload
17 views16 pages

Keberos

Digital signatures utilize public key infrastructure (PKI) for secure message transmission and sender authentication, requiring both public and private keys. Kerberos is a centralized authentication mechanism that uses a Key Distribution Center (KDC) to authenticate users and services, involving an Authentication Server and Ticket Granting Server for issuing tickets. Key applications of Kerberos include user authentication, Single Sign-On (SSO), mutual authentication, and network security, although it has limitations such as the need for individual service modifications and reliance on a secure Kerberos server.

Uploaded by

saranyar.aids
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views16 pages

Keberos

Digital signatures utilize public key infrastructure (PKI) for secure message transmission and sender authentication, requiring both public and private keys. Kerberos is a centralized authentication mechanism that uses a Key Distribution Center (KDC) to authenticate users and services, involving an Authentication Server and Ticket Granting Server for issuing tickets. Key applications of Kerberos include user authentication, Single Sign-On (SSO), mutual authentication, and network security, although it has limitations such as the need for individual service modifications and reliance on a secure Kerberos server.

Uploaded by

saranyar.aids
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

digital signature and

Authentication: Overview
Kerberos
What is the digital signature authentication mechanism?

A digital signature is a form of cryptography that uses the public key


infrastructure, or PKI, to securely transmit messages and authenticate
senders. Digital signatures require both a public and a private key to be
decrypted.

The public key will be signed by a trusted CA and will need to match the
private key
Kerberos provides a centralized authentication server whose function is to
authenticate users to servers and servers to users.

In Kerberos Authentication server and database is used for client


authentication. Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC).

Each user and service on the network is a principal.


The main components of Kerberos are:

Authentication Server (AS): The Authentication Server performs the initial


authentication and ticket for Ticket Granting Service.

Database: The Authentication Server verifies the access rights of users in the
database.

Ticket Granting Server (TGS): The Ticket Granting Server issues the ticket for
the Server
Kerberos Overview
Step-1: User login and request services on the host. Thus user requests for
ticket-granting service.

Step-2: Authentication Server verifies user’s access right using database and
then gives ticket granting-ticket and session key. Results are encrypted using
the Password of the user.

Step-3: The decryption of the message is done using the password then send
the ticket to Ticket Granting Server. The Ticket contains authenticators like
user names and network addresses.

Step-4: Ticket Granting Server decrypts the ticket sent by User and
authenticator verifies the request then creates the ticket for requesting
services from the Server
Step-5: user sends the Ticket and Authenticator to the Server.

Step-6: The server verifies the Ticket and authenticators then generate access to
the service. After this User can access the services
Kerberos Limitations
-Each network service must be modified individually for use with Kerberos
-It doesn’t work well in a timeshare environment
-Secured Kerberos Server
-Requires an always-on Kerberos server
-Stores all passwords are encrypted with a single key
-Assumes workstations are secure
-May result in cascading loss of trust.
-Scalability
Applications
User Authentication

Single Sign-On (SSO)

Mutual Authentication

Authorization

Network Security
User Authentication:

User Authentication is one of the main applications of Kerberos. Users only have
to input their username and password once with Kerberos to gain access to the
network.

The Kerberos server subsequently receives the encrypted authentication data and
issues a ticket granting ticket (TGT).
Single Sign-On (SSO):

Kerberos offers a Single Sign-On (SSO) solution that enables users to log in once
to

access a variety of network resources.

A user can access any network resource they have been authorized to use after
being authenticated by the Kerberos server without having to provide their
credentials again.
Mutual Authentication:

Before any data is transferred, Kerberos uses a mutual authentication technique to


make sure that both the client and server are authenticated.Using a shared secret
key that is securely kept on both the client and server, this is accomplished.

A client asks the Kerberos server for a service ticket whenever it tries to access a
network resource. The client must use its shared secret key to decrypt the
challenge that the Kerberos server sends via encryption. If the decryption is
successful, the client responds to the server with evidence of its identity.
Authorization:

Kerberos also offers a system for authorization in addition to authentication. After


being authenticated, a user can submit service tickets for certain network
resources.

Users can access just the resources they have been given permission to use
thanks to information about their privileges and permissions contained in the
service tickets.
Network Security:

Kerberos offers a central authentication server that can regulate user credentials
and access restrictions, which helps to ensure network security.

In order to prevent unwanted access to sensitive data and resources, this server
may authenticate users before granting them access to network resources
Key Distribution Center (KDC):
A trusted third-party that verifies user identities located on a Domain
Controller (DC), such as the Active Directory domain.
The KDC includes two servers: Authentication Server (AS): Confirms that
the access request the user is making is from a known service and issues
Ticket Granting Tickets (TGTs).
Ticket Granting Service (TGS): Confirms that the access request the user is
making is from a known service and issues service tickets
Client Refers to the user or the service the user wants to access. There are
often multiple clients within a realm.

Ticket Granting Ticket (TGT) Contains the majority of information that needs
to pass between the AS and TGS, such as client ID, service ID, hostname, IP
address, session keys, timestamps, time-to-live (TTL). TGTs are encrypted
using a server’s secret key.

You might also like