Ns 5
Ns 5
Ns 5
3. A B:E(Kb,[Ks||IDA])
◻ Now A will send this second portion E(Kb,[Ks||IDA]) to the B. This
equation is encrypted using master key of B.
4. B A:E(Ks,N2)
◻ In this step authentication will be achieved. B will send one
message that message will be encrypted using the session key and
nonce2(N2).
5. A B:E(Ks,f(N2))
◻ User A will send reply of that nonce using the secret key/session
key.
Remote user authentication with symmetric encryption
◻ Database:
The Authentication Server verifies the access rights of users in the
database.
◻
Kerberos – Simple Dialogue
◻
Ticket
◻ Each request for a service requires a ticket. A ticket provides
a single client with access to a single server.
◻ Tickets are dispensed by the “ticket granting server” (TGS),
which has knowledge of all the encryption keys.
◻ Tickets are meaningless to clients, they simply use them to
gain access to servers.
◻ The TGS seals (encrypts) each ticket with the secret
encryption key of the server.
◻ Sealed tickets can be sent safely over a network - only the
server can make sense out of it.
◻ Each ticket has a limited lifetime (a few hours).
Ticket Contents
≥
Kerberos
Step-1:
User login and request services on the host. Thus user requests for
ticket-granting service.
Step-2:
Authentication Server verifies user’s access right using database and then gives
ticket-granting-ticket and session key. Results are encrypted using the Password
of the user.
Step-3:
The decryption of the message is done using the password then send the ticket
to Ticket Granting Server. The Ticket contains authenticators like user names
and network addresses.
Kerberos
Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator
verifies the request then creates the ticket for requesting services from the
Server.
Step-5:
The user sends the Ticket and Authenticator to the Server.
Step-6:
The server verifies the Ticket and authenticators then generate access to the
service. After this User can access the services.
Kerberos Limitations