tailieunhanh - Authentication Services

will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos – a private-key authentication service then directory authentication service | Authentication Applications We cannot enter into alliance with neighbouring princes until we are acquainted with their designs. —The Art of War, Sun Tzu Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos – a private-key authentication service then directory authentication service Kerberos trusted key server system from MIT provides centralised private-key third-party authentication in a distributed network allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server two versions in use: 4 & 5 One of the best known and most widely implemented trusted third party key distribution systems. It was developed as part of Project Athena at MIT. Kerberos Requirements first published report identified its requirements as: security-an eavesdropper shouldn’t be able to get enough . | Authentication Applications We cannot enter into alliance with neighbouring princes until we are acquainted with their designs. —The Art of War, Sun Tzu Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos – a private-key authentication service then directory authentication service Kerberos trusted key server system from MIT provides centralised private-key third-party authentication in a distributed network allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server two versions in use: 4 & 5 One of the best known and most widely implemented trusted third party key distribution systems. It was developed as part of Project Athena at MIT. Kerberos Requirements first published report identified its requirements as: security-an eavesdropper shouldn’t be able to get enough information to impersonate the user reliability- services using Kerberos would be unusable if Kerberos isn’t available transparency-users should be unaware of its presence scalability- should support large number of users implemented using a 3rd party authentication scheme using a protocol proposed by Needham-Schroeder (NEED78) Kerberos 4 Overview a basic third-party authentication scheme uses DES buried in an elaborate protocol Authentication Server (AS) user initially negotiates with AS to identify self AS provides a non-corruptible authentication credential (ticket-granting ticket TGT) Ticket Granting server (TGS) users subsequently request access to other services from TGS on basis of users TGT The core of Kerberos is the Authentication and Ticket Granting Servers – these are trusted by all users and servers and must be securely administered. Kerberos 4 Overview Stallings Fig 14-1. Discuss in relation to Table 14-1 which details message exchanges. Kerberos Realms a Kerberos environment .