New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Comp & Network Security

by: Alayna Veum

Comp & Network Security CS 4237

Alayna Veum

GPA 3.81

Wenke Lee

Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Wenke Lee
Class Notes
25 ?




Popular in Course

Popular in ComputerScienence

This 0 page Class Notes was uploaded by Alayna Veum on Monday November 2, 2015. The Class Notes belongs to CS 4237 at Georgia Institute of Technology - Main Campus taught by Wenke Lee in Fall. Since its upload, it has received 14 views. For similar materials see /class/234071/cs-4237-georgia-institute-of-technology-main-campus in ComputerScienence at Georgia Institute of Technology - Main Campus.

Similar to CS 4237 at

Popular in ComputerScienence


Reviews for Comp & Network Security


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 11/02/15
Authentication 11 CS 4237 IJQEEEWIHHII Kerberos V4 EQQQQEQE QCDQ QQDDCQUQDQU g EQEQE What Is Kerberos l Recommended reading 9 httpwebmitedukerberoswwwdialoguehtml l Provide cryptographic authentication in network environment 0 Enable secure access control of networked resources 0 Relieve usersadministrators the burden of managing potentially many accounts and passwords EEEQQQEDDQDQJDDLQUDJDDQQDQEQQ Kerberos Realm7 Realml QEED CWZJDQH Kerberos Deployment l KDCs are physically secured l Kerberos libraries are distributed on all nodes with users applications and other Kerberos controlled resources if I All Kerberos exchanges are protected against confidentiality and integrity attacks l Kerberosrized applications 0 telnet 0 rtools rlogin rcp rsh E3 0 Network file systems NF SAFS m E Where To Start A g l Every principal has a master secret key 0 Human user s master key is derived from g39 password 0 Other resources must have their keys configured in Eff l Every principal is registered with the L Kerberos server ie KDC I All principals master keys are stored in the KDC database encrypted using the KDC E SE master key QQQQQQEJDDDC 7quot VCWF LTCWCYJDQEQ Tickets l Every principal has a main shared secret with the KDC principal s master key I Any secure communicationaccess among principals must be mediated by KDC through tickets I How would Alice talk to Bob 7 iil i l TUDDUQDEQQQ EDS 321 Alice Bob and KDC KDC 2 ow KBKAB Alice 3 Ticket to Bob KB KAB Alice QEEE UL L iquot A L D Session Key and Ticketgranting Ticket TGT l Messages between a host and the KDC can be protected using the principal s master key I For every request to KDC from the principal E 0 Insists on principal retyping in the password 0 Remember the principal s password 0 Remember the principal s master key derived from the password I All options are equally inadequate n a E Session Key and TGT E I To avoid potentially too much exposure to 3 passwordm aster key 0 At initial login a per principal session key SB for Bob is requested from KDC L EDI mggggg 0 SB has a limited valid time period 0 A TGT for Bob is also issued by the KDC which includes the session key SB and Bob s identification information all encrypted using the KDC s master key Dmgu 4 Session Key and TGT a E l Bob s Kerberos client eg the login host decrypts and remembers 0 S3 for subsequent message with KDC F 0 TGT for remindingconvincing KDC to use SB with it as well 0 No need for remembering storing password I New request to KDC must include TGT in a the request message I New tickets from KDC must be decrypted In SE n m m Eli E 3 L0 gin U D U E 239 AsiREQ 3 create SB 3 and TGTB F KKDCB0b SB L if KDC 5 local host 4 AsiREP decrypts and K BSB TGTB D saves S B and QEQQQQ TGTB Need A Tlcket U Q 2 TGSiREQ access to hpl i5 1 GTE IPT 39PhP 1 SB tlmeStampH 3 create K B P 7 decrypt TGTB Equot Bob s verify authenticator Local generate Ticket to i Host printer for Bob 53 5 local host 4 TGSiREP TP KPBobKBP D decrypts and SB Boba KBP TP obtaining service KDC usingKBPEL T Q Q m w W W 9 I 39 a Accessmg the Prlnter Q B E g 1 APiREQ E Uh 1 K31 F 2 decrypt T P for Lquot KBP verify x 39 authenticator 3 APiREP L KBPtimestamp1 Printer serve E QEJQEQM EE gn Authentication and Global Clock 0 Single master KDC as the point of direct update to principals database entries Ell Synchronization l Authenticator KXtimestamp l Global clock sync is implied I Is the authenticator for TGSREQ Ff necessary I What about the APREQ l Main purposes of authenticator is to avoid 0 replay of old requests to the same server 0 replay of request on one server to another server farm shared principal s master key I Replicated KDCs Cl Cl l Multiple replica of KDC availability and 7 performance l Keeping KDC databases consistent LL SDI QEQQQQ 0 Updated database is downloaded from the master to all replica KDCs 0 Periodic download or on demand gm l Kerberos stores principals master keys encrypted with KDC master key 5 Will It Be Effective ll l KDC dynamic state consists of outstanding TGTs and tickets l Kerberos puts the burden of maintaining them on the clients hostsserversgrantees E 0 Convince me that I did this for you l KDC is only involved in the initial mediation and it stays out of the picture once a ticket is issued I Only static state information is principals database read only for all replica KDCs U i Database Content Protection J g l Encryption is required for sensitive data l Integrity of the database must be ensured 3 0 Installation of masqueraded master keys 0 Substitution replay of old databases LL SDI QEQQQQ l Kerberos transmits a secure hash of the database with encryption in a separate message during downloads ED Ell 9 Multiple Trust Domams a Cl 23 l Single master KDC can only stretch so far l KDC asks people to put too much trust in it 0 Should competing commercial entities use the 9 same KDC 0 gov org edu etc each having a different 15 model of what is more trustworthy B l Single master KDC greatest temptation Eli biggest security riskvulnerability CD I So comes different domains or realms E El 51 3 Kerberos Realms E l Each realm has a different master KDC f with different master KDC key l Each realm can have many replica KDCs E but all sharing the same KDC master key l Two KDCs in different realms have different principals master key databases l 9 In E


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Kyle Maynard Purdue

"When you're taking detailed notes and trying to help everyone else out in the class, it really helps you learn and understand the I made $280 on my first study guide!"

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.