kerberos: man’s best friend. introduction and summary the authentication problem password-based...
TRANSCRIPT
Kerberos: Man’s Best Friend
Introduction and Summary
• The Authentication Problem
• Password-Based Authentication
• Kerberos
• Comparison
• Conclusion
The Authentication Problem
• Users and Services
• Who are you?
• What do you want?
• Why do you keep touching me?
Password-Based Authentication
• Users and Services Redux
• Password Files and Hashing
• One User, One Password, One Service
• Password Synchronization Methods
Kerberos
• Why the Silly Name?
• A Bit of History
• General Aims and Goals
Building Security:A Real World Example
• Authentication: The Guards Know You
• Services: Why You Don’t Show Your Badge at the Water Cooler
Encryption:How to Use Your Password
Without Using Your Password
• Everything is a Number
• Public-Key vs. Private-Key (Conventional)
• Passwords = Shared Knowledge
Basics of a Kerberos Transaction
• Son of Users and Services
• Everybody Gets a Password
• Centralized Password Authority
• A Sample Packet: Example Ticketpassword{user:client:service:expires:time}
Session Keys and Services
• Why Do We Need Session Keys?– Replay Attacks– Passwords != Shared Knowledge– Authenticating the Authenticator
• A Sample Packet: User Authenticationsession{username:address} +
password{session:user:client:service:expires:time}
Ticket-Granting Tickets(And Other Self-Referential Nonsense)
• Tickets Are a Service Too– Ticket-Granting Servers Grant Tickets– Timestamps Stamp Times– Expiration Expires
• One User, One Password, Many Services
Realms
• Kerberos’ Scalability Problems
• Remote Ticket-Granting Servers
• Hierarchical Encapsulation
Why You Should Use Kerberos(An Unbiased Review)
• Unified Password Schemes and Psychology
• Synchronization Issues Disappear
• Secure Passwords are Secure
• Administrators Save Time and Energy
Problems with Kerberos
• Unified Password Schemes and Psychology
• Public Terminals and Replay Attacks
• Supported Applications
General Security Problems(Users Aren’t Too Bright)
• Bad Passwords are Bad
• Good Passwords are Bad
• Security Workarounds for Convenience
Conclusion: Is Kerberos Right for Me?
• Size Does Matter (A Little)
• Predicting the Future for Fun and Profit
• Windows 2000: Engulfed in Evil
Any Questions?
Thank you for enduring my presentation.
Those of you with questions, please ask them.
The rest of you may watch a dancing monkey: