Enviar pesquisa
Carregar
Kerberos and Covert Channels
•
Transferir como PPTX, PDF
•
1 gostou
•
690 visualizações
Raj Bhatt
Seguir
Internet Network and Security
Leia menos
Leia mais
Educação
Tecnologia
Negócios
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 26
Baixar agora
Recomendados
Kerberos: The Four Letter Word
Kerberos: The Four Letter Word
Kenneth Maglio
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
Ankit Mehta
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy
An Introduction to Kerberos
An Introduction to Kerberos
Shumon Huque
mimikatz @ sthack
mimikatz @ sthack
Benjamin Delpy
Firewalls
Firewalls
Gajendra Saini
crypto2ssh
crypto2ssh
Hasan Sharif
Kerberos
Kerberos
Sutanu Paul
Recomendados
Kerberos: The Four Letter Word
Kerberos: The Four Letter Word
Kenneth Maglio
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
Ankit Mehta
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy
An Introduction to Kerberos
An Introduction to Kerberos
Shumon Huque
mimikatz @ sthack
mimikatz @ sthack
Benjamin Delpy
Firewalls
Firewalls
Gajendra Saini
crypto2ssh
crypto2ssh
Hasan Sharif
Kerberos
Kerberos
Sutanu Paul
authentication.ppt
authentication.ppt
AchinikeWinifred
enkripsi and authentication
enkripsi and authentication
ahmad amiruddin
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
infodox
Kerberos IV inductive analisys
Kerberos IV inductive analisys
Giacomo De Liberali
BAIT1103 Chapter 3
BAIT1103 Chapter 3
limsh
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
Paris Open Source Summit
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
Worteks
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
it-people
Blockchain meetup
Blockchain meetup
QuantUniversity
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
John ILIADIS
Kerberos Architecture.pptx
Kerberos Architecture.pptx
Shashwat Shriparv
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
JAIGANESH SEKAR
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
Daniel Podolsky
kerb.ppt
kerb.ppt
JdQi
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)
Sid Anand
Certificate pinning in android applications
Certificate pinning in android applications
Arash Ramez
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging System
Fastly
How does TLS work?
How does TLS work?
Hyeonsu Lee
mini mental status format.docx
mini mental status format.docx
PoojaSen20
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
Sayali Powar
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
nomboosow
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
Mais conteúdo relacionado
Semelhante a Kerberos and Covert Channels
authentication.ppt
authentication.ppt
AchinikeWinifred
enkripsi and authentication
enkripsi and authentication
ahmad amiruddin
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
infodox
Kerberos IV inductive analisys
Kerberos IV inductive analisys
Giacomo De Liberali
BAIT1103 Chapter 3
BAIT1103 Chapter 3
limsh
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
Paris Open Source Summit
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
Worteks
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
it-people
Blockchain meetup
Blockchain meetup
QuantUniversity
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
John ILIADIS
Kerberos Architecture.pptx
Kerberos Architecture.pptx
Shashwat Shriparv
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
JAIGANESH SEKAR
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
Daniel Podolsky
kerb.ppt
kerb.ppt
JdQi
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)
Sid Anand
Certificate pinning in android applications
Certificate pinning in android applications
Arash Ramez
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging System
Fastly
How does TLS work?
How does TLS work?
Hyeonsu Lee
Semelhante a Kerberos and Covert Channels
(18)
authentication.ppt
authentication.ppt
enkripsi and authentication
enkripsi and authentication
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
Kerberos IV inductive analisys
Kerberos IV inductive analisys
BAIT1103 Chapter 3
BAIT1103 Chapter 3
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
Blockchain meetup
Blockchain meetup
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
Kerberos Architecture.pptx
Kerberos Architecture.pptx
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
kerb.ppt
kerb.ppt
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)
Certificate pinning in android applications
Certificate pinning in android applications
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging System
How does TLS work?
How does TLS work?
Último
mini mental status format.docx
mini mental status format.docx
PoojaSen20
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
Sayali Powar
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
nomboosow
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
JemimahLaneBuaron
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
NirmalaLoungPoorunde1
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
Sakshi Ghasle
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
dawncurless
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
VS Mahajan Coaching Centre
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
pboyjonauth
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
GeoBlogs
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
ssuser54595a
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
chloefrazer622
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
SafetyChain Software
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Sapana Sha
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Maksud Ahmed
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
Último
(20)
mini mental status format.docx
mini mental status format.docx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
Kerberos and Covert Channels
1.
KERBEROS & COVERT CHANNELS ©neo
2.
TOPICS COVERED • KERBEROS • COVERT
CHANNELS What What is Kerberos? How It Works? Applications of Kerberos are Covert Channels? How It Works? Example Conclusion ©neo
3.
KERBEROS ©neo
4.
WHAT IS KERBEROS? •
Kerberos is a secure method for authenticating a request for a service in a computer network. • Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). • Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a particular service from a server. • The user's password does not have to pass through the network. ©neo
5.
XYZ Service Think “Kerberos
Server” and don’t let yourself get mired in terminology. Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
6.
XYZ Service Represents something requiring
Kerberos authentication (web server, ftp server, ssh server, etc…) Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
7.
Ticket Granting Service XYZ Service “I’d like
to be allowed to get tickets from the Ticket Granting Server, please. Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
8.
XYZ Service “Okay. I
locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.” Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
9.
Ticket Granting Service XYZ Service Key Distribution Center TGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
10.
TGT Because Susan was
able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”. The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication. The TGT contains no password information. ©neo
11.
“Let me prove
I am Susan to XYZ Service. XYZ Service Here’s a copy of my TGT!” Ticket Granting Service Key Distribution Center T TGTGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
12.
Hey XYZ: Susan is
Susan. CONFIRMED: TGS XYZ Service You’re Susan. Here, take this. TGT Susan Ticket Granting Service Key Distribution Center AuthenTication Service Susan’s Desktop Computer ©neo
13.
XYZ Service I’m Susan.
I’ll prove it. Here’s a copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
14.
That’s Susan alright.
Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
15.
Authorization checks are
performed by the XYZ service… Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service. ©neo
16.
One remaining note: Tickets
(your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable. Until a ticket’s expiration, it may be used repeatedly. ©neo
17.
XYZ Service ME AGAIN!
I’ll prove it. Here’s another copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
18.
That’s Susan… again.
Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
19.
APPLICATIONS Authentication Authorization
Confidentiality Within networks and small sets of networks ©neo
20.
COVERT CHANNELS ©neo
21.
WHAT ARE COVERT
CHANNELS ? •“A path of communication that was not designed to be used for communication.” •Covert channels arise in many situations, particularly in network communications. •Covert channels are virtually impossible to eliminate, and the emphasis is instead on limiting the capacity of such channels. ©neo
22.
FOR EXAMPLE Suppose Alice
has a TOP SECRET clearance while Bob only has a CONFIDENTIAL clearance. If the file space is shared by all users then Alice and Bob can agree that if Alice wants to send a 1 to Bob, she will create a file named, say, FileXYzW and if she wants to send a 0 she will not create such a file. Bob can check to see whether file FileXYzW exists, and, if it does he knows Alice has sent him a 1, and if it does not, Alice has sent him a 0. In this way, a single bit of information has been passed through a covert channel, that is, through a means that was not intended for communication by the designers of the system. ©neo
23.
COVERT CHANNELS A single
bit leaking from Alice to Bob is probably not a concern, but Alice could leak any amount of information by synchronizing with Bob. For example, Alice and Bob could agree that Bob will check for the file FileXYzW once each minute. As before, if the file does not exist, Alice has sent 0, and, if it does exists, Alice has sent a 1. In this way Alice can (slowly) leak TOP SECRET information to Bob. An printing queue can be similarly used as a covert channel. ©neo
24.
COVERT CHANNELS Three things
are required for a covert channel to exist. • First, the sender and receiver must have access to a shared resource. • Second, the sender must be able to vary some property of the shared resource that the receiver can observe. • Finally, the sender and receiver must be able to synchronize their communication. It’s apparent that covert channels are extremely common. Probably the only way to completely eliminate all covert channels is to eliminate all shared resources and all communication. ©neo
25.
Thank you ©neo
26.
Presentation By: Shweta Agrawal Puneet
Bhat Raj Bhatt Shaun Bothelo - 02 12 14 15 ©neo
Baixar agora