SlideShare uma empresa Scribd logo

Kerberos and Covert Channels

Transferir como PPTX, PDF
Raj Bhatt
Raj Bhatt

Internet Network and Security

EducaçãoTecnologiaNegócios
1 de 26
KERBEROS & COVERT CHANNELS ©neo
TOPICS COVERED • KERBEROS • COVERT CHANNELS  What  What is Kerberos?  How It Works?  Applications of Kerberos are Covert Channels?  How It Works?  Example  Conclusion ©neo
KERBEROS ©neo
WHAT IS KERBEROS? • Kerberos is a secure method for authenticating a request for a service in a computer network. • Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). • Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a particular service from a server. • The user's password does not have to pass through the network. ©neo
XYZ Service Think “Kerberos Server” and don’t let yourself get mired in terminology. Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
XYZ Service Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…) Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
Ticket Granting Service XYZ Service “I’d like to be allowed to get tickets from the Ticket Granting Server, please. Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
XYZ Service “Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.” Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
Ticket Granting Service XYZ Service Key Distribution Center TGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
TGT Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”. The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication. The TGT contains no password information. ©neo
“Let me prove I am Susan to XYZ Service. XYZ Service Here’s a copy of my TGT!” Ticket Granting Service Key Distribution Center T TGTGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
Hey XYZ: Susan is Susan. CONFIRMED: TGS XYZ Service You’re Susan. Here, take this. TGT Susan Ticket Granting Service Key Distribution Center AuthenTication Service Susan’s Desktop Computer ©neo
XYZ Service I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
That’s Susan alright. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
Authorization checks are performed by the XYZ service… Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service. ©neo
One remaining note: Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable. Until a ticket’s expiration, it may be used repeatedly. ©neo
XYZ Service ME AGAIN! I’ll prove it. Here’s another copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
That’s Susan… again. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
APPLICATIONS  Authentication  Authorization  Confidentiality  Within networks and small sets of networks ©neo
COVERT CHANNELS ©neo
WHAT ARE COVERT CHANNELS ? •“A path of communication that was not designed to be used for communication.” •Covert channels arise in many situations, particularly in network communications. •Covert channels are virtually impossible to eliminate, and the emphasis is instead on limiting the capacity of such channels. ©neo
FOR EXAMPLE Suppose Alice has a TOP SECRET clearance while Bob only has a CONFIDENTIAL clearance. If the file space is shared by all users then Alice and Bob can agree that if Alice wants to send a 1 to Bob, she will create a file named, say, FileXYzW and if she wants to send a 0 she will not create such a file. Bob can check to see whether file FileXYzW exists, and, if it does he knows Alice has sent him a 1, and if it does not, Alice has sent him a 0. In this way, a single bit of information has been passed through a covert channel, that is, through a means that was not intended for communication by the designers of the system. ©neo
COVERT CHANNELS A single bit leaking from Alice to Bob is probably not a concern, but Alice could leak any amount of information by synchronizing with Bob. For example, Alice and Bob could agree that Bob will check for the file FileXYzW once each minute. As before, if the file does not exist, Alice has sent 0, and, if it does exists, Alice has sent a 1. In this way Alice can (slowly) leak TOP SECRET information to Bob. An printing queue can be similarly used as a covert channel. ©neo
COVERT CHANNELS Three things are required for a covert channel to exist. • First, the sender and receiver must have access to a shared resource. • Second, the sender must be able to vary some property of the shared resource that the receiver can observe. • Finally, the sender and receiver must be able to synchronize their communication. It’s apparent that covert channels are extremely common. Probably the only way to completely eliminate all covert channels is to eliminate all shared resources and all communication. ©neo
Thank you ©neo
Presentation By: Shweta Agrawal Puneet Bhat Raj Bhatt Shaun Bothelo - 02 12 14 15 ©neo

Recomendados

Kerberos: The Four Letter Word
Kerberos: The Four Letter WordKerberos: The Four Letter Word
Kerberos: The Four Letter WordKenneth Maglio
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
mimikatz @ sthack
mimikatz @ sthackmimikatz @ sthack
mimikatz @ sthackBenjamin Delpy
 
Firewalls
FirewallsFirewalls
FirewallsGajendra Saini
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 

Recomendados

Kerberos: The Four Letter Word
Kerberos: The Four Letter WordKerberos: The Four Letter Word
Kerberos: The Four Letter WordKenneth Maglio
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
mimikatz @ sthack
mimikatz @ sthackmimikatz @ sthack
mimikatz @ sthackBenjamin Delpy
 
Firewalls
FirewallsFirewalls
FirewallsGajendra Saini
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.pptAchinikeWinifred
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disastersinfodox
 
Kerberos IV inductive analisys
Kerberos IV inductive analisysKerberos IV inductive analisys
Kerberos IV inductive analisysGiacomo De Liberali
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014it-people
 
Blockchain meetup
Blockchain meetupBlockchain meetup
Blockchain meetupQuantUniversity
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayJohn ILIADIS
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptxShashwat Shriparv
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringJAIGANESH SEKAR
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtDaniel Podolsky
 
kerb.ppt
kerb.pptkerb.ppt
kerb.pptJdQi
 
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Sid Anand
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemDeveloping a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemFastly
 
How does TLS work?
How does TLS work?How does TLS work?
How does TLS work?Hyeonsu Lee
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 

Mais conteúdo relacionado

Semelhante a Kerberos and Covert Channels

enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disastersinfodox
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014it-people
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayJohn ILIADIS
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringJAIGANESH SEKAR
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtDaniel Podolsky
 
kerb.ppt
kerb.pptkerb.ppt
kerb.pptJdQi
 
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Sid Anand
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemDeveloping a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemFastly
 
How does TLS work?
How does TLS work?How does TLS work?
How does TLS work?Hyeonsu Lee
 

Semelhante a Kerberos and Covert Channels (18)

authentication.ppt
authentication.pptauthentication.ppt
authentication.ppt
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authentication
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
 
Kerberos IV inductive analisys
Kerberos IV inductive analisysKerberos IV inductive analisys
Kerberos IV inductive analisys
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
 
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
 
Blockchain meetup
Blockchain meetupBlockchain meetup
Blockchain meetup
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
 
kerb.ppt
kerb.pptkerb.ppt
kerb.ppt
 
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemDeveloping a Globally Distributed Purging System
Developing a Globally Distributed Purging System
 
How does TLS work?
How does TLS work?How does TLS work?
How does TLS work?
 

Último

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 

Último (20)

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 

Kerberos and Covert Channels

  • 2. TOPICS COVERED • KERBEROS • COVERT CHANNELS  What  What is Kerberos?  How It Works?  Applications of Kerberos are Covert Channels?  How It Works?  Example  Conclusion ©neo
  • 4. WHAT IS KERBEROS? • Kerberos is a secure method for authenticating a request for a service in a computer network. • Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). • Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a particular service from a server. • The user's password does not have to pass through the network. ©neo
  • 5. XYZ Service Think “Kerberos Server” and don’t let yourself get mired in terminology. Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
  • 6. XYZ Service Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…) Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
  • 7. Ticket Granting Service XYZ Service “I’d like to be allowed to get tickets from the Ticket Granting Server, please. Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
  • 8. XYZ Service “Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.” Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
  • 10. TGT Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”. The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication. The TGT contains no password information. ©neo
  • 11. “Let me prove I am Susan to XYZ Service. XYZ Service Here’s a copy of my TGT!” Ticket Granting Service Key Distribution Center T TGTGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
  • 12. Hey XYZ: Susan is Susan. CONFIRMED: TGS XYZ Service You’re Susan. Here, take this. TGT Susan Ticket Granting Service Key Distribution Center AuthenTication Service Susan’s Desktop Computer ©neo
  • 13. XYZ Service I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
  • 14. That’s Susan alright. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
  • 15. Authorization checks are performed by the XYZ service… Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service. ©neo
  • 16. One remaining note: Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable. Until a ticket’s expiration, it may be used repeatedly. ©neo
  • 17. XYZ Service ME AGAIN! I’ll prove it. Here’s another copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
  • 18. That’s Susan… again. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
  • 19. APPLICATIONS  Authentication  Authorization  Confidentiality  Within networks and small sets of networks ©neo
  • 21. WHAT ARE COVERT CHANNELS ? •“A path of communication that was not designed to be used for communication.” •Covert channels arise in many situations, particularly in network communications. •Covert channels are virtually impossible to eliminate, and the emphasis is instead on limiting the capacity of such channels. ©neo
  • 22. FOR EXAMPLE Suppose Alice has a TOP SECRET clearance while Bob only has a CONFIDENTIAL clearance. If the file space is shared by all users then Alice and Bob can agree that if Alice wants to send a 1 to Bob, she will create a file named, say, FileXYzW and if she wants to send a 0 she will not create such a file. Bob can check to see whether file FileXYzW exists, and, if it does he knows Alice has sent him a 1, and if it does not, Alice has sent him a 0. In this way, a single bit of information has been passed through a covert channel, that is, through a means that was not intended for communication by the designers of the system. ©neo
  • 23. COVERT CHANNELS A single bit leaking from Alice to Bob is probably not a concern, but Alice could leak any amount of information by synchronizing with Bob. For example, Alice and Bob could agree that Bob will check for the file FileXYzW once each minute. As before, if the file does not exist, Alice has sent 0, and, if it does exists, Alice has sent a 1. In this way Alice can (slowly) leak TOP SECRET information to Bob. An printing queue can be similarly used as a covert channel. ©neo
  • 24. COVERT CHANNELS Three things are required for a covert channel to exist. • First, the sender and receiver must have access to a shared resource. • Second, the sender must be able to vary some property of the shared resource that the receiver can observe. • Finally, the sender and receiver must be able to synchronize their communication. It’s apparent that covert channels are extremely common. Probably the only way to completely eliminate all covert channels is to eliminate all shared resources and all communication. ©neo
  • 26. Presentation By: Shweta Agrawal Puneet Bhat Raj Bhatt Shaun Bothelo - 02 12 14 15 ©neo