SlideShare una empresa de Scribd logo

Kerberos and Covert Channels

Descargar como PPTX, PDF
Raj Bhatt
Raj Bhatt

Internet Network and Security

EducaciónTecnologíaEmpresariales
1 de 26
KERBEROS & COVERT CHANNELS ©neo
TOPICS COVERED • KERBEROS • COVERT CHANNELS  What  What is Kerberos?  How It Works?  Applications of Kerberos are Covert Channels?  How It Works?  Example  Conclusion ©neo
KERBEROS ©neo
WHAT IS KERBEROS? • Kerberos is a secure method for authenticating a request for a service in a computer network. • Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). • Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a particular service from a server. • The user's password does not have to pass through the network. ©neo
XYZ Service Think “Kerberos Server” and don’t let yourself get mired in terminology. Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
XYZ Service Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…) Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
Ticket Granting Service XYZ Service “I’d like to be allowed to get tickets from the Ticket Granting Server, please. Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
XYZ Service “Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.” Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
Ticket Granting Service XYZ Service Key Distribution Center TGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
TGT Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”. The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication. The TGT contains no password information. ©neo
“Let me prove I am Susan to XYZ Service. XYZ Service Here’s a copy of my TGT!” Ticket Granting Service Key Distribution Center T TGTGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
Hey XYZ: Susan is Susan. CONFIRMED: TGS XYZ Service You’re Susan. Here, take this. TGT Susan Ticket Granting Service Key Distribution Center AuthenTication Service Susan’s Desktop Computer ©neo
XYZ Service I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
That’s Susan alright. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
Authorization checks are performed by the XYZ service… Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service. ©neo
One remaining note: Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable. Until a ticket’s expiration, it may be used repeatedly. ©neo
XYZ Service ME AGAIN! I’ll prove it. Here’s another copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
That’s Susan… again. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
APPLICATIONS  Authentication  Authorization  Confidentiality  Within networks and small sets of networks ©neo
COVERT CHANNELS ©neo
WHAT ARE COVERT CHANNELS ? •“A path of communication that was not designed to be used for communication.” •Covert channels arise in many situations, particularly in network communications. •Covert channels are virtually impossible to eliminate, and the emphasis is instead on limiting the capacity of such channels. ©neo
FOR EXAMPLE Suppose Alice has a TOP SECRET clearance while Bob only has a CONFIDENTIAL clearance. If the file space is shared by all users then Alice and Bob can agree that if Alice wants to send a 1 to Bob, she will create a file named, say, FileXYzW and if she wants to send a 0 she will not create such a file. Bob can check to see whether file FileXYzW exists, and, if it does he knows Alice has sent him a 1, and if it does not, Alice has sent him a 0. In this way, a single bit of information has been passed through a covert channel, that is, through a means that was not intended for communication by the designers of the system. ©neo
COVERT CHANNELS A single bit leaking from Alice to Bob is probably not a concern, but Alice could leak any amount of information by synchronizing with Bob. For example, Alice and Bob could agree that Bob will check for the file FileXYzW once each minute. As before, if the file does not exist, Alice has sent 0, and, if it does exists, Alice has sent a 1. In this way Alice can (slowly) leak TOP SECRET information to Bob. An printing queue can be similarly used as a covert channel. ©neo
COVERT CHANNELS Three things are required for a covert channel to exist. • First, the sender and receiver must have access to a shared resource. • Second, the sender must be able to vary some property of the shared resource that the receiver can observe. • Finally, the sender and receiver must be able to synchronize their communication. It’s apparent that covert channels are extremely common. Probably the only way to completely eliminate all covert channels is to eliminate all shared resources and all communication. ©neo
Thank you ©neo
Presentation By: Shweta Agrawal Puneet Bhat Raj Bhatt Shaun Bothelo - 02 12 14 15 ©neo

Recomendados

Kerberos: The Four Letter Word
Kerberos: The Four Letter WordKerberos: The Four Letter Word
Kerberos: The Four Letter WordKenneth Maglio
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
mimikatz @ sthack
mimikatz @ sthackmimikatz @ sthack
mimikatz @ sthackBenjamin Delpy
 
Firewalls
FirewallsFirewalls
FirewallsGajendra Saini
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 

Recomendados

Kerberos: The Four Letter Word
Kerberos: The Four Letter WordKerberos: The Four Letter Word
Kerberos: The Four Letter WordKenneth Maglio
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
mimikatz @ sthack
mimikatz @ sthackmimikatz @ sthack
mimikatz @ sthackBenjamin Delpy
 
Firewalls
FirewallsFirewalls
FirewallsGajendra Saini
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.pptAchinikeWinifred
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disastersinfodox
 
Kerberos IV inductive analisys
Kerberos IV inductive analisysKerberos IV inductive analisys
Kerberos IV inductive analisysGiacomo De Liberali
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014it-people
 
Blockchain meetup
Blockchain meetupBlockchain meetup
Blockchain meetupQuantUniversity
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayJohn ILIADIS
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptxShashwat Shriparv
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringJAIGANESH SEKAR
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtDaniel Podolsky
 
kerb.ppt
kerb.pptkerb.ppt
kerb.pptJdQi
 
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Sid Anand
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemDeveloping a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemFastly
 
How does TLS work?
How does TLS work?How does TLS work?
How does TLS work?Hyeonsu Lee
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Más contenido relacionado

Similar a Kerberos and Covert Channels

enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disastersinfodox
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014it-people
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayJohn ILIADIS
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringJAIGANESH SEKAR
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtDaniel Podolsky
 
kerb.ppt
kerb.pptkerb.ppt
kerb.pptJdQi
 
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Sid Anand
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemDeveloping a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemFastly
 
How does TLS work?
How does TLS work?How does TLS work?
How does TLS work?Hyeonsu Lee
 

Similar a Kerberos and Covert Channels (18)

authentication.ppt
authentication.pptauthentication.ppt
authentication.ppt
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authentication
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
 
Kerberos IV inductive analisys
Kerberos IV inductive analisysKerberos IV inductive analisys
Kerberos IV inductive analisys
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
 
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
 
Blockchain meetup
Blockchain meetupBlockchain meetup
Blockchain meetup
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
 
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaughtBuild your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
 
kerb.ppt
kerb.pptkerb.ppt
kerb.ppt
 
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging SystemDeveloping a Globally Distributed Purging System
Developing a Globally Distributed Purging System
 
How does TLS work?
How does TLS work?How does TLS work?
How does TLS work?
 

Último

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 

Último (20)

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 

Kerberos and Covert Channels

  • 2. TOPICS COVERED • KERBEROS • COVERT CHANNELS  What  What is Kerberos?  How It Works?  Applications of Kerberos are Covert Channels?  How It Works?  Example  Conclusion ©neo
  • 4. WHAT IS KERBEROS? • Kerberos is a secure method for authenticating a request for a service in a computer network. • Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). • Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a particular service from a server. • The user's password does not have to pass through the network. ©neo
  • 5. XYZ Service Think “Kerberos Server” and don’t let yourself get mired in terminology. Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
  • 6. XYZ Service Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…) Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
  • 7. Ticket Granting Service XYZ Service “I’d like to be allowed to get tickets from the Ticket Granting Server, please. Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
  • 8. XYZ Service “Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.” Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
  • 10. TGT Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”. The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication. The TGT contains no password information. ©neo
  • 11. “Let me prove I am Susan to XYZ Service. XYZ Service Here’s a copy of my TGT!” Ticket Granting Service Key Distribution Center T TGTGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
  • 12. Hey XYZ: Susan is Susan. CONFIRMED: TGS XYZ Service You’re Susan. Here, take this. TGT Susan Ticket Granting Service Key Distribution Center AuthenTication Service Susan’s Desktop Computer ©neo
  • 13. XYZ Service I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
  • 14. That’s Susan alright. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
  • 15. Authorization checks are performed by the XYZ service… Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service. ©neo
  • 16. One remaining note: Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable. Until a ticket’s expiration, it may be used repeatedly. ©neo
  • 17. XYZ Service ME AGAIN! I’ll prove it. Here’s another copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
  • 18. That’s Susan… again. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
  • 19. APPLICATIONS  Authentication  Authorization  Confidentiality  Within networks and small sets of networks ©neo
  • 21. WHAT ARE COVERT CHANNELS ? •“A path of communication that was not designed to be used for communication.” •Covert channels arise in many situations, particularly in network communications. •Covert channels are virtually impossible to eliminate, and the emphasis is instead on limiting the capacity of such channels. ©neo
  • 22. FOR EXAMPLE Suppose Alice has a TOP SECRET clearance while Bob only has a CONFIDENTIAL clearance. If the file space is shared by all users then Alice and Bob can agree that if Alice wants to send a 1 to Bob, she will create a file named, say, FileXYzW and if she wants to send a 0 she will not create such a file. Bob can check to see whether file FileXYzW exists, and, if it does he knows Alice has sent him a 1, and if it does not, Alice has sent him a 0. In this way, a single bit of information has been passed through a covert channel, that is, through a means that was not intended for communication by the designers of the system. ©neo
  • 23. COVERT CHANNELS A single bit leaking from Alice to Bob is probably not a concern, but Alice could leak any amount of information by synchronizing with Bob. For example, Alice and Bob could agree that Bob will check for the file FileXYzW once each minute. As before, if the file does not exist, Alice has sent 0, and, if it does exists, Alice has sent a 1. In this way Alice can (slowly) leak TOP SECRET information to Bob. An printing queue can be similarly used as a covert channel. ©neo
  • 24. COVERT CHANNELS Three things are required for a covert channel to exist. • First, the sender and receiver must have access to a shared resource. • Second, the sender must be able to vary some property of the shared resource that the receiver can observe. • Finally, the sender and receiver must be able to synchronize their communication. It’s apparent that covert channels are extremely common. Probably the only way to completely eliminate all covert channels is to eliminate all shared resources and all communication. ©neo
  • 26. Presentation By: Shweta Agrawal Puneet Bhat Raj Bhatt Shaun Bothelo - 02 12 14 15 ©neo