Enviar búsqueda
Cargar
Kerberos and Covert Channels
•
Descargar como PPTX, PDF
•
1 recomendación
•
690 vistas
Raj Bhatt
Seguir
Internet Network and Security
Leer menos
Leer más
Educación
Tecnología
Empresariales
Denunciar
Compartir
Denunciar
Compartir
1 de 26
Descargar ahora
Recomendados
Kerberos: The Four Letter Word
Kerberos: The Four Letter Word
Kenneth Maglio
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
Ankit Mehta
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy
An Introduction to Kerberos
An Introduction to Kerberos
Shumon Huque
mimikatz @ sthack
mimikatz @ sthack
Benjamin Delpy
Firewalls
Firewalls
Gajendra Saini
crypto2ssh
crypto2ssh
Hasan Sharif
Kerberos
Kerberos
Sutanu Paul
Recomendados
Kerberos: The Four Letter Word
Kerberos: The Four Letter Word
Kenneth Maglio
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
Ankit Mehta
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy
An Introduction to Kerberos
An Introduction to Kerberos
Shumon Huque
mimikatz @ sthack
mimikatz @ sthack
Benjamin Delpy
Firewalls
Firewalls
Gajendra Saini
crypto2ssh
crypto2ssh
Hasan Sharif
Kerberos
Kerberos
Sutanu Paul
authentication.ppt
authentication.ppt
AchinikeWinifred
enkripsi and authentication
enkripsi and authentication
ahmad amiruddin
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
infodox
Kerberos IV inductive analisys
Kerberos IV inductive analisys
Giacomo De Liberali
BAIT1103 Chapter 3
BAIT1103 Chapter 3
limsh
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
Paris Open Source Summit
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
Worteks
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
it-people
Blockchain meetup
Blockchain meetup
QuantUniversity
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
John ILIADIS
Kerberos Architecture.pptx
Kerberos Architecture.pptx
Shashwat Shriparv
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
JAIGANESH SEKAR
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
Daniel Podolsky
kerb.ppt
kerb.ppt
JdQi
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)
Sid Anand
Certificate pinning in android applications
Certificate pinning in android applications
Arash Ramez
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging System
Fastly
How does TLS work?
How does TLS work?
Hyeonsu Lee
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
YousafMalik24
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
Dr.Ibrahim Hassaan
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Más contenido relacionado
Similar a Kerberos and Covert Channels
authentication.ppt
authentication.ppt
AchinikeWinifred
enkripsi and authentication
enkripsi and authentication
ahmad amiruddin
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
infodox
Kerberos IV inductive analisys
Kerberos IV inductive analisys
Giacomo De Liberali
BAIT1103 Chapter 3
BAIT1103 Chapter 3
limsh
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
Paris Open Source Summit
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
Worteks
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
it-people
Blockchain meetup
Blockchain meetup
QuantUniversity
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
John ILIADIS
Kerberos Architecture.pptx
Kerberos Architecture.pptx
Shashwat Shriparv
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
JAIGANESH SEKAR
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
Daniel Podolsky
kerb.ppt
kerb.ppt
JdQi
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)
Sid Anand
Certificate pinning in android applications
Certificate pinning in android applications
Arash Ramez
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging System
Fastly
How does TLS work?
How does TLS work?
Hyeonsu Lee
Similar a Kerberos and Covert Channels
(18)
authentication.ppt
authentication.ppt
enkripsi and authentication
enkripsi and authentication
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
Kerberos IV inductive analisys
Kerberos IV inductive analisys
BAIT1103 Chapter 3
BAIT1103 Chapter 3
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
"Writing Secure APIs" Armin Ronacher, PyCon Ru 2014
Blockchain meetup
Blockchain meetup
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
Kerberos Architecture.pptx
Kerberos Architecture.pptx
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
Build your own network security protocol and get away uncaught
Build your own network security protocol and get away uncaught
kerb.ppt
kerb.ppt
Building High Fidelity Data Streams (QCon London 2023)
Building High Fidelity Data Streams (QCon London 2023)
Certificate pinning in android applications
Certificate pinning in android applications
Developing a Globally Distributed Purging System
Developing a Globally Distributed Purging System
How does TLS work?
How does TLS work?
Último
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
YousafMalik24
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
Dr.Ibrahim Hassaan
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
JoshuaGantuangco2
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
Sabitha Banu
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
Celine George
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
MiaBumagat1
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
nelietumpap1
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
navabharathschool99
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
Ashokrao Mane college of Pharmacy Peth-Vadgaon
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Sabitha Banu
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
nelietumpap1
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
Nguyen Thanh Tu Collection
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
Anupkumar Sharma
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
Humphrey A Beña
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
SherlyMaeNeri
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
Conquiztadors- the Quiz Society of Sri Venkateswara College
Último
(20)
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
Kerberos and Covert Channels
1.
KERBEROS & COVERT CHANNELS ©neo
2.
TOPICS COVERED • KERBEROS • COVERT
CHANNELS What What is Kerberos? How It Works? Applications of Kerberos are Covert Channels? How It Works? Example Conclusion ©neo
3.
KERBEROS ©neo
4.
WHAT IS KERBEROS? •
Kerberos is a secure method for authenticating a request for a service in a computer network. • Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). • Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a particular service from a server. • The user's password does not have to pass through the network. ©neo
5.
XYZ Service Think “Kerberos
Server” and don’t let yourself get mired in terminology. Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
6.
XYZ Service Represents something requiring
Kerberos authentication (web server, ftp server, ssh server, etc…) Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
7.
Ticket Granting Service XYZ Service “I’d like
to be allowed to get tickets from the Ticket Granting Server, please. Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
8.
XYZ Service “Okay. I
locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.” Ticket Granting Service Key Distribution Center AuthenTication Service Susan Susan’s Desktop Computer ©neo
9.
Ticket Granting Service XYZ Service Key Distribution Center TGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
10.
TGT Because Susan was
able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”. The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication. The TGT contains no password information. ©neo
11.
“Let me prove
I am Susan to XYZ Service. XYZ Service Here’s a copy of my TGT!” Ticket Granting Service Key Distribution Center T TGTGT Susan AuthenTication Service Susan’s Desktop Computer ©neo
12.
Hey XYZ: Susan is
Susan. CONFIRMED: TGS XYZ Service You’re Susan. Here, take this. TGT Susan Ticket Granting Service Key Distribution Center AuthenTication Service Susan’s Desktop Computer ©neo
13.
XYZ Service I’m Susan.
I’ll prove it. Here’s a copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
14.
That’s Susan alright.
Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
15.
Authorization checks are
performed by the XYZ service… Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service. ©neo
16.
One remaining note: Tickets
(your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable. Until a ticket’s expiration, it may be used repeatedly. ©neo
17.
XYZ Service ME AGAIN!
I’ll prove it. Here’s another copy of my legit service ticket for XYZ. Ticket Granting Service Key Distribution Center Hey XYZ: Hey XYZ: Susan is Susan. Susan is Susan. CONFIRMED: TGS CONFIRMED: TGS Susan TGT AuthenTication Service Susan’s Desktop Computer ©neo
18.
That’s Susan… again.
Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Key Distribution Center Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan Ticket Granting Service TGT AuthenTication Service Susan’s Desktop Computer ©neo
19.
APPLICATIONS Authentication Authorization
Confidentiality Within networks and small sets of networks ©neo
20.
COVERT CHANNELS ©neo
21.
WHAT ARE COVERT
CHANNELS ? •“A path of communication that was not designed to be used for communication.” •Covert channels arise in many situations, particularly in network communications. •Covert channels are virtually impossible to eliminate, and the emphasis is instead on limiting the capacity of such channels. ©neo
22.
FOR EXAMPLE Suppose Alice
has a TOP SECRET clearance while Bob only has a CONFIDENTIAL clearance. If the file space is shared by all users then Alice and Bob can agree that if Alice wants to send a 1 to Bob, she will create a file named, say, FileXYzW and if she wants to send a 0 she will not create such a file. Bob can check to see whether file FileXYzW exists, and, if it does he knows Alice has sent him a 1, and if it does not, Alice has sent him a 0. In this way, a single bit of information has been passed through a covert channel, that is, through a means that was not intended for communication by the designers of the system. ©neo
23.
COVERT CHANNELS A single
bit leaking from Alice to Bob is probably not a concern, but Alice could leak any amount of information by synchronizing with Bob. For example, Alice and Bob could agree that Bob will check for the file FileXYzW once each minute. As before, if the file does not exist, Alice has sent 0, and, if it does exists, Alice has sent a 1. In this way Alice can (slowly) leak TOP SECRET information to Bob. An printing queue can be similarly used as a covert channel. ©neo
24.
COVERT CHANNELS Three things
are required for a covert channel to exist. • First, the sender and receiver must have access to a shared resource. • Second, the sender must be able to vary some property of the shared resource that the receiver can observe. • Finally, the sender and receiver must be able to synchronize their communication. It’s apparent that covert channels are extremely common. Probably the only way to completely eliminate all covert channels is to eliminate all shared resources and all communication. ©neo
25.
Thank you ©neo
26.
Presentation By: Shweta Agrawal Puneet
Bhat Raj Bhatt Shaun Bothelo - 02 12 14 15 ©neo
Descargar ahora