problem statements on cross realm authentication
play

Problem statements on cross-realm authentication Shoichi Sakane - PowerPoint PPT Presentation

Jun 04, 2023 •121 likes •253 views

Problem statements on cross-realm authentication Shoichi Sakane Shouichi.Sakane@jp.yokogawa.com The 66 th IETF meeting 07/06/06 Yokogawa Electric Corporation 1 Purpose of this presentation Not presentation of our extension.

  1. Problem statements on cross-realm authentication Shoichi Sakane Shouichi.Sakane@jp.yokogawa.com The 66 th IETF meeting 07/06/06 Yokogawa Electric Corporation 1

  2. Purpose of this presentation • Not presentation of our extension. draft-zrelli-krb-xkdcp-00.txt • We would like to share the problems on cross-realm authentication with everyone here. • Next step, we can discuss to solve the problems. Our extension could be one of solutions. 07/06/06 Yokogawa Electric Corporation 2

  3. Problems 1. Security 2. Reliability 3. Performance 4. Applicability 07/06/06 Yokogawa Electric Corporation 3

  4. Exposure to DoS attack Not easy to set up filters to protect KDC. – KDC handles TGS exchanges with remote clients from different realms. Client Attacker KDC Attacker Client Client 07/06/06 Yokogawa Electric Corporation 4

  5. No PFS Intermediary KDCs can learn session keys. ref. "Specifying Kerberos 5 Cross-Realm Authentication", Fifth Workshop on Issues in the Theory of Security, Jan 2005. Home KDC KDC KDC KDC Tainted Server Client Tainted 07/06/06 Yokogawa Electric Corporation 5

  6. Reliability of chain Intermediary KDC down cause authentication failed. Home KDC KDC KDC KDC X X Server Client X 07/06/06 Yokogawa Electric Corporation 6

  7. Client's performance Client centralized exchanges causes unacceptable delay. – Client must perform TGS exchange with each KDC of the trust path. →Not scalable if number of realms increases especially for small/embedded devices. 07/06/06 Yokogawa Electric Corporation 7

  8. Processing time of Kerberos on embedded devices measured by Yokogawa Electric Corporation 04 through 06 CPU DS5250 H8 (16-bit, 20MHz) + (8051 arch., Crypt H/W (AES, 3DES, SHA1, MD5) 8-bit, 22MHz, w/ DES H/W) Krb lib MIT-1.2.4 MIT-1.2.4 Original Crypt H/W Enable Enable Disable Enable Disable TGT 4650ms 74ms 106ms 26ms 74ms TGS 4579ms 195ms 294ms 49ms 178ms Including waiting time Excluding waiting time 07/06/06 Yokogawa Electric Corporation 8

  9. Applicability to roaming scenario Roaming users can not access to home KDC from the visited realm. – due to the policy of the realms. – due to chiken-and-egg problem. Home Visited KDC KDC NG OK Client Client 07/06/06 Yokogawa Electric Corporation 9

  10. Summary of problems 1. Security issues – KDC is exposured to DoS attack from the Internet. – Intermediary KDCs can learn session keys. 2. Reliability of chain – Interealm KDC down causes authentication fails. 3. Client's Performance – client centralized exchanges cause unaccesptable delay. 4. Applicability to roaming scenario – Roaming users can not access to her home KDC. 07/06/06 Yokogawa Electric Corporation 10

  11. Conclusion • There are some problems to be solved in cross-realm environment. • Let's consider real environment to more deploy Kerberos system. – What are the problems ? – What problems should be solved ? – What technologies do we need ? 07/06/06 Yokogawa Electric Corporation 11

  12. End of presentaion 07/06/06 Yokogawa Electric Corporation 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick

Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick

Introduction Background Approach and Results Conclusion Cross-Realm Kerberos Authentication A study into implementations and compatibility Esan Wit Mick Pouw Supervisor: Michiel Leenaars A System and Network Engineering RP University of

558 views • 20 slides
Specifying Kerberos 5 Cross-Realm Authentication Chris Walstad Joint work with Iliano Cervesato,

Specifying Kerberos 5 Cross-Realm Authentication Chris Walstad Joint work with Iliano Cervesato,

Specifying Kerberos 5 Cross-Realm Authentication Chris Walstad Joint work with Iliano Cervesato, Aaron D. Jaggard, Andre Scedrov Supported by ONR, NSF, NRL Overview Introduction Kerberos 5 Formalization Properties

454 views • 24 slides
e-authentication Practices: A road to global implementation of e-authentication for

e-authentication Practices: A road to global implementation of e-authentication for

Market-driven e-authentication Practices: A road to global implementation of e-authentication for cross-bordered trade document Mr. Wanawit Ahkuputra Deputy Executive Director of ETDA Thailand HOD and AFACT chair. Building Soft

533 views • 13 slides
REALM 101 MARCH 18, 2018 12:30, JEFFERSON HALL A MESSAGE FROM JULIA REALM RESOURCES This

REALM 101 MARCH 18, 2018 12:30, JEFFERSON HALL A MESSAGE FROM JULIA REALM RESOURCES This

REALM 101 MARCH 18, 2018 12:30, JEFFERSON HALL A MESSAGE FROM JULIA REALM RESOURCES This presentation and other resources can be found at: WWW .USSB.ORG/REALM YOU ARE INVITED! You must have an invitation to join Realm Only members

565 views • 53 slides
The Spooky Spiritual Realm What we need to know What is the spooky spiritual realm?

The Spooky Spiritual Realm What we need to know What is the spooky spiritual realm?

The Spooky Spiritual Realm What we need to know What is the spooky spiritual realm? Paranormal not scientifically explainable - In the spirit realm there are holy and unholy paranormal phenomena. - There is money to be made. -

620 views • 12 slides
@GregBala Greg.b@BDAEntertainment.com About us Realm of Empires - MMORTS Started Played on

@GregBala Greg.b@BDAEntertainment.com About us Realm of Empires - MMORTS Started Played on

Cross-platform apps, for mobile and desktop Porting Realm of Empires to mobile HTML5 Greg Balajewicz @GregBala Greg.b@BDAEntertainment.com About us Realm of Empires - MMORTS Started Played on Win8 mobile browser FireFoxOS? Amazons

566 views • 45 slides
Message Authentication Codes Digital Signatures Lecture 11 Shafi Goldwasser Authentication

Message Authentication Codes Digital Signatures Lecture 11 Shafi Goldwasser Authentication

Message Authentication Codes Digital Signatures Lecture 11 Shafi Goldwasser Authentication Problem Bob Alice k k message M Eve is Active: Can alter messages Can insert new messages Authentication Problem Secrecy is not the only

553 views • 37 slides
Questioning Kerberos Assumptions Sam Hartman IETF 63 Questioning Kerberos Assumptions

Questioning Kerberos Assumptions Sam Hartman IETF 63 Questioning Kerberos Assumptions

Questioning Kerberos Assumptions Sam Hartman IETF 63 Questioning Kerberos Assumptions Principal Names are not remapped in cross-realm The destination KDC is not involved in cross-realm Privacy of principal names 1 Why Remap

534 views • 19 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
DEVELOPMENT REALM Development Development can increase can reduce vulnerability vulnerability

DEVELOPMENT REALM Development Development can increase can reduce vulnerability vulnerability

DEVELOPMENT REALM Development Development can increase can reduce vulnerability vulnerability NEGATIVE POSITIVE REALM REALM Disasters can Disasters can provide set back development development opportunities DISASTER REALM +

305 views • 9 slides
Waterfront Plan Public Realm Parks and Open Space Marina History and Art in the Public Realm

Waterfront Plan Public Realm Parks and Open Space Marina History and Art in the Public Realm

Waterfront Plan Public Realm Parks and Open Space Marina History and Art in the Public Realm The Waterfront Public Realm: Existing Parks Daingerfield Island Rivergate Park Oronoco Bay Park Founders Park 2 The Waterfront Public Realm: Public

697 views • 44 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
The truck scheduling problem at cross-docking terminals L. Berghman, C. Briand, R. Leus and P.

The truck scheduling problem at cross-docking terminals L. Berghman, C. Briand, R. Leus and P.

The truck scheduling problem at cross-docking terminals L. Berghman, C. Briand, R. Leus and P. Lopez; PMS 2012 ORSTAT, KU Leuven; CNRS; LAAS Outline What is cross-docking? Cross-docking Modes Exclusive versus mixed mode Notations

844 views • 18 slides
University KnowledgeBase Pushing the KnowledgeBase Limits Without Getting a Faceplant John

University KnowledgeBase Pushing the KnowledgeBase Limits Without Getting a Faceplant John

University KnowledgeBase Pushing the KnowledgeBase Limits Without Getting a Faceplant John Cowsert (AITS) Agenda Introductions KnowledgeBase Overview Features Testimonials Lessons Learned Introductions John Cowsert

544 views • 43 slides
Detecting and Resolving Type Flaws in Security Protocols Michael Banks Department of Computer

Detecting and Resolving Type Flaws in Security Protocols Michael Banks Department of Computer

Detecting and Resolving Type Flaws in Security Protocols Michael Banks Department of Computer Science, University of York 26th February 2009 Outline 1 Security Protocols 2 Type Flaws: Attacks and Defences 3 Detecting and Resolving Potential

391 views • 25 slides
EMCL @ Institute of Information Systems Thomas Eiter Institute of Information Systems Vienna

EMCL @ Institute of Information Systems Thomas Eiter Institute of Information Systems Vienna

EMCL @ Institute of Information Systems Thomas Eiter Institute of Information Systems Vienna University of Technology eiter@kr.tuwien.ac.at EMCL Student Workshop Vienna, February 21, 2012 1/24 EMCL@184 1. Institute of Information Systems

744 views • 31 slides
OWL Three species of OWL OWL full is union of OWL syntax and RDF (Undecidable) OWL DL

OWL Three species of OWL OWL full is union of OWL syntax and RDF (Undecidable) OWL DL

OWL Three species of OWL OWL full is union of OWL syntax and RDF (Undecidable) OWL DL restricted to FOL fragment (decidable in NEXPTIME) OWL Lite is easier to implement subset of OWL DL (decidable in EXPTIME) Semantic

967 views • 74 slides
Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP

Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP

Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP 2017 2017-05-03 Intro M.Sc. in Computational Biology Ph.D. in Microbiology Samba Team member 2/45 Overview Programming

776 views • 45 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Key Distribution in Symmetric Encryption ISS Dr. Ayman Abdel-Hamid 1 Outline

510 views • 12 slides
Distributed Systems Principles and Paradigms Chapter 09 (version April 7, 2008 ) Maarten van

Distributed Systems Principles and Paradigms Chapter 09 (version April 7, 2008 ) Maarten van

Distributed Systems Principles and Paradigms Chapter 09 (version April 7, 2008 ) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.20. Tel: (020) 598 7784 E-mail:steen@cs.vu.nl,

582 views • 47 slides
Introduction . Zhang embed U q ( sl 2 ) into Assume q is not a root of unity, X. W. Chen and P the

Introduction . Zhang embed U q ( sl 2 ) into Assume q is not a root of unity, X. W. Chen and P the

Two Dimensional YD-modules over U q ( sl 2 ) are trivial Emine Yildirim University of New Brunswick June 27th, 2014 Emine Yildirim (University of New Brunswick) Hopf Algebras in (co)action June 27th, 2014 1 / 21 Introduction Introduction .

383 views • 21 slides

More recommend