Warning:
JavaScript is turned OFF. None of the links on this page will work until it is reactivated.
If you need help turning JavaScript On, click here.
This Concept Map, created with IHMC CmapTools, has information related to: ch7 secu need, Needhad-Schroder, Kerberos, TLS, WIFI has Kerberos protocol is too costly to apply on each NFS operation Kerberos is used in the mount service: to authenticate the user's identity User's UserID and GroupID are stored at the server with the client's IP address For each file request: UserID and GroupID are sent encrypted in the shared session key The UserID and GroupID must match those stored at the server IP addresses must also match This approach has some problems can't accommodate multiple users sharing the same client computer all remote filestores must be mounted each time a user logs in, Needhad-Schroder, Kerberos, TLS, WIFI has Weakness: Message 3 might not be fresh - and KAB could have been compromised in the store of A's computer. Kerberos (next case study) addresses this by adding a timestamp or a NA is a nonce. Nonces are integers that are added to messages to demonstrate the freshness of the transaction. They are generated by the sending process when required, for example by incrementing a counter or by reading the (microsecond resolution) system clock., Needhad-Schroder, Kerberos, TLS, WIFI has Secures communication with servers on a local network Developed at MIT in the 1980s to provide security across a large campus network > 5000 users based on Needham - Schroeder protocol Standardized and now included in many operating systems Internet RFC 1510, OSF DCE BSD UNIX, Linux, Windows 2000, NT, XP, etc. Available from MIT Kerberos server creates a shared secret key for any required server and sends it (encrypted) to the user's computer User's password is the initial secret shared with Kerberos, Needhad-Schroder, Kerberos, TLS, WIFI has Key distribution and secure channels for internet commerce Hybrid protocol; depends on public-key cryptography Originally developed by Netscape Corporation (1994) Extended and adopted as an Internet standard with the name Transport Level Security (TLS) Provides the security in all web servers and browsers and in secure versions of Telnet, FTP and other network applications Design requirements Secure communication without prior negotation or help from 3rd parties Free choice of crypto algorithms by client and server communication in each direction can be authenticated, encrypted or both, Needhad-Schroder, Kerberos, TLS, WIFI has In early distributed systems (1974-84) it was difficult to protect the servers E.g. against masquerading attacks on a file server because there was no mechanism for authenticating the origins of requests public-key cryptography was not yet available or practical computers too slow for trap-door calculations RSA algorithm not available until 1978 Needham and Schroeder therefore developed an authentication and key-distribution protocol for use in a local network An early example of the care required to design a safe security protocol Introduced several design ideas including the use of nonces.