Upload File

giao thuc kerberos

prev
next
out of 25
Download Giao thuc Kerberos

Upload: hienact

Post on 17-Jul-2015

255 views

Category:

Documents


3 download

Report

TRANSCRIPT

Giao thc xc thc Kerberos

Gii thiu1. Xc thc trong cc mng my tnh hot ng trn nhng ng truyn khng an ton . 2. Mc tiu khi thit k giao thc ny l nhm vo m hnh client server. 3. Hin nay gm 2 phin bn phin bn 4 v phin bn 5 . 4. Nhm xc thc 3 dng tn cng ch yu: Ngi ng nhp c th c c s truy cp n mt mng ring bit v ngn chn nhng ng nhp khc truy cp vo mng . Ngi ng nhp c bin i a ch mng ca my trm nhng i hi c gi i t my trm ny nhng c ngh li gi my trm khc. Ngi ng nhp c th chn bt nhng thay i v s dng li n nh la dch v hay iu khin chn bt thng tin khc.

Nguyn l hot ng

Nguyn l Phn tch hot ng nh gi

Nguyn lKerberos s dng mt bn th ba gi l "trung tm phn phi kha" (keydistribution center KDC). KDC gm 2 chc nng: -AS"(authentication server) v -TGS" (ticket granting server TGS)

Ngi dng Ngi dng gi gi yu cu s dng dch yu cu s v S TGS cp cho Server cp Ngi ch V ti my v S dng dng ngidch cho hnh th dng xc pht ngi v dngth th thadng th s ra s v atm thc mnh dng dch dch v S v S xc server xcthc vi thc

TGSAS

n ServerBINH

My ch chng thc AS(Ticket Granting Server) bit cp kho TGS (Authentication Server) cung Hacker Loi Server gi thng bo chp cp v dch cu s cphp dng ,v my nhp vo cc kho mt ca tt dng dch ngi dng truych c lu nhn yu v cho ngi myv S mt c dng gi trn ca ngi s d liu tp trung ch trn mngLOI

Phn tch hot ngIDc // EkV(IDc//ADc//IDv) C3

V

1

2

AS ID c//Pc//IDv

My trm C nhn c Nu th mi gi Chotm to ra my tm hp l n chng thc My trm giV tm th nh danh ca ngi dng trn C cu th kim tra (ticket)= Ch yu IDc: v nh n AS,danh s kim trany s dny my ch chng thc AS cha trong tm AS cngs th danh ca ,lc c my chng cIDv:tn cng bt tm th ngay bc (2)sau s dng Mt kEkv(IDc//ADc//IDv) v ca V tnnhn C c nhchn ch th c cth l c tm gi liu so vi khai bo C.Nu khu ca ngi dngt mng ny .Lc tm th c th a .Tmmng m iV giiu (3) bng trmC ch danhPc: mt hp bc tin n trn khc. nh caV v hi IDc vbc sau nc mnmng ca C truyn ,ADc:C trong hy chuyn li n snh vi a ch C. nu nh m so v n khngdanhth n c chuyn trong cng my trm hiu lc nu Kv: kho m ho b mt c chia s bi AS v V tm b xc thc ny ch num ha ha..C khng c ca

C s d liu tp trungKha K l C,V ca my ch

nh giPhng php trn cha ti u v u tin chng ta mong mun gim thiu thi gian m ngi dng phi tri qua mt khu . Vd : mt tm TGS ch s dng mt ln, nu C ng nhp vo my trm kim tra th in t, th C phi cung cp mt mt khu nhn c TGS ca AS.Nu C kim tra th c ta 3 ,4 .. ln trong mt ngy, mi ln li nhp mt khu yu cu th. Rt tn thi gian => chng ta c th ci thin vn trn bng cch dng li tm th , nhng cha khc phc c khi C dng nhiu dch v khc nhau password chng minh Alice gi km

Trudy c kh bc 1 khi c password ca Alice. Th hai t ra trongnng nghedi chuyn mt khu bn r n AS.Nu mt k nghe trm ri th nghe ln gi cho Bob khi dng bt k dch Trudy ghi li password c dng n mt khu v s b hi password v no truy cp. (record and playback).

M hnh Kerberros y Ngi dng gi yu cu v xin truy nhp TGS n AS yu cu cha IDc v IDtgs, n c m V gii mkho C gi cho V thng ho bng service ticket, ly ra SK2 , V ip c m ho mt ca C Server s dng SK2 m Ngi dng C ng bng truy lc trong AS skho SK2 ho tem thi gian gi nhp vo h thng, cha: IDc, IP ly c s d liu, client, li cho C nhp nh danh v tem thi gian v kho b mt ca C, TGSkhu.m v xc thc C, sinh kho phin gii Client s mt Service ticket m gii m IDc v IDtgs, SK2(Cv Vmt khu gi cho C thng ip cha lin lc), chuyn i cha : C gi yucho u v TGTTrong ccnng dng a lp, nng k ng kim trathchp lliu c Tn cp sao C cctrin thng c c cth cc khthngxc minhginhc khochung Lmcnghpbo mt:h thnggm thnghochung mt V,mi ch ho bicu bod c H tr mginviipphinbaothng:ng SSO,bngthng, ngic trong mngtrong c cu nhim: cc nh desktop: tnh AS xc ch Khng ai SK2c:thngdngtruynh v cn an dngmy csmt ca C Mtyu trongkho Cbngh mtphin mt ln, cp vithc clientngyunh c bi Kh n thc:ho cng tckhoSSOSSO cungc khng chng ton chngch mt ln Tngtch tin dng choHgiqunnhpTheo dngchngkhic snthcdng gian dchmt c - giicngmt pht Cng dodng: Ngi ch dch chframework s cc quyn bnthngca Vi ng tr: m cng nhiu v thi thnh s im TGT t, mng: vn: Thng ip trc khi truyn sphi v nhp s bng Tng ring v tnh kho Tnhnhp tngIDv tonngikhidng, t ipphi my rinchng ho cckdngdng V Tnh v tipht trin. V th hngichng s gi yutmca n, my khi thch thng c khng - Vkho ca SK1nguynnh ch hp ca Do cuTGS nn sau khi c truy cc c trngidin V cho c Nu ln nhp mt khu ndngngha khith, an ngiphinthcgiaophinngi truyn thng ra kt ni hp c kcmgia V danhhin. chobitthng khiring,dngcho thius d liu thng tintruyn thng sthcv thc vic dchchngphinC.mng. Gim ckhngdng l, trng lp cng tngring.lhai,ng nhp dng ring ti cho nn khng s cn sai. quan ngi th bactng mt y Mts dng kho cng nh V th xy thc c nhiu mt khu cho hin c c kho nh thng, v chng nh hdng trong mng. khng dch gia client v khi pha th cc dch truyncc ngcc phccng khng. th,cn phi ny rt d b tn cng DoS, lm t lit th phin nn thm m khng th no c th c hay thay i ni dung thngxy mo tt khi v nh khongkhng c my vobngthi to sthng.ln qu nhanhng truyngian ip s m qun vo mng,halng khomt khuVIDc, ngi client v chng trnh h thamcho h thng v vibngyu thngcacccmiphi dngvn tem ghi dtnhtc ra hThhpbng khocsgiahoSSO cudngntnggiaoca m c.ti thc.cng khng ccthng h thng nhm cclngkhng gmnhiu IPgiisa lithngtng mtliuChng chc na, kho vo s C m bo ch ra chthngtc truy lm mti iu ny gia nngcoi mtl h ng SK1 SSO h bo y, trn chng thi m ly ca h thng ngi truyn C rt Kerberos qu bo khu li. H mt trnh m mt c m gi trong hai bn m mh kia ip tham ca phin tchho h ton thng.thng. Tt c ch l mt ti khon cho ht thy cc dch v trong h thng. khi c trong c vBntruyn. cln choca liu trc khi c truyn nn c s d liu ngi dng tp xykh th bo cho tin SK1pht h thay s yn mt mt ninh qunsao nhau. di chuyn, ho ton kho d v ngi ca h thng c my v lm ch ca nhngitrin honbngthng, cc tng nm phn tn dng c dng, ra thng ccnh cm thngi c s cng ca TGS dngbo ch TGScctrung ch thcmtV mi mcdng. Thng dng tmliuan khum ngi trong rt cc. Bn cng SSO, mi bo thngquanh, d xung tr. Vi d l. nng b c cng vic tp nhc nh lng ngi cng tccc chng c nh trung l xylp ginh quyn truy cho m mng nn u c c nngtrojanho, s dng nhau. bo gim i rtthng. trntrnh qun tr trnh ch bo mt c cp,vian ton dngmtnhp h thng mi. nhiu.

Kt lun- Tn ti mt im yu: Nu my ch trung tm ngng hot ng th mi hot ng s ngng li. im yu ny c th c hn ch bng cch s dng nhiu my ch Kerberos.

- Giao thc i hi ng h ca tt c nhng my tnh lin quan phi c ng b. Nu khng m bo iu ny, c ch nhn thc gia trn thi hn s dng s khng hot ng. Thit lp mc nh i hi cc ng h khng c sai lch qu 10 pht.C ch thay i mt khu khng c tiu chun ha.

Chng ch s X.509

Gii thiuS chng ch Thut ton bm , bm chng ch s to ra gi tr bm

X.509 l mt chng ch cung cp nhng dch v chng thc , mi chng ch cha kho cng khai ca ngi dng v mt kho b Chng ch cha mt c thm quyn chng thc tin cy . k Ngoinh cha : ra X.509 nh ngha giao thc xc thc c bn da danh v nhng chng ch kho cng khai ca ngi dng . trn khocng khai ca ngi dng

Chng ch c k

Gi tr bm c m ho bng kho b mt ca ngi dng

nh dng X.509S hiu Phin bn chng ch

Tn ngi pht hnh chng ch Thut ton Tn i to ch k stng nhn Thi gian chng nh danhc chng ch ch ngi pht hiu lc kho Thng tinnht hnh duy cng khai ca nh danh i tng i Subject gii quyt xung t ca Issuer unique ch cng chia s trng Issuer Phin bn 2 thm 2xung tphin bn 2 , phin bn va thm cc xy ra trng khi 2 chng identifier 3tng unique ch Phin k srng nhSubjecthiu . identifier 1 duy nhtmi trng m uniquebn 1 gii quyt xung khi mt chng ch identifier xy ra xungtn unique phin bn c lm identifier v c t t ca

Chng ch X.509

Qu trnh yu cu/pht hnh chng ch

(1)

End Entity (EE)

(2) (3) (6)

Registration Authority (RA)

(4)

(5)

Certificate Authority (CA)

(7) (8)

5.Sau khi kim nhng thngcu lpht trong trthmngi. dngny ctra. 8.Sau khi nhngi yu cu tin c, CA k ti choRA ,k , ngkim th pht hnh 7.Ngi trn trac cu hon thin mu ng ng vRA , cu l 1ch 4.Da dng gi RAyu mu ng gi v lik CAtr li chng : dng yu chp cp ng k mu tr nhng k RA 1.Ngixc thcxc nhn hp CAs chng ch tiquynYu bao gmtin 6.Nu2.RAnu nh , yu cu nhn mu ng yn nhng dng tin 3.Ngi dng ngi dngv gi cung cpgi ngi thng CA nhn c yu cu khng ca RA thng l khng chaph thuc cp chnhca CA , l kho ch cu cha : kho c thng bom hodanh cudngpht,chng cachngyu dngng k n nh danh : yu kho b nu thng ch v k cng khai ca gi Yu cu nycabngngi dng thy hpdngngi ny , ngi vo mt sch nh nging k chokin . tin ,RA . ngi cng khai ca ngi dngCAtemdanh gian dng , thi gian chng , nh dngiu thi ngi , tng ng . ch c hiu lc

M hnh phn phi chng ch

CA gi cho A A gi yu cuc chng ch Ca cp pht chng ch km m ho bng kho theo kho cng CA cng b mt ca khai cabo ny . Thng mnh cha : nh danh A , kho cng khai ca A , thi gianc chng ch Cb , nhau chkho gi khai ca CA gii chng Khi A nhn Bcng c c chng ch cacn cng th gi mo A Nu A v mun lin lc vi A dng A th khng k tn ch chng ch ch m CA cp cho Time2, .khng tra Time2 nu hp l m c hiu lc lin lcIDb ,cc thc th khc kimmng chng thu c vi KUb , mnh A trn dng kho xc thc ln nhau m ho cc thng bo gi cho B cn cng khai ca B

H thng kin trc CA H thng phn cp H thng mng li Cu CA

H thng cp bcCA gcCA trung gian

Thc th cui cng

Chng ch u im : pht hnh ch i theo mt chiu t CA cha m n cc CA con , tr CA Nhc im : khi mtphn phi theo ng an ton .b l kho b mt s c th pht n gc(TLCA) + Co dn tt v c im xy ra li . Nu CA gc Cc CA trung gian nh hng ton b h thngn c CA s lng hocl kho b mt s nh hng n cc CA cp hnh chngc thNu ngi dng m vn n nh thuc ca mnh - H thng ch . tng v trung gian b CA con trc di hoc thc th ph CA gc hoc mt trong cc CA trung gian ch vic thm 1 quan - thm 1 CA mi , thuc vo n h tin cy n CA + D trin khai : v chng ch ch pht hnh theo 1 chiu nn vic xc nh ng dn cho chng ch rt nhanh v d dng

Qu trnh yu cu / pht hnh chng ch

34 2 6 5

1

H thng mng li

Cc CA c quan h tin cy theo kiu ngang cp (2 chiu) Tt c nhng CA trong mng u l nhng im tin cy ni quan h tin cy ln nhau khi Hai CA kt Mi CA c nhiu chngCA ycc chng ch cc thc th trong hai ch , mun kt ni c c t cc CA khc kt ni trc tip vi an ton vi nhau n ( Alice c 3 pht hnh mt chng ch v C nhiu ngchng ch ca CA1 , CA2 t CA3) mt CA n mt thc th

u im : Nu 1 CA b li ch nh hng n cc thc th ph thuc vo Nhc khng nh kh khn trong vic thit lp con pht hnh chng ch n ch im : Rt hng n ton b h thng c bit xc nh con ng c tin cy cao nht

Cu CA

Nu 1 Principle CA b hng (ph) Vic thit lp quan quan tng Bridge CA thit lph tin h ngang Cu CA (BCA) c t th ty thuc ca cc kin th phivi cc CAc kiu thctrung cp Bridge CAvoth thu hitrc Cn thit lp 1 quan haytin quanPKI CA gi chHub PKI hcc tng so ng dn tin Vai tr chnh ca l ca tng Spoke h tm nhau. ng cpngn hn chng lp cp phtm cp dnkt PKI ca CA khng ng phtcp khc dng thmn dnhpht hay Thit D Bridge mng .quan mi chng Cc cc CA c vi Bridgekhccnhin vi cng vi PKI li ngu gi l trung CA khng b nh BCA bvicti 1 cuc cp,ni tin hot thnh hn im tng hp tngPKIch nh sotin chng pht chngto ton chng kin PKI phn kt chichng ngi dng trc tip duy nht vi PKI trc 1 Principle CA. QuanCA tin ph, vi s CA trin Bridge h2b tng nhng dinhng ng th hn ln so tmtinnhng thc lthit lp tc vi hng.tngkhai kh tng vivi cho phpni PKI ngun ra sutPKI li,S cc i ch kt thay c trong so cu. Nu vn th hn ccvi gia tin cycpCA vi Bridgekhc PKI phn gia nhng chng dn Principle thu hi PKI ch principle CA s khng cu CA nhauCAdng vCA bcc s thay PKIthng qua khcphnngoi ngi gccp bn l ngang cp cho Bridge CA nhaucc vi tin tng cp pht kin trc li, quan . ii im h tin tng c th c thit lp vi bt k CA no trong .

Th tc xc thc Xc thc mt chiu Xc thc hai chiu Xc thc ba chiu

Xc thc mt chiu

A to ra mt thng bo gi cho B , thng bo ny c m ho bng Khi b mt c . Thng bo ny cha : tem thi gian chng li tn kho B nhn ca A thng bo A gi cho mnh , B dng kho cng khai ca dng li thng bo ; mt khng nh chc xc rng thng bo ny cngA gii m thng bo vgi tr ngu nhin chn nh thng bo ny n t A v nh danh B ngoi ra php bo c kho b mt nhng l duy nht ;ch A l ngi ;dng hp thng mi ny c th cham thi . Ngoi ra B ch kho kho ca mnh gii m thng bo thu c thng tin v dngk s ,b mtphin c m ho bng kho cng khai kho ca B phin , kho phin ny c dng lin lc gia A v B

Xc thc hai chiu

QuA nhn c thng bomt thng bo giA dng ,kho cng khai ca Khi trnh th hai : B to ra B gi cho mnh , cho A thng bo ny c gii ho thngkhovxy ra nh giao thc xcny thng :bo ny n B m m bng bo b khng nh. chc chn rng cha chiu Qu trnh th nht mt ca B Thng bo thc mt tem thi gian v ch B l tn cng dng liphp mi c mt gi tr ngu thi . Ngoi t B chng li ngi dng hp thng bo ; kho b mt m nhin xc nh dng kho ny l duy nht ; gii m A ; ngoi ra thng bo khoc ra A thng bo b mt ca mnh nh danh thng bo thu c ny th cha nhng thng tin v ch k s , kho phin c m ho bng phin . kho cng khai ca A .

Xc thc ba chiu

Qu trnh th ba : A gi cho B thng bo c m ho bng kho b mt Qu thng bo ny cha hai xy ra nhin m B xc thc . B gii ca A , trnh th nht v thgi tr ngunh giao thc sinh ra hai chiu m thu c t khng nh chc chn rng ngi mnh ang lin lc chnh l A .


Xong_Chuan Giao Thuc Dau Doc EPC (7)

Tim Hieu Ve Giao Thuc SMTP

Giao an Thuc Hanh DTCS Moi Sua

Giao thuc ip

Giao Trinh Thuc Vat Duoc P1

Giao Thuc Iptv 2762

Giao Trinh Cnpm Chinh Thuc

Giao Thuc Tcpip

Giao trinh thuc hanh truyen dong dien

Giao Thuc EIGRP

Giao trinh thuc hanh SQL

Cac Giao Thuc Dinh Tuyen

DO AN GIAO THUC X.25

Giao Thuc Yoga

Cac Giao Thuc Dinh Tuyen Cua Cisco

Giao Trinh Thuc Hanh VXL

Giao Thuc I2C+DS1037

Giao Trinh Sinh Ly Thuc Vat

Giao an Bai Thuc Hanh Lop 10doc

Giao Trinh Thuc Tap Sinh Hoa

Giao Trinh Thuc Hanh

Giao thuc dinh tuyen trong WSN

Chuong 1 - Cac Phuong Thuc Giao Dich

Giao Trinh Thuc Hanh VDK

Giao Trinh Thuc Pham Dong Hop

Giao Trinh Thuc Hanh_VXL

Giao Thuc Dinh Tuyen

Giao Trinh Thuc Hanh Visuabasic 60

Giao trinh thuc hanh - Delphi 7

Giao Thuc Scada

Giao Thuc Giao Dien Vo Tuyen

Giao Trinh Thuc Hanh Nguoi

BTHso3 - Giao thuc TCP va UDP.doc

Giao Trinh Thuc Hanh Hoa Dai Cuong

Giao Thuc Dinh Tuyen Leach Trong Wsn