Introduction to Kerberos Principles

Others 2021-03-22 13:50:31 views: null

Kerberos is a very well-known key distribution protocol, and it also has the function of an authentication protocol. It is also a KDC (Key Distribution Center). Kerberos uses AES for encryption, so it is more secure.

How Kerberos works

The core idea is this: Just like our usual life, when I need to go to the community center to stamp some stamps, the community center often requires you to provide a certificate proving that you are you. Usually you need to find the police station to issue such a certificate. So this AS is like a police station, and TGS is like a community center.
Insert picture description here

Introduction to key terms

AS (Authentication Server): authentication server, used to verify user identity
TGS (Ticket-Granting Server): ticket-granting server, used to provide credentials between two users
KA: this is A’s own key K_A: this is A own keyKA:This is A self own the secret key
KS: This is a communication with the session key K_S A TGS used: A TGS session key that is used to communicate withKS:This is A and T G S through the channel with the will then secret key
KTG: This is TGS own key K_ {TG}: This is TGS own keyKTG:This is T G S from own the secret key
T: timestamp T: time stampT:When inter- stamp
KB: This is your own key B K_B: This is your own key BKB:This is B from the own of the secret key
KAB: This is the A to B communicate with the session key K_ {AB}: This is the session key A and B communicate withKA B:This is the A to B through the channel with the will words secret key

specific process

  1. First, A sends a plaintext to AS. This plaintext proves that A is A. Because AS has filed A's information in advance, AS can verify A's information.
  2. AS verifies that A is A, then encrypts it with A's key, and sends to A the session key K_AS between A and TGS and A and K_S used to verify the identity of A for TGS, and the verification information provided to TGS by A Encrypted by K_TG, so that A cannot be decrypted, only when A is passed to TGS, TGS can perform decryption verification
  3. Next, A sends two pieces of information to TGS, one is the timestamp encrypted with their session key, the timestamp is used to prevent replay attacks, and the other is the ticket just now
  4. After TGS verified the ticket, TGS sent to A the ticket for B to verify A, as well as B’s information and the encryption key between A and B
  5. Next, A passes a timestamp to B, and a ticket to B
  6. B After verification, a timestamp +1 is returned

After the above steps, it can be seen that A and B have obtained the key for communication between the two parties.

Guess you like

Origin blog.csdn.net/qq_34902437/article/details/106380629
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com