Upload
kerry-osborne
View
215
Download
0
Embed Size (px)
Citation preview
ACCESS CONTROL MANAGEMENT
By:
Poonam GuptaSowmya Sugumaran
Project Goal
• The primary goal of access control management is to preserve and protect the confidentiality, integrity, and availability of information, systems, and resources.
What is Access Control
• process by which users are identified and granted certain privileges to resources
• limits the use of a resource
Types of Access Control
1. Discretionary-owner 2. Mandatory-authorities3. Role-based-according to role4. Rule-based-pre determined rules
Access Control Technologies
• Tokens• Smart cards• Encrypted keys• Passwords
Popular Technologies
Kerberos
• Authentication Protocol• For Client/Server Application• Using Secret Key Cryptography
VPN
ACP(Kerberos)
Gateway
Internet
Kerberos
Three things happen between client and server when client
Initiate to allocate resources
• AS Exchange• TGS Exchange• Client/Server (CS) Exchange
http://technet.microsoft.com/en-us/library/bb742516.aspx
Technical Details
User namePasswordPolicies
AS ServerKGS Sever
Resource 1
Resource 2
1 3
2
4
4
Technical Details
Step 1: User-Client Logon(i)User-username & pswrd-client(ii)client-H(pswrd)-secret key of user
Step 2: Client Authentication(Client-AS)(i)Client sends user ID AS generates secret key from database(ii)AS sends 2 messages to client: Msg A- Client/TGS session key encrypted by user’s secret key Msg B- TGT encrypted with TGS’s secret key
Contd..
Step 3: Client Service Authorization(Client-TGS)(i)Client-2 messages to TGS: Msg C- TGT & service ID Msg D- Authenticator(user ID, timestamp) encrypted using client/TGS session key(ii)TGS decrypts TGT & authenticator and sends 2 msgs to client: Msg E-Client-to-Server ticket Msg F-Client/Server session key encrypted with Client/TGS session key.
Step 4: Client Service Request(Client- Service Server)(i)Client sends 2 msgs to SS: Msg E(Client/SS ticket) Msg G-Authenticator (user ID, timestamp, C/S session key)(ii)SS decrypts to get C/S session key SS decrypts authenticator and sends msg to client Msg H-Timestamp in client’s authenticator+1 encrypted using C/S key
Roadmap of the Project
TASK MONTH WEEK
Understanding the project
January 3 – 4
Installing Kerberos & Proposal preparation
February 1
Proposal Presentation
February 2
Coding, Testing & Debugging
February-March
3-4
Implementation March-April
4-2
Final Presentation Preparation
April 3-4
Final Presentation May 1
Thank You…!!!