Kavinesh Karuppaiah

Roll-No: TCS2223033

INS Assignment 2:

Q.1) Discuss Kerberos authentication application.

Ans)
Kerberos provides a centralized authentication server whose function
is to authenticate users to servers and servers to users. In Kerberos
Authentication server and database is used for client authentication.
Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC). Each user and service on the network is a
principal. 
The main components of Kerberos are: 
 Authentication Server (AS): 
The Authentication Server performs the initial authentication
and ticket for Ticket Granting Service.
 Database: 
The Authentication Server verifies the access rights of users in
the database. 
 Ticket Granting Server (TGS): 
The Ticket Granting Server issues the ticket for the Server
Kerberos Overview:
1. Step-1: 
User login and request services on the host. Thus, user requests
for ticket-granting service. 
 2. Step-2: 
Authentication Server verifies user’s access right using database
and then gives ticket-granting-ticket and session key. Results are
encrypted using the Password of the user. 
3. Step-3: 
The decryption of the message is done using the password then
send the ticket to Ticket Granting Server. The Ticket contains
authenticators like user names and network addresses. 
4. Step-4: 
Ticket Granting Server decrypts the ticket sent by User and
authenticator verifies the request then creates the ticket for
requesting services from the Server. 
5. Step-5: 
The user sends the Ticket and Authenticator to the Server. 
6. Step-6: 
The server verifies the Ticket and authenticators then generate
access to the service. After this User can access the services.
Kerberos Limitations:
 Each network service must be modified individually for use with
Kerberos
 It doesn’t work well in a timeshare environment
 Secured Kerberos Server
 Requires an always-on Kerberos server
 Stores all passwords are encrypted with a single key
 Assumes workstations are secure
 May result in cascading loss of trust.
 Scalability
Q.2) Explain working of Public-Key Cryptosystems?
Ans) Public-key cryptography, or asymmetric cryptography, is an
encryption scheme that uses two mathematically related, but not
identical, keys - a public key and a private key. Unlike symmetric key
algorithms that rely on one key to both encrypt and decrypt, each key
performs a unique function. The public key is used to encrypt and the
private key is used to decrypt.

If B wants to send a confidential message to C, then B encrypts the

message using C’s Public key. When C receives the message from B,
then C can decrypt it using its own Private key. No other recipient
other than C can decrypt the message because only C knows C’s
private key.

Q.3) What is dispute resolution in Message authentication? Explain

any two properties of message authentication code (MAC).
Ans)
Message authentication is concerned with: protecting the integrity of
a message, validating identity of originator and non-repudiation of
origin (dispute resolution).
A message authentication code (MAC) is a cryptographic checksum on
data that uses a session key to detect both accidental and intentional
modifications of the data.
MAC algorithm is a symmetric key cryptographic technique to provide
message authentication. For establishing MAC process, the sender
and receiver share a symmetric key K.
Essentially, a MAC is an encrypted checksum generated on the
underlying message that is sent along with a message to ensure
message authentication.

Q.4) Explain working of Public-Key Cryptosystems?

Ans) Public-key cryptography, or asymmetric cryptography, is an
encryption scheme that uses two mathematically related, but not
identical, keys - a public key and a private key. Unlike symmetric key
algorithms that rely on one key to both encrypt and decrypt, each key
performs a unique function. The public key is used to encrypt and the
private key is used to decrypt.

If B wants to send a confidential message to C, then B encrypts the

message using C’s Public key. When C receives the message from B,
then C can decrypt it using its own Private key. No other recipient
other than C can decrypt the message because only C knows C’s
private key. 

Q.5) Discuss Kerberos authentication application.

Ans)
Kerberos provides a centralized authentication server whose function
is to authenticate users to servers and servers to users. In Kerberos
Authentication server and database is used for client authentication.
Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC). Each user and service on the network is a
principal. 
The main components of Kerberos are: 
 Authentication Server (AS): 
The Authentication Server performs the initial authentication
and ticket for Ticket Granting Service.
 Database: 
The Authentication Server verifies the access rights of users in
the database. 
 Ticket Granting Server (TGS): 
The Ticket Granting Server issues the ticket for the Server
Kerberos Overview:
1. Step-1: 
User login and request services on the host. Thus, user requests
for ticket-granting service. 
2. Step-2: 
Authentication Server verifies user’s access right using database
 and then gives ticket-granting-ticket and session key. Results are
encrypted using the Password of the user. 
3. Step-3: 
The decryption of the message is done using the password then
send the ticket to Ticket Granting Server. The Ticket contains
authenticators like user names and network addresses. 
4. Step-4: 
Ticket Granting Server decrypts the ticket sent by User and
authenticator verifies the request then creates the ticket for
requesting services from the Server. 
5. Step-5: 
The user sends the Ticket and Authenticator to the Server. 
6. Step-6: 
The server verifies the Ticket and authenticators then generate
access to the service. After this User can access the services.
Kerberos Limitations:
 Each network service must be modified individually for use with
Kerberos
 It doesn’t work well in a timeshare environment
 Secured Kerberos Server
 Requires an always-on Kerberos server
 Stores all passwords are encrypted with a single key
 Assumes workstations are secure
 May result in cascading loss of trust.
 Scalability