Implementing-cryptography-using-python
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 2 ■ Cryptographic Protocols and Perfect Secrecy 41
After obtaining the ticket from the remote realm, Alice requests a service
granting ticket from the remote TGS. This sets up a dependency that the remote
realm must trust the Kerberos authentication service of the home domain of a
“visiting” user. Scalability becomes a problem as n realms require n × (n – 1) /
2 secret keys. The message exchange in a multiple domain protocol run would
look as follows:
A ➔ AS1: (A, TGS1, t A )
AS1 ➔ A: {K A , TGS1 , TGS1, t AS , LifetimeTicket TGS1 , Ticket TGS1 } KA with Ticket TGS1
= {K A, TGS1 , A, Addr A , TGS1, t AS , LifetimeTicket TGS1 } KAS, TGS1
A ➔ TGS1: (TGS2, Ticket TGS1 , Authenticator A, TGS1 ) with Authenticator A, TGS1
= {}A, Addr A , t`A} KA, TGS1
TGS1 ➔ A:{K A, TGS2 , TGS2, t TGS1 , Ticket TGS2 } KA, TGS1 with Ticket TGS2 = {K A, TGS2 ,A,
Addr A , TGS2, t TGS1 , LifetimeTicket TGS2 } KTGS1, TGS2
A ➔ TGS2: (S2, Ticket TGS2 , Authenticator A, TGS2 ) with Authenticator A, TGS2 =
{A, Addr A , t``A} KA,TGS2
TGS2 ➔ A: {K A,S2 , S2, t TGS2 , Ticket S2 } KA,TGS2 with Ticket S2 = {K A,S2 , A, Addr A ,
S2, t TGS2 , LifetimeTicket S2 } KTGS2,S1
A ➔ S2: (Ticket S2 , Authenticator A,S2 ) with Authenticator A,S2 = {A, Addr A , t```A} KA,S2
S1 ➔ A: {t```A + 1} KA,S1
X.509
X.509 is an international recommendation of ITU-T and is part of the X.500-
series defining directory services. It is the standard that defines the format of the
public-key certificate. The X.509 certificates are used in many internet protocols
that include TLS/SSL. The X.509 certificates are also used in offline applications
such as electronic signatures. The certificate contains a public key and an identity
(server name, host name, organization, or individual) and is either signed
by a certificate authority (CA) or self-signed using an internal process.
The first version of X.509 was standardized in 1988. The second version, which
resolved several security concerns, was standardized in 1993. The third version
was drafted in 1995. When a certificate is signed by a trusted CA or validated
by other processes, someone holding the certificate can be assured that the
public key can establish a secure communication session with another party or
validate documents that are digitally signed by the corresponding private key.
X.509 defines a framework for the provisioning of authentication services
that comprise the certification of public keys and certificate holding and three
different dialogues for direct authentication. The certification of public keys