User Authentication with Kerberos
Kerberos is another technology. It is one that has been broken into historically; however, it provides a good level of security. With Kerberos you create a ticket that’s going to have a specific time allocated to it.
So with Kerberos, once a ticket is issued to me, the knowledge that that ticket was sent plus my login itself is going to ensure that I have access to that system. So the tickets or credentials are issued by a trusted Kerberos server that you allow on with some specific ID that you have.
How Public Key Works
You’ll hear a term called a Public Key. This is how a Public Key works. A Public Key works in conjunction with something called a Private Key.
This is technology that was actually developed back in the ’70s. The Private Key is going to be something that you’re going to keep to yourself.
The Private Key is going to be something that exists perhaps on your PC or perhaps as a piece of code that you have.
A Public Key is going to be something that you publish to the outside world. What you’ll do is take your document and send it out with your Public Key that’s going to be able to be accessed by a user that’s going to receive your document, but you’re going to encrypt it using your Private Key.
So by using these two things together, another user that’s going to receive your document can utilize your Public Key to ensure that, in fact, the document that you send is the document that you thought it was.
So the two keys together, in essence, create a unique key, something that’s uniquely known by the combination of the private and the Public Key.
Now, Digital Signatures takes us a little bit further. With Digital Signatures what we’re going to do is take the original document and run it along with the Private Key and we’re going to create something called the Hash. This is going to be another unique document that’s created with a Digital Signature.
Now, that unique document is going to be sent along, and your Public Key is going to be able to be used in conjunction with that new smaller document. If that Public Key winds up with that document, then you know the confidentiality of the original document is in place.
So here we’ve ensured both the user that’s sending the document as well as the document itself as being something that’s truthful and, in fact, the document that we thought was sent out. So in this way, we know that the document hasn’t been altered.
You might want to ensure that important documents come out with some kind of encryption or data signatures so you know they are exactly what the sender intended. Certificate Authority allows you to do just that. It relies on a third party to issue those kinds of certificates that are going to ensure that you are who you say you are.
Why would you want a third party to do that? Well, there’s a number of reasons. One may be cost. Maybe it’s more cost effective to have a third party do it rather than issue Certificate Authority yourself. But another reason is if you’re involved with third parties. Say I’m a manufacturer and I have a supplier. Well, that same supplier may issue supplies to a competitor of mine.
So I don’t want to issue certificates from my corporate database to the supplier because it could be used maliciously by somebody at my competitor’s site. So I want a trusted third party; somebody that everybody trusts equally. So the Certificate Authority will verify identity. He knows who all the different players are. They’ll sign the digital certificate containing the device’s Public Key. So this becomes the equivalent of an ID card. Now, there’s a number of different partners that we use with this. These include Verisign, Entrust, Netscape, and Baltimore Technologies.