Quiz 13: Internet and Distributed Application Services
Kerberos This is a computer network protocol which is used for authentication and allows nodes to communicate over a non-secure network with the help of "tickets" to validate their identity in a secure manner. It provides mutual authentication for both the servers and clients and is based on client server model. Capabilities of Kerberos are defined below: 1. User-client based logon: • User enters the username and password. • The client performs a hash function on the password and it becomes as a secret key of user. 2. Authentication of client : A clear text message of the user ID is sent to the AS (Authentication Server) from the client to request for the services. Secret key and password is not sent to the AS. Now AS checks for the existence of the user in the data base, if the record is found then the following messages are sent to the client: • Message A: Client/TGS session key is encrypted by the secret key of the user. • Message B: Ticket-granting ticket message is sent to the client that includes the ID of the client, network address, validity period, and session key. When the client receives the message it tries to decrypt it with the secret key which was generated by the user on entering his password. 3. Authorization of client service: When client requests for the services the following messages are sent to the client: • Message C: This message consists of the ticket granting ticket from the message B and the ID of the requested service. • Message D: This message consists of client ID and timestamp which are encrypted by client/TGS session key. When the messages C and D received TGS decrypts the message D sends the following messages to the client: • Message E : Client to server ticket is sent which is encrypted with the help of service's secret key. • Message F : A Client server session key which is encrypted with the help of client/TGS session key. 4. Handle client service request : After receiving the messages E and F the client can use the information to authenticate itself to the Service Server. The server provides the requested service to the client. Limitations of Kerberos: • Kerberos has single point of failure because it requires persistent availability of central server, and whenever the Kerberos server is down no one can sign in. • It has strict time requirement that is the clocks of the hosts must be synchronized within the limits of configuration. • The administration protocols differs from server to server implementations and this is not a standardized protocol. • KDC (Key Distribution Centre) controls all authentication; allowing an attacker to impersonate any user. • Each network service requires a unique host name that will need a different set of Kerberos keys. Degree of security provided by Kerberos: Kerberos provides a good security level, but it is also not fully secured over network as other protocols because attackers always find a way to crack the passwords. A Kerberos provides security to every password-based mechanism. Kerberos help in protecting the identity of the user by encapsulating the message in a number of security layers and which are made secured by the key generated from the password entered by the user. In any case the password does not match with the one stored in the data base of the server then the encryption of the message fails. Thus, it can be said that Kerberos provide a good level of security, but any technique is not fully secured over network and thus it is also concluded that it does not address all security levels of distributed applications.
Client/Server Architecture This model uses the concept of client and server. A client is a computer program that sends request to the server in order to use the resources and a server is a computer program that responds to the request of client. Sharing of computer resources is also called time sharing. To make a communication between a client and a server they must use a set of standard protocols known as IP (Internet Protocol). Three Layer Architecture Three tier is a client server architecture which uses the functional process logic , user interface , computer data storage and data access. These all are handled as individual modules and they often operate on separate platforms. This model allows any of the three layer to be individually updated or modified. For example a change in presentation layer of OS would affect only the user interface. The three layer architecture has the following three layers: Presentation Layer : This is the top most layer and displays information related to the particular application. This is a layer which a user can access directly such as graphical user interface. Application Layer : It performs detailed processing to enhance the capability of an application. Data Layer : This layer consists of data servers where the information is stored and retrieved. n - Layer Architecture This model is also called Multitier Architecture. This is also a client/server architecture in which presentation, application and data storage layer are logically separated. With the help of this model developers can create flexible and simple applications. By dividing an application into multiple layers a user can modify only the selected layer; thus making the coding and debugging easier. The differences between the client and the server are given as follows: The function of each layer in three layer application is given as follows: • Presentation Layer : This is the top most layer and displays information related to the particular application. This is a layer which a user can access directly such as graphical user interface. • Application Layer : It performs detailed processing to enhance the capability of an application. • Data Layer : This layer consists of data servers where the information is stored and retrieved. More than three layers might be used if the application is complex and the developer wants it to divide it into layers on the basis of its processing so that is any changes are required on the particular layer, only that layer is modified and no other layer is affected. This makes the applications flexible and reusable.
Distributed System Architecture Distributed System architecture divides an application into multiple processes, some of which send requests, some of which respond to requests, and others that do both. Explanation: This architecture allows multiple applications to operate as one across multiple systems. It replicates the functionality to provide more robust service and diverse systems may be all connected through all this system architecture.