Limitations of the Kerberos Authentication System.
01 Jan 1991-pp 253-268
TL;DR: Despite its many strengths, the Kerberos authentication system has a number of limitations and some weaknesses as mentioned in this paper, some of which are due to specifics of the MIT environment; others represent deficiencies in the protocol design.
Abstract: The Kerberos authentication system, a part of MIT's Project Athena, has been adopted by other organizations. Despite Kerberos's many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent deficiencies in the protocol design. We discuss a number of such problems, and present solutions to some of them. We also demonstrate how special-purpose cryptographic hardware may be needed in some cases.
Citations
More filters
TL;DR: The authors concentrate on authentication for real-time, interactive services that are offered on computer networks, which includes remote login, file system reads and writes, and information retrieval for applications like Mosaic.
Abstract: When using authentication based on cryptography, an attacker listening to the network gains no information that would enable it to falsely claim another's identity. Kerberos is the most commonly used example of this type of authentication technology. The authors concentrate on authentication for real-time, interactive services that are offered on computer networks. They use the term real-time loosely to mean that a client process is waiting for a response to a query or command so that it can display the results to the user, or otherwise continue performing its intended function. This class of services includes remote login, file system reads and writes, and information retrieval for applications like Mosaic. >
1,545 citations
01 Sep 1993
TL;DR: This document gives an overview and specification of Version 5 of the protocol for the Kerberos network authentication system, presently in production use at MIT's Project Athena, and at other Internet sites.
Abstract: This document gives an overview and specification of Version 5 of the protocol for the Kerberos network authentication system Version 4, described elsewhere [1,2], is presently in production use at MIT's Project Athena, and at other Internet sites
1,451 citations
TL;DR: A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols.
Abstract: We discuss two-party mutual authentication protocols providing authenticated key exchange, focusing on those using asymmetric techniques. A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols. The definition of a secure protocol is considered, and desirable characteristics of secure protocols are discussed.
1,270 citations
10 Jun 1997
TL;DR: It is suggested that the appropriate authentication requirement will depend upon the use to which the protocol is put, and the model checker FDR can be used to test whether a system running the protocol meets such a specification.
Abstract: Many security protocols have the aim of authenticating one agent to another. Yet there is no clear consensus in the academic literature about precisely what "authentication" means. We suggest that the appropriate authentication requirement will depend upon the use to which the protocol is put, and identify several possible definitions of "authentication". We formalize each definition using the process algebra CSP, use this formalism to study their relative strengths, and show how the model checker FDR can be used to test whether a system running the protocol meets such a specification.
688 citations
Book•
25 Jul 2003
TL;DR: This book explains why "textbook crypto" is only good in an ideal world where data are random and bad guys behave nicely, and reveals the general unfitness of "textbooks crypto" for the real world by demonstrating numerous attacks on such schemes, protocols and systems under various real-world application scenarios.
Abstract: Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicelyIt reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal-world application scenarios This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (ie, fit-for-application) security properties, oftenwith security evidence formally established The book also includes self-containedtheoretical background material that is the foundation for modern cryptography
624 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
28 Aug 1980
TL;DR: UDP does not guarantee reliability or ordering in the way that TCP does, but its stateless nature is also useful for servers that answer small queries from huge numbers of clients.
Abstract: UDP does not guarantee reliability or ordering in the way that TCP does. Datagrams may arrive out of order, appear duplicated, or go missing without notice. Avoiding the overhead of checking whether every packet actually arrived makes UDP faster and more efficient, at least for applications that do not need guaranteed delivery. Time-sensitive applications often use UDP because dropped packets are preferable to delayed packets. UDP's stateless nature is also useful for servers that answer small queries from huge numbers of clients. Unlike TCP, UDP supports packet broadcast (sending to all on local network) and multicasting (send to all subscribers).
2,485 citations
01 Jan 1988
TL;DR: An overview of the Kerberos authentication model as imple- mented for MIT's Project Athena is given, which describes the protocols used by clients, servers, and Kerbero to achieve authentication.
Abstract: In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted third-party authentication service is used to verify users' identities. This paper gives an overview of the Kerberos authentication model as imple- mented for MIT's Project Athena. It describes the protocols used by clients, servers, and Kerberos to achieve authentication. It also describes the management and replication of the database required. The views of Kerberos as seen by the user, programmer, and administrator are described. Finally, the role of Kerberos in the larger Athena picture is given, along with a list of applications that presently use Kerberos for user authentica- tion. We describe the addition of Kerberos authentication to the Sun Network File Sys- tem as a case study for integrating Kerberos with an existing application.
1,205 citations
Book•
01 Jan 1996
TL;DR: Cryptology Goes Public Bibliography Notes to Text Acknowledgments Notes to Illustrations Index
Abstract: CONTENTS Preface to the Revised Edition Preface A Few Words 1. One Day of Magic THE PAGENT OF CRYPTOLOGY 2. The First 3,000 Years 3. The Rise of the West 4. On the Origin of a Species 5. The Era of the Black Chambers 6. The Contribution of the Dilettantes 7. Crises of the Union 8. The Professor, the Soldier, and the Man on Devil's Island 9. Room 40 10. A War of Intercepts: I 11. A War of Intercepts: II 12. Two Americans 13. Secrecy for Sale 14. Duel in the Ether: The Axis 15. Duel in the Ether: Neutrals and Allies 16. Censors, Scramblers, and Spies 17. The Scrutable Orientals 18. Russkaya Kriptologiya ("Russian Cryptology") 19. N.S.A. SIDESHOWS 20. The Anatomy of Cryptology 21. Heterogeneous Impulses 22. Rumrunners, Businessmen, and Makers of Non-secret Codes 23. Ciphers in the Past Tense 24. The Pathology of Cryptology PARACRYPTOLOGY 25. Ancestral Voices 26. Messages from Outer Space THE NEW CRYPTOLOGY 27. Cryptology Goes Public Bibliography Notes to Text Acknowledgments Notes to Illustrations Index
623 citations
TL;DR: The implications of adding security mechanisms to high-level network protocols operating in an open-system environment are analyzed, and a brief description of the two basic approaches to communications security, link-oriented measures and end-to-end measures concludes that end- to- end measures are more appropriate in anopen- system environment.
Abstract: The implications of adding security mechanisms to high-level network protocols operating in an open-system environment are analyzed. First the threats to security that may arise in such an environment are described, and then a set of goals for communications security measures is established. This is followed by a brief description of the two basic approaches to communications security, link-oriented measures and end-to-end measures, which concludes that end-to-end measures are more appropriate in an open-system environment. Next, relevant properties of data encryption--the fundamental technique on which all communications security mechanisms are based--are discussed. The remainder of the paper describes ho~w end-to-end measures can be used to achieve each of the security goals previously established.
368 citations