Jennifer G. Steiner, Jeffrey I. Schiller, and Clifford Neuman. Kerberos: an authentication service for open network systems. Winter USENIX Technical Conference (Dallas, TX), pages 191--202, 9--12 February 1988.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....may move into a network domain that uses an unfamiliar protocol: by merely loading a new module the mobile system will be capable of participating in the new network. 1. 2 Related work Numerous solutions for providing authentication and key exchange exist in the literature, including Kerberos [SNS88] and the Distributed System Security Architecture (DSSA) GGKL89] that we will analyze in detail later. Other examples include the ISO security architecture [iITT88] and privacy enhanced mail [KL89] None of these systems were designed to facilitate application development, and most are based on a ....

....two actual systems based on the two variants of the Needham Schroeder protocol that include delegation: Kerberos [KN93] and the Distributed Systems Security Architecture (DSSA) GM90] We then present a third delegation scheme called Passports [Sol88] 4.1. 1 Delegation in Kerberos Kerberos [SNS88] uses the Needham Schroeder key exchange protocol with symmetric encryption to exchange session keys that are used for authentication. The earlier version of Kerberos did not address delegation, but the current version [KN93] does include it. The Kerberos protocol uses tickets and authenticators ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the Winter USENIX Conference, pages 191--202, February 1988.

....from some bits, but not necessarily all, of the plaintext data. In this case the encryption decryption algorithm must guarantee that any modifications of the ciphertext will propagate erroneous decryptions until the end of the ciphertext, thus affecting the resulting integrity control value [12, 14]. The second way to handle the integrity control of encrypted data is attractive because one may save the time expended in the generation of data s hash values by slightly increasing the complexity of the encryption mode. However, most commonly used block encryption modes, like Electronic Code ....

....block encryption modes, like Electronic Code Book (ECB) or Cipher Block Chaining (CBC) 4] do not propagate erroneous decryptions of a modified ciphertext block to all following blocks. There are several examples of encryption modes providing error propagation, like the Kerberos Propagating CBC [12]. Unfortunately, they have weaknesses, such as allowing the addition of arbitrary values to ciphertext blocks, swapping of ciphertext blocks, or the replacement of ciphertext blocks by new ones using known plaintext attacks. This document presents the Efficient Error Propagating Block Chaining ....

[Article contains additional citation context not shown here]

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proc. of the USENIX Winter Conf., pages 191--202, Dallas, Texas, USA, February 1988.

....clients in use. Thus, most current version 5 implementations have functionality for handling version 4 clients. Version 5 is reasonably similar to version 4, except that it is more parameterised, including support of several types of encryption algorithms. Kerberos is described in more detail in [2, 3, 4, 5]. 3 Kerberos databases Every key that the Kerberos server keeps must be stored in some kind of database. The database needs to contain at least the names and keys of the principals. Additional information stored and the organisation of the database can vary quite a lot between different ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller, Kerberos: An Authentication Service for Open Network Systems, Proceedings Winter USENIX Conference, Dallas (1988)

....Abstract This paper describes some of the common ways of implementing the Kerberos database and distributing this among the Kerberos servers. The methods available in the Heimdal implementations are examined and some performance measurements are presented. 1 Introduction Kerberos[4] is a third party security system that is enjoying use all over the world. It is a system for authenticating users and services (called principals) to each other over an unsafe network. The third party, the Kerberos server, is trusted with all keys of all principals in the system. The users can ....

....of all principals in the system. The users can with the help of the kdc, authenticate to each other. This is performed with the help of tickets, which are time limited non forgable server specific proves of identity. For specific details on the protocol refer to other documents on the subject [4, 2, 3, 1]. Heimdal[5] is one implementation of Kerberos that the authors have been working on for some time. 2 Kerberos Database The Kerberos server keeps a database of all the keys used in the system. Since the contents of this database is highly sensitive, the requirements on the database are somewhat ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller, Kerberos: An Authentication Service for Open Network Systems, Proceedings Winter USENIX Conference, Dallas (1988)

....with the Kerberos server and this enables principals to verify that the messages from the Kerberos server are authentic. Trusting the Kerberos server, users and services can then authenticate themselves to each other. For specific details on the protocol refer to other documents on the subject [7, 5, 6, 4]. 2.1 The Kerberos server The central function in a Kerberos environment is performed by the Kerberos server that keeps a copy of the keys of all principals. This function is sensitive, an attacker that obtains a copy of a principal s key can masquerade as that principal. An attacker that ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller, Kerberos: An Authentication Service for Open Network Systems, Proceedings Winter USENIX Conference, Dallas (1988)

....A host trusted in one administrative domain may not be trusted in another, and likewise may the user of a mobile host not trust all administrative domains. Thus both authentication and encrypted data transfer are necessary to provide secure mobile computing. Authentication Services like Kerberos [SNS88] already provide both authentication for hosts and users, and encrypted communication. Also the Mobile IP design [Per95] addresses security issues, allowing an administrative domain to restrict the actions of foreign mobile hosts. 1.2.1.2 Disconnected Operation Due to the limited availability ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the

....PAMbased GINA eases this problem by allowing new authentication mechanisms to be replaced and tested without forcing a reboot. 1 Introduction Security technologies are constantly evolving to meet the demands of Internet services. For example, network authentication protocols such as Kerberos [SNS88, KNT91], and Netware undergo periodic revision to meet new challenges. Similarly, the basis of secure authentication evolves, replacing password based methods with ones that depend on smartcards or biometrics. To meet the challenge of integrating new methods and technologies into the Internet security ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller, "Kerberos: An Authentication Service for Open Network Systems," Proc. of the Winter

....secret key, and a receiver decrypts the encrypted data using the same key. A typical procedure for securing unicast communications between a client and a server is outlined as follows: Initially, the client and server mutually authenticate each other using an authentication protocol or service [4, 31, 34, 37]; subsequently, a secret key is created and shared by them to be used for pairwise confidential communications. For confidential group communications, one approach is to have a group key shared by every group member, and the group key is used to encrypt decrypt communications within the group. ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In USENIX Winter Conference, pages 191--202, February 1988.

....consistency. Cryptography. Perhaps due to sensor nets applicability in military applications, there has already been significant interest in cryptographically protecting sensor network messages [HSW , Hil] Certain authentication schemes, such as the Kerberos Authentication Service [SNS88] depend on synchronized time to prevent replay attacks and other forms of circumvention. 1 Database Consistency. Database update protocols often require synchronized time to serialize transactions or eliminate duplicate updates (for example, in [LSW91] There has been recent interest in ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An authentication service for open network systems. In USENIX Association, editor, USENIX Conference Proceedings (Dallas, TX, USA), pages 191--202, Berkeley, CA, USA, Winter 1988. USENIX Association.

....[11] two well studied mechanisms for providing authentication secure against a range of adversaries. However, there are many reasons that these mechanisms are not suitable for use on the Web at large. Lack of a central infrastructure such as a public key infrastructure or a uniform Kerberos [40] contributes to the proliferation of weak schemes. We also found that many Web sites would design their own authentication mechanism to provide a better user experience. Unfortunately, designers and implementers often do not have a background in security and, as a result, do not have a good ....

....oneexchange protocol, a user can authenticate and prove possession of a ticket. This scheme is not appropriate for our model of Web client authentication because it requires the client to perform computation such as modular exponentiation. Kerberos uses tickets to authenticate users to services [22, 33, 40]. The Kerberos ticket is encrypted with a key known only to the service and the Kerberos infrastructure itself. A temporary session key is protected by encryption. The ticket approach differs greatly from schemes such as ours because tickets are message preserving, meaning that an adversary who ....

Jennifer Steiner, Clifford Neuman, and Jeffrey Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 USENIX, pages 191--202, Dallas, TX, February 1988.

....If veri cation succeeds, the service will take some action to grant the request, such as to establish a session or return a cryptographic token for later use; this depends on the context in which the service is used. If the answer contains a freshly generated, random session key, as in Kerberos [94], such an authentication server is also called a key distribution center (KDC) Communication between the authentication service and clients may be encrypted and signed with the public key of the service. The security assumption about the authentication service is that it acts honestly when ....

Jennifer G. Steiner, Cliord Neuman, and Jerey I. Schiller. Kerberos: An authentication service for open network systems. In Usenix Conference Proceedings, pages 191-202, March 1988.

....which allow a user to access meetings. The client server model is explored in Section 4, and the communication issues caused by this split in duties are covered in Section 5. Following that, Section 6 describes the topic of authentication and authorization, showing how Discuss uses Kerberos[17] to provide authentication, but develops its own application level authorization scheme which we believe is required by a distributed conferencing system. User notification of new transactions via the Zephyr[4] notification system is covered in Section 7. We talk in Section 8 about the lessons ....

Jennifer Steiner, Clifford Neuman, and Jeffrey Schiller. Kerberos: An Authentication Service for Open Network Systems. In USENIX Association Winter Conference 1988 Proceedings, pages 191--202, February 1988.

....and an IBM RS 6000 workstation, both running extended Relational database software. Both Montage and OpenIngres are currently under evaluation [Sto93] Visualization activities are being performed on Silicon Graphics and Hewlett Packard workstations. Security is to be implemented using Kerberos [SNS88] The Andrew File System [HKM 88] will be used to provided a single file storage hierarchy for the system. 4.6 Related Work The REINAS system is a large effort incorporating many research disciplines. Distributed computer technology is being used by projects such as the SEQUOIA 2000 to ....

Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An authentication service for open network systems. In USENIX Conference Proceedings, pages 191--202. USENIX, 1988.

....has to be on the same machine as the user. This can prove quite useful in some cases. Consider a typical oce, in which a user has several personal workstations providing diverse applications and services. If smartcards are used to enhance the security of such services as Kerberos authentication [22], SSH [24] or PGP digital signatures [26] a user is forced to install smartcard readers on all her computers and move cards around as her tasks demand. We suggest a di erent scenario, in which smartcard functionality can be accessed from computers other than the one to which it is directly ....

Jennifer G. Steiner, Cliord Neuman, and Jerey I. Schiller. Kerberos: An authentication service for open network systems. In Winter 1988 USENIX Conference, Dallas, February 1988.

No context found.

Jennifer G. Steiner, Jeffrey I. Schiller, and Clifford Neuman. Kerberos: an authentication service for open network systems. Winter USENIX Technical Conference (Dallas, TX), pages 191--202, 9--12 February 1988.

No context found.

Jennifer G. Steiner, Jeffrey I. Schiller, and Clifford Neuman. Kerberos: an authentication service for open network systems. Winter USENIX Technical Conference (Dallas, TX), pages 191--202, 9--12 February 1988.

No context found.

Jennifer G. Steiner, Cli#ord Neuman, and Je#rey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the USENIX Technical Conference, March 1988.

No context found.

Jennifer G. Steiner, Cli#ord Neuman, and Je#rey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proc. of the USENIX Winter Conf., pages 191--202, Dallas, Texas, USA, February 1988.

No context found.

Jennifer G. Steiner, Jeffrey I. Schiller, and Clifford Neuman. Kerberos: an authentication service for open network systems. Winter USENIX Technical Conference (Dallas, TX), pages 191--202, 9--12 February 1988.

No context found.

Jennifer G. Steiner, Jeffrey I. Schiller, and Clifford Neuman. Kerberos: an authentication service for open network systems. Winter USENIX Technical Conference (Dallas, TX), pages 191--202, 9--12 February 1988.

No context found.

Jennifer G. Steiner, Cli#ord Neumann, and Je#rey I. Schiller. Kerberos: An authentication service for open network systems. In USENIX Winter 1988.

No context found.

Jennifer G. Steiner, Cli#ord Neuman, and Je#rey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the USENIX Technical Conference, March 1988.

No context found.

Jennifer G. Steiner, Cli#ord Neuman, and Je#rey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the USENIX Technical Conference, March 1988.

No context found.

Jennifer G. Steiner, B. Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An authentication service for open network systems. Technical report, Project Athena, MIT, Cambridge, MA, March 1988.

No context found.

Jennifer G. Steiner, Clifford Neumann and Jeffrey I. Schiller, `Kerberos: an authentication service for open network systems', Proc. 1988 Winter USENIX Conference, Dallas, Texas, 1988.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC