Kerberos Short presentation Protocol run Ressources By Artur Hecker, ENST Paris, 11/01/2002
Kerberos: general information Based on Needham-Schroeder protocol Introduced by the MIT Uses only symmetric cryptography Shared secrets, session keys, timestamps, limited validity Purposes: Authentication Session key distribution Preconditions: Existence of a central instance with common keys for each party All keys are pre-installed respectively ( shared secrets)
Alice Notary Bob Problem: synchronized clocks Kerberos: typical protocol run time stamp validity period Bob knows K Alice knows K
Kerberos: Ressources Jennifer G. Steiner, Clifford Neuman, Jeffrey I. Schiller. "Kerberos: An Authentication Service for Open Network Systems", USENIX Mar [athena-dist.mit.edu:pub/kerberos/doc/usenix.PS] R. M. Needham and M. D. Schroeder, "Using Encryption for Authentication in Large Networks of Computers", Communications of the ACM, Vol. 21(12), pp (December, 1978). Li Gong, "A Security Risk of Depending on Synchronized Clocks", Operating Systems Review, Vol 26, #1, pp S.M. Bellovin and M. Merritt, "Limitations of the Kerberos Authentication System," USENIX Jan [research.att.com:dist/internet_security/kerblimit.usenix.ps] C. Neuman and J. Kohl, "The Kerberos Network Authentication Service (V5)", RFC 1510, September Kerberos Reference Page, [ MIT Kerberos Ressources, [