DOCSLIB.ORG

Prudent Engineering Practice for Cryptographic Protocols

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Prudent Engineering Practice for Cryptographic Protocols 6 IEEE TRANSACTIONS ON SOFM'ARE ENGINEERING, VOL. 22, NO. 1, JANUARY 1996 Prudent Engineering Practice for Cryptographic Protocols Martin Abadi and Roger Needham Abstract-We present principles for designing cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have prevented a number of published errors. Our principles are informal guidelines; they complement formal methods, but do not assume them. In order to demonstrate the actual applicability of these guidelines, we discuss some instructive examples from the literature. Index Terms-Cryptography, authentication, cryptographic protocols, authentication protocols, security. + 1 INTRODUCTION RYPTOGRAPHIC protocols, as used in distributed sys- traditional cryptography, and on protocols of the sort com- tems for authentication and related purposes, are mody implemented with the DES [20] and the RSA [28] prone to design errors of every kind. Over time, various algorithms. In particular, we do not consider the subtleties formalisms have been proposed for investigating and ana- of interactive schemes for signatures (e.g., [7]).Moreover, lyzing protocols to see whether they contain blunders. we do not discuss the choice of cryptographic mechanisms (Liebl's bibliography [13] includes references to protocols with adequate protection properties, the correct implemen- and formalisms.)Although sometimes useful, these formal- tation of cryptographic primitives, or their appropriate use; isms do not of themselves suggest design rules; they are not these subjects are discussed elsewhere (e.g., [32],1191). directly beneficial in preventing trouble. Throughout, we concentrate on the simple principles We present principles for the design of cryptographic with the largest potential applicability and payoff. Admit- protocols. The principles are not necessary for correctness, tedly, the literature is full of ingenious protocols and at- nor are they sufficient. They are, however, helpful, in that tacks. We do not attempt to formulate the laws that underly adherence to them would have simplified protocols, and this ingenuity, and perhaps it is not necessary to do so. We prevented a number of published confusions and mistakes. hope that our simple principles and examples will contrib- We arrived at our principles by noticing some common ute to the engineering of robust cryptographic protocols. features among protocols that are difficult to analyze. If these features are avoided, it becomes less necessary to re- 2 BASICS sort to formal tools-and also easier to do so if there is good reason to. The principles themselves are informal guide- A protocol, for present purposes, is a set of rules or conven- lines, and useful independently of any logic. tions defining an exchange of messages between a set of We illustrate the principles with examples. In order to two or more partners. These partners are users, processes, demonstrate the actual applicability of our guidelines, we or machines, which we will generically refer to as princi- draw these examples from the literature. Some of the oddities pals. In the cryptographic protocols we consider here, the and errors that we analyze have been documented previ- whole or part of some or all of the messages is encrypted. ously (in particular, in [4]). Other examples are new: protocols We interpret the term encryption fairly broadly, applying it by Denning and Sacco [6], Hickman (Netscape) [ll],[lo], Lu for example to signature operations. For present purposes, and Sundareshan [14], Varadharajan, Allen, and Black 1311, encryption and decryption are defined as key-dependent and Woo and Lam [34]. We believe they are all instructive. transformations of a message which may be inverted only Generally, we pick examples from the authentication lit- by using a definite key; the keys used for encryption and erature, but the principles are applicable elsewhere, for ex- decryption are the same or different, depending on the ample to electronic-cash protocols (e.g., [17]). We focus on cryptographic algorithm used. We find two basic, overarching principles for the design * M. Abadi is with the Systems Research Center, Digital Equipment Corpo- of secure cryptographic protocols. One principle is con- ration, 130 Lyfton Ave., Palo Alto, CA94301. cerned with the content of a message and the other with the E-mail: [email protected]. circumstances in which it will be acted upon: 0 R. Needham is with the University of Cambridge Computer Luboratoy, Pembroke Street, Cambridge CB2 3QG, UK. 1) Every message should say what it means-its inter- E-mail: [email protected]. pretation should depend only on its content. Manuscript received November 1993; revised April 1995. 2) The conditions for a message to be acted upon should A preliminary version of this paper appeared in the Proceedings of the 1994 IEEE Computer Society Symposium on Research in Securiiy and Privacy. be clearly set out so that someone reviewing a design For information on obtaining reprints of this article, please send e-mail to: may see whether they are acceptable or not. [email protected], and reference IEEECS Log Number S95062. 0098-5589/96$05.00 01996 IEEE Authorized licensed use limited to: Univ of Calif Berkeley. Downloaded on January 20,2021 at 00:21:27 UTC from IEEE Xplore. Restrictions apply. ABADI AND NEEDHAM: PRUDENT ENGINEERING PRACTICE FOR CRYPTOGRAPHIC PROTOCOLS 7 Next we explain these principles. They leald to other, more 2.3 Secrecy specific recommendations, which we discuss in the subse- The secrecy of certain pieces of information is essential to quent sections. the functioning of cryptographic protocols. Obviously, a 2.1 Explicit Communication protocol should not publicize the cryptographic keys used for communicating sensitive data. Further, it is important to In full, our first basic principle is: know how long a piece of information needs to remain se- PRINCIPLE1 cret, and to protect it accordingly. Every message should say what it means: The inter- None of our principles makes these points explicitly. pretation of the message should depend only on its Rather, all of our principles warn against mistakes that of- content. It should be possible to write down a straight- ten imply the loss of secrecy, integrity, and authenticity. forward English sentence describing ihe content- Some of the examples clarify how the principles relate to though if there is a suitable formalism available, that is the need for secrecy. good too. There may be more to say about secrecy guidelines for cryptographic protocols, but these are outside the scope of For example, an authentication server S might send a the present paper. message whose meaning may be expressed thus: “After receiving bit-pattern P, S sends to A a session key K in- 2.4 Examples and Other Principles tended to be good for conversation with B.” All elements of Below we discuss many concrete examples where errors this meaning should be explicitly represented in the mes- would have been avoided by using our two basic princi- sage, so that a recipient can recover the meaning without ples. We also introduce other principles, some of them any context. In particular, if any of P, S, A, 13, or K are left to corollaries of the basic ones. In particular, we recommend: be inferred from context, it may be possible for one message to be used deceitfully in place of another. Be clear on how encryption is used, and on the This principle is not completely original. In 141, we rec- meaning of encryption. ommend the use of a logical notation in generating and Be clear on how the timeliness of messages is proved, and describing protocols-essentially proposing a method to on the meaning of temporal information in messages. follow the principle. Establishing the correspondence be- Hopefully, the two basic principles will encourage a certain tween the logical protocol and its concrete implementation lucidity in the design of cryptographic protocols, and can be a simple matter of parsing, as for example in 1331. thereby make it easier to follow the other principles. Although a precise comparison of informal ideas is difficult, we also find an affinity with Boyd and Mao’s proposal that protocols should be robust in the sense that “authentication 3 NOTATION of any message in the protocol depends only on informa- We adopt notation common in the literature. That notation tion contained in the message itself or already in the pos- is not quite uniform and, in the examples, we make com- session of the recipient” [3]. An operational variant on this promises between uniformity of this paper and faithfulness theme appears in the work of Woo and Lam, who say that a to the original notation. protocol is a full information protocol if ”its initiator and In this paper, the symbols A and B often represent arbi- responder always include in their outgoing encrypted mes- trary principals, S represents a server, T a timestamp, N a sages all the information they have gathered” 1351. nonce (a quantity generated for the purpose of being re- cent), K a key, and K’ its inverse. In symmetric cryptosys- 2.2 Appropriate Action tems such as DES, K and K’are always equal. For asym- For a message to be acted upon, it does not suffice that the metric cryptosystems such as RSA, we assume for simplic- message be understood; a variety of other conditions have ity that the inversion operation is an involution (so K-’-’ to hold too. These conditions often consist of what may be equals K); we tend to use for the secret part and K for the regarded informally as statements of trust, though this an- K’ thropomorphic notion should be used with care. public part of a key pair (K, K’). We write (X}, to represent Statements of trust cannot be wrong though they may be X encrypted under K; anyone who knows {X), and the in- considered inappropriate.
Load more

Recommended publications
  • Optimizing the Block Cipher Resource Overhead at the Link Layer Security Framework in the Wireless Sensor Networks
    Proceedings of the World Congress on Engineering 2008 Vol I WCE 2008, July 2 - 4, 2008, London, U.K. Optimizing the Block Cipher Resource Overhead at the Link Layer Security Framework in the Wireless Sensor Networks Devesh C. Jinwala, Dhiren R. Patel and Kankar S. Dasgupta, data collected from different sensor nodes. Since the Abstract—The security requirements in Wireless Sensor processing of the data is done on-the-fly, while being Networks (WSNs) and the mechanisms to support the transmitted to the base station; the overall communication requirements, demand a critical examination. Therefore, the costs are reduced [2]. Due to the multi-hop communication security protocols employed in WSNs should be so designed, as and the in-network processing demanding applications, the to yield the optimum performance. The efficiency of the block cipher is, one of the important factors in leveraging the conventional end-to-end security mechanisms are not performance of any security protocol. feasible for the WSN [3]. Hence, the use of the standard In this paper, therefore, we focus on the issue of optimizing end-to-end security protocols like SSH, SSL [4] or IPSec [5] the security vs. performance tradeoff in the security protocols in WSN environment is rejected. Instead, appropriate link in WSNs. As part of the exercise, we evaluate the storage layer security architecture, with low associated overhead is requirements of the block ciphers viz. the Advanced Encryption required. Standard (AES) cipher Rijndael, the Corrected Block Tiny Encryption Algorithm (XXTEA) using the Output Codebook There are a number of research attempts that aim to do so.
    [Show full text]
  • Pluggable Authentication Modules
    Who this book is written for This book is for experienced system administrators and developers working with multiple Linux/UNIX servers or with both UNIX and Pluggable Authentication Windows servers. It assumes a good level of admin knowledge, and that developers are competent in C development on UNIX-based systems. Pluggable Authentication Modules PAM (Pluggable Authentication Modules) is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. The PAM framework is widely used by most Linux distributions for authentication purposes. Modules Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. This book provides a practical approach to UNIX/Linux authentication. The design principles are thoroughly explained, then illustrated through the examination of popular modules. It is intended as a one-stop introduction and reference to PAM. What you will learn from this book From Technologies to Solutions • Install, compile, and configure Linux-PAM on your system • Download and compile third-party modules • Understand the PAM framework and how it works • Learn to work with PAM’s management groups and control fl ags • Test and debug your PAM confi guration Pluggable Authentication Modules • Install and configure the pamtester utility
    [Show full text]
  • Kerberos: an Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts’O
    Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts’o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction z Kerberos: An authentication protocol based on cryptography z Designed at MIT under project Athena z Variation of Needham Schroeder protocol - Difference: Kerberos assumes all systems on the network to be synchronized z Similar function as its mythological namesake: “guards” the access to network protocols Contribution z Defines ideas of authentication, Integrity, confidentiality and Authorization z Working of Kerberos z Limitations z Utilities z How to obtain and use Kerberos z Other methods to improve security Why Kerberos? z Foils threats due to eavesdropping z More convenient than password based authentication { Allows user to avoid “authentication by assertion” z Authentication based on cryptography: attacker can’t impersonate a valid user How Kerberos Works z Distributed authentication service using a series of encrypted messages {Password doesn’t pass through the network z Timestamps to reduce the number of messages needed for authentication z “Ticket granting Service” for subsequent authentication Kerberos Authentication and Encryption zAuthentication proves that a client is running on behalf of a particular user zUses encryption key for authentication {Encryption key = Password zEncryption implemented using DES {Checksum included in message checksum and encryption provide integrity & confidentiality The Kerberos Ticket z Initially, client and Server don’t share an encryption
    [Show full text]
  • Feature Description
    NTLM Feature Description UPDATED: 19 March 2021 NTLM Copyright Notices Copyright © 2002-2021 Kemp Technologies, Inc. All rights reserved. Kemp Technologies and the Kemp Technologies logo are registered trademarks of Kemp Technologies, Inc. Kemp Technologies, Inc. reserves all ownership rights for the LoadMaster and Kemp 360 product line including software and documentation. Used, under license, U.S. Patent Nos. 6,473,802, 6,374,300, 8,392,563, 8,103,770, 7,831,712, 7,606,912, 7,346,695, 7,287,084 and 6,970,933 kemp.ax 2 Copyright 2002-2021, Kemp Technologies, All Rights Reserved NTLM Table of Contents 1 Introduction 4 1.1 Document Purpose 6 1.2 Intended Audience 6 1.3 Related Firmware Version 6 2 Configure NTLM Authentication 7 2.1 Configure Internet Options on the Client Machine 7 2.2 Configure the LoadMaster 11 2.2.1 Enable NTLM Proxy Mode 13 2.2.2 Configure the Server Side SSO Domain 13 2.2.3 Configure the Client Side SSO Domain 15 2.2.4 Configure the Virtual Service 15 2.3 Configure Firefox to Allow NTLM (if needed) 17 2.4 Troubleshooting 18 References 19 Last Updated Date 20 kemp.ax 3 Copyright 2002-2021, Kemp Technologies, All Rights Reserved NTLM 1 Introduction 1 Introduction NT LAN Manager (NTLM) is a Windows Challenge/Response authentication protocol that is often used on networks that include systems running the Windows operating system and Active Directory. Kerberos authentication adds greater security than NTLM systems on a network and provides Windows-based systems with an integrated single sign-on (SSO) mechanism.
    [Show full text]
  • OK: Oauth 2.0 Interface for the Kerberos V5 Authentication Protocol
    OK: OAuth 2.0 interface for the Kerberos V5 Authentication Protocol James Max Kanter Bennett Cyphers Bruno Faviero John Peebles [email protected] [email protected] [email protected] [email protected] 1. Problem Kerberos is a powerful, convenient framework for user authentication and authorization. Within MIT, Kerberos is used with many online institute services to verify users as part of Project Athena. However, it can be difficult for developers unfamiliar with Kerberos development to take advantage of its resources for use in third-party apps. OAuth 2.0 is an open source protocol used across the web for secure delegated access to resources on a server. Designed to be developer-friendly, OAuth is the de facto standard for authenticating users across sites, and is used by services including Google, Facebook, and Twitter. Our goal with OK Server is to provide an easy way for developers to access third-party services using Kerberos via OAuth. The benefits of this are twofold: developers can rely on an external service for user identification and verification, and users only have to trust a single centralized server with their credentials. Additionally, developers can request access to a subset of Kerberos services on behalf of a user. 2. Implementation overview Our system is composed of two main components: a server (the Kerberos client) to retrieve and process tickets from the MIT KDC, and an OAuth interface (the OAuth server) to interact with a client app (the app) wishing to make use of Kerberos authentication. When using our system, a client application uses the OAuth protocol to get Kerberos service tickets for a particular user.
    [Show full text]
  • Chapter 15-70-411FINAL[1]
    Lesson 15: Configuring Service Authentication MOAC 70-411: Administering Windows Server 2012 Overview • Exam Objective 5.1: Configure Service Authentication • Configuring Service Authentication • Managing Service Accounts © 2013 John Wiley & Sons, Inc. 2 Configuring Service Authentication Lesson 15: Configuring Service Authentication © 2013 John Wiley & Sons, Inc. 3 Authentication • Authentication is the act of confirming the identity of a user or system and is an essential part used in authorization when the user or system tries to access a server or network resource. • Two types of authentication that Windows supports are NT LAN Manager (NTLM) and Kerberos. • Kerberos is the default authentication protocol for domain computers. • NTLM is the default authentication protocol for Windows NT, standalone computers that are not part of a domain, and situations in which you authenticate to a server using an IP address. © 2013 John Wiley & Sons, Inc. 4 Understanding NTLM Authentication • NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. • NTLM is an integrated single sign-on mechanism. • NTLM uses a challenge-response mechanism for authentication in which clients are able to prove their identities without sending a password to the server. © 2013 John Wiley & Sons, Inc. 5 Managing Kerberos Kerberos: • Is a computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner. • Can provide mutual authentication
    [Show full text]
  • Security and Performance of Single Sign-On Based on One-Time Pad Algorithm
    cryptography Article Security and Performance of Single Sign-On Based on One-Time Pad Algorithm Maki Kihara *,†,‡ and Satoshi Iriyama ‡ Department of Information Science, Tokyo University of Science, Yamazaki 2641, Noda, Chiba 278-8510, Japan; [email protected] * Correspondence: [email protected] † Research Fellow of Japan Society for the Promotion of Science. ‡ These authors contributed equally to this work. Received: 13 April 2020; Accepted: 9 June 2020; Published: 12 June 2020 Abstract: Single sign-on (SSO) techniques allow access control for multiple systems with a single login. The aim of our study is to construct an authentication algorithm that provides the authentication information of a user to a requester without requiring any specific token, thereby achieving domain-free access control. In this study, we propose an authentication algorithm for SSO based on a verifiable encryption (VE)-based authentication algorithm and implementation. VE is a kind of cryptosystem that allows calculation on cyphertexts, generating an encrypted result, which matches the distance between two plaintexts when decrypting. In our approach, we first construct the mathematical SSO algorithm based on the VE-based algorithm, and then implement the algorithm by applying the one-time pad to the algorithm and using sample data. We also consider robustness against theoretical attacks such as man-in-the-middle attack. In addition to that, our algorithm is robust against the well-known classical and theoretical attacks, the man-in-the-middle attack against the proposed algorithm is also impracticable. Furthermore, with security analysis using Proverif, the algorithm has been shown to be secure. The execution speed is less than 1 ms even with a text length of 8192 bits.
    [Show full text]
  • Roger Needham
    The Marshall Symposium: Address: Roger Needham Table of Contents Participants The Marshall Philip Power: Good morning. In remorseless pursuit of our Scholarships timetable, which envisages a busy and crowded day, I think that it's time to get going. Home Welcome to the second session of the Marshall Symposium. I'd like to get some housekeeping matters out of the way. For those of you who don't have programs, they are available in the lobby. There will be a fifteen-minute break between the first and the second panel, at approximately ten forty-five. There will be coffee and pop available in the lobby, but we will resume our panel discussions promptly at eleven. We are hopeful of provoking as much interplay between our panels and the audience as we can. To facilitate that, there are microphones at each aisle, and so at the end of panels, people are encouraged and invited to ask questions. Our morning speaker is a most distinguished trans-Atlantic visitor who suffered the indignities inflicted on many airline travelers at the hands of Northwest Airlines and its associated unions. Roger Needham, who is a pro-vice chancellor of Cambridge University, was born in 1935 and has been in computing at Cambridge since 1956. His Ph.D. thesis in 1961 concerned the application of digital computers to problems of classification and grouping. In 1962, he joined the computer laboratory, which was then called the mathematical laboratory, and has been on the faculty since 1963. He took a leading role in Cambridge projects in operating systems, in time-sharing systems, in memory protection, in local area networks and in distributed systems over the next twenty years.
    [Show full text]
  • Weaknesses and Best Practices of Public Key Kerberos with Smart Cards
    iSEC Partners, Inc. – Brad Hill, Principal Consultant Weaknesses and Best Practices of Public Key iSEC Partners, Inc. is Kerberos with Smart Cards a information security firm that specializes in Kerberos V with smart card logon is the “gold standard” of network application, network, authentication for Windows Active Directory networks and interop- host, and product erating systems. Smart cards and Public Key Kerberos are already security. For more widely deployed by governments and large enterprises to protect information about their networks and critical infrastructure, and decreasing prices and iSEC, please refer to an increase in threats against password-based authentication are the Appendix A or making these technologies attractive to even small and medium www.isecpartners.com sized businesses. Unfortunately, network architects, administrators and even experi- enced security professionals tend to place a sort of blind faith in smart cards and Kerberos. The low level details of the protocols and configuration options are little known. Myths and misunder- standings about the limits of these technologies are the norm. This whitepaper will: Give a brief introduction to Kerberos and smart cards Dispel some common myths about smart cards Explore the certificate validation practices of common PKINIT implementations Discuss a practical elevation of privilege exploit possible in common configurations of Windows KDCs Provide step-by-step advice to network architects and administra- tors for securing their smart card deployments While smart cards have definite advantages over passwords, they should be deployed with a realistic understanding of the actual pro- tections they provide. Installations should take advantage of the latest configuration and hardening options available, administrators should continue to audit and work to eliminate outdated protocols like NTLM from their networks, and privileged users should always exercise caution when authenticating to low-integrity workstations, even with a smart card.
    [Show full text]
  • Leveraging the Kerberos Credential Caching Mechanism for Faster Re-Authentications in Wireless Access Networks
    UBICOMM 2010 : The Fourth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies EAP-Kerberos: Leveraging the Kerberos Credential Caching Mechanism for Faster Re-authentications in Wireless Access Networks Saber Zrelli Yoichi Shinoda Nobuo Okabe Center for Information Science Corporate R&D Headquarters Japan Advanced Institute of Science and Technology Yokogawa Electric Corporation Ishikawa, Japan Tokyo, Japan [email protected] saber.zrelli,[email protected] Abstract—Although the wireless technology nowadays provides support cross-domain authentication that enables an access satisfying bandwidth and higher speeds, it still lacks improve- network to authenticate a roaming client that belongs to a ments with regard to handoff performance. Existing solutions remote domain. The cross-domain authentication requires for reducing handoff delays are specific to a particular network technology or require expensive upgrades of the whole infras- message exchange between the AAA server of the visited tructure. In this paper, we investigate performance benefits of network and the AAA server of the roaming station’s home leveraging the Kerberos ticket cashing mechanism for achieving network. Because these inter-domain exchanges occur over the faster re-authentications in IEEE 802.11 wireless access networks. Internet, they are subject to degradations such as packet loss For this purpose, we designed a new EAP authentication method, and network delays which increases the overall authentication EAP-Kerberos, and evaluated re-authentication performance in different scenarios. time. When a roaming station changes of access point, the same authentication procedure takes place again, disrupting Keywords-Wireless; Authentication; Handoff; Performance the user traffic at each handoff. I.
    [Show full text]
  • Kerberos Cross-Realm Authentication: Unraveling the Mysteries Stuart J
    Paper SAS623-2017 Kerberos Cross-Realm Authentication: Unraveling the Mysteries Stuart J. Rogers, SAS Institute Inc., Cary, NC ABSTRACT How do you enable strong authentication across different parts of your organization in a safe and secure way? We know that Kerberos provides us with a safe and secure strong authentication mechanism, but how does it work across different domains or realms? In this paper, we examine how Kerberos cross- realm authentication works and the different parts that you need ready in order to use Kerberos effectively. Understanding the principles and applying the ideas we present will make you successful at improving the security of your authentication system. INTRODUCTION Kerberos security is being implemented by a growing number of customers to enable strong authentication across different parts of an organization in a safe and secure way. SAS® is designed to work within this secure environment. I hope that this paper will help you to unravel the mysteries of Kerberos for SAS administrators, and enables you to work more closely with your IT and Security counterparts when SAS is deployed in an environment that uses Kerberos for basic authentication, and in the more complex case of cross-realm authentication. Kerberos authentication provides us with a strong mechanism to authenticate users across a network, enabling us to have confidence in the authentication of end-users to our networked applications. However, as organizations grow in size and complexity, so does the network across which we need to authenticate users. In this paper we will examine how Kerberos authentication operates, the different components used to authenticate the users, and we will take a step-by-step view of how the Kerberos protocol messages enable strong authentication (see the section titled “Kerberos 101”).
    [Show full text]
  • Section E.2.1 Kerberos Authentication and Authorization System by S
    PROJECT ATHENA TECHNICAL PLAN Section E.2.1 Kerberos Authentication and Authorization System by S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer Κερβεροσ; also spelled Cerberus. "n. The watch dog of Hades, whose duty it was to guard the entranceÐagainst whom or what does not clearly appear; . is known to have had three heads. ." ÐAmbrose Bierce, The Enlarged Devil's Dictionary This document describes the assumptions, short and long term goals, and system model for a network authentication system, named Kerberos, for the Athena environment. An appendix specifies the detailed design and protocols to support these goals, and a set of UNIX1 manual pages, not included here, describes an implementation for Berkeley 4.3 UNIX of both user interface commands and also library interfaces for clients and servers. The next section of the technical plan, E.2.2, describes a set of network applications that use Kerberos for authentication. Definitions Accounting Measuring resource usage attributable to a particular client. Authentication Verifying the claimed identity of a client or service. Authorization Allowing an authenticated client to use a particular service. Client A program that makes use of a network service, on behalf of a user. KDBM Kerberos Data Base Manager, a system that maintains and provides an interface for update of authoritative Kerberos data consisting of principal identifiers and private keys for both clients and services. Kerberos Aside from the 3-headed dog guarding Hades, the name given to the Athena authentication service, the protocol used by that service, and the libraries used to invoke the authentication and authorization services.
    [Show full text]