Kerberos: An Authentication Service for Open Network Systems
@inproceedings{Steiner1988KerberosAA, title={Kerberos: An Authentication Service for Open Network Systems}, author={Jennifer G. Steiner and B. Clifford Neuman and Jeffrey I. Schiller}, booktitle={USENIX Winter}, year={1988} }
In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted third-party authentication service is used to verify users' identities. This paper gives an overview of the Kerberos authentication model as imple- mented for MIT's Project Athena. It describes the protocols used by clients, servers, and Kerberos to achieve authentication. It also describes the management and…
Figures from this paper
623 Citations
Kerberos: an authentication service for computer networks
- Computer ScienceIEEE Communications Magazine
- 1994
The authors concentrate on authentication for real-time, interactive services that are offered on computer networks, which includes remote login, file system reads and writes, and information retrieval for applications like Mosaic.
Kerberos : An Authentication Sewice for Computer Networks
- Computer Science
- 2004
The Kerberos V5 development effort at the Massachusetts Institute of Technology finds a vulnerability in the system that can be intercepted and subsequently used by eavesdroppers to impersonate the user.
Chapter 16: Authentication in Distributed System
- Computer Science
- 2008
A fundamental concern in building a secure distributed system is authentication of local and remote entities in the system, which is carried out using a protocol involving message exchanges and these protocols are termed authentication protocols.
Heuristic authentication protocol for TCP/IP network applications under UNIX
- Computer ScienceACM Southeast Regional Conference
- 1992
A heuristic protocol, that no clear text copy of a password need ever be stored or exchanged across the network under the proposed protocol, as an alternative approach to the authentication problem.
Beacons for Authentication in Distributed Systems
- Computer ScienceJ. Comput. Secur.
- 1996
It is argued that this approach considerably simplifies the solution to the authentication problem and is illustrated the impact of such a service by “Beaconizing” the well know Needham and Schroeder protocol.
End User Authentication (EUA) Model and Password for Security
- Computer ScienceJ. Organ. End User Comput.
- 2009
The conception of a textual password is demonstrated which in many cases improves the security of the end user authentication and is based on the use of the Kerberos authentication technique and the Diffie-Hellman Key exchange.
Flexible session management in a distributed environment
- Computer Science
- 2010
CEDAR, the secure communication library used by the Condor High Throughput Computing software, is introduced, and the advantages to a distributed computing system resulting from CEDAR's separation of these layers are presented.
Beacon based approach to network security
- Computer Science
- 1994
This thesis presents a novel approach to the authentication problem by "Beaconizing" the Needham and Schroeder public key protocol and shows that this approach considerably simplifies authentication and the distribution of keys.
A Complete Secure Transport Service in the Internet
- Computer Science
- 1993
This paper describes some extensions to the Kerberos authentication service and protocol that will allow it to support a complete secure transport service over a number of protocols: connection-oriented (TCP) (currently supported by Kerbero), connectionless (UDP) and multicast ( UDP/broadcast) transport protocols.
Extensible Pre-authentication Kerberos
- Computer ScienceTwenty-Third Annual Computer Security Applications Conference (ACSAC 2007)
- 2007
Extensible Pre-Authentication in Kerberos (EPAK) is presented, a Kerbero extension that enables many authentication methods to be loosely coupled with KerberOS, without further modification to Kerbers, to demonstrate the utility of the framework.
References
SHOWING 1-10 OF 34 REFERENCES
Using encryption for authentication in large networks of computers
- Computer ScienceCACM
- 1978
Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of…
Design and implementation of the Sun network filesystem
- Computer ScienceUSENIX Conference Proceedings
- 1985
The Sun Network Fllesystem provides transparent, remote access to mesystems and uses an External Data Representation (XDR) specification to descnoe protocols in a machine and system independent way.
The Hesiod Name Server
- Computer ScienceUSENIX Winter
- 1988
Hesiod, the Athena name server, provides naming for services and data objects in a distributed network environment. More specifically, it replaces databases that heretofore have had to be duplicated…
National Bureau of Standards
- Materials ScienceNature
- 1936
An investigation has been completed on the efficiency of a large number of rust-preventing materials with particular reference to their use in preventing corrosion in aviation engines during storage.
Computing in Higher Education: The Athena Experience
- EducationComputer
- 1985
Project Athena at MIT is an experiment to explore the potential uses of advanced computer technology in the university curriculum. About 60 different educational development projects, spanning…
Berkeley UNIX on 1000 Workstations: Athena Changes to 4.3BSD
- Computer ScienceUSENIX Winter
- 1988
The goals and constraints faced by Athena are described, as well as many of the solutions devised in building such a system, and the goals and evolution of the computing system side of the Project are examined.
Security Mechanisms in High-Level Network Protocols
- Computer ScienceCSUR
- 1983
The implications of adding security mechanisms to high-level network protocols operating in an open-system environment are analyzed, and a brief description of the two basic approaches to communications security, link-oriented measures and end-to-end measures concludes that end- to- end measures are more appropriate in anopen- system environment.
authenticator along with an indication of her
- authenticator along with an indication of her
UID͘ pair provided unencrypted in the request packet Take Me information could be forged and thus security compromised
- UID͘ pair provided unencrypted in the request packet Take Me information could be forged and thus security compromised