• Corpus ID: 222257682

Kerberos: An Authentication Service for Open Network Systems

@inproceedings{Steiner1988KerberosAA,
  title={Kerberos: An Authentication Service for Open Network Systems},
  author={Jennifer G. Steiner and B. Clifford Neuman and Jeffrey I. Schiller},
  booktitle={USENIX Winter},
  year={1988}
}
In an open network computing environment, a workstation cannot be trusted to identify its users correctly to network services. Kerberos provides an alternative approach whereby a trusted third-party authentication service is used to verify users' identities. This paper gives an overview of the Kerberos authentication model as imple- mented for MIT's Project Athena. It describes the protocols used by clients, servers, and Kerberos to achieve authentication. It also describes the management and… 
courseweb.sp.cs.cmu.edu
623 Citations
Highly Influential Citations
51
Background Citations
174
Methods Citations
115
Results Citations
3

623 Citations

Kerberos: an authentication service for computer networks
TLDR
The authors concentrate on authentication for real-time, interactive services that are offered on computer networks, which includes remote login, file system reads and writes, and information retrieval for applications like Mosaic.
Kerberos : An Authentication Sewice for Computer Networks
TLDR
The Kerberos V5 development effort at the Massachusetts Institute of Technology finds a vulnerability in the system that can be intercepted and subsequently used by eavesdroppers to impersonate the user.
Chapter 16: Authentication in Distributed System
TLDR
A fundamental concern in building a secure distributed system is authentication of local and remote entities in the system, which is carried out using a protocol involving message exchanges and these protocols are termed authentication protocols.
Heuristic authentication protocol for TCP/IP network applications under UNIX
TLDR
A heuristic protocol, that no clear text copy of a password need ever be stored or exchanged across the network under the proposed protocol, as an alternative approach to the authentication problem.
Beacons for Authentication in Distributed Systems
TLDR
It is argued that this approach considerably simplifies the solution to the authentication problem and is illustrated the impact of such a service by “Beaconizing” the well know Needham and Schroeder protocol.
End User Authentication (EUA) Model and Password for Security
TLDR
The conception of a textual password is demonstrated which in many cases improves the security of the end user authentication and is based on the use of the Kerberos authentication technique and the Diffie-Hellman Key exchange.
Flexible session management in a distributed environment
TLDR
CEDAR, the secure communication library used by the Condor High Throughput Computing software, is introduced, and the advantages to a distributed computing system resulting from CEDAR's separation of these layers are presented.
Beacon based approach to network security
TLDR
This thesis presents a novel approach to the authentication problem by "Beaconizing" the Needham and Schroeder public key protocol and shows that this approach considerably simplifies authentication and the distribution of keys.
A Complete Secure Transport Service in the Internet
TLDR
This paper describes some extensions to the Kerberos authentication service and protocol that will allow it to support a complete secure transport service over a number of protocols: connection-oriented (TCP) (currently supported by Kerbero), connectionless (UDP) and multicast ( UDP/broadcast) transport protocols.
Extensible Pre-authentication Kerberos
TLDR
Extensible Pre-Authentication in Kerberos (EPAK) is presented, a Kerbero extension that enables many authentication methods to be loosely coupled with KerberOS, without further modification to Kerbers, to demonstrate the utility of the framework.
...
...

References

SHOWING 1-10 OF 34 REFERENCES
Using encryption for authentication in large networks of computers
Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of
Design and implementation of the Sun network filesystem
TLDR
The Sun Network Fllesystem provides transparent, remote access to mesystems and uses an External Data Representation (XDR) specification to descnoe protocols in a machine and system independent way.
The Hesiod Name Server
Hesiod, the Athena name server, provides naming for services and data objects in a distributed network environment. More specifically, it replaces databases that heretofore have had to be duplicated
National Bureau of Standards
TLDR
An investigation has been completed on the efficiency of a large number of rust-preventing materials with particular reference to their use in preventing corrosion in aviation engines during storage.
Section E.2.1 Kerberos Authentication and Authorization System
Computing in Higher Education: The Athena Experience
Project Athena at MIT is an experiment to explore the potential uses of advanced computer technology in the university curriculum. About 60 different educational development projects, spanning
Berkeley UNIX on 1000 Workstations: Athena Changes to 4.3BSD
TLDR
The goals and constraints faced by Athena are described, as well as many of the solutions devised in building such a system, and the goals and evolution of the computing system side of the Project are examined.
Security Mechanisms in High-Level Network Protocols
TLDR
The implications of adding security mechanisms to high-level network protocols operating in an open-system environment are analyzed, and a brief description of the two basic approaches to communications security, link-oriented measures and end-to-end measures concludes that end- to- end measures are more appropriate in anopen- system environment.
authenticator along with an indication of her
  • authenticator along with an indication of her
UID͘ pair provided unencrypted in the request packet Take Me information could be forged and thus security compromised
  • UID͘ pair provided unencrypted in the request packet Take Me information could be forged and thus security compromised
...
...