Limitations of the Kerberos Protocol

نویسنده

  • S. M. Bellovin
چکیده

The Kerberos authentication system, a part of MIT’s Project Athena, has been adopted by other organizations. Despite Kerberos’s many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent failures in the protocol design. We discuss a number of such problems, and present solutions to some of them. We also demonstrate how special-purpose cryptographic hardware may be needed in some cases.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Kerberos protocol: an overview

The Kerberos Authentication Service, developed at MIT, provides a trusted third-party authentication to verify users’ identity. Here it is presented an overview of this protocol. The article can be logically divided in two parts, the first one describes the protocol, in the perspectives of the client and the server, focusing on how Kerberos achieve authentication. It is also given an idea of wh...

متن کامل

A Survey of Kerberos V and Public-Key Kerberos Security

Kerberos was initially developed at MIT as a part of Project Athena and in these days it is widely deployed single sign-on protocol that is developed to authenticate clients to multiple networked services. Furthermore, Cross-realm authentication is a useful and interesting component of Kerberos aimed at enabling secure access to services astride organizational boundaries. Also, Kerberos has con...

متن کامل

Yaksha: augmenting Kerberos with public key cryptography

The Kerberos authentication system is based on the trusted 3rd party Needham-Schroeder authentication protocol. The system is one of the few industiy standards for authentication systems and its use is becoming fairly widespread. The system has some limitations, including the fact that compromise of the on-line trusted 3rd party is catastrophic and that the system is vulnerable to dictionary at...

متن کامل

Kerberos with Clocks Adrift: History, Protocols, and Implementation

We show that the Kerberos Authentication System can relax its requirement for synchronized clocks, with only a minor change which is consistent with the current protocol. Synchronization has been an important limitation of Kerberos; it imposes political costs and technical ones. Further, Kerberos' reliance on synchronization obstructs the secure initialization of clocks at bootstrap. Perhaps mo...

متن کامل

Modification on Kerberos Authentication Protocol in Grid Computing Environment

The Kerberos is applied widely in OS and grid computing environment. The Kerberos system isn’t secure enough for symmetrical encryption. The paper describes a method that transform symmetrical key into asymmetric encryption on the basis of keeping symmetrical key of one side changeless. The algorithm strengthens the security of Kerberos protocol through proofing.

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1991