Security Infrastructure for Large Distributed Systems (SILDS)

University of Southern California
Information Sciences Institute

Project Staff

Technical Approach

Kerberos provides for the secure authentication of principals across computer networks. The addition of support for authentication using public-key cryptography or digital signature methods enhances the utility of Kerberos. Such support allows Kerberos to make use of the same infrastructure that is being used for other services (e.g. PGP, SSL, SET, X.509). Such extensions benefit both Kerberos and the public key infrastructure and increase the impact of any security infrastructure that uses Kerberos as a base.

Infrastructure to provide authorization and accounting services that can be used across open networks is being developed. These are based on Kerberos' restricted proxies. A restricted proxy is an authentication credential that allows an individual or process (the grantee) to act on behalf of another individual (the grantor), but only for a restricted set of operations, and under certain conditions. Basic mechanisms for implementing restricted proxies have been added to Kerberos. Restricted proxies provide a vehicle for implementing a large number of flexible authorization and accounting policies for distributed systems.

Using hardware devices such as smart cards to store long-term keys and credentials within the Kerberos authentication system significantly improves the level of protection, by addressing dictionary attacks as well as Trojan horses. Our implementation is being carried out in a stepwise manner. At the present time, only the user's secret key is being stored on the card. This will be followed by storing multiple session credentials as well as public keys on the card.

An authorization service can be implemented on top of restricted proxies by making a subtle change in the way one thinks about such a service. An authorization service need not directly specify that a particular principal be authorized to use a particular service, or access a particular object. Instead, it can issue a proxy allowing the grantee to access an object using the rights of the authorization server itself. The proxy would be restricted to allow access to only those objects, and with only those rights, to which that principal is authorized access.

The same arguments for basing authorization on restricted proxies apply to accounting. Accounting is closely tied to authorization; in fact, the two are interdependent. Authorization depends on accounting when a server verifies that a client can pay for an operation before it is performed. Accounting depends on authorization to control the transfer of funds from one account to another.

Recent Accomplishments (June 1997 to July 1998)

Technical Plan for the Year 1998-99

Technology Transition

Technology transition for the SILDS/SEK project has proceeded along several important avenues:

Former Project Staff

last modified 07/17/98 sg