Security Infrastructure for Large Distributed Systems (SILDS)
University of Southern California
Information Sciences Institute
Kerberos provides for the secure authentication of principals across
computer networks. The addition of support for authentication using
public-key cryptography or digital signature methods enhances the
utility of Kerberos. Such support allows Kerberos to make use of the
same infrastructure that is being used for other services (e.g. PGP,
SSL, SET, X.509). Such extensions benefit both Kerberos and the public
key infrastructure and increase the impact of any security
infrastructure that uses Kerberos as a base.
Infrastructure to provide authorization and accounting services that
can be used across open networks is being developed. These are based
on Kerberos' restricted proxies. A restricted proxy is an
authentication credential that allows an individual or process (the
grantee) to act on behalf of another individual (the grantor), but
only for a restricted set of operations, and under certain
conditions. Basic mechanisms for implementing restricted proxies have
been added to Kerberos. Restricted proxies provide a vehicle for
implementing a large number of flexible authorization and accounting
policies for distributed systems.
Using hardware devices such as smart cards to store long-term keys and
credentials within the Kerberos authentication system significantly
improves the level of protection, by addressing dictionary attacks as
well as Trojan horses. Our implementation is being carried out in a
stepwise manner. At the present time, only the user's secret key is
being stored on the card. This will be followed by storing multiple
session credentials as well as public keys on the card.
An authorization service can be implemented on top of restricted
proxies by making a subtle change in the way one thinks about such a
service. An authorization service need not directly specify that a
particular principal be authorized to use a particular service, or
access a particular object. Instead, it can issue a proxy allowing the
grantee to access an object using the rights of the authorization
server itself. The proxy would be restricted to allow access to only
those objects, and with only those rights, to which that principal is
The same arguments for basing authorization on restricted proxies
apply to accounting. Accounting is closely tied to authorization; in
fact, the two are interdependent. Authorization depends on accounting
when a server verifies that a client can pay for an operation before
it is performed. Accounting depends on authorization to control the
transfer of funds from one account to another.
Recent Accomplishments (June 1997 to July 1998)
- Developed and demonstrated a software package for using PC cards
(also called PCMCIA cards) with Kerberos. Users can store their
long-term key on a PC card, which in turn is locked with the user's
secret PIN. This "two-pronged" authentication--what the user knows
(the password) plus what she has in her possession (the card)--reduces
the vulnerability of the user's Kerberos account to keyboard-trapping
Trojan horses and to bad password choice. We have integrated our
extensions to Kerberos to work with Eudora Pro (Version 3.03 or
newer) a popular COTS mail client.
- Reworked the PKINIT draft under consideration in the Internet
Engineering Task Force (IETF) as a proposed standard, to accept
PKCS-7 (CMS) style message structures. This aids interoperability
with many vendors, including Microsoft, who are implementing PKINIT
using an API that only allows access to public key data through the
- The IETF provides a venue for technology transfer, and
participation has paid off through adoption of the technology by
Microsoft and other vendors.
- Revised the PKCROSS draft under consideration in the IETF for
adoption as a proposed standard, to make direct use of the PKINIT
protocol. In particular, the key shared by local and remote KDCs is
established as a session key exchanged through the PKINIT
mechanism. This revision allows extensions to PKINIT to be inherited
by PKCROSS without requiring any extra specification work and with
significantly reduced implementation overhead.
- Revised the Kerberos Internet RFC for re-submission to the IETF.
These revisions include the definition of Triple-DES encryption for
Kerberos, and authorization extensions. For authorization, several
authorization data elements carried in the authorization data field
have been specified to promote interoperability between authorization
mechanisms built using Kerberos. These revisions have been submitted
to the IETF as an Internet draft and it is anticipated that these
should move forward to becoming Internet standards.
- A new secure version of ARDP transport protocol has been designed
and developed. ARDP is a lightweight, reliable request-response type
transport protocol. The built-in security context now enables the
protocol to provide secure client-server communications. The
functionality includes data privacy and integrity functions, such as
Kerberos-based encryption, authentication, and integrity. Development
on ARDP spans DARPA funded SILDS, GOST, and SOAP projects.
Technical Plan for the Year 1998-99
- Develop the SEK PC card package into a production quality
implementation that can be "wrapped" and distributed, along with
applications that can be configured to operate with the "SEK-ized"
- Continue to shepherd the PKINIT, PKCROSS, and revision to the
Kerberos RFC for adoption as Internet standards.
- Update the reference implementations of the PKINIT and PKCROSS
drafts to conform to the new/revised specifications.
- Design, develop and deploy restricted proxies for use with
general-purpose authorization servers. This effort builds upon the
body of work already produced for the NetCheque accounting server.
- Design, implement and deploy production authorization servers
described above, including a library that uses restricted proxies to
support capabilities, interaction with authorization and group
services, and delegation.
Technology transition for the SILDS/SEK project has proceeded along
several important avenues:
- Microsoft Corporation has announced that it will include Kerberos
and PKINIT as part of their Windows NT 5.0 release.
- Design documents and protocol specifications supporting public
key cryptography (for both initial authentication and cross-realm
authentication) and digital signatures in Kerberos have been presented
at the IETF's Common Authentication Technology (CAT) working group
meetings and the Kerberos mailing list.
- Reference implementations of these drafts as well as accounting
libraries are being fed back to MIT, where they are being made
available as part of the standard MIT Kerberos software releases. ISI
has worked closely with interested parties and vendors during the
design, implementation, and delivery of the software, to aid them in
integrating these libraries with their systems.
- CyberSafe Corporation is producing a commercial implementation of
some of these protocol changes, and is actively interested in
incorporating our extensions to use smart cards. The Defense
Information Systems Agency (DISA) is also interested in utilizing
Kerberos technology being developed under SILDS/SEK.
- Design documents and protocol specifications of the authorization
mechanisms, similar to the above public key enhancements to Kerberos,
will be presented for comment to the CAT working group of the
IETF. Software implementations will also be distributed through
Former Project Staff
- Gennady Medvinsky
- Charlie Lai
last modified 07/17/98 sg