SILDS

Security Infrastructure for Large Distributed Systems (SILDS)

University of Southern California
Information Sciences Institute

Project Staff

B. Clifford Neuman, Scientist and Research Assistant Professor(Project Leader and Senior Scientist)
Gene Tsudik, Senior Scientist
Brian Tung, Scientist
Sridhar Gullapalli, Systems Programmer
Nader Salehi, Programmer Analyst
Tatyana Ryutov, Graduate Research Assistant
Becky Jordan, Project Support
Jeanine Yamazaki, Project Support

Technical Approach

Kerberos provides for the secure authentication of principals across computer networks. The addition of support for authentication using public-key cryptography or digital signature methods enhances the utility of Kerberos. Such support allows Kerberos to make use of the same infrastructure that is being used for other services (e.g. PGP, SSL, SET, X.509). Such extensions benefit both Kerberos and the public key infrastructure and increase the impact of any security infrastructure that uses Kerberos as a base.

Infrastructure to provide authorization and accounting services that can be used across open networks is being developed. These are based on Kerberos' restricted proxies. A restricted proxy is an authentication credential that allows an individual or process (the grantee) to act on behalf of another individual (the grantor), but only for a restricted set of operations, and under certain conditions. Basic mechanisms for implementing restricted proxies have been added to Kerberos. Restricted proxies provide a vehicle for implementing a large number of flexible authorization and accounting policies for distributed systems.

Using hardware devices such as smart cards to store long-term keys and credentials within the Kerberos authentication system significantly improves the level of protection, by addressing dictionary attacks as well as Trojan horses. Our implementation is being carried out in a stepwise manner. At the present time, only the user's secret key is being stored on the card. This will be followed by storing multiple session credentials as well as public keys on the card.

An authorization service can be implemented on top of restricted proxies by making a subtle change in the way one thinks about such a service. An authorization service need not directly specify that a particular principal be authorized to use a particular service, or access a particular object. Instead, it can issue a proxy allowing the grantee to access an object using the rights of the authorization server itself. The proxy would be restricted to allow access to only those objects, and with only those rights, to which that principal is authorized access.

The same arguments for basing authorization on restricted proxies apply to accounting. Accounting is closely tied to authorization; in fact, the two are interdependent. Authorization depends on accounting when a server verifies that a client can pay for an operation before it is performed. Accounting depends on authorization to control the transfer of funds from one account to another.

Recent Accomplishments (June 1997 to July 1998)

Developed and demonstrated a software package for using PC cards (also called PCMCIA cards) with Kerberos. Users can store their long-term key on a PC card, which in turn is locked with the user's secret PIN. This "two-pronged" authentication--what the user knows (the password) plus what she has in her possession (the card)--reduces the vulnerability of the user's Kerberos account to keyboard-trapping Trojan horses and to bad password choice. We have integrated our extensions to Kerberos to work with Eudora Pro (Version 3.03 or newer) a popular COTS mail client.
Reworked the PKINIT draft under consideration in the Internet Engineering Task Force (IETF) as a proposed standard, to accept PKCS-7 (CMS) style message structures. This aids interoperability with many vendors, including Microsoft, who are implementing PKINIT using an API that only allows access to public key data through the PKCS-7 structures.
The IETF provides a venue for technology transfer, and participation has paid off through adoption of the technology by Microsoft and other vendors.
Revised the PKCROSS draft under consideration in the IETF for adoption as a proposed standard, to make direct use of the PKINIT protocol. In particular, the key shared by local and remote KDCs is established as a session key exchanged through the PKINIT mechanism. This revision allows extensions to PKINIT to be inherited by PKCROSS without requiring any extra specification work and with significantly reduced implementation overhead.
Revised the Kerberos Internet RFC for re-submission to the IETF. These revisions include the definition of Triple-DES encryption for Kerberos, and authorization extensions. For authorization, several authorization data elements carried in the authorization data field have been specified to promote interoperability between authorization mechanisms built using Kerberos. These revisions have been submitted to the IETF as an Internet draft and it is anticipated that these should move forward to becoming Internet standards.
A new secure version of ARDP transport protocol has been designed and developed. ARDP is a lightweight, reliable request-response type transport protocol. The built-in security context now enables the protocol to provide secure client-server communications. The functionality includes data privacy and integrity functions, such as Kerberos-based encryption, authentication, and integrity. Development on ARDP spans DARPA funded SILDS, GOST, and SOAP projects.

Technical Plan for the Year 1998-99

Develop the SEK PC card package into a production quality implementation that can be "wrapped" and distributed, along with applications that can be configured to operate with the "SEK-ized" Kerberos.
Continue to shepherd the PKINIT, PKCROSS, and revision to the Kerberos RFC for adoption as Internet standards.
Update the reference implementations of the PKINIT and PKCROSS drafts to conform to the new/revised specifications.
Design, develop and deploy restricted proxies for use with general-purpose authorization servers. This effort builds upon the body of work already produced for the NetCheque accounting server.
Design, implement and deploy production authorization servers described above, including a library that uses restricted proxies to support capabilities, interaction with authorization and group services, and delegation.

Technology Transition

Technology transition for the SILDS/SEK project has proceeded along several important avenues:

Microsoft Corporation has announced that it will include Kerberos and PKINIT as part of their Windows NT 5.0 release.
Design documents and protocol specifications supporting public key cryptography (for both initial authentication and cross-realm authentication) and digital signatures in Kerberos have been presented at the IETF's Common Authentication Technology (CAT) working group meetings and the Kerberos mailing list.
Reference implementations of these drafts as well as accounting libraries are being fed back to MIT, where they are being made available as part of the standard MIT Kerberos software releases. ISI has worked closely with interested parties and vendors during the design, implementation, and delivery of the software, to aid them in integrating these libraries with their systems.
CyberSafe Corporation is producing a commercial implementation of some of these protocol changes, and is actively interested in incorporating our extensions to use smart cards. The Defense Information Systems Agency (DISA) is also interested in utilizing Kerberos technology being developed under SILDS/SEK.
Design documents and protocol specifications of the authorization mechanisms, similar to the above public key enhancements to Kerberos, will be presented for comment to the CAT working group of the IETF. Software implementations will also be distributed through MIT.

Former Project Staff

Gennady Medvinsky
Charlie Lai

last modified 07/17/98 sg