Lecturer: Professor Fred B. Schneider
Notes by: Vicky Weissman
Lecture Date: 2/17/00
·
Threats
·
Requirements
·
Protocol
·
Practical
Concerns
Kerberos was designed to provide authentication, despite passive wiretapping and replay attacks.
· Reliable
· Transparent
· Scalable – both in terms of the number of supported hosts and in the system’s ability to interact with outside hosts.
The 3 main phases of the protocol are given below:
Phase 1: User A gets the credentials that are needed to request access to a service.
Phase 2: User A gets credentials for access to a specific service B.
Phase 3: A presents credentials to B
Practical Concerns
· All hosts have to trust KDC
· KDC is a centralized point
o bad for reliability
o bad for performance
Replication can improve reliability and performance. Specifically, we can have a master KDC with a read/write copy of the key database and n replicas that have read-only copies of the database. The databases could have encrypted timestamps to avoid replay attacks and could have encrypted checksums to avoid splicing attacks (split DB and add a new record). A KDC hierarchy can be created to fit the size of the user community.