Kerberos: an authentication service for computer networks

@article{Tso1994KerberosAA,  title={Kerberos: an authentication service for computer networks},  author={Theodore Ts’o and Smitha Sundareswaran and Chi Tsong Su},  journal={IEEE Communications Magazine},  year={1994},  volume={32},  pages={33-38},  url={https://api.semanticscholar.org/CorpusID:45031265}}
The authors concentrate on authentication for real-time, interactive services that are offered on computer networks, which includes remote login, file system reads and writes, and information retrieval for applications like Mosaic.

Figures from this paper

1,543 Citations

IAuth: An authentication system for Internet applications

IAuth is designed, which provides secure distribution of cryptographic keys while establishing authenticity between a user and a Web-based application, and there is no need for a user to possess a cryptographic key if the application requires data encryption or digital signing.

Implementation of Authentication and Transaction Security based on Kerberos

This project tried to implement authentication and transaction security in a Network using Kerberos, embedded with Authentication Server application and used to derive a 64 bit key from user's password.

Kerberos Active Directory for HP Thin Clients

KAD is a protocol for client, server and a third party user, to perform security verifications for users and services, and Kerberos Active Directory security protocol is used to authenticate Thin Client users.

ENHANCED KERBEROS AUTHENTICATION FOR DISTRIBUTED ENVIRONMENT

The need for an additional Session Key and a nonce to be used between the Authentication Server (AS) and Client i.e. Alice helps to make the security stronger and Kerberos environment to prevent such attacks.

Security management in Kerberos V5 for GSM network

This application aims at using Kerberos V5 to secure the communication between a J2Me MIDlet communicating over the GPRS, and a Banking Transaction Server.

Authentication over Internet Protocol

The concept consists in providing the receiver with the possibility to determine sender՚s identity at the Internet layer level, which provides both the capability of defence against DoS attacks and possibility of utilizing the presented model over existing Internet network, which is directly responsible for transmission.

Kerberos Style Authentication and Authorization through CTES Model for Distributed Systems

An authentication and authorization model for distributed systems and an improvement over Kerberos protocol to authenticate the users and to access the services and resources that offsets certain limitations of KerberOS are described.

Distributed authentication system to access data in multiple secure domains

An authentication scheme based on Kerberos to access data in multiples domains is presented in this paper and a keys distribution architecture is added to authentication scheme in order to authenticate the Kerberos servers in a secure way.

Forensic Search for Traces of Unauthorized Access Using the Kerberos Authentication Protocol

It is necessary to analyze the most popular type of attack using Kerberos authentication protocol, in particular, what traces remain in logs and determine a more secure usage environment offering mitigation and response precautions.
...

14 References

Kerberos: An Authentication Service for Open Network Systems

An overview of the Kerberos authentication model as imple- mented for MIT's Project Athena is given, which describes the protocols used by clients, servers, and Kerbero to achieve authentication.

Limitations of the Kerberos authentication system

A number of problems in the Kerberos authentication system, a part of MIT's Project Athena, are discussed, and solutions to some of them are presented.

The Kerberos Network Authentication Service (V5)

This document gives an overview and specification of Version 5 of the protocol for the Kerberos network authentication system, presently in production use at MIT's Project Athena, and at other Internet sites.

A note on the use of timestamps as nonces

Kehne, Schonwalder, and Langendorfer have proposed a nonce-based protocol for multiple authentications that they claim improves upon the Kerberos protocol because it does not depend on the presence of synchronized clocks.

Using encryption for authentication in large networks of computers

Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of

Internet Privacy Enhanced Mail

Privacy Enhanced Mail (PEM) consists of extensions to existing message processing software plus a key management infrastructure. These combine to provide users with a facility in which message

Proxy-based authorization and accounting for distributed systems

    B. C. Neuman
    Computer Science
    [1993] Proceedings. The 13th International…
  • 1993
It is shown that the proxy model for authorization can be used to support a wide range of authorization and accounting mechanisms and strikes a balance between access-control-list anti capability-based mechanisms.

A method for obtaining digital signatures and public-key cryptosystems

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.

Toward a national public key infrastructure

Public key cryptography will play an important role in providing these services, and users will require confidentiality, message integrity, sender authentication, and sender non-repudiation.

Timestamps in key distribution protocols

It is shown that key distribution protocols with timestamps prevent replays of compromised keys and have the additional benefit of replacing a two-step handshake.

Related Papers

Showing 1 through 3 of 0 Related Papers