Kerberos: Authentication with some drawbacks |
 |
By Bill Brenner, Senior News Writer
02 Apr 2008 | SearchSecurity.com |
|
|
Most people don't realize it, but they use Kerberos whenever they log on to their computer.
It's one of the most-widely used authentication methods today, developed at MIT under the leadership of Project Athena in the 1980s. Its purpose, computer scientist and Kerberos expert Brian Tung says in his "Moron's Guide to Kerberos" paper, is to let users and services demonstrate their identity to each other.
|
|
|
|
|
Unless your using smart cards, Kerberos is vulnerable if the local machine is compromised and malware captures the password.
Sam Hartman,
chief technologist, MIT Kerberos Consortium
|
|
|
|
|
|
|
|
|
|
Based on the Needham-Schroeder protocol, Kerberos -- named after the three-headed dog that guarded the entrance to Hades in Greek mythology -- relies on a trusted third party or key distribution center divided into two separate pieces: an authentication server and ticket-granting service. The joint project begun in 1983 between the Massachusetts Institute of Technology (MIT), IBM and Digital Equipment Corp. Kerberos went live in the fall of 1987.
The protocol does have its drawbacks.
One of the most notable papers on the subject, "Limitations of the Kerberos Authentication System," by experts Steven M. Bellovin and Michael Merritt, was published in the early 1990s when the duo worked for AT&T Bell Laboratories.
One weakness is that Kerberos requires the continuous availability of a central server. Knock out the Kerberos server and no one can log in. This can be mitigated by using multiple Kerberos servers. The technology is also sensitive to clock settings, and won't work properly unless the clocks of the involved hosts are synchronized. Default configuration requires that clock times are no more than 10 minutes apart.
Meanwhile, the administration of the protocol is not standardized and differs between server implementations. And since the secret keys for all users are stored on the central server, a compromise of that server will compromise all users' secret keys.
Sam Hartman, the MIT Kerberos Consortium's chief technologist, acknowledges the drawbacks, saying, "Unless your using smart cards, Kerberos is vulnerable if the local machine is compromised and malware captures the password." A remedy for that is to ditch passwords in favor of something like smart cards. He said another solution, something Microsoft has done to some extent, is to make Kerberos a trusted component of the operating system that's more isolated than other components.
Despite the drawbacks, the makers of Kerberos have a lot to be proud of, said security luminary Dan Geer, who played a key role in its development as a member of Project Athena. He arrived in the fall of 1985 and under his watch the bulk of Kerberos' development unfolded.
"One of the advantages of Kerberos is that the semantics of it have been proven correct," Geer said. "It's nice to know that if implemented correctly, it does work."
|
|
|
|
