Abstract
In a workstation environment, the user often has complete control over the worksta- tion. Workstation operating systems therefore cannot be trusted to accurately identify their users. Some other method of authentication is needed, and this motivated the design and implementation of the Kerberos authentication service.
Kerberos is based on the Needham and Schroeder trusted third-party authentication model, using private-key encryption. Each user and network server has a key (like a password) known only to it and the Kerberos database. A database server uses this knowledge to authenticate network entities to one another.
The encryption used to achieve this authentication, the protocols currently in use and the protocols proposed for future use are described.
Download to read the full chapter text
Chapter PDF
References
Dorothy E. Denning and Giovanni Maria Sacco. Timestamps in Key Distribution Protocols. Communications of the ACM, 24(8):533–536, August 1981.
R. R. Jueneman et al. Message Authentication. IEEE Communications, 23(9):29–40, September 1985.
Steven P. Miller. Private communication.
Steven P. Miller, B. Clifford Neuman, Jeffrey I. Schiller, and Jerome H. Saltzer. Section E.2.1: Kerberos Authentication and Authorization System. Project Athena Technical Plan, December 1987.
Roger M. Needham and M. D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, 21(12):993–999, Dec 78.
National Bureau of Standards. Data Encryption Standard. Federal Information Processing Standards Publication, 46, 1977.
National Bureau of Standards. DES Modes of Operation. Federal Information Processing Standards Publication, 81, 1980.
Jennifer G. Steiner, B. Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. Usenix Conference Proceedings, pages 183–190, February 1988.
Victor L. Voydock and Stephen T. Kent. Security mechanisms in high-level network protocols. Computing Surveys, 15(2):135–171, June 1983.
R. W. Watson. Timer-Based Mechanisms in Reliable Transport Protocol Connection Management. Computer Networks, 5, 1981.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1990 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kohl, J.T. (1990). The use of Encryption in Kerberos for Network Authentication. In: Brassard, G. (eds) Advances in Cryptology — CRYPTO’ 89 Proceedings. CRYPTO 1989. Lecture Notes in Computer Science, vol 435. Springer, New York, NY. https://doi.org/10.1007/0-387-34805-0_5
Download citation
DOI: https://doi.org/10.1007/0-387-34805-0_5
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-97317-3
Online ISBN: 978-0-387-34805-6
eBook Packages: Springer Book Archive