The use of Encryption in Kerberos for Network Authentication

  • John T. Kohl
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 435)


In a workstation environment, the user often has complete control over the worksta- tion. Workstation operating systems therefore cannot be trusted to accurately identify their users. Some other method of authentication is needed, and this motivated the design and implementation of the Kerberos authentication service.

Kerberos is based on the Needham and Schroeder trusted third-party authentication model, using private-key encryption. Each user and network server has a key (like a password) known only to it and the Kerberos database. A database server uses this knowledge to authenticate network entities to one another.

The encryption used to achieve this authentication, the protocols currently in use and the protocols proposed for future use are described.


  1. [l]
    Dorothy E. Denning and Giovanni Maria Sacco. Timestamps in Key Distribution Protocols. Communications of the ACM, 24(8):533–536, August 1981.CrossRefGoogle Scholar
  2. [2]
    R. R. Jueneman et al. Message Authentication. IEEE Communications, 23(9):29–40, September 1985.CrossRefGoogle Scholar
  3. [3]
    Steven P. Miller. Private communication.Google Scholar
  4. [4]
    Steven P. Miller, B. Clifford Neuman, Jeffrey I. Schiller, and Jerome H. Saltzer. Section E.2.1: Kerberos Authentication and Authorization System. Project Athena Technical Plan, December 1987.Google Scholar
  5. [5]
    Roger M. Needham and M. D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, 21(12):993–999, Dec 78.Google Scholar
  6. [6]
    National Bureau of Standards. Data Encryption Standard. Federal Information Processing Standards Publication, 46, 1977.Google Scholar
  7. [7]
    National Bureau of Standards. DES Modes of Operation. Federal Information Processing Standards Publication, 81, 1980.Google Scholar
  8. [8]
    Jennifer G. Steiner, B. Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. Usenix Conference Proceedings, pages 183–190, February 1988.Google Scholar
  9. [9]
    Victor L. Voydock and Stephen T. Kent. Security mechanisms in high-level network protocols. Computing Surveys, 15(2):135–171, June 1983.CrossRefMathSciNetGoogle Scholar
  10. [10]
    R. W. Watson. Timer-Based Mechanisms in Reliable Transport Protocol Connection Management. Computer Networks, 5, 1981.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • John T. Kohl
    • 1
  1. 1.MIT Project AthenaDigital Equipment CorporationCambridge

Personalised recommendations