We show that the Kerberos Authentication System can relax its requirement for synchronized clocks, with only a minor change which is consistent with the current protocol.
Synchronization has been an important limitation of Kerberos ; it imposes political costs and technical ones.
Further, Kerberos'reliance on synchronization obstructs the secure initialization of clocks at bootstrap.
Perhaps most important, this synchronization requirement limits Kerberos'utility in contexts where connectivity is often intermittent.
Such environments are becoming more important as mobile computing becomes more common.
Mobile hosts are particularly refractory to security measures, but our proposal gracefully extends Kerberos even to mobile users, making it easier to secure the rest of a network that includes mobile hosts.
An advantage of our proposal is that we do not change the Kerberos protocol per se ; by reinterpreting an unused challenge-response handshake in the standard Kerberos protocol, we convey just enough replay protection to authenticate the initial ticket and its timestamp to an unsynchronized client, without adding process-state to the system's servers.
We have implemented this protocol in the MIT Kerberos V5 source-distribution.
Mots-clés Pascal : Article synthèse, Protocole réseau, Norme, Système sécurité, Synchronisation, Sécurité donnée, Expérience
Mots-clés Pascal anglais : Kerberos authentication system, Mobile computing, Mobile host, Reviews, Network protocols, Standards, Security systems, Synchronization, Security of data, Experiments
Notice produite par :
Inist-CNRS - Institut de l'Information Scientifique et Technique
Cote : 97-0189421
Code Inist : 001D02B07B. Création : 21/05/1997.