CS 736 Reviews - Spring 2017

Thanks for the sensible critique. Me & my neighbor were just preparing to do a little research about this. We got a grab a book from our local library but I think I learned more clear from this post. I am very glad to see such magnificent information being shared freely out there.

1. Summary

This paper present kerbersos which is a protocol used for secure authentication of users and hosts in a network of workstation. The system consists of an authentication server which stores the private keys for all the clients in a read-only database. There is an administrative server as well in which the info for clients is added at registration time.

2. Problem

In a network of workstations different hosts should be able to reliably prove their identities to each other for security reasons. The techniques used at the time mostly used source IPs on the received packets to identify a host which is insufficient because IPs can be spoofed.

3. Contributions

The main contribution of this paper is the design and implementation of kerberos protocol which provides a way for clients and servers to prove their identities to each other using a third party authentication server. When a user logs in to a host in the network, the host transparently sends the user's credentials to the kerberos server which grants a ticket to the user if the user exists in the database. For network security this ticket is encrypted with client's private key which is known only by the client and the authentication server. The client then uses this ticket to prove its identity to other servers in its subsequent communication. The ticket has an expiration date.
Kerberos also has an administration server which adds the clients to the database at registration. This includes storing the private keys of the client. This database is then replicated to multiple authentication servers using database replication protocols. Keberos also provides multiple levels of authentication depending upon the needs of an application.

4. Evaluation

The authors hardly provide any evaluation. They however state that the system has been working on a 5000 hosts network at MIT for more than a year is a quite strong indication that the system works.

5. Confusion
What would happen if the administrative database goes down? Will the whole network stall?

1. Summary
This paper describes Kerberos, an authentication service for distributed computing environments. Kerberos uses symmetric keys to authenticate with any replica of the master database, and changes performed by admistrators to the master database are propagated lazily to all slaves.

2. Problem
In distributed computing environments such as MIT's Project Athena and Sun's NFS, a malicious user can spoof IP addresses to pretend to be another user. In other words, the identity of the user is tied to the IP address of a machine, not the real-world identity of the user. In a closed computing environment, each user can prove their real-world identity by logging in with a username and password on a machine that performs access control checks. In a more open environment, the user must prove their identity to each service, which performs access control checks as appropriate. Kerberos is designed for the open environment case.

3. Contributions
Kerberos uses tickets built on symmetric-key cryptography to prove the identity of a user to a service. The Kerberos databases (master or slave) are trusted, and therefore know all private keys. The slaves are synchronized with the master once every hour. Both the authentication servers and the ticket-granting servers have access to all private keys. Users use a session key to encrypt communication with a service.

When logging in, a Kerberos user only sends their username and the name of a ticket-granting service (TGS) to the authentication server. The response from the authentication server contains a session key for use between the client and the TGS, and an encrypted ticket-granting ticket. The user can decrypt all of this using their private key, which is based on their password. To get a ticket for a server, the user sends the server name, the encrypted ticket-granting ticket, and an authenticator to the TGS, which responds with a session key for use between the client and the service, and an encrypted ticket. THe user decrypts all of this using the session key between the user and the TGS. Then, the user communicates similarly with the desired service as with the TGS.

4. Evaluation
The paper does not have an evaluation section. It would have been nice to see the performance overhead of using Kerberos over the original rhosts files. The authors describe some of the attacks that a malicious user might perform, such as replay attacks, but these are scattered throughout the text and are difficult to find.

5. Confusion
(1) The paper did not mention all of the cryptographic primitives that were available at the time. Why did Kerberos not use public-key/asymmetric cryptography, digital signatures, or hash functions? Which of these were considered "implementation details" that were omitted from the paper, and which ones did not exist at the time?
(2) Is Kerberos vulnerable to dictionary attacks, since the user's private key is based on their password? If so, how did the authors deal with this?

1. Summary
The paper presents the design and implementation details for a trusted 3rd party server authentication protocol known as Kerberos. The system uses a database of secret keys for registered users, which is used to allow two interacting users to authenticate each other and establish a trusted communication session between the two. The protocol allows for various kinds of authentication scenarios.

2. Problem
The rise of networked systems leads to a scenario where we see a rise in the number of untrusted users being introduced to the system. The paper tries to present a crpytography based authentication protocol to help identify users (both client/servers) and establish a trusted connection between the two. The Previous systems available at the time lacked cryptographic guarantees, hence were weak and vulnerable to various attacks.

3. Contributions
The primary contribution of this paper is the Kerberos Protocol itself. The authors show that they can allow for a trusted connection between two communicating entities with the help of a trusted third party. The protocol itself feels like it can support most of the basic authentication patterns such as Role based, Access Token based authentication and allows for timed secure sessions as part of the protocol itself.

4. Evaluation
The authors present their experience of a Sun NFS system using kerberos. The reader can assume that is presented as a form of evaluation and proof that the system can scale, but why not a explicit explanation of the same. But the authors lack of any discussion regarding specific attack methods and their prevention helped by the system doesn't help the case.

5. Confusion
The big advantage of the protocol seems that it seems adaptable and expandable. But I felt that just using passwords to generate the secret key could be kind of insecure, as the secret key could be guessed ? Secondly the kerberos server needs to be trusted (the core assumption), how well does this handle a man in the middle attacks, where lets say the attacker tries to act as the kerberos server itself?

Summary
This paper introduces how to implement an authentication service called Kerberos in open network system. The main goal of this system is to provide secure, reliable, transparent and scalable authentication service that can be widely used in distributed systems like network filesystem.

Problems
The problem this paper tries to solve is authentication in open network system. Unlike the closed environment where all machines are controlled, there has to be some mechanism to verify where the request comes from, does the client has the priority to do such a request, and is the server the correct one to handle the request. Also, some authentication methods can be easily fooled by faking IP address or replay the request. So, this paper tries to propose a method to prove the identity of both client and server.

Contributions
The main contribution of this paper is the authentication protocol. There are Kerberos server, ticket granting server, servers to provide other services, and clients. Client can use provide password to authenticate itself by a Kerberos server using the Kerberos database. Client can get ticket for TGS server, and use this to contact TGS server to get server ticket, and finally, use server ticket to request the application server for a specific service.
This protocol uses ticket as a way of authentication control and all the ticket transfers are properly encrypted. Replay is handled by timestamp in ticket, and there are special protocols for getting the initial ticket. All of these provides a secure authentication system. Password database is replicated among different machines to provide high availability. For end users, the whole ticket granting details are transparent, and people do not need to modify a lot of code to use Kerberos.

Evaluation
This paper is not focused on performance or scalability, but on the correctness of the authentication protocol. There is not an evaluation section in this paper, but the author says their system has been used for a long time, and serves as an application system in SUN’s network file system, this is kind of a proof that the authentication protocol is correct.

Confusion
1. What is Needham and Schroeder key distribution protocol, is that a previous authentication protocol? What is the difference between Kerberos and this Needham one? Is Kerberos a wrapper of Needham protocol in open network setting?
2. About database replication, the database is synchronized every hour? Is that acceptable in real applications?

Summary
This paper introduces how to implement an authentication service called Kerberos in open network system. The main goal of this system is to provide secure, reliable, transparent and scalable authentication service that can be widely used in distributed systems like network filesystem.

Problems
The problem this paper tries to solve is authentication in open network system. Unlike the closed environment where all machines are controlled, there has to be some mechanism to verify where the request comes from, does the client has the priority to do such a request, and is the server the correct one to handle the request. Also, some authentication methods can be easily fooled by faking IP address or replay the request. So, this paper tries to propose a method to prove the identity of both client and server.

Contributions
The main contribution of this paper is the authentication protocol. There are Kerberos server, ticket granting server, servers to provide other services, and clients. Client can use provide password to authenticate itself by a Kerberos server using the Kerberos database. Client can get ticket for TGS server, and use this to contact TGS server to get server ticket, and finally, use server ticket to request the application server for a specific service.
This protocol uses ticket as a way of authentication control and all the ticket transfers are properly encrypted. Replay is handled by timestamp in ticket, and there are special protocols for getting the initial ticket. All of these provides a secure authentication system. Password database is replicated among different machines to provide high availability. For end users, the whole ticket granting details are transparent, and people do not need to modify a lot of code to use Kerberos.

Evaluation
This paper is not focused on performance or scalability, but on the correctness of the authentication protocol. There is not an evaluation section in this paper, but the author says their system has been used for a long time, and serves as an application system in SUN’s network file system, this is kind of a proof that the authentication protocol is correct.

Confusion
1. What is Needham and Schroeder key distribution protocol, is that a previous authentication protocol? What is the difference between Kerberos and this Needham one? Is Kerberos a wrapper of Needham protocol in open network setting?
2. About database replication, the database is synchronized every hour? Is that acceptable in real applications?

1. Summary:
This paper describes kerberos, which is a distributed authentication mechanism to verify user's identities in open network systems. The papers explains the working of the protocol and discusses the software components that are involved in building such a mechanism, and the view of the Kerberos from an user, programmer and administrator's perspective.

2. Problems:
To provide authentication in open network environment such as Athena is not straightforward - as it needs to honor requests from hosts not under organizational control. Besides that, there are requirements for the identification mechanism such as keeping it i)secure - prevent attacker with network knowledge from impersonating, ii)reliable - the entire reliability of the system depends on this authentication service iii)transaparent - user should not be aware of it but works seamlessly, iv)scalable - many systems can communicate with Athena hosts concurrently. Kerberos is designed to handle these requirements.

3. Contributions:
> The paper explains the Kerberos authentication which is based on a symmetric authentication protocol called Needham and Schroeder and is extended by including the use of timestamps to prevent replay attacks. Kerberos makes use of temporary private keys called session keys to encrypt messages between 2 principals.
> Kerberos provides three flexible levels of protection - 1. only authenticity at the network initiation time, 2. Authentication of each message but no encryption(safe messages) and 3. Authentication as well as encryption of each message(private messages). The programmer can decide the level of protection needed based on the application's requirements.
> Kerberos is designed to use independent and replaceable modules such as Encryption library and the Kerberos database. The Kerberos database contains the name, private key and expiration date for each principal.
The administration server called KDBM provides a read/write interface where as an authentication server just needs access to read only copy of original database, hence authentication server also reduces the load on original database server.
> The authentication mechanism uses 2 type of credentials - a. tickets - which is used to securely pass the identity of the person to whom the ticket was issued between authentication server and end server ;once a ticket is issued, it can be used multiple times to gain access to the name server. b. authenticator - which contains additional information which when compared with information in ticket proves the client holding the ticket is the one to which ticket was presented in first place.
> The idea of relying on the user's password to properly authenticate him/her i.e, during the initial authentication of user with the Kerberos server and at the same time minimizing the chance that the password will be compromised. This is achieved by reusing the ticket and session key after it's obtained the first time.

Evaluation:
Besides the details about the production usage of kerberos in Athena where it was used to authenticate 5000 users on 650 workstations and 65 servers, the authors haven't provided any details of the practical implementations of kerberos systems. The paper however discusses about the open issues and limitations in Kerberos such as deciding the correct lifetime of a ticket, preventing the weakest link that exists in the form need to ensure the integrity of the software.

Confusions:
It seems to me that Kerberos is still not fool proof to password guessing attacks. Can you clarify?
Can you explain how single sign on works with in the context of Kerberos?

Summary:
This paper presents Kerberos – an access control technique for open networked systems wherein
a trusted third-party authentication service is used to verify users’ identities. The paper discusses in detail about protocols used for authentication (individual authentication and mutual authentication), management of data relevant for identity verification, and interaction of Kerberos with various applications.
Problem:
Unlike non-networking systems, it is unreasonable to rely on physical security for managing access in open networked systems. Also, unlike closed environment where an organization has control over and can trust all systems or semi-closed environment where users can be trusted selectively depending on organization by using internet address, it is not possible in unqualified open network. In open networked systems, clients have full control of system which means they can’t be expected to behave in a particular way and also, clients and servers both should be able to prove their identity as some other system might be trying to act as fraudulent authenticated server.
Contributions:
1. Provides secure, reliable, transparent and scalable third party service for access control and client identity verification in open networked systems.
2. Uses three phase authentication – i) In 1st phase, client gets the credential from Authentication Server which (s)he needs to present to Ticket Granting Server for requesting access to service(s), ii) In 2nd phase, the user requests authentication for a specific service, ii) In 3rd phase, the user presents those credentials to the end server which can decrypt authenticator, and if needed server can prove its identity to client by providing timestamp+1 encrypted with session keys to client.
3. Generates temporary (session) keys for mutual authentication between two parties.
4. Provides 3 distinct level of protection – 1) At setup only – authentication is done during initial setup only, 2) Safe messages – authentication is done for each message but message content is not encrypted, 3) Private messages – authentication is done for each message and all messages are encrypted.
5. Uses master slave model for data replication in order to provide reliability and fault tolerance. Modifications are made in master database only. Read-only property of slave database improves efficiency and helps in scaling the system.
6. Modular components provide flexibility by allowing themselves to be replaced by a library serving same functions.
Evaluation:
The paper does not provide a detailed evaluation by comparing itself with other techniques. It however mentions that Kerberos was being used for authentication across 5000 users, 650 workstations and 65 servers in production environment of MIT’s project Athena for more than 18 months and had satisfactory performance.
Confusion(s):
While discussing about guaranteeing integrity of the software running on a public workstation, they recommended users to have a smartcard capable of encryptions. Is this the best we can do? Are there better ways to guarantee integrity?

Summary

The paper describes the design and implementation of Kerberos, a third party authentication service to verify users’ identities. It is particularly useful for open networks where hosts/users which try to use the network resources are not monitored in anyway.

Problem

In a closed environment for example when an organization controls all the communication over the network authentication is not an issue. But when there is no control what hosts can use the network resources authentication becomes a fundamental building block for a secured networked environment. In such cases every user must prove his/her identity for each desired service.

The main challenges in doing this are:
1. Must be secure .i.e no user must be able to obtain information that could enable him/her to impersonate another user.

2. Must be reliable.

3. Must be scalable as many systems can join in to communicate with end hosts.

Contributions

Kerberos uses a number of mechanisms to address the issues discusses above.
1. It uses a private key to secure communication between a principal and an authentication server. Similarly it uses a session known only to client and an send server to secure communication between them. This is how it ensures that there is no chance for eavesdropping.

2. It designed a protocol to establish a client and an end server. Once a connection is established a ticket is issued to the client which it passes directly to the end server for all further communication for as long as the ticket is valid.

3. It uses a number of read only replicas of Authentication Service mainly used for connection establishment and renewal. This aids in efficient scaling of the network.

4. All write requests to the Kerberos Database have to go to the master, which then updates all the slave read only replicas. This ensures consistency and reliability.

5. Kerberos made authentication transparent for the end user as it needs only the username and password from the user. Also it provides an easy to use application library for developers to integrate their applications with Kerberos.

Evaluation

The paper doesn’t talk a lot about the performance and effects of Kerberos on the system. However it has served well for 5000 thousand users on 650 workstations and 65 servers for over an year and also it has been integrated with Sun NFS.

Confusion

1. To my understanding every time a ticket is expired or deleted a new request for ticket-generating ticket is sent to the authentication service and the whole process is repeated again. Why can’t the TGS be a part of the authentication service as generating a new ticket for end services is just an extension of what Authentication Service is already doing. Is there a strong reason for the decoupling?

2. It is not clear to me how does an end server decrypt a ticket? Is there a special key for this?

Summary

The paper introduced Kerberos, which is a trusted third-party authentication service used to verify users' identities. The paper started by describing how Kerberos works by introducing the software components of Kerberos. Then it went on to introduce the protocols used by clients, servers and Kerberos to achieve authentication. The paper also discussed the management and replication of Kerberos database and view of Kerberos from the user, programmer and the Administrator. In the end, the paper described the integration of Kerberos into NFS.

Problem

With the Athena environment that the Kerberos was part of, requests from hosts that are not under organization control must be accepted as well. Thus, the user must prove the user's identity for each desired service. Meanwhile, the server must also be able to prove its identity as well. As the paper mentioned, it is not sufficient to physically secure the host running a network server as someone elsewhere on the network might pretend to be the given server.

Kerberos is provide authentication to meet the challenges mentioned above and satisfy the following requirements.
1. Secure, so that it won't be the weak link
2. Reliable, as many services will be depending on it
3. Transparent, from the users' view
4. scalable

Contribution

Kerberos was designed to be secure and reliable so that its principles can trust Kerberos' judgement on the identity of their clients to be accurate. Kerberos also used timestamps to detection the replay attack.

Three distinct levels of protection is provided by Kerberos to satisfy the needs of different requests.
1. Authenticity only need to be established at the initiation of a network connection
2. Authentication required for each message but no need to encrypt message
3. Each message is both authenticated as well as encrypted

Kerberos uses two types of credentials: tickets and authenticators. Tickets used to securely pass the identity of the party that the ticket was issued and authenticator contains the additional information which can prove that the client presenting the ticket is the same one to which the ticket was issued.

Ticket-grant service grants the ticket for initial connection The only piece of information that can prove the user's identity is the user's password. Later, in order to gain access to the server, the user application would build an authenticator containing the client's name and IP address and the current time.

When it comes to the Kerberos Database Management Service (KDBM), changes may only be made to the master Kerberos data base while the copies on slave servers are all read only. The master database is dumped every hour to address the problem of data consistency.

Evaluation

According to the paper, in 1986, a prototype version of Kerberos went into production and in 1987, Kerberos had been Project Athena's only authenticating method servicing 5000 users, 650 workstations and 65 servers.

Confusion

Mentioned on Wikipedia, Kerberos is the default authentication method for Windows since Windows 2000. As Kerberos is widely used, are there famous attacks that target Kerberos and if yes, how did Kerberos evolve to address new challenges?

Summary
The paper talks about Kerberos an authentication system designed for open network computing environments. Kerberos try to fulfil requirements of identification mechanism like secure, reliable, transparent and scalable.

Problem
Authentication is a fundamental building block for a secure networked environment, in which users have complete control over workstations. The authentication must be done from both clients and servers sides. And identification mechanism need to be secure, reliable, transparent and scalable. Kerberos tries to solve all these problems.

Contributions
The paper explains the components of Kerberos and how they play role in providing the authentication service.
Kerberos uses two kinds of credentials Tickets and Authenticators. First the client gets a initial ticket for Ticket granting server from Kerberos, which is used to get ticket for server and finally used to request the service from the server. Kerberos uses temporary session keys between two systems for encryption and decryption purposes.
Kerberos keeps database of its clients and private keys. There is a master and slave servers, the write operations are done only on master using KDBM service. All slaves have read only replica of the master’s data and used to server authentication service. Write operations to master are handled specially and password is needed for every transaction avoiding the intruders from gaining access when the user is away and logged in. Data is kept consistent between masters and slaves by syncing the whole data from master to slaves every hour.

Confusions
I didn’t quite get how they resolved the proxy problem.
I also didn’t understand their reason to change the NFS code and introduce system calls to integrate Kerberos.

Summary:
Kerberos is a trusted third-party authentication system used in open network computing environment, to identify users. The paper provides detailed explanation of authentication protocols used by kerberos, its view with respect to user, programmer and administrator , management of kerberos database and a use case of how kerberos can be integrated with applications.
Problem:
Non-networked systems can be protected by physically securing them. In a closed environment where all the hosts are under control, the host can be trusted to prove the identity of the users logged into it. But in a open network where hosts are not under organizational control and users have complete control of workstations, user must be required to prove his/her identity for each desired service. This requires sophisticated authentication mechanism which is secure, reliable and transparent.
Contributions:
> Kerberos provides a secure and reliable third-party authentication service for open-network computing environment to identify users, clients and server in the network.
> It provides three levels of protection for applications: authenticity established only during initial connection setup, authentication of each message (safe message) and authentication of each message along with encryption (private message).
> Kerberos maintains a private key for all the principals (user, client, server) known only to kerberos and the principal itself.
> Client requesting service must obtain a ticket and session key for the particular server from the ticket-granting server. Ticket is encrypted using server’s private key to prevent client from modifying it. Server uses the ticket to identify the user and authenticator to verify that the ticket is sent by the same user.
> Kerberos maintains multiple copies of the database with private key information of the principals. One is the master copy and can be updated by administration server. Others are slaves which are read-only copies that are periodically updated.
Evaluation:
Kerberos has is implemented as part of the MIT’s Athena Project and used for authenticating its 5000 users, 650 workstations and 65 servers. It has also replaced .rhosts files for controlling access to Athena’s timesharing system. The paper also presents a use case (NFS) of how kerberos can be integrated with applications.
Confusion:
How does kerberos database handle system failure during updates?

Summary
This paper talks about Kerberos, an authentication service for open network systems. It is a third-party authentication service that verifies users’ identities. Protocols used by clients, servers and Kerberos are discussed in the paper. Kerberos is secure, reliable, transparent and scalable.

Problem
In an open network environment, where an organization has no control over the hosts communicating over the network, both client and server must prove their identity to keep any malicious entity from using the services. Physically securing the server host is not sufficient to provide security as some malicious server on the network may be pretending to be the real server. Kerberos is a third party authentication service aimed at providing security to these systems.

Contributions
The contribution of this paper is the design of Kerberos. Tickets and authenticators are used to pass information in a secure manner and to make sure that the request is made by the same client to which ticket was actually issued. Authentication server(Kerberos) and ticket-granting server(TGS) are used to provide tickets for the server with which client wants to connect. First client’s username along with TGS is sent to Kerberos. Kerberos authenticates the user and sends back a ticket for accessing TGS along with a session key. Next, client sends a request to TGS which contains TGS ticket, server’s name and authenticator. TGS authenticates the client and sends back a ticket for the server. Finally, the client can access the server using the ticket obtained by the TGS. Server validates the client and if everything matches then they can communicate by using their session key.

Kerberos database contains the details of all the users. Read only access can be performed on both master and slave machines whereas write can be performed only on master. These operations are performed by Kerberos Database Management Service (KDBM) and changes are propagated to slave machine periodically. Database replication provides higher availability and better performance.

Evaluation
This paper does not provide much of the evaluation of Kerberos. Kerberos was a part of Project Athena and has been its sole means of authenticating its 500 users, 650 workstations and 65 servers.

Confusion
How is consistency maintained if data is propagated from master to slave after a long interval (1 hour)?

Summary
This paper talks about Kerberos, a trusted thrid-party authentication service in which two non-trusting parties can communicate in an open networked system with the underlying authentication process carried out transparent to the user.

Problem
Non-networking systems, resource are protected either physically or the OS provides the protection. In a closed environment, the machines from which user logs-in is trusted. In an open-networked system, a host must provide the identity information; the user doesn't have complete authority over his/her machine and as identification is done by internet address, they are prone to attacks. Kerberos tries to solve the problems with providing authentication with the following properties: 1) It must be secure (someone snooping packets shouldn't be above to impersonate a user) 2) It must be reliable (whole system's reliability depends on this) 3) It should be transparent to the user. 4) It should be scalable.

Contribution
The major contribution of the paper is the idea of how to enable secure communication between client and servers with user having to authenticate him/herself only once. The major ideas are listed below.
- Each of the Principals will have a private key with which they communicate with the kerberos during initial authentication of user.
- Kerberos responds with a with session keys between TGS, and a ticket to communicate with TGS which is encrypted using private key of tgs. The entire thing is encrypted using client's private key. Even though we might think that the client has the ticket and it can tamper the ticket, this is not possible because the ticket is encrypted using TGS's private key.
- Client send TGS a request for ticket to communicate with the server; it sends its authenticator encrypted using the session key, and server it wants to talk to.
-TGS responds with session keys for client and server, along with ticket to validate client using server's private key.
- Client forwards this ticket along with its authenticator to server. If everything valid, the server and client communicate with the session keys.

Evaluation
Though not much of evaluation is present, authors mention that Kerberos has been in use for ~2 years and 5000 users, 650 workstations and 65 servers employ kerberos. As exchange of messages between clients, Kerberos, TGS and server are small and verification of authenticity isn't much complicated, these systems should run without much overheads.

Question
Why client needs to send the "Authenticator" (Ac) to the server even though we are sending Ticket encrypted with server's private key ?

1.Summary
Kerberos is a trusted third party authentication protocol designed to be used by the systems communicating with each other on an open network architecture.The paper describes the kerberos protocol in detail and also the addition of Kerberos authentication to the SUN’s NFS.

2.Problem
In an open network architecture, where the systems don’t trust each other, for them to communicate with each other, there must be some way to authenticate the identities of each other. Thus there is a need for a protocol which both the communicating entities trust and which could be used to setup authentication between the two entities.

3.Contribution
Kerberos keeps a database of the clients and their private keys. Any service needing the authentication from the client also registers to the Kerberos. Thus Kerberos having the private keys of both the client and the services, confirms identity of client to service and vice versa. It assigns a session key to both the client and the service, which could be used by them to communicate with each other till the session expires.
Kerberos administration server provides read/write interface to the database and the kerberos authentication server provides read-only access to the database, which are normally used to obtain authentication. There can be multiple replicas of the authentication server in order to improve availability. Administrator add new clients(principals) or change the password of the existing clients by writing to the administration server through kadmin and kpasswd programs.
Kerberos authentication happens in three phases. In the first phase, the user obtains the credentials to request for authentication of services. In the second phase the user requests for authentication for specific services. In the third phase the user presents the credentials to the end machine. The credentials can be of two types: tickets, authenticators. Tickets, which include name of the server, the name of the client, the Internet address of the client, a timestamp, a lifetime, and a random session key encrypted in server’s private key. The client could use the same ticket for that particular server any number of times till the ticket expires. The authenticators are generated by the clients and could be used only once. An authenticator contains name of the client, workstation’s IP address and the current workstation time; everything encrypted using the session key.

4. Evaluation
The paper does not evaluate the kerberos authentication protocol with any other trusted third party authentication protocol.They have replaced the authentication protocol in the SUN’s NFS with Kerberos, but have not discussed the pros and cons of Kerberos over the existing one.

5.Confusion
What is the performance overhead incurred due to the use of Kerberos protocol? What are the improvements done to the Kerberos after this paper was published?

1. Summary
Kerberos provides a new approach to the authentication of users’ identities who want to use specific services hosted by servers in an open networking environment. The paper explains the robust authentication system, its functionality and provisions and the way it looks from different perspectives – user’s, programmer’s and administrator’s.

2. Problem
In a personal computer, the resources are naturally protected by physically securing it, which is not the case in a networked system. The problem of identifying trusted users and applications further complicates in an open networked environment. In an open networked environment, it becomes crucial for client to prove its identity to each service which it wishes to access and vice-versa. Three important aspects that should be considered to achieve such authentication are security, reliability and transparency.

3. Contributions
Kerberos provides a simple, transparent and robust system to authenticate the identity of clients and services. Depending on the application it provides 3 different levels of protection – authentication only at initiation, authentication of every message via safe messages and authentication and encryption of each message via private messages.
Kerberos uses a simple architecture, where the list of all the Kerberos principals and associated private keys are stored in a central database hosted on KDBM. Authentication servers are hosted on multiple workstations, which facilitate the process of guaranteeing identity of the users. These servers might host a local read-only copy of the database. The soul of the authentication system in Kerberos is the ticket. Using a ticket and authenticator allotted to a specific client for using a specific service, a client can establish its identity. The security of the authentication protocol is reliant on the private keys.
To efficiently utilize the authentication services of Kerberos, it provides multiple libraries necessary to perform different aspects of the Kerberos system. Database related libraries can be used for administrative purposes or reading data from KDBM. Similarly, it provides encryption library to facilitate the type and level of encryption required. It also provides user library to simplify the process of authentication for the user. The paper also draws analogy of the techniques used with the actual programs.

4. Evaluation
The paper explains the implementation of Kerberos on MIT’s Project Athena. The authors mention that their implementation has been ensuring authentication in the Athena system for 5000 users, 650 workstations and 65 servers. Also Kerberos succeeded in replacing the .rhosts file. The paper doesn’t provide any statistical results to prove any quantitative measures of the system like performance, cost of implementation, latency etc. The authors just provide a descriptive summary of the modifications to implement Kerberos on NFS system.

5. Confusion
1. Can please explain about the default null instance and ACLs used in KDBM?
2. How relevant is Kerberos in today’s systems?

1. Summary
This paper discusses the Kerberos authentication system used at MIT's Project Athena. Kerberos is a trusted third-party authentication service which identifies users in an open network environment.

2. Problem
In a closed network environment, the machines can be physically secured, and the users can be trusted to have been identified correctly. In an open network environment, one can only trust the machines under the control of the organization to which the network belongs. Other workstations that are not physically secured can be used to masquerade as a different server. Hence, there is a need for a secure and reliable authentication of users of the network.

3. Contributions
All servers and clients can trust a third party Kerberos server to authenticate the identities of clients and servers. The Kerberos server has two interfaces - Kerberos and TGS. A user receives a TGS ticket once they are authenticated by Kerberos. The authenticated user can then use these tickets to obtain services from other servers. Kerberos keeps a database of all of its clients and private keys. Read-only replicas of the database are created to prevent a bottleneck for authentication of users. These copies are kept consistent with a single master copy on a single machine. Protection is provided at three levels - authentication at initiation of connection, authentication of each message with unencrypted messages, and authentication of each message with encrypted messages - one of these are chosen per the requirement. Session tickets with timestamps are used to prevent attacks based on packet replays.

4. Evaluation
The evaluation is mostly based on its usage in a production setting at MIT's Project Athena. At the time of publication, it was in production for about 18 months. The authors do not provide any evaluation of the security other than qualitatively describing the system. The performance of this system is also unknown.

5. Confusion
Could you explain the fundamental protocol underlying Kerberos?

Kerberos
1. Summary
This paper is about Authentication as a service in an organisation.
An organisation can thousands of network services which need authentication and authorization before granting access to users. This paper introduces a new centralized authentication protocol which works without transmitting user’s password over the network.
2. Problem
An organization with large number of network services cannot prompt user for each access. There was a need of a centralized authentication service which can be trusted by other services in the network. Kerberos solves this problem by ensuring security, reliability, transparency and scalability, authentication being critical service.
3. Contributions
The Kerberos involves a centralized database KDBMS to store user credentials. The Authentication service queries this database to validate the authenticity of the user. The authentication service grants TGT (Ticket granting ticket), which client can use to demand access to each individual service in the network. Thus, client doesn’t need to send password over the network to any service which is a peculiar contribution of this paper. The TGT is valid for few hours typically. Clients use TGT to demand ticket and session keys for a given network service (typically a webserver). The client receives the TGS (Ticket granting service) and session keys. The client builds an authenticator packet and sends it to the desired service. The service decrypts the encrypted TGS to find session keys and ticket. The server and client use this session key to communicate securely.
Kerberos also provides tools(kpasswd) to update/modify user passwords. Kerberos also provides tools like kadmin to register new service principle names(SPNs). Tool klist can show show cached tickets in the client. The Kerberos database also has read-only replicas to provide high availability. Kerberos also support cross-domain transparent authentication with a realm field in the credential ticket.
4. Evaluation
Authors modified NFS to show usability and strength of Kerberos. The unmodified NFS suffered the security issues like masquerading of user credentials and lack of granularity in providing access controls. Authors implemented a new system call to cache mapping of IP address and User Id for active client connections. Authors also modified NFS to accept and process Kerberos tickets.
5. Confusion
1. I have used Kerberos with Spnego. Can you please explain Spnego’s packet structure?
2. How similar is OAUTH to Kerberos?
3. Why doesn’t Kerberos allow Service principle names based on IP address? They seem to allow DNS names only.

1. Summary
Kerberos is the authentication system that has stood the test of time seeing continued use over four decades. By using a trusted third party, Kerberos is able to establish authenticity between a client and a server without sending compromising data over the network. This enables secure communication and cooperation among machines that are not necessarily always under the control of one system admin.

2. Problem
Kerberos aims to answer how can we establish communication channels between clients and servers efficiently without having to accept a client’s or server’s word for who they say they are?

3. Contribution
Kerberos introduces an authentication server and a ticket generating server to act as intermediaries for establishing communication. First, you authenticate with the Auth Server, which sends back two messages: a ticket generating server ticket and a message containing the TGS session key encrypted with your password + salt hash. Next, a message encrypted with the TGS session key is used to generate an authenticator . This is sent along with your request to the ticket generating server. The server then uses its secret key to decrypt the ticket and then uses the session key stored in it to decrypt your authenticator. This passes you back a ticket encrypted with the http secret key containing the session key.

Ultimately, this two message passing scheme works because you never have to send unencrypted or identifiable data over the network and uses a third party source as the ground truth. However, this requires some authority to set up the Kerberos server for use.

The implementation also has a few other preventive mechanisms past the encryption. It maintains a replay cache that keeps track of past authenticators to prevent replay attacks. It also allows for master/slave replication for load balancing. Finally, it can communicate cross realms should it be configured.

4. Evaluation
There isn’t much of an evaluation minus some anecdotal experience. I’d say some of the configuration settings are primitive and can easily be improved. An example is they do replication propagation every hour. I can’t imagine that such a system causes enough traffic that log replication induces such a high overhead. The rather long ticket lifetimes ensure traffic is one time traffic for long durations of time. Replicas should be able to absorb this load.

The appendix case study with NFS points out the obvious implications of encryption and authentication. It demonstrates a cache implementation that serves as an example of compromises for usable performance.

5. Discussion
Is there follow up work for the proxy problem?

1. Summary
This paper presented an overview of the authentication service, Kerberos, for use in open network computing environments. The need for Kerberos arose from the fact that the Athena environment in use must be able to handle requests from hosts that are not under organizational control and therefore must prove their identity.

2. Problem
In an open environment an authentication service must be able to authorize untrusted users to use the services provided. The paper also required for the authentication mechanism to be difficult to break, reliable, transparent to the user, and scalable. Another problem to be prevented by an authentication service is if an attacker watching the network wished impersonate a trusted user.

3. Contributions
Kerberos has a database of clients and their associated keys which allows Kerberos to check for the name of a client and verify its key. Kerberos provides three levels of protection from the base level of just establishing authenticity to fully encrypting messages. The administration server is used to modify the Kerberos database and therefore must reside on the same machine as the database. The authentication server is more relaxed in its placement as it just needs to read the database in order to authenticate principals and generate session keys. The name in Kerberos is split into three parts the primary name, instance, and realm. The primary name and instance are used to identify the user or service and its variation. The realm is used for authentication across multiple administrative domains. In order to be authenticated a client must obtain credentials to request access to a service, get specific authentication for a service, and the server must verify the ticket and authenticator of the user. The ticket is used by the server to make sure it can trust the client and the authenticator is used to verify that the client is who they say they are. To handle replays the request to the server also contains a timestamp and the request is turned down if the time is not within a reasonable margin

4. Evaluation
Although this paper did not include and evaluation section Kerberos had been running already with over 5,000 users and 650 workstations. The paper also includes an appendix that describes the modifications to the SUN NFS so that Kerberos can be integrated in.

5. Confusion
I found it odd that the Kerberos slaves were only updated every hour since they could be the main authentication mechanism for many users. Does this mean if a user changes their password and logs out they will not be able to log back in for up to one hour?

1. Summary
This paper presents Kerberos, a third party authentication service for open network services, used to verify user’s identities.
2. Problem
In open network environment where users have complete control over workstations, the users must provide their identity for each desired service, and the servers also need to provide their identity. Besides, the identification mechanism needs to be secure, reliable, transparent and scalable.
3. Contributions
Kerberos implementation consists of several components: encryption based on DES, a database maintaining name, private key and expiration date for each principal, administration servers providing read-write network interface to the database, authentication server performing read only operations on database and database propagation software managing replication of Kerberos database. The paper also describes the protocol for identity authentication, based on two credentials ticket and authenticators. A user gets the initial ticket through the ticket granting service through authentication server, and the random session key shared between ticket granting server and the client is used for their safe communication. If a client wants to get a service, it first talks to the ticket granting server, the ticket granting server checks the client authenticator against ticket, and generates a new session key for communication between client and server. Read-only accesses to Kerberos database can run on any server while write access can only run on master authentication server. The master copy of database is propagated to slaves periodically.
Authors also present their modifications on NFS to use Kerberos.
4. Evaluation
Authors only state that Kerberos is used in production environment for one year with 5000 users. No concrete evaluation data is presented.

5. Confusion
1. What does ‘proxy’ in Section 8 refer to? I don’t understand why it could be problem
2. The master copy of Kerberos database is propagated to slaves periodically (on large intervals). Are operations safe on stale data with out-of-date private keys?

Kerberos:

Summary:

Third party software that works as the middle man that both clients and servers trust. So if kerberos tells server client is good, then server trusts whatever the client sends. It might need kerberos to verify each message or just once depending on what's needed.

Contribution:

Database consisting of private keys for each one of it's clients. As with private key encryption only client has access to key. Uses DES for encryption. [DES has been broken though this paper was a long time ago].

AUTHENTICATION:
--> In the first phase, the user obtains credentials to be used to request access to other services. Credentials consist of ticket and authenticators:

1) User enters username
2) Send request to authentication server with user name and name of ticket granting service
3) Auth server makes sure it knows the client, if yea generate random session key, create ticket for ticket granting server with client name, name of ticket granting server, curr time, lifetime of ticket and clients IP and random session key. Encrypt all of this with secret key known to Auth server and ticket granting server.
4) Send ticket, with random session key to client but encrypt with clients secret key.
5) Client sees this business and is asked for password. Password converted to DES key and is used decrypt the ticket auth server just sent. After decryption erase DES key and password.

At this point user has a ticket it which has been verified by auth server so for the tickets lifelong it is safe to chat with him.

--> In the second phase, the user requests authentication for a specific service.
--> In the final phase, the user presents those credentials to the end server.

1) Build authenticator with client name, IP and time. Encrypt with random session key it received with ticket. Send authenticator along with ticket to server.
2) Server can decrypt authenticator as the auth server had sent this guy the rand session key and ticket also, so it has private key. Now match it with info in the ticket to make sure if he's still that guy or not. If he is we good baus!
3) If client also needs server to show who he is, add 1 to timestamp, encrypt with session key which everyone has, client can decrypt and figure stuff out.

Note the above stuff was for a single server, but client has all the info to talk to ticket granting server who can verify if the client is who he says he is and then give him/her tickets for other servers, who can verify the process again.

Questions:

* DES has been broken but apart from that, what side channel attacks is this susceptible to? It was so long ago, i'm sure this is full of vulnerabilities. It's all private key, some sort of man in the middle attack would compromise the whole thing?

1. summary
This paper covers an overview of the operation of the Kerberos authentication system.
2. Problem
Authentication protocols can be fairly simple to implement in an environment where are machines are under strict control. This is not always practical since many environments allow users full control of their own machines. In such an environment, it is required that both clients and servers much prove their identities to one another as either could be spoofed over the network.
3. Contributions
The Kerberos system was designed such that a third-party server can validate the identities of all clients and servers that wish to interact within its domain. At initial login, a user is verified by using their password to send a unique request to the Kerberos server which, assuming a match, responds with a ticket that the client can then use to identify itself to other service servers. When a service is needed the initial ticket granting ticket can be used to request another ticket specific to the requested service. Once the specific service ticket is acquired, the service server itself can then be contacted with certainty of identity.

User information is all maintained within a singular database which can handle administrative operations such as password changes and adding users. Read only copies of the database are possible to allow continued authentication but failure of the master db server can prevent administrative changes.
4. Evaluation
This paper presents little actually evaluation and focuses on function. The only criteria of its effectiveness presented, is that it has been in large scale use at MIT without any major problems arising.
5. Confusion
I’m a bit confused about what the clock agreement requirement is protecting against. Being only as fine grained as within several minutes of each other doesn’t seem like it’s precise enough to protect from any form of attack that would utilize time.

1. summary
This paper build a trusted third-party authentication service named Kerberos. It is used in an open network environment like Athena and Sun NFS.

2. Problem
This paper tries to solve the authentication problem in an open network environment. In an open network, it is impossible to strictly control all the machines, so both the user and server need to prove their identity. The identification mechanism should satisfy four requirements: security, reliability, transparency and scalability.

3. Contributions
This paper build a trusted third-party authentication service named Kerberos. Its contribution includes serveral smart designs. The first is to using a third-party service, which encrypted all the communication between the client and server so that the risk of masked malware is eliminated. The concentration of sensitive information on the Kerberos Database management service simplifies the process much. The server tickets and ticket-granting service is also a good design as they provide a uniform authentication operations for all kinds of clients and servers.

4. Evaluation
None. The authors do not tell what they did for evaluation of the system.

5. Confusion
what is an open network environment? Why the identification of workstations fails?
"A ticket is used to securely pass the iden- tity of the person to whom the ticket was issued between the authentication server and the end server. A ticket also passes information that can be used to make sure that the person using the ticket is the same person to which it was issued."
Who sends the ticket? Who receives the ticket?
The How it works section is too abstract. I even do not know what a ticket and authenticator look like? How are they generated? Any example going through the whole process?

1) Summary

The need for a cryptographically secure authentication system was becoming clear as networks were becoming more prevalent. The authors propose an authentication protocol that allows both clients and servers to prove their identities to each other, while maintaining transparency to the user.

2) Problem

Previous systems like .rhosts were relatively weak and provide no cryptographic guarantees. It is very easy to spoof IP addresses.

The goal of Kerberos is allow clients and servers to prove their identifies to each other using a minimum trusted entity. The system should defend again man-in-the-middle attacks, replay attacks, and impersonation, along with some attacks on clients.

It should also be relatively transparent, so the user is not constantly typing their password.

3) Contributions

The main contribution of this paper is the Kerberos protocol. Actually, it was proposed earlier by other authors, but the version presented in this paper is what was actually used until Kerberos 5. In designing their system, the authors also show some design considerations of secure networked systems, such considering different attack vectors.

The authors also make a number of engineering and practical considerations. For example, they describe the various components required for maintaining Kerberos, including replication and account management.

4) Evaluation

The protocol is rather elegant, especially considering that it only uses private-key encryption. Perhaps the greatest evaluation of its usefulness is the fact that it is still in use in many places, including Windows Server and many universities.

However, the paper leaves a lot to be desired. The diagrams are not particularly insightful. It would be nice to have a full diagram of the 6 or so messages that are sent between different entities. Also, the organization of the paper is a bit strange, since the authors describe using a Client-Server ticket before obtaining it.

Moreover, the authors hardly explain how certain attack vectors are blocked, apart from the authenticators.

Finally, the authors claim that the design is scalable, but they do not give a strong argument for why. They also don't offer any experimental evidence, though they claim that they are running Kerberos in a production environment.

5) Confusion:

Why does the client need an authenticator to communicate with the TGS? Being able to send a valid ticket-granting-ticket to the TGS implies that the client knows K_C, right?

1. Summary
This paper introduces Kerberos, which is an authentication service for open network computing environment. The key characteristic is Kerberos acting as the third-party between client and server, and the authentication can be achieved both for client and server.

2. Problem
The problem is that in an untrusted network environment, machines need a way to authenticate each other (security). In addition, the service of authentication should be up (reliability). Users should not be aware of underlying authentication between machines, and users should only be required to present the password (transparency). Finally, the service should be available to respond to a large group of users (scalability).

3. Contributions
The key contribution of Kerberos is to design a general third-party authentication. Clients can request authentication of multiple servers dynamically. The result of Kerberos authentication is that client and server share a key between each other (session key), and the communication information such as client/server address, timestamp etc (ticket). To start the authentication, client contacts Kerberos to finish authentication of client. The result of kerberos's authentication of client is that kerberos and client shares a session key and ticket (The authentication is achieved by Kerberos using client's public key to encrypt, and client using its private key to decrypt). Next, if the client wants to authenticate a server, client contacts Kerberos for another pair of session key and ticket to share between client and server. Use a pair of session key and ticket can achieve authentication in an easy way. Other feature includes replicated database (include client's information) of Kerberos. One database (master) can read/write, while others (slaves) are read-only. To keep slaves consistent with master, master contacts slaves periodically for updated data.

4. Evaluation
The authors stated Kerberos went into production in 1986, and it has been used in part of Project Athena for more than 5000 users in 1 year. In addition, Kerberos was also integrated successfully into SUN's network file system.

5. Confusion
To maintain replicated database, the paper didn't talk about failure. How does Kerberos handle failure of itself when user updates password, and when master sends update to multiple slaves (some slaves update successfully, while some crash during update)?

1. Summary
The paper describes Kerberos, a third party authentication service system which can be used to verify the identities of both clients and servers in an open network. The system consists of an authentication server which maintains the private keys of all clients and servers, and thus used to establish their identities. It also contains an administrative server to manage the keys and the addition / deletion of users, and schemes to securely replicate the database across multiple slaves.

2. Problem
The requirement of providing services in an open network environment where there could be non-organizational hosts requesting services, leads to new challenges related to security. Existing methods of providing access control based on the source IP address do not work because the IP addresses can be easily spoofed. Another issue is the possibility of a rogue machine masquerading as a server in the local network. Thus there was a need for an access control system for open networks which would provide authentication as a service, and would require users to prove their identity for each required service.

3. Contributions
1. Third party-based authentication and three-phase authentication: Servers do not have to rely on trusting the clients’ identities which need to be proven through a third party system called the authentication server. There exists a three-phase authentication process between a client, authentication server, ticket granting server, and finally the main server.
2. Three levels of protection: Kerberos provided flexibility in terms of different protection schemes having different tradeoffs with performance — authentication at the initiation of a network connection, authenticated messages with unencrypted content, and authenticated messages with encrypted content.
3. Secure protocol against sniffers and packet replays: Kerberos provided encryption with private keys and encrypted the main database with a master key to handle sniffers. It also provided session tickets with timestamps to avoid attacks based on packet replays.
4. Secure administration system - An administration server which is a component of the same database backend allows easy change of user passwords, and addition of new client / server identities.
5. Transparent behavior to end-user - The communication between the client, authentication servers, ticket-granting servers and servers is transparent to the end-user.
6. Scalability through master-slave design - Kerberos allows for scalability by supporting multiple slave authentication servers which can operate on a read-only copy of the database. The master copy of the database is synced every hour with the slave copies.

4. Evaluation
The authors report on their experiences deploying Kerberos in production. Kerberos has been used in production for more than 1.5 years and it manages authentication for the 5,000 users, 650 workstations, and 65 servers in Athena’s environment. The authors also provide a qualitative description of the changes needed in NFS to integrate it with Kerberos in their environment. However, no evaluation is provided to give an idea of the performance overheads of the various protection models.

5. Confusion
1. Can you talk about how authentication systems are used and deployed in modern day systems? Apart from the overly simplistic database consistency problem, I find it hard to think of any reason why an implementation of Kerberos couldn’t work for modern systems.

Summary
The paper presents Kerberos which provides third party authentication service to verify users’ identities in open network systems. Kerberos provide secure authentication without exchange of passwords and without using public key encryption.

Problem:
Open network systems need to be able to honor requests from hosts that are not under organizational control. In such environment, mere physically securing the host running a network server is not sufficient to ensure security since someone elsewhere on the network can easily masquerade as the given server. Kerberos is designed to provide security for these systems.

Contributions:
The paper explains the software components of Kerberos system and how it works. Two main components of a Kerberos system are Kerberos server and ticket-granting-server(TGS). Once users are authenticated by Kerberos, they receive a TGS ticket. Users can use TGS ticket to request tickets for all the other servers. Kerberos keeps a database of its clients and their private keys. Read-only copies of database is kept on multiple machines so that serving of authentication requests does not become a bottleneck. However there exists only one master database copy that can be modified and all the replicated copies are kept consistent with it. Kerberos provides three levels of protection: establishing authenticity at the initiation of a network connection, authentication of each message or authenticating and encrypting each message. The application programmer can determine which is appropriate according to the requirements of the application. Message replays are handled by using timestamps in Ticket.

Evaluation:
The authors do not present anything on the evaluation part. They say that Kerberos is being used in Athena and a few other applications for user authentication. But it does not tell us how secure the system is with Kerberos. The paper mentions that there could be performance overhead due to authentication. It would be interesting to see some performance evaluation of a Kerberos system.

Confusion:
I did not fully understand the modification they did in NFS to add Kerberos authentication

1. Summary
In an open network where mutually untrusted machines need to communicate, a service to securely verify identities is useful. Kerberos is a trusted third-party authentication service for just this purpose.

2. Problem
An open network is one where principals are communicating with remote machines whom they do not trust. Without some kind of authentication, a malicious machine could easily spoof a user identity to gain access to a secure service. Some sort of authentication service is needed. This service should be user-transparent, reliable, and secure. In particular, an entity listening on the network should not be able to glean enough information to impersonate a user by observing traffic.

3. Contributions
The authors provide a working implementation of the Kerberos system. At the time of this paper, the system had been used in production for 2 years. This system includes client-side software for logging in and subsequent authentication, encryption software, an authentication server for ticket generation, and a DB for managing principle keys. The authentication server manages the creation and distribution of secret keys between clients and serves to facilitate trusted communication.
They also describe how they used their system to improve security for NFS with only minimal changes.
The authors also point out several outstanding issues with their system. Specifically, they note policy around ticket lifetimes, proxy authentication, and verification of local software as their biggest outstanding issues. They also mention that their Kerberized NFS is only quasi-secure, as the IP, UID pair can still easily be spoofed while a user is accessing their files.

4. Evaluation
The authors provide no evaluation outside of the fact that their system is in production use.

5. Confusion
I don’t fully understand the authentication-forwarding issue for proxies. What is the goal of this? When would you want to partially forward your ticket to untrusted software?