[1256] in Kerberos
Smart Cards and kerberos
daemon@ATHENA.MIT.EDU (Chris Riddick)
Thu Feb 21 18:43:46 1991
From: nss1!cjr@uunet.UU.NET (Chris Riddick)
To: uunet!ctt.bellcore.com!lunt@uunet.UU.NET
Cc: kerberos@ajf.cjr.uunet!athena.mit.edu
Date: Thu, 21 Feb 91 17:13:02 EST
The question was raised about how we are using smart cards with kerberos at
this time. What we are doing is an interim solution until we work out the
details of doing CBC DES encryption on the smart card as well as getting
enough memory on the card to work in.
However, we store the user's secret key in a protected file on the card.
The file is protected by the card security as well as being encrypted using
a PIN assigned to the card holder. So, when the user logs in to get his
TGT, the software on his workstation generates the request and fires it off
to kerberos. The kerberos server responds with the packet that requires
the user's secret key to unwrap it. Standard kerberos takes a password from
the user and converts to a DES key which is used to decrypt the packet.
Instead of doing that, we prompt the user for his PIN, pass the PIN to the card
which verifes the PIN and extracts the secret key. The key is passed to the
workstation to be used temporarily to extract the session key. After which,
the secret key is erased from memory.
Granted, this is not the optimum, but until we have a card that performs
DES CBC with sufficient memory and performance, we can only use the card
to add a level of protection for the user's secret key. With this system,
in order to compromise the user's account, someone would need both the card
and the PIN. In the standard system for kerberos, all that is needed is the
user's password which can be used to generate his secret key.
Steve Lunt suggested a much better method assuming that we can get a card
that will perform well doing CBC DES and having room to hold the whole
V5 ticket while unwrapping it. With such a system, we could have a true
challenge-response between kerberos and the card and never expose the user's
secret key to the workstation. That is ultimately where we hwve been heading,
but the technology available to us is not quite there.
