[4880] in Kerberos
Re: Proposal for a SmartCard-Kerberos Implementation
daemon@ATHENA.MIT.EDU (John Hascall)
Tue Mar 28 15:26:04 1995
To: kerberos@MIT.EDU
Date: 28 Mar 1995 17:42:45 GMT
From: john@iastate.edu (John Hascall)
Kenneth D. Renard <kdrenard@arl.mil> wrote:
}Below is a proposal for a SmartCard-Kerberos implementation. ...
} 1. Send SecurID code to kinit process.
} 2. Kinit sends request to KDC with plaintext SecurID code.
} 3. KDC verifies SecurID code and generates TGT encrypted in host-key.
} 3.5. TGT traverses network from KDC to kinit encrypted in host-key.
} 4. Kinit decrypts TGT with host-key found in v5srvtab.
}Weaknesses:
}1. Compromise of root on a host will compromise host-key and all further
} snooped KDC responses for that host will be decryptable. See
} strength #1
}2. Each client machine now needs a v5srvtab.
}
}Comments:
}1. Due to the lack of a shared secret between kinit process and KDC, host-key
} must be used to encrypt reply.
}2. Maximum cost of host-key compromise: All TGT's for that host until host
} changes host-key (How easy is it to detect host compromise?)
}3. Need quick, easy, secure method to permutate host-keys. Don't want to
} use current host-key encrypt new key. Any suggestions??
}4. Coding of this implementation is in alpha-testing locally. Full
} coding and testing of this method is currently being worked on.
Rather than having a srvtab on the host, why not have the host
also run the "secure-ID" algorithm (with its own secret seed)?
1) user enters secure-ID code (for example, via unencrypted telnet)
2) host kinit process received user secure-ID code forwards to KDC
3) KDC verifies user secure-ID code, constructs TGT encrypted in
hosts secure-ID code, sends to host
4) host generates secure-ID code, uses to decrypt TGT
John
--
John Hascall ``An ill-chosen word is the fool's messenger.''
Systems Software Engineer, ISU Comp Center + Ames, IA 50011 + 515/294-9551