[4894] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Proposal for a SmartCard-Kerberos Implementation

daemon@ATHENA.MIT.EDU (Kenneth D. Renard )
Thu Mar 30 20:31:24 1995

To: kerberos@MIT.EDU
Date: Thu, 30 Mar 1995 14:48:41 GMT
From: kdrenard@arl.mil (Kenneth D. Renard )

Unfortunately, this opens the vulnerability of the Sandia algorithm that I
was trying to avoid.  A sniffer could capture the SecurID code via the
unencrypted telnet and sniff the AS_REP and decrypt the TGT.
 
Thanks for the reply!
 
-Ken Renard

In article <3l9hql$90p@news.iastate.edu> john@iastate.edu (John Hascall) writes:
>Kenneth D. Renard  <kdrenard@arl.mil> wrote:
>}Below is a proposal for a SmartCard-Kerberos implementation. ...
>}	1. Send SecurID code to kinit process.
>}	2. Kinit sends request to KDC with plaintext SecurID code.
>}	3. KDC verifies SecurID code and generates TGT encrypted in host-key.
>}	3.5. TGT traverses network from KDC to kinit encrypted in host-key.
>}	4. Kinit decrypts TGT with host-key found in v5srvtab.
>
>}Weaknesses:
>}1. Compromise of root on a host will compromise host-key and all further 
>}	snooped KDC responses for that host will be decryptable.  See
>}	strength #1
>}2. Each client machine now needs a v5srvtab.
>}
>}Comments:
>}1. Due to the lack of a shared secret between kinit process and KDC, host-key
>}	must be used to encrypt reply.
>}2. Maximum cost of host-key compromise:  All TGT's for that host until host
>}        changes host-key  (How easy is it to detect host compromise?)
>}3. Need quick, easy, secure method to permutate host-keys.  Don't want to
>}	use current host-key encrypt new key.  Any suggestions??
>}4. Coding of this implementation is in alpha-testing locally.  Full
>}	coding and testing of this method is currently being worked on.
>
>     Rather than having a srvtab on the host, why not have the host
>     also run the "secure-ID" algorithm (with its own secret seed)?
>
>     1) user enters secure-ID code (for example, via unencrypted telnet)
>     2) host kinit process received user secure-ID code forwards to KDC
>     3) KDC verifies user secure-ID code, constructs TGT encrypted in
>        hosts secure-ID code, sends to host
>     4) host generates secure-ID code, uses to decrypt TGT
>
>
>John
>-- 
>John Hascall                   ``An ill-chosen word is the fool's messenger.''
>
>Systems Software Engineer, ISU Comp Center  +  Ames, IA  50011  +  515/294-9551

-- 
-------------------------------------------------------------------------------
Ken Renard
U.S. Army Research Lab


home help back first fref pref prev next nref lref last post