[4894] in Kerberos
Re: Proposal for a SmartCard-Kerberos Implementation
daemon@ATHENA.MIT.EDU (Kenneth D. Renard )
Thu Mar 30 20:31:24 1995
To: kerberos@MIT.EDU
Date: Thu, 30 Mar 1995 14:48:41 GMT
From: kdrenard@arl.mil (Kenneth D. Renard )
Unfortunately, this opens the vulnerability of the Sandia algorithm that I
was trying to avoid. A sniffer could capture the SecurID code via the
unencrypted telnet and sniff the AS_REP and decrypt the TGT.
Thanks for the reply!
-Ken Renard
In article <3l9hql$90p@news.iastate.edu> john@iastate.edu (John Hascall) writes:
>Kenneth D. Renard <kdrenard@arl.mil> wrote:
>}Below is a proposal for a SmartCard-Kerberos implementation. ...
>} 1. Send SecurID code to kinit process.
>} 2. Kinit sends request to KDC with plaintext SecurID code.
>} 3. KDC verifies SecurID code and generates TGT encrypted in host-key.
>} 3.5. TGT traverses network from KDC to kinit encrypted in host-key.
>} 4. Kinit decrypts TGT with host-key found in v5srvtab.
>
>}Weaknesses:
>}1. Compromise of root on a host will compromise host-key and all further
>} snooped KDC responses for that host will be decryptable. See
>} strength #1
>}2. Each client machine now needs a v5srvtab.
>}
>}Comments:
>}1. Due to the lack of a shared secret between kinit process and KDC, host-key
>} must be used to encrypt reply.
>}2. Maximum cost of host-key compromise: All TGT's for that host until host
>} changes host-key (How easy is it to detect host compromise?)
>}3. Need quick, easy, secure method to permutate host-keys. Don't want to
>} use current host-key encrypt new key. Any suggestions??
>}4. Coding of this implementation is in alpha-testing locally. Full
>} coding and testing of this method is currently being worked on.
>
> Rather than having a srvtab on the host, why not have the host
> also run the "secure-ID" algorithm (with its own secret seed)?
>
> 1) user enters secure-ID code (for example, via unencrypted telnet)
> 2) host kinit process received user secure-ID code forwards to KDC
> 3) KDC verifies user secure-ID code, constructs TGT encrypted in
> hosts secure-ID code, sends to host
> 4) host generates secure-ID code, uses to decrypt TGT
>
>
>John
>--
>John Hascall ``An ill-chosen word is the fool's messenger.''
>
>Systems Software Engineer, ISU Comp Center + Ames, IA 50011 + 515/294-9551
--
-------------------------------------------------------------------------------
Ken Renard
U.S. Army Research Lab