[6514] in Kerberos
Re: Performance and secureness of Kerberos
daemon@ATHENA.MIT.EDU (Donald T. Davis)
Mon Jan 22 11:37:58 1996
To: Liberato Yamog <jun@linux1.dlsu.edu.ph>
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "Mon, 22 Jan 1996 14:49:50 +0800."
<Pine.LNX.3.91.960122144054.772A-100000@ccslinux.dlsu.edu.ph>
Date: Mon, 22 Jan 1996 11:20:58 -0500
From: "Donald T. Davis" <don@cam.ov.com>
> I haven't found enough to prove the performance and especially the
> secureness of Kerberos. Can you please help in obtaining the some
> numbers or statistics regarding the performance of Kerberos (e.g.
> overhead, average responce time, etc.) ? I would also like to know
> if Kerberos is really secure and what is the proof behind it?
dear mr. yamog,
for a formal-logic treatment of kerberos' security, see
M. Burrows, M. Abadi, R. Needham, "a Logic of
Authentication, "Proc. R. Soc. Lond. A 426(1989)
pp. 233-271.
this paper has also appeared as a a technical report of
the digital equipment corp's systems research center in
palo alto, calif, but i expect you'll find the royal
society's proceedings easier to get at your university.
this paper was one of the first to develop a logical
calculus specifically for analyzing security protocols.
the senior author, roger needham, was also the author
(with m. schroeder, in 1978) of the first network security
protocol, upon which kerberos was based. the '89 paper
analyzed 9 protocols from the literature, including krb
and x.509, as demonstrations of the logic's use and value.
since the b.a.n. paper many other logics, with assorted
properties, have been devised, but i know of no other
paper that has treated kerberos as thoroughly. however,
please understand that these modal logics are limited
in what they can prove. for example, the logics generally
do not take into account the properties of cryptosystems
(like des or rsa), so this logical treatment cannot preclude
attacks that exploit subtle weaknesses in the underlying
encryption algorithms. nevertheless, i and others have
found these modal logics to be very valuable tools for
the validation of security protocols.
for discussions of kerberos' performance, there are
many relevant papers, mostly written by project athena's
staff. some of these are available with the mit source-
distribution of the project athena software. most of the
papers appeared at usenix conferences and meetings of the
european unix users' group (euug), in the late '80's.
here's a quick summary of krb's performance: mit still
runs its 2 kerberos servers on 1 MIP machines, though much
faster CPUs are available, because 1 MIP is sufficient
to handle 10,000 accounts, 1200 hosts, and 5,000 logins
per day. kerberos' contribution to response-time is on
the order of 1 to 5 seconds (at most). for a recent
description of kerberos and mit's use of it, see jeff
schiller's article in scientific american (it appeared
sometime in '94 or '95).
whatever kerberos' defects may be, performance is not
among them. i hope these pointers and my comments help
you in your research.
-don davis, boston (usa)
