Kerberos Security with Clocks Adrift

We show that the Kerberos Authentication System can relax its requirement for synchronized clocks, with only a minor change which is consistent with the current protocol. Synchronization has been an important limitation of Kerberos; it imposes political costs and technical ones. Further, Kerberos' reliance on synchronization obstructs the secure initialization of clocks at bootstrap. Perhaps most important, this synchronization requirement limits Kerberos' utility in contexts where connectivity is often intermittent. Such environments are becoming more important as mobile computing becomes more common. Mobile hosts are particularly refractory to security measures, but our proposal gracefully extends Kerberos even to mobile users, making it easier to secure the rest of a network that includes mobile hosts. An advantage of our proposal is that we would not change the Kerberos protocol per se; a special type of preauthentication exchange can convey just enough replay protection to authenticate the initial ticket and its times-tamp to an unsynchronized client, without adding process-state to the system's servers.

[1]  Jerome H. Saltzer,et al.  Section E.2.1 Kerberos Authentication and Authorization System , 1988 .

[2]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[3]  Ross Ihaka,et al.  Cryptographic Randomness from Air Turbulence in Disk Drives , 1994, CRYPTO.

[4]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[5]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.

[6]  Gene Tsudik,et al.  KryptoKnight Authentication and Key Distribution System , 1992, ESORICS.

[7]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation , 1992 .

[8]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[9]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[10]  David L. Mills,et al.  Internet time synchronization: the network time protocol , 1991, IEEE Trans. Commun..

[11]  Ralph R. Swick,et al.  Workstation Services and Kerberos Authentication at Project Athena , 1989 .

[12]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[13]  T. A. Parker,et al.  A secure European system for applications in a multi-vendor environment (the SESAME project) , 1993 .

[14]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[15]  David L. Mills Network Time Protocol (version 2) specification and implementation , 1989, RFC.