Secure coprocessor integration with Kerberos V5
作者: Naomaru Itoi
DOI:
关键词:
摘要: The nightmare of Trusted Third Party (T3P) based protocol users is compromise the T3P. Because compromised T3P can read and modify any user information, entire group becomes vulnerable to secret revelation impersonation. Kerberos, one most widely used network authentication protocols, no exception. When Kerberos Key Distribution Center (KDC) compromised, all keys are exposed, thus revealing encrypted data allowing an adversary impersonate user. If has physical access KDC host, or obtain administrator rights, possible, catastrophic. To solve this problem, demonstrate capabilities secure hardware, we have integrated IBM 4758 coprocessor into V5 KDC. As a result integration, our implemented preserves security even if host been compromised.
参考文章(22)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
Kevin Fenzi, Dave Wreski, Linux Security Howto ,(2000)
John F. Farrell, S. Jeff Turner, Peter A. Loscocco, Ruth C. Taylor, Stephen D. Smalley, Patrick A. Muckelbauer, The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments ,(2000)
Bennet S. Yee, Using Secure Coprocessors ,(1994)
Maurice P. Herlihy, J. D. Tygar, How to Make Replicated Data Secure international cryptology conference. pp. 379- 391 ,(1987) , 10.1007/3-540-48184-2_33
Mark D. Ladue, WHEN JAVA WAS ONE: THREATS FROM HOSTILE BYTE CODE ,(1997)
A White, Henry McGilton, James Gosling, The JavaTM Language Environment ,(1998)
Alma Whitten, J. D. Tygar, WWW electronic commerce and java trojan horses WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2. pp. 15- 15 ,(1996)
Naomaru Itoi, Peter Honeyman, Smartcard integration with Kerberos V5 WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology. pp. 7- 7 ,(1999)
C. Neuman, J. Kohl, The Kerberos Network Authentication Service (V5) RFC. ,vol. 1510, pp. 1- 112 ,(1993)