Misplaced trust: Kerberos 4 Session Keys

Get BibTex-formatted data

Download

PDF

Author

Bryn Dole, Steve Lodin, and E. H. Spafford

Tech report number

COAST TR 97-01

Entry type

inproceedings

Abstract

One of the commonly accepted principles of software design for security is that making the source code openly available leads to better security. The presumption is that the open publications of source code will lead others to review the code for errors, however, this openness is no guarantee of correctness. One of the most widely published and used pieces of security software in recent memory is the MIT implementation of the Kerberos authentication protocol. In the design of the protocol, random session keys are the basis for establishing the authenticity of sevice requests. Because of the way that the Kerberos Version 4 implementation selected its random keys, the secret keys could easily by guessed in a matter of seconds. This paper discusses the difficulty of generating good random numbers, the mistakes that were made in implementing Kerberos Version 4, and the breakdown of software engineering that allowed this flaw to remain unfixed for ten years. We discuss this as a particularly notable example of the need to examine security-critical code carefully, even when it is made publicly available.

Download

PDF

Date

1997

URL

https://www.cerias.purdue.edu/ ... s_all.jsp?arnumber=579221

Annote

from the proceedings of the 1997 ISOC Conference on Network Security rom the proceedings of the 1997 ISOC Conference on Network Security

Key alpha

dole

Number

COAST TR 97-01

Publication Date

2001-01-01

Location

A hard-copy of this is in the CERIAS Library

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ dole,
	title = "Misplaced trust: Kerberos 4 Session Keys",
	author = "Bryn Dole, Steve Lodin, and E. H. Spafford",
	year = "1997",
	annote = "from the proceedings of the 1997 ISOC Conference on Network Security   rom the proceedings of the 1997 ISOC Conference on Network Security         ",
	number = "COAST TR 97-01",
	abstract = " One of the commonly accepted principles of software design for security is that making the source code openly available leads to better security. The presumption is that the open publications of source code will lead others to review the code for errors, however, this openness is no guarantee of correctness. One of the most widely published and used pieces of security software in recent memory is the MIT implementation of the Kerberos authentication protocol. In the design of the protocol, random session keys are the basis for establishing the authenticity of sevice requests. Because of the way that the Kerberos Version 4 implementation selected its random keys, the secret keys could easily by guessed in a matter of seconds. This paper discusses the difficulty of generating good random numbers, the mistakes that were made in implementing Kerberos Version 4, and the breakdown of software engineering that allowed this flaw to remain unfixed for ten years. We discuss this as a particularly notable example of the need to examine security-critical code carefully, even when it is made publicly available. ",
	url = "https://www.cerias.purdue.edu/techreports-ssl/public/97-01.ps

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=579221",
}