Week 13 (rev. 2) |
Professor M. J. Fischer | April 19 & 21, 2005 |
Notation: A client B server T trusted Kerberos server KAT private key shared by A and T KBT private key shared by B and T k session key chosen by T NA nonce (random string) chosen by A TA timestamp on A's local clock L lifetime (expiration time) A*subkey secret chosen by A B*subkey secret chosen by A
1. Alice sends (A, B, NA) to Trent (the trusted server). 2. Trent sends two items back to Alice:
• EKAT(k, A, L, NA) • ticketB = EKBT(k, A, L) 3. Alice decrypts the first item and checks for validity. Alice sends two items to Bob:
• ticketB = EKBT(k, A, L) • authenticator = Ek(A, TA, A*subkey) 4. Bob decrypts the ticket using KBT and checks for validity. Bob decrypts the authenticator using k, checks validity, and learns A*subkey. Bob sends Ek(TA, B*subkey) to Alice. 5. Alice decrypts Bob's message using k. Alice checks Bob's message for validity and learns B*subkey.
"It might interest you that Kerberos v5 no longer depends on a separate time-synch service. In '95, I proposed (with Geer & Ts'o) a way to allow Kerberos to work without strictly-synch'ed clocks, yet without the overhead of replacing all timestamps with challenge-response handshakes, and in fact without requiring any changes to the v5 protocol spec:http://world.std.com/~dtd/#synchOur proposal was adopted and implemented in the MIT implementation of Kerberos, and I believe this relaxation of Kerberos's time-synch requirement has contributed substantially to Kerberos's more widespread adoption. Our paper had two basic ideas:
- Instead of synchronizing clocks, each Kerberos participant should keep track of the clock-skew between its own clock and the kdc's clock, so as to infer the kdc's time-of-day when preparing & interpreting timestamps;
- Each kerberos user sends a single random challenge in its initial ticket request at login, so as to verify the freshness of the kdc's first ticket's timestamp. the user's kinit client then initializes its record of the clock-skew, by recording the difference between his local login-time and his first ticket's timestamp."
* The Six Commandments
Democracy is ingrained in the American character and is reflected in
its political process from presidential elections down to the most
minor of township races. Our passion for fairness and equality has
given rise to a set of fundamental requirements for electronic voting
systems that are substantially the same from state to state, listed in
decreasing order of importance:
|
• election ID |
• random voter ID |
• vote |
• signature of election authority |