The nightmare of Trusted Third Party (T3P) based protocol users is
compromise of the T3P. Because the compromised T3P can read and
modify any user information, the entire user group becomes vulnerable
to secret revelation and user impersonation. Kerberos, one of the
most widely used network authentication protocols, is no exception.
When the Kerberos Key Distribution Center (KDC) is compromised, all
the user keys are exposed, thus revealing all the encrypted data and
allowing an adversary to impersonate any user. If an adversary has
physical access to the KDC host, or can obtain administrator rights,
KDC compromise is possible, and catastrophic. To solve this problem,
and to demonstrate the capabilities of secure hardware, we have
integrated the IBM 4758 secure coprocessor into Kerberos V5 KDC. As a
result of the integration, our implemented KDC preserves security even
if the KDC host has been compromised.
By: Naomaru Itoi
Published in: RC21797 in 2000
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .