1 an introduction to kerberos shumon huque isc networking & telecommunications university of...
TRANSCRIPT
![Page 1: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/1.jpg)
1
An Introduction to Kerberos
Shumon HuqueISC Networking & TelecommunicationsUniversity of Pennsylvania
March 19th 2003
![Page 2: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/2.jpg)
2
What this talk is about
A high-level view of how Kerberos works
How Kerberos differs from some other authentication systems SSH password auth, SSH public key auth, SSL
Target audience: LSPs, computing staff, others?
![Page 3: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/3.jpg)
3
What this talk is not about
Details of Penn’s Kerberos deployment plans How to get PennKeys, which Kerberos enabled
applications do I need to use
Writing Kerberized applications
In-depth protocol details and packet formats
Number Theory & Cryptography
![Page 4: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/4.jpg)
4
What is Kerberos?
Developed at M.I.T.
A secret key based service for providing authentication in open networks
Authentication mediated by a trusted 3rd party on the network: Key Distribution Center (KDC)
![Page 5: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/5.jpg)
5
Kerberos: etymology
The 3-headed dog that guards the entrance to Hades
Originally, the 3 heads represented the 3 A’s
But one A was work enough!
![Page 6: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/6.jpg)
6
![Page 7: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/7.jpg)
7
Fluffy, the 3 headed dog, from“Harry Potter and the Sorcerers Stone”
![Page 8: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/8.jpg)
8
Some Kerberos benefits
Standards based strong authentication system
Wide support in various operating systems
Make strong authentication readily available for use with campus computer systems
Prevents transmission of passwords over the network
Provides “single-sign-on” capability Only 1 password to remember Only need to enter it once per day (typically)
![Page 9: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/9.jpg)
9
So, what is Authentication?
The act of verifying someone’s identity
The process by which users prove their identity to a service
Doesn’t specify what a user is allowed or not allowed to do (Authorization)
![Page 10: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/10.jpg)
10
Password based Authentication
Transmit password in clear over the network to the server
Main Problem Eavesdropping/Interception
![Page 11: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/11.jpg)
11
Cryptographic Authentication
No password or secret is transferred over the network
Users prove their identity to a service by performing a cryptographic operation,usually on a quantity supplied by the server
Crypto operation based on user’s secret key
![Page 12: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/12.jpg)
12
Encryption and Decryption
Encryption Process of scrambling data using a cipher and a
key in such a way, that it’s intelligible only to the recipient
Decryption Process of unscambling encrypted data using a
cipher and key (possibly the same key used to encrypt the data)
![Page 13: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/13.jpg)
13
Symmetric Key Cryptography
Aka, Secret Key cryptography
The same key is used for both encryption and decryption operations (symmetry)
Examples: DES, 3-DES, AES
![Page 14: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/14.jpg)
14
Asymmetric Key Cryptography
Aka Public key cryptographyA pair of related keys are used: Public and Private keys Private key can’t be calculated from Public key
Data encrypted with one can only be decrypted with the otherUsually, a user publishes his public key widely
Others use it to encrypt data intended for the user User decrypts using the private key (known only to him)
Examples: RSA
![Page 15: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/15.jpg)
15
Communicating Parties
Alice and Bob Alice: initiator of the communication
Think of her as the “client” or “user” Bob: correspondent or 2nd participant
Think of him as the “server” “Alice” wants to access service “Bob”
Baddies: Eve, Trudy, Mallory
![Page 16: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/16.jpg)
16
Simple shared-secret based cryptographic authentication
![Page 17: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/17.jpg)
17
Add mutual authentication
![Page 18: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/18.jpg)
18
Problems with this scheme
Poor scaling propertiesGeneralizing the model for m users and n services, requires a priori distribution of m x n shared keys
Possible improvement: Use trusted 3rd party, with which each user and
service shares a secret key: m + n keys Also has important security advantages
![Page 19: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/19.jpg)
19
Mediated Authentication
A trusted third party mediates the authentication processCalled the Key Distribution Center (KDC)Each user and service shares a secret key with the KDCKDC generates a session key, and securely distributes it to communicating partiesCommunicating parties prove to each other that they know the session key
![Page 20: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/20.jpg)
20
Mediated Authentication
Nomenclature: Ka = Master key for “alice”, shared by alice and the
KDC Kab = Session key shared by “alice” and “bob”
Tb = Ticket to use “bob” K{data} = “data” encrypted with key “K”
![Page 21: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/21.jpg)
21
![Page 22: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/22.jpg)
22
Mediated Authentication
![Page 23: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/23.jpg)
23
Mediated Authentication
![Page 24: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/24.jpg)
24
Kerberos uses timestamps
Timestamps as nonce’s are used in the mutual authentication phase of the protocol
This reduces the number of total messages in the protocol
But it means that Kerberos requires reasonably synchronized clocks amongst the users of the system
![Page 25: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/25.jpg)
25
Kerberos (almost)
![Page 26: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/26.jpg)
26
Kerberos (roughly)
![Page 27: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/27.jpg)
27
Needham-Schroeder Protocol
![Page 28: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/28.jpg)
28
Kerberos (detailed)
Each user and service registers a secret key with the KDCEveryone trusts the KDC “Put all your eggs in one basket, and then watch
that basket very carefully” - Anonymous Mark Twain
The user’s key is derived from a password, by applying a hash functionThe service key is a large random number, and stored on the server
![Page 29: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/29.jpg)
29
Kerberos “principal”
A client of the Kerberos authentication service
A user or a service
Format: name/instance@REALM
Examples: [email protected] ftp/[email protected]
![Page 30: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/30.jpg)
30
Kerberos without TGS
A simplified description of Kerberos without the concept of a TGS (Ticket Granting Service)
![Page 31: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/31.jpg)
31
![Page 32: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/32.jpg)
32
![Page 33: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/33.jpg)
33
![Page 34: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/34.jpg)
34
Combining 2 previous diags
…
![Page 35: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/35.jpg)
35
![Page 36: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/36.jpg)
36
Review: Kerberos Credentials
Ticket Allows user to use a service (actually authenticate to it) Used to securely pass the identity of the user to which the
ticket is issued between the KDC and the application server Kb{“alice”, Kab, lifetime}
Authenticator Proves that the user presenting the ticket is the user to which
the ticket was issued Proof that user knows the session key Prevents ticket theft from being useful Prevents replay attacks (timestamp encrypted with the session
key): Kab{timestamp}, in combination with a replay cache on the server
![Page 37: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/37.jpg)
37
Ticket Granting Service (TGS)
Motivation
![Page 38: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/38.jpg)
38
![Page 39: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/39.jpg)
39
![Page 40: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/40.jpg)
40
Kerberos with TGS
Ticket Granting Service (TGS): A Kerberos authenticated service, that allows user to obtain
tickets for other services Co-located at the KDC
Ticket Granting Ticket (TGT): Ticket used to access the TGS and obtain service tickets
Limited-lifetime session key: TGS sessionkey Shared by user and the TGS
TGT and TGS session-key cached on Alice’s workstation
![Page 41: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/41.jpg)
41
TGS Benefits
Single Sign-on (SSO) capability
Limits exposure of user’s password Alice’s workstation can forget the password
immediately after using it in the early stages of the protocol
Less data encrypted with the user’s secret key travels over the network, limiting attacker’s access to data that could be used in an offline dictionary attack
![Page 42: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/42.jpg)
42
![Page 43: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/43.jpg)
43
![Page 44: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/44.jpg)
44
![Page 45: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/45.jpg)
45
![Page 46: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/46.jpg)
46
Levels of Session Protection
Initial Authentication only
Safe messages: Authentication of every message
Keyed hashing with session key
Private messages: + Encryption of every message
With session key, or mutually negotiated subsession keys
Note: Application can choose other methods
![Page 47: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/47.jpg)
47
Pre-authentication
Kerberos 5 added pre-authentication Client is required to prove it’s identity to the
Kerberos AS in the first step By supplying an encrypted timestamp (encrypted
with users secret key) This prevents an active attacker being able to
easily obtain data from the KDC encrypted with any user’s key Then able to mount an offline dictionary attack
![Page 48: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/48.jpg)
48
![Page 49: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/49.jpg)
49
Kerberos & Two-factor auth
In addition to a secret password, user is required to present a physical item: A small electronic device: h/w authentication token Generates non-reusable numeric responses
Called 2-factor authentication, because it requires 2 things: Something the user knows (password) Something the user has (hardware token)
![Page 50: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/50.jpg)
50
Cross Realm Authentication
![Page 51: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/51.jpg)
51
Hierarchy/Chain of Realms
![Page 52: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/52.jpg)
52
Kerberos and PubKey Crypto
Proposed enhancements Public key crypto for Initial Authentication
“PKINIT” Public key crypto for Cross-realm Authentication
“PKCROSS”
![Page 53: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/53.jpg)
53
Kerberos: summary
Authentication method: User’s enter password on local machine only Authenticated via central KDC once per day No passwords travel over the network
Single Sign-on (via TGS): KDC gives you a special “ticket”, the TGT, usually
good for rest of the day TGT can be used to get other service tickets
allowing user to access them (when presented along with authenticators)
![Page 54: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/54.jpg)
54
Advantages of Kerberos (1)
Passwords aren’t exposed to eavesdroppingPassword is only typed to the local workstation
It never travels over the network It is never transmitted to a remote server
Password guessing more difficultSingle Sign-on
More convenient: only one password, entered once Users may be less likely to store passwords
Stolen tickets hard to reuse Need authenticator as well, which can’t be reused
Much easier to effectively secure a small set of limited access machines (the KDC’s)
![Page 55: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/55.jpg)
55
Advantages of Kerberos (2)
Easier to recover from host compromises
Centralized user account administration
![Page 56: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/56.jpg)
56
Kerberos caveats
Kerberos server can impersonate anyoneKDC is a single point of failure
Can have replicated KDC’s
KDC could be a performance bottleneck Everyone needs to communicate with it frequently Not a practical concern these days Having multiple KDC’s alleviates the problem
If local workstation is compromised, user’s password could be stolen by a trojan horse
Only use a desktop machine or laptop that you trust Use hardware token pre-authentication
![Page 57: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/57.jpg)
57
Kerberos caveats (2)
Kerberos vulnerable to password guessing attacks Choose good passwords! Use hardware pre-authentication
Hardware tokens, Smart cards etc
![Page 58: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/58.jpg)
58
References
Kerberos: An Authentication Service for Open Network Systems
Steiner, Neuman, Schiller, 1988, Winter USENIX
Kerberos: An Authentication Service for Computer Networks
Neuman and Ts’o, IEEE Communications, Sep 1994
A Moron’s guide to Kerberos - Brian Tung http://www.isi.edu/gost/brian/security/kerberos.html
Designing an Authentication System: A Dialogue in Four Scenes
Bill Bryant, 1988 http://web.mit.edu/kerberos/www/dialogue.html
![Page 59: 1 An Introduction to Kerberos Shumon Huque ISC Networking & Telecommunications University of Pennsylvania March 19th 2003](https://reader031.vdocuments.us/reader031/viewer/2022033103/56649e665503460f94b609a2/html5/thumbnails/59.jpg)
59
References (cont)
RFC 1510: The Kerberos Network Authentication Service (v5)
Kohl and Neuman, September 1993
draft-ietf-krb-wg-kerberos-clarifications-03.txt IETF Kerberos Working Group: rfc1510 revision
Using Encryption for Authentication in Large Networks of Computers
Roger Needham, Michael D. Schroeder CACM, Volume 21, December 1978, pp 993-999