Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Abstract - Security Symposium - 2000

Secure Coprocessor Integration with Kerberos V5

Naomaru Itoi, Center for Information Technology Integration, University of Michigan


The nightmare of Trusted Third Party (T3P) based protocol users is compromise of the T3P. Because the compromised T3P can read and modify any user information, the entire user group becomes vulnerable to secret revelation and user impersonation. Kerberos, one of the most widely used network authentication protocols, is no exception. When the Kerberos Key Distribution Center (KDC) is compromised, all the user keys are exposed, thus revealing all the encrypted data and allowing an adversary to impersonate any user. If an adversary has physical access to the KDC host, or can obtain administrator rights, KDC compromise is possible, and catastrophic. To solve this problem, and to demonstrate the capabilities of secure hardware, we have integrated the IBM 4758 secure coprocessor into Kerberos V5 KDC. As a result of the integration, our implemented KDC preserves security even if the KDC host has been compromised.
  • View the full text of this paper in HTML form and PDF form.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 29 Jan. 2002 ml
Technical Program
Conference index