VAF@SCORE.STANFORD.EDU (Vince Fuller) (05/12/88)
Recently, some people here have begun to grumble about the insecurities of having user passwords transmitted in the clear during TELNET sessions, FTP transfers, etc. I was wondering what solutions other places have devised to deal with this problem. I'd appreciate any information that TCP-IP readers have and any pointers to more information. Vince Fuller, Stanford Networking Systems -------
mar@ATHENA.MIT.EDU (05/13/88)
The kerberos authentication system can help solve this problem. When both hosts in a transaction are using kerberos, it is never necessary to send passwords across the network. For remote login, we have already modified Berkeley Unix rlogin to use kerberos. A kerberos solution could be written for other operating systems as well. The documents describing the protocol are available via anonymous FTP from athena-dist.mit.edu (at 18.71.0.38). The code is currently in beta test (we've been using a version at MIT for over a year now), and will be released at some point in the future. If you cannot use FTP or want more information, you may send a request to info-kerberos@athena.mit.edu. -Mark Rosenstein
budden@tetra.NOSC.MIL (Rex A. Buddenberg) (05/13/88)
Vince, You might be interested in the way Defense Data Network will be handling a similar problem. Classified users will employ end-to- end encryption to protect their data. This is in addition to any link (aka bulk) encryption of the links. Each classified user is blessed with a gadget called a Blacker front-end device (KOI-111). If you and Ivan want to hold a session over the net, you compare keys on connection-open to see if you can talk at the required level of classification. If you can't, your host fires off a message to the authentication host (somewhere 'out there') who validates your clearance level and need to know. Assuming you are OK to conduct this session, the authentication node sends an enabling message to the key control host (also 'out there') who then proceeds to issue keys to you and Ivan and off you go. When you are done, the keys can be made to evaporate (consider all the crypto custodian grunt labor and insecurity this gets rid of). I believe the key distribution process makes use of the RSA algorithms, but not sure. There are other complementary parts of this larger system. The trusted computer security standards for this will be top-drawer, (A1 in Orange-book-ese). Also the classified portion of DDN will be segregated from the unclas side (and all the rest of us out in net-land) probably forever. Rex Buddenberg USCG Headquarters