DataMuseum.dk

Presents historical artifacts from the history of:

DKUUG/EUUG Conference tapes

This is an automatic "excavation" of a thematic subset of
artifacts from Datamuseum.dk's BitArchive.

See our Wiki for more about DKUUG/EUUG Conference tapes

Excavated with: AutoArchaeologist - Free & Open Source Software. 

top - metrics - download
Index: T U

⟦16fe80c2e⟧ TextFile

    Length: 70901 (0x114f5)
    Types: TextFile
    Notes: Uncompressed file

Derivation

└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
    └─⟦2fa95cec5⟧ »./papers/Kerberos/dialogue.PS.Z« 
        └─⟦this⟧

TextFile

%!PS-Adobe-2.0
%%Title: dialogue.mss
%%DocumentFonts: (atend)
%%Creator: John T Kohl,,E40-321M,31510,6176432831 and Scribe 7(1700)
%%CreationDate: 25 February 1991 14:10
%%Pages: (atend)
%%EndComments
% PostScript Prelude for Scribe.
/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def
/ES {showpage SV restore} bind def
/SC {setrgbcolor} bind def
/FMTX matrix def
/RDF {WFT SLT 0.0 eq 
  {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore}
  {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore}
  ifelse makefont setfont} bind def
/SLT 0.0 def
/SI { /SLT exch cvr def RDF} bind def
/WFT /Courier findfont def
/SF { /WFT exch findfont def RDF} bind def
/SSZ 1000.0 def
/SS { /SSZ exch 100.0 mul def RDF} bind def
/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def
/MT /moveto load def
/XM {currentpoint exch pop moveto} bind def
/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto
   setlinewidth 0.0 rlineto stroke grestore} bind def
/LH {gsave newpath moveto setlinewidth
   0.0 rlineto
   gsave stroke grestore} bind def
/LV {gsave newpath moveto setlinewidth
   0.0 exch rlineto
   gsave stroke grestore} bind def
/BX {gsave newpath moveto setlinewidth
   exch
   dup 0.0 rlineto
   exch 0.0 exch neg rlineto
   neg 0.0 rlineto
   closepath
   gsave stroke grestore} bind def
/BX1 {grestore} bind def
/BX2 {setlinewidth 1 setgray stroke grestore} bind def
/PB {/PV save def newpath translate
    100.0 -100.0 scale pop /showpage {} def} bind def
/PE {PV restore} bind def
/GB {/PV save def newpath translate rotate
    div dup scale 100.0 -100.0 scale /showpage {} def} bind def
/GE {PV restore} bind def
/FB {dict dup /FontMapDict exch def begin} bind def
/FM {cvn exch cvn exch def} bind def
/FE {end /original-findfont /findfont load def  /findfont
   {dup FontMapDict exch known{FontMapDict exch get} if
   original-findfont} def} bind def
/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def
/EC /grestore load def
/SH /show load def
/MX {exch show 0.0 rmoveto} bind def
/W {0 32 4 -1 roll widthshow} bind def
/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def
/RC {100.0 -100.0 scale
612.0 0.0 translate
-90.0 rotate
.01 -.01 scale} bind def
/URC {100.0 -100.0 scale
90.0 rotate
-612.0 0.0 translate
.01 -.01 scale} bind def
/RCC {100.0 -100.0 scale
0.0 -792.0 translate 90.0 rotate
.01 -.01 scale} bind def
/URCC {100.0 -100.0 scale
-90.0 rotate 0.0 792.0 translate
.01 -.01 scale} bind def
%%EndProlog
%%Page: 0 1
BS
0 SI
10 /NewCenturySchlbk-Bold AF
20947 13697 MT
(Designing an Authentication System:)SH
23817 14933 MT
(a Dialogue in Four Scenes)SH
/NewCenturySchlbk-Italic SF
27996 18458 MT
(Bill Bryant)SH
/NewCenturySchlbk-Roman SF
27144 21041 MT
(Project Athena)SH
21685 22277 MT
(Massachusetts Institute of Technology)SH
25413 23513 MT
(Cambridge, MA 02139)SH
24516 24749 MT
(billb@ATHENA.MIT.EDU)SH
/NewCenturySchlbk-Bold SF
23880 29216 MT
(DRAFT, Februrary 8, 1988)SH
/NewCenturySchlbk-Italic SF
27785 43597 MT
(ABSTRACT)SH
9 /NewCenturySchlbk-Roman AF
9863 46647 MT
(This dialogue provides a fictitious account of the)
98 W( design of an open-network authentication system)97 W
9200 47695 MT
(called "Charon."  As the dialogue progresses,)
254 W( the characters Athena and Euripides discover the)255 W
9200 48743 MT
(problems of security inherent in an open network environment.  Each)
74 W( problem must be addressed in)73 W
9200 49791 MT
(the design of Charon, and the design evolves accordingly.  Athena)
51 W( and Euripides don't complete their)52 W
9200 50839 MT
(work until the dialogue's close.)SH
9863 52381 MT
(When they finish designing the system, Athena changes)
32 W( the system's name to "Kerberos," the name,)31 W
9200 53429 MT
(coincidentally enough, of the authentication system that)
187 W( was designed and implemented at MIT's)188 W
9200 54477 MT
(Project Athena.  The)
303 W( dialogue's "Kerberos" system bears a striking resemblence to the system)302 W
9200 55525 MT
(described in)91 W
/NewCenturySchlbk-Italic SF
14652 XM
(Kerberos: An Authentication Service for Open Network Systems)91 W
/NewCenturySchlbk-Roman SF
41750 XM
(presented at)
91 W( the Winter)92 W
9200 56573 MT
(USENIX 1988, at Dallas, Texas.)SH
10 SS 
12155 58400 MT
(Copyright)SH
/Symbol SF
17065 XM
(\323)SH
/NewCenturySchlbk-Roman SF
18411 XM
(1988 Massachusetts Institute of Technology.  All Rights Reserved.)SH
7200 61937 MT
(Permission to use, copy, modify, and distribute this)
67 W( documentation for any purpose and without fee)66 W
7200 63079 MT
(is hereby granted,)
92 W( provided that the above copyright notice appear in all copies and that both that)93 W
7200 64221 MT
(copyright notice and this permission notice appear in supporting)
49 W( documentation, and that the name)48 W
7200 65363 MT
(of M.I.T. not be used in advertising or publicity pertaining to distribution of the documentation)205 W
7200 66505 MT
(without specific, written prior permission.  M.I.T. makes no representations about the suitability)
70 W( of)69 W
7200 67647 MT
(this documentation for any purpose.  It is provided "as is" without express or implied warranty.)SH
ES
%%Page: 1 2
BS
0 SI
10 /NewCenturySchlbk-Bold AF
9980 7937 MT
(Dramatis Personae:)SH
/NewCenturySchlbk-BoldItalic SF
10536 10221 MT
(Athena)SH
/NewCenturySchlbk-Roman SF
(, an up and coming system developer.)SH
/NewCenturySchlbk-BoldItalic SF
10536 12505 MT
(Euripides)SH
/NewCenturySchlbk-Roman SF
(, a seasoned developer and resident crank.)SH
11 /NewCenturySchlbk-Bold AF
11790 17185 MT
(Scene I)SH
10 /NewCenturySchlbk-Italic AF
7200 18915 MT
(A cubicle area.  Athena and Euripides are working at neighboring terminals.)SH
/NewCenturySchlbk-BoldItalic SF
7200 20645 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11595 XM
(Hey Rip, this timesharing system is a drag.  I can't get any work done because everyone)113 W
7200 21881 MT
(else is logged in.)SH
/NewCenturySchlbk-BoldItalic SF
7200 23611 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Don't complain to me.  I only work here.)SH
/NewCenturySchlbk-BoldItalic SF
7200 25341 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11599 XM
(You know)
117 W( what we need?  We need to give everyone their own workstation so they don't)116 W
7200 26577 MT
(have to worry about)
375 W( sharing computer cycles.  And we'll use a network to connect all the)376 W
7200 27813 MT
(workstations so folks can communicate with one another.)SH
/NewCenturySchlbk-BoldItalic SF
7200 29543 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Fine. So what do we need, about a thousand workstations?)SH
/NewCenturySchlbk-BoldItalic SF
7200 31273 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(More or less.)SH
/NewCenturySchlbk-BoldItalic SF
7200 33003 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
13263 XM
(Have you seen the)
84 W( size of a typical workstation's disk drive?  There isn't enough room)83 W
7200 34239 MT
(for all the software that you have on a timesharing machine.)SH
/NewCenturySchlbk-BoldItalic SF
7200 35969 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11605 XM
(I figured that out already.  We can keep copies of the system software on various server)124 W
7200 37205 MT
(machines. When)
802 W( you login)
262 W( to a workstation, the workstation accesses the system software by)261 W
7200 38441 MT
(making a network connection with one of the servers.  This setup lets a whole bunch of)
23 W( workstations)24 W
7200 39677 MT
(use the same copy of the system software, and it makes software)
2 W( updates convenient.  You don't have)1 W
7200 40913 MT
(to trundle around to each workstation.  Just modify the system software servers.)SH
/NewCenturySchlbk-BoldItalic SF
7200 42643 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12888 XM
(All right.  What are you going to do about personal files?  With a)
71 W( timesharing system I)72 W
7200 43879 MT
(can login and get to)
112 W( my files from any terminal that is connected to the system.  Will I be able to)111 W
7200 45115 MT
(walk up to any workstation and automatically get to my files?  Or do I have to make like a PC)
54 W( user)55 W
7200 46351 MT
(and keep my files on diskette?  I hope not.)SH
/NewCenturySchlbk-BoldItalic SF
7200 48081 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11584 XM
(I think we)
102 W( can use other machines to provide personal file storage.  You can login to any)101 W
7200 49317 MT
(workstation and get to your files.)SH
/NewCenturySchlbk-BoldItalic SF
7200 51047 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12937 XM
(What about printing? Does every workstation have)
120 W( its own printer? Whose money are)121 W
7200 52283 MT
(you spending)
60 W( anyway?  And what about electronic mail? How are you going to distribute mail to all)59 W
7200 53519 MT
(these workstations?)SH
/NewCenturySchlbk-BoldItalic SF
7200 55249 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11520 XM
(Ah . . . Well obviously we don't have the cash to give)
38 W( everyone a printer, but we could have)39 W
7200 56485 MT
(machines dedicated to print service.  You send a job to a print server, and it prints it for you.  You)78 W
7200 57721 MT
(could do sort of the same thing with mail.  Have a machine)
11 W( dedicated to mail service.  You want your)12 W
7200 58957 MT
(mail, you contact the mail server and pick up your mail.)SH
/NewCenturySchlbk-BoldItalic SF
7200 60687 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12845 XM
(Your workstation)
28 W( system sounds really good Tina.  When I get mine, you know what I'm)27 W
7200 61923 MT
(going to do?  I'm)
93 W( going to find out your username, and get my workstation to think that I am you.)94 W
7200 63159 MT
(Then I'm going to contact the mail server and pick up your mail.  I'm going to)
9 W( contact your file server)8 W
7200 64395 MT
(and remove your files, and--)SH
/NewCenturySchlbk-BoldItalic SF
7200 66125 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Can you do that?)SH
/NewCenturySchlbk-BoldItalic SF
7200 67855 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Sure! How)
278 W( are these network servers going to know that I'm not you?)SH
/NewCenturySchlbk-BoldItalic SF
7200 69585 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Gee, I don't know.  I guess I need to do some thinking.)SH
/NewCenturySchlbk-BoldItalic SF
7200 71315 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Sounds like it.  Let me know when you figure it out.)SH
/NewCenturySchlbk-Bold SF
30368 75600 MT
(1)SH
ES
%%Page: 2 3
BS
0 SI
11 /NewCenturySchlbk-Bold AF
11790 11021 MT
(Scene II)SH
10 /NewCenturySchlbk-Italic AF
7200 12751 MT
(Euripides' office, the next morning. Euripides sits at his desk, reading his mail.)
7 W( Athena)
294 W( knocks on the)8 W
7200 13987 MT
(door.)SH
/NewCenturySchlbk-BoldItalic SF
7200 15717 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11648 XM
(Well I've figured out how to secure an open network environment so that)
166 W( unscrupulous)165 W
7200 16953 MT
(folks like you cannot use network services in other people's names.)SH
/NewCenturySchlbk-BoldItalic SF
7200 18683 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Is that so?  Have a seat.)SH
/NewCenturySchlbk-Italic SF
7200 20413 MT
(She does.)SH
/NewCenturySchlbk-BoldItalic SF
7200 22143 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Before I describe it, can I lay down one ground rule about this discussion?)SH
/NewCenturySchlbk-BoldItalic SF
7200 23873 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(What's your rule?)SH
/NewCenturySchlbk-BoldItalic SF
7200 25603 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11581 XM
(Well suppose I say something like the following:  "I)
99 W( want my electronic mail, so I contact)100 W
7200 26839 MT
(the mail server and ask it to send the mail to my workstation."  In reality)
115 W( I'm not the entity that)114 W
7200 28075 MT
(contacts the mail server.  I'm using a program to contact the mail server)
128 W( and retrieve my mail, a)129 W
7200 29311 MT
(program that is a CLIENT of the mail service program.)SH
7200 31041 MT
(But I don't want to say "the client does such-and-such" every time I refer)
89 W( to a transaction between)88 W
7200 32277 MT
(the user and a network server.  I'd just as soon say "I do such-and-such,")
61 W( keeping in mind of course)62 W
7200 33513 MT
(that a client program is doing things on my behalf.  Is that okay with you?)SH
/NewCenturySchlbk-BoldItalic SF
7200 35243 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Sure. No)
278 W( problem.)SH
/NewCenturySchlbk-BoldItalic SF
7200 36973 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11697 XM
(Good. All)
708 W( right, I'll begin by)
215 W( stating the problem I have solved.  In an open network)214 W
7200 38209 MT
(environment, machines that provide services must be able to confirm the identities of people who)138 W
7200 39445 MT
(request service.  If I contact the mail server and ask for)
3 W( my mail, the service program must be able to)2 W
7200 40681 MT
(verify that I am who I claim to be, right?)SH
/NewCenturySchlbk-BoldItalic SF
7200 42411 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Right.)SH
/NewCenturySchlbk-BoldItalic SF
7200 44141 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11607 XM
(You could solve the problem)
125 W( clumsily by requiring the mail server to ask for a password)126 W
7200 45377 MT
(before I could use it.  I prove who I am to the server by giving it my password.)SH
/NewCenturySchlbk-BoldItalic SF
7200 47107 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12871 XM
(That's clumsy all right.  In a system like that, every server has to know)
54 W( your password.)53 W
7200 48343 MT
(If the network has one)
133 W( thousand users, each server has to know one thousand passwords.  If you)134 W
7200 49579 MT
(want to change your password, you have to contact all servers and notify them of)
29 W( the change.  I take)28 W
7200 50815 MT
(it your system isn't this stupid.)SH
/NewCenturySchlbk-BoldItalic SF
7200 52545 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11606 XM
(My system)
124 W( isn't stupid.  It works like this:  Not only do people have passwords, services)125 W
7200 53781 MT
(have passwords too. Each user knows her or his password, each service program)
8 W( knows its password,)7 W
7200 55017 MT
(and there's an AUTHENTICATION SERVICE that knows ALL passwords--each user's)
173 W( password,)174 W
7200 56253 MT
(and each service's password.  The authentication)
4 W( service stores the passwords in a single, centralized)3 W
7200 57489 MT
(database.)SH
/NewCenturySchlbk-BoldItalic SF
7200 59219 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Do you have a name for this authentication service?)SH
/NewCenturySchlbk-BoldItalic SF
7200 60949 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(I haven't thought of one yet.  Do you have any ideas?)SH
/NewCenturySchlbk-BoldItalic SF
7200 62679 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(What's the name of that fellow who ferries the dead across the River Styx?)SH
/NewCenturySchlbk-BoldItalic SF
7200 64409 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Charon?)SH
/NewCenturySchlbk-BoldItalic SF
7200 66139 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Yeah, that's him.  He won't take you across the river unless you can prove your identity.)SH
/NewCenturySchlbk-BoldItalic SF
7200 67869 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11489 XM
(There you go Rip, trying)
7 W( to rewrite Greek mythology again.  Charon doesn't care about your)8 W
7200 69105 MT
(identity. He)
278 W( just wants to make sure that you're dead.)SH
/NewCenturySchlbk-BoldItalic SF
7200 70835 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Have you got a better name?)SH
/NewCenturySchlbk-Bold SF
30313 75600 MT
(2)SH
ES
%%Page: 3 4
BS
0 SI
10 /NewCenturySchlbk-Italic AF
7200 7937 MT
(Pause.)SH
/NewCenturySchlbk-BoldItalic SF
7200 9667 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(No, not really.)SH
/NewCenturySchlbk-BoldItalic SF
7200 11397 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Then let's call the authentication service "Charon.")SH
/NewCenturySchlbk-BoldItalic SF
7200 13127 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Okay. I)
278 W( guess I should describe the system, huh?)SH
7200 14857 MT
(Let's say you)
45 W( want to use a service, the mail service.  In my system you cannot use a service unless,)44 W
7200 16093 MT
(ah, Charon tells the service that)
82 W( you are who you claim to be.  And you can't get the okay to use a)83 W
7200 17329 MT
(service unless you have authenticated yourself to Charon.  When you request authentication)
123 W( from)122 W
7200 18565 MT
(Charon, you have to tell)
2 W( Charon the service for which you want the okay.  If you want to use the mail)3 W
7200 19801 MT
(server, you've got to tell Charon.)SH
7200 21531 MT
(Charon asks you to prove your identity.  You do so by)
23 W( providing your secret password.  Charon takes)22 W
7200 22767 MT
(your password and compares it to the)
72 W( one that is registered for you in the Charon database.  If the)73 W
7200 24003 MT
(two passwords match, Charon considers your identity proven.)SH
7200 25733 MT
(Charon now has to convince the mail server that you are who you)
38 W( say you are.  Since Charon knows)37 W
7200 26969 MT
(all service passwords, it knows the mail service's)
62 W( password.  It's conceivable that Charon could give)63 W
7200 28205 MT
(you the password,)
50 W( which you could forward to the mail service as proof that you have authenticated)49 W
7200 29441 MT
(yourself to Charon.)SH
7200 31171 MT
(The problem is,)
16 W( Charon cannot give you the password directly, because then you would know it.  The)17 W
7200 32407 MT
(next time you wanted mail, you could circumvent)
64 W( Charon and use the mail server without correctly)63 W
7200 33643 MT
(identifying yourself.  You could even pretend to be someone else, and use the mail server in that)142 W
7200 34879 MT
(other person's name.)SH
7200 36609 MT
(So instead of giving you the mail server's password, Charon gives you a mail)
50 W( service TICKET.  This)49 W
7200 37845 MT
(ticket contains a version)
405 W( of your username that has been ENCRYPTED USING the MAIL)406 W
7200 39081 MT
(SERVER'S PASSWORD.)SH
7200 40811 MT
(Ticket in hand, you can)
1 W( now ask the mail service for your mail.  You make your request by telling the)SH
7200 42047 MT
(mail server who you are, and furnishing the ticket that proves you are who you say you are.)SH
7200 43777 MT
(The server uses)
146 W( its password to decrypt the ticket, and if the ticket decrypts properly, the server)147 W
7200 45013 MT
(ends up with the username that Charon placed in the ticket.)SH
7200 46743 MT
(The service compares this name with the name you sent along)
49 W( with the ticket.  If the names match,)48 W
7200 47979 MT
(the mail server considers your identity proven and proceeds to give you your mail.)SH
7200 49709 MT
(What do you think of those apples?)SH
/NewCenturySchlbk-BoldItalic SF
7200 51439 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(I've got some questions.)SH
/NewCenturySchlbk-BoldItalic SF
7200 53169 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(I figured.  Well go ahead.)SH
/NewCenturySchlbk-BoldItalic SF
7200 54899 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12927 XM
(When a service program decrypts)
110 W( a ticket, how does it know that it has decrypted the)111 W
7200 56135 MT
(ticket properly?)SH
/NewCenturySchlbk-BoldItalic SF
7200 57865 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(I don't know.)SH
/NewCenturySchlbk-BoldItalic SF
7200 59595 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12954 XM
(Maybe you should include the service's name in the ticket.  That way when a)
137 W( service)136 W
7200 60831 MT
(decrypts a ticket, it can gauge its success on whether or not it can find)
119 W( its name in the decrypted)120 W
7200 62067 MT
(ticket.)SH
/NewCenturySchlbk-BoldItalic SF
7200 63797 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(That sounds good to me.  So the ticket looks something like this:)SH
/NewCenturySchlbk-Italic SF
7200 65527 MT
(She scrawls the following on a pad of paper:)SH
/Courier-Bold SF
9000 67332 MT
(TICKET -  {username:servicename})SH
/NewCenturySchlbk-BoldItalic SF
7200 69200 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(So the service ticket contains just your username and the servicename?)SH
/NewCenturySchlbk-BoldItalic SF
7200 70930 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Encrypted with the service's password.)SH
/NewCenturySchlbk-Bold SF
30313 75600 MT
(3)SH
ES
%%Page: 4 5
BS
0 SI
10 /NewCenturySchlbk-BoldItalic AF
7200 7937 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(I don't think that's enough information to make the ticket secure.)SH
/NewCenturySchlbk-BoldItalic SF
7200 9667 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(What do you mean?)SH
/NewCenturySchlbk-BoldItalic SF
7200 11397 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12920 XM
(Let's suppose you ask Charon for a mail server)
103 W( ticket.  Charon prepares that ticket so)102 W
7200 12633 MT
(that it has your)
8 W( username "tina" in it. Suppose I copy that ticket as it wizzes by on its way across the)9 W
7200 13869 MT
(network from Charon to you.)
172 W( Suppose)
620 W( I convince my insecure workstation that my username is)171 W
7200 15105 MT
("tina." The)
528 W( mail client program on my workstation thinks I am you.  In your name, the program)125 W
7200 16341 MT
(forwards the stolen ticket to the mail server.  The server decrypts the)
25 W( ticket and sees that it is valid.)24 W
7200 17577 MT
(The username in the ticket matches the name of)
24 W( the user who sent the ticket.  The mail server gives)25 W
7200 18813 MT
(me your mail . . .)SH
/NewCenturySchlbk-BoldItalic SF
7200 20543 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Oh! Well)
278 W( that's not so good.)SH
/NewCenturySchlbk-BoldItalic SF
7200 22273 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12859 XM
(But I think I know a way to fix this problem.  Or to at)
42 W( least provide a partial fix to it.  I)41 W
7200 23509 MT
(think Charon should include more information in the service tickets it produces.  In addition to the)66 W
7200 24745 MT
(username, the ticket should also include)
218 W( the NETWORK ADDRESS from which the user asked)217 W
7200 25981 MT
(Charon for the ticket.  That gives you an additional level of security.)SH
7200 27711 MT
(I'll illustrate. Suppose I steal your mail ticket now.)
212 W( The)
704 W( ticket has your workstation's network)213 W
7200 28947 MT
(address in it, and this address does not match my workstation's address.  In your name I)
5 W( forward the)4 W
7200 30183 MT
(purloined ticket to the mail server.  The)
24 W( server program extracts the username and network address)25 W
7200 31419 MT
(from the ticket and attempts to)
63 W( match that information against the username and network address)62 W
7200 32655 MT
(of the entity that sent the ticket.  The username matches, but the network address does not.)
103 W( The)485 W
7200 33891 MT
(server rejects the ticket because obviously it was stolen.)SH
/NewCenturySchlbk-BoldItalic SF
7200 35621 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Bravo, bravo!  I wish I had thought of that.)SH
/NewCenturySchlbk-BoldItalic SF
7200 37351 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Well that's what I'm around for.)SH
/NewCenturySchlbk-BoldItalic SF
7200 39081 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(So the revised ticket design looks like this)SH
/NewCenturySchlbk-Italic SF
7200 40811 MT
(She scrawls the following on a chalkboard:)SH
/Courier-Bold SF
8400 42616 MT
(TICKET -)
SH( {username:ws_address:servicename})1200 W
/NewCenturySchlbk-BoldItalic SF
7200 44484 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11760 XM
(Now I'm really excited.  Let's build a Charon system and see if it works!)SH
/NewCenturySchlbk-BoldItalic SF
7200 46214 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Not so fast.  I have some other questions about your system.)SH
/NewCenturySchlbk-BoldItalic SF
7200 47944 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(All right. \050Athena leans forward in her chair\051 Shoot.)SH
/NewCenturySchlbk-BoldItalic SF
7200 49674 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12857 XM
(Sounds like)
40 W( I've got to get a new ticket every time I want to use a service. If I'm putting)39 W
7200 50910 MT
(in a full day's work, I'll probably want to get my mail more than once.  Do I have)
37 W( to get a new ticket)38 W
7200 52146 MT
(every time I want to get my mail?  If that's true, I don't like your system.)SH
/NewCenturySchlbk-BoldItalic SF
7200 53876 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11501 XM
(Ah . . . Well I don't see why tickets can't be reusable.  If you get a)
19 W( ticket for the mail server,)18 W
7200 55112 MT
(you ought)
38 W( to be able to use it again and again.  For instance, when the mail client program makes a)39 W
7200 56348 MT
(request for service in your name, it forwards a COPY of the ticket to the mail server.)SH
/NewCenturySchlbk-BoldItalic SF
7200 58078 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12894 XM
(That's better. But I still have)
77 W( problems.  You seem to imply that I have to give Charon)76 W
7200 59314 MT
(my password every time I want to)
57 W( use a service for which I don't have a ticket.  I login and want to)58 W
7200 60550 MT
(access my files. I fire off a request to Charon for the proper)
7 W( ticket and this means that I've had to use)6 W
7200 61786 MT
(my password.)
228 W( Then)
736 W( I want to read my mail.  Another request to Charon, I have to enter my)229 W
7200 63022 MT
(password again.  Now suppose I want to send one of my mail messages to the)
40 W( print server.  Another)39 W
7200 64258 MT
(Charon request and, well you get the picture.)SH
/NewCenturySchlbk-BoldItalic SF
7200 65988 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Uh, yeah, I do.)SH
/NewCenturySchlbk-BoldItalic SF
7200 67718 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12978 XM
(And if that weren't bad enough,)
161 W( consider this:  it sounds like when you authenticate)162 W
7200 68954 MT
(yourself to Charon, you send your)
48 W( secret password over the network in cleartext.  Clever people like)47 W
7200 70190 MT
(yours truly can monitor the network and steal copies of people's)
3 W( passwords. If I've got your password,)4 W
7200 71426 MT
(I can use any service in your name.)SH
/NewCenturySchlbk-Bold SF
30313 75600 MT
(4)SH
ES
%%Page: 5 6
BS
0 SI
10 /NewCenturySchlbk-Italic AF
7200 7937 MT
(Athena sighs.)SH
/NewCenturySchlbk-BoldItalic SF
7200 9667 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(These are serious problems. Guess I need to go back to the drawing board.)SH
11 /NewCenturySchlbk-Bold AF
11790 13693 MT
(Scene III)SH
10 /NewCenturySchlbk-Italic AF
7200 15423 MT
(The next morning, Athena catches Euripides at the coffee)
87 W( area.  She taps him on the shoulder as he)86 W
7200 16659 MT
(fills his cup.)SH
/NewCenturySchlbk-BoldItalic SF
7200 18389 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(I've got a new version of Charon that solves our problems.)SH
/NewCenturySchlbk-BoldItalic SF
7200 20119 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Really? That)
278 W( was quick.)SH
/NewCenturySchlbk-BoldItalic SF
7200 21849 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Well, you know, problems of this nature keep me up all night.)SH
/NewCenturySchlbk-BoldItalic SF
7200 23579 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Must be your guilty conscience.  Shall we repair to yon small conference room?)SH
/NewCenturySchlbk-BoldItalic SF
7200 25309 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Why not?)SH
/NewCenturySchlbk-Italic SF
7200 27039 MT
(The two move to the small conference room.)SH
/NewCenturySchlbk-BoldItalic SF
7200 28769 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11853 XM
(I'll begin by stating)
371 W( the problems again, but I'll invert them so that they become)372 W
7200 30005 MT
(requirements of the system.)SH
/NewCenturySchlbk-Italic SF
7200 31735 MT
(Athena clears her throat.)SH
/NewCenturySchlbk-BoldItalic SF
7200 33465 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11574 XM
(The first requirement: Users only have to enter their passwords once, at)
92 W( the beginning of)91 W
7200 34701 MT
(their workstation sessions.  This requirement implies that you shouldn't have to enter your)355 W
7200 35937 MT
(password every time)
65 W( you need a new service ticket.  The second requirement: passwords should not)64 W
7200 37173 MT
(be sent over the network in clear text.)SH
/NewCenturySchlbk-BoldItalic SF
7200 38903 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Okay.)SH
/NewCenturySchlbk-BoldItalic SF
7200 40633 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11533 XM
(I'll start with the)
51 W( first requirement:  you should only have to use your password once.  I've)52 W
7200 41869 MT
(met this requirement by inventing a new network service.)
39 W( It's)
355 W( called the "ticket-granting" service, a)38 W
7200 43105 MT
(service that issues Charon tickets to)
111 W( users who have already proven their identity to Charon. You)112 W
7200 44341 MT
(can use this ticket-granting service if you have a ticket for it, a ticket-granting ticket.)SH
7200 46071 MT
(The ticket-granting service is really just a version of Charon)
184 W( in as much as it has access to the)183 W
7200 47307 MT
(Charon database.  It's a part of Charon that lets you authenticate yourself with a ticket instead of)
40 W( a)41 W
7200 48543 MT
(password.)SH
7200 50273 MT
(Anyhow, the authentication system)
206 W( now works as follows: you login to a workstation and use a)205 W
7200 51509 MT
(program called)44 W
/NewCenturySchlbk-Italic SF
14494 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
17005 XM
(to contact the Charon server.  You prove your identity to Charon, and the)44 W
/NewCenturySchlbk-Italic SF
51811 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
7200 52745 MT
(program gets you a ticket-granting ticket.)SH
7200 54475 MT
(Now say you want to get your mail from)
39 W( the mail server.  You don't have a mail server ticket yet, so)38 W
7200 55711 MT
(you use)
48 W( the "ticket-granting" ticket to get the mail server ticket for you.  You don't have to use your)49 W
7200 56947 MT
(password to get the new ticket.)SH
/NewCenturySchlbk-BoldItalic SF
7200 58677 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
13034 XM
(Do I)
217 W( have to get a new "ticket-granting" ticket every time I need to get to another)216 W
7200 59913 MT
(network service?.)SH
/NewCenturySchlbk-BoldItalic SF
7200 61643 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11531 XM
(No. Remember,)
376 W( we agreed last time that tickets can be reused.  Once you have acquired)
49 W( a)50 W
7200 62879 MT
(ticket-granting ticket, you don't need to get another. You use the)
141 W( ticket-granting ticket to get the)140 W
7200 64115 MT
(other tickets you need.)SH
/NewCenturySchlbk-BoldItalic SF
7200 65845 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
13079 XM
(Okay, that makes sense.)
262 W( And since you can reuse tickets, once the ticket-granting)263 W
7200 67081 MT
(service has given you a ticket)
134 W( for a particular service, you don't need to get that particular ticket)133 W
7200 68317 MT
(again.)SH
/NewCenturySchlbk-BoldItalic SF
7200 70047 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Yeah, isn't that elegant?)SH
/NewCenturySchlbk-BoldItalic SF
7200 71777 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12883 XM
(Okay, I)
66 W( buy it so far . . .  As long as you didn't have to send your password in cleartext)67 W
/NewCenturySchlbk-Bold SF
30313 75600 MT
(5)SH
ES
%%Page: 6 7
BS
0 SI
10 /NewCenturySchlbk-Roman AF
7200 7937 MT
(over the network when you got the ticket-granting ticket.)SH
/NewCenturySchlbk-BoldItalic SF
7200 9667 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11545 XM
(Like I said, I've solved that)
63 W( problem as well.  The thing is, when I say you have to contact)62 W
7200 10903 MT
(Charon to get the ticket-granting ticket,)
52 W( I make it sound as though you have to send your password)53 W
7200 12139 MT
(in cleartext over the network to the Charon Server.  But it doesn't have to be that way.)SH
7200 13869 MT
(Here's really what happens.  When you use the)49 W
/NewCenturySchlbk-Italic SF
29692 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
32208 XM
(program to get the)
49 W( ticket-granting ticket,)48 W
/NewCenturySchlbk-Italic SF
51811 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
7200 15105 MT
(doesn't send your password to the Charon server,)SH
/NewCenturySchlbk-Italic SF
30265 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
32732 XM
(sends only your username.)SH
/NewCenturySchlbk-BoldItalic SF
7200 16835 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Fine.)SH
/NewCenturySchlbk-BoldItalic SF
7200 18565 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11526 XM
(Charon uses the username to look up your password.  Next Charon builds)
44 W( a packet of data)45 W
7200 19801 MT
(that contains the ticket-granting ticket.  Before it sends you the packet, Charon uses)
45 W( your password)44 W
7200 21037 MT
(to encrypt the packet's contents.)SH
7200 22767 MT
(Your workstation receives the ticket packet.)
SH( You)
279 W( enter your password.)1 W
/NewCenturySchlbk-Italic SF
40503 XM
(Kinit)SH
/NewCenturySchlbk-Roman SF
43156 XM
(attempts to decrypt the)1 W
7200 24003 MT
(ticket with the password you entered.  If)11 W
/NewCenturySchlbk-Italic SF
26283 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
28761 XM
(succeeds, you have successfully authenticated yourself)11 W
7200 25239 MT
(to Charon.  You now possess a ticket-granting ticket, and that ticket can get you the other tickets)108 W
7200 26475 MT
(you require.)SH
7200 28205 MT
(How's that for some fancy thinking?)SH
/NewCenturySchlbk-BoldItalic SF
7200 29935 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12891 XM
(I don't know . . .)
74 W( I'm trying to think myself.  You know, I think the parts of the system)73 W
7200 31171 MT
(that you just described work pretty well.  Your system requires me to)
28 W( authenticate myself only once.)29 W
7200 32407 MT
(Thereafter Charon)
28 W( can issue me service tickets without my being aware of it.  Seamless, seamless in)27 W
7200 33643 MT
(that regard.  But there's something about the design of the)
30 W( service ticket that troubles me somehow.)31 W
7200 34879 MT
(It has to do with the fact that tickets are)
73 W( reusable.  Now I agree that they have to be reusable, but)72 W
7200 36115 MT
(reusable tickets are, by their nature, very dangerous.)SH
/NewCenturySchlbk-BoldItalic SF
7200 37845 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(What do you mean?)SH
/NewCenturySchlbk-BoldItalic SF
7200 39575 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12921 XM
(Look at it this way.  Suppose you are using an insecure workstation.  In)
104 W( the course of)105 W
7200 40811 MT
(your login session you)
13 W( acquire a mail service ticket, a printing service ticket, and a file service ticket.)12 W
7200 42047 MT
(Suppose you inadvertantly leave these tickets on the workstation when you logout.)SH
7200 43777 MT
(Now suppose I)
62 W( login to the workstation and find those tickets.  I'm feeling like causing trouble, so I)63 W
7200 45013 MT
(make the workstation think that I am you.  Since the tickets are made out in your)
67 W( name, I can use)66 W
7200 46249 MT
(the mail client program to access your mail, I can use the file service client to)
126 W( access and remove)127 W
7200 47485 MT
(your files, and I can use the printing command)
112 W( to run up huge bills on your account.  All because)111 W
7200 48721 MT
(these tickets have been accidentally left lying around.)SH
7200 50451 MT
(And nothing can keep me from copying these tickets to a place of my own.  I can)
130 W( continue to use)131 W
7200 51687 MT
(them for all eternity.)SH
/NewCenturySchlbk-BoldItalic SF
7200 53417 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11599 XM
(But that's an easy fix.  We just write a program that)
117 W( destroys a user's tickets after each)116 W
7200 54653 MT
(login session.  You can't use tickets that have been destroyed.)SH
/NewCenturySchlbk-BoldItalic SF
7200 56383 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12972 XM
(Well obviously your system)
155 W( must have a ticket-destroying program, but it's foolish to)156 W
7200 57619 MT
(make users rely on such a thing.)
11 W( You)
299 W( can't count on users to remember to destroy their tickets every)10 W
7200 58855 MT
(time they finish a workstation)
19 W( session.  And even if you rely upon your users to destroy their tickets,)20 W
7200 60091 MT
(consider the following scenario.)SH
7200 61821 MT
(I've got a program)
231 W( that watches the network and copies service tickets as they zip accross the)230 W
7200 63057 MT
(network. Suppose)
314 W( I feel like victimizing you.)
18 W( I)
316 W( wait for you to begin a workstation session, I turn on)19 W
7200 64293 MT
(my program and copy a bunch of your tickets.)SH
7200 66023 MT
(I wait for you)
284 W( to finish your session, and eventually you logout and leave.  I fiddle with my)283 W
7200 67259 MT
(workstation's network software and change its address so that it matches)
306 W( the address of the)307 W
7200 68495 MT
(workstation you were using when you)
58 W( acquired the tickets I copied.  I make my workstation believe)57 W
7200 69731 MT
(that I am you.  I have your tickets, your username, and the)
24 W( correct network address.  I can REPLAY)25 W
7200 70967 MT
(these tickets and use services in your name.)SH
/NewCenturySchlbk-Bold SF
30313 75600 MT
(6)SH
ES
%%Page: 7 8
BS
0 SI
10 /NewCenturySchlbk-Roman AF
7200 7937 MT
(It doesn't matter that you destroyed your tickets before you ended your)
127 W( workstation session.  The)126 W
7200 9173 MT
(tickets I have stolen are valid for as long as I care to use)
87 W( them, because your current ticket design)88 W
7200 10409 MT
(does not place a limit on the number of times you can reuse a ticket, or on how long a ticket remains)24 W
7200 11645 MT
(valid.)SH
/NewCenturySchlbk-BoldItalic SF
7200 13375 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11724 XM
(Oh I see what you're saying!)
242 W( Tickets)
763 W( can't be valid forever because they would then)243 W
7200 14611 MT
(constitute a huge security risk.  We have to restrict the length of time for which a ticket)
16 W( can be used,)15 W
7200 15847 MT
(perhaps give each ticket some kind of expiration date.)SH
/NewCenturySchlbk-BoldItalic SF
7200 17577 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12824 XM
(Exactly. I think each ticket needs to have two additional pieces)
7 W( of information: a lifespan)8 W
7200 18813 MT
(that indicates the length of time for which the ticket is valid, and a timestamp that)
126 W( indicates the)125 W
7200 20049 MT
(date and time at which Charon issued the ticket.  So a ticket would look something like this:)SH
/NewCenturySchlbk-Italic SF
7200 21779 MT
(Euripides goes to the chalkboard and scrawls the following:)SH
/Courier-Bold SF
9000 23584 MT
(TICKET {username:address:servicename:lifespan:timestamp})1200 W
/NewCenturySchlbk-BoldItalic SF
7200 25452 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12819 XM
(Now when a service decrypts tickets, it checks the ticket's username and address against)2 W
7200 26688 MT
(the name)
198 W( and address of the person sending the ticket, and it uses the timestamp and lifespan)197 W
7200 27924 MT
(information to see if the ticket has expired.)SH
/NewCenturySchlbk-BoldItalic SF
7200 29654 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(All right.  What kind of lifetime should the typical service ticket have?)SH
/NewCenturySchlbk-BoldItalic SF
7200 31384 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(I don't know.  Probably the length of a typical workstation session.  Say eight hours.)SH
/NewCenturySchlbk-BoldItalic SF
7200 33114 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11496 XM
(So if I sit at my workstation for)
14 W( more than eight hours, all my tickets expire.  That includes)15 W
7200 34350 MT
(my ticket-granting ticket.  So I have to reauthenticate myself to Charon after eight hours.)SH
/NewCenturySchlbk-BoldItalic SF
7200 36080 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(That's not unreasonable is it?)SH
/NewCenturySchlbk-BoldItalic SF
7200 37810 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11553 XM
(I guess not.  So we're settled--tickets expire)
71 W( after eight hours.  Now I've got a question for)70 W
7200 39046 MT
(you. Suppose)
278 W( I have copied YOUR tickets from the network--)SH
/NewCenturySchlbk-BoldItalic SF
7200 40776 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(\050)SH
/NewCenturySchlbk-Italic SF
(Eyes twinkling)SH
/NewCenturySchlbk-Roman SF
(\051 Aw, Tina!  You wouldn't really do that would you?)SH
/NewCenturySchlbk-BoldItalic SF
7200 42506 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11496 XM
(This is just for the sake of argument.  I've copied your tickets.)
14 W( Now)
308 W( I wait for you to logout.)15 W
7200 43742 MT
(Suppose you have)
93 W( a doctor's appointment or a class to attend, so you end your workstation session)92 W
7200 44978 MT
(after a couple of)
75 W( hours.  You are a smart boots and have destroyed your copies of the tickets before)76 W
7200 46214 MT
(logging out.)SH
7200 47944 MT
(But I've stolen your tickets, and they are good for about six hours.  That gives me ample time)
137 W( to)136 W
7200 49180 MT
(pillage your files and print one thousand copies of whatever in your name.)SH
7200 50910 MT
(See, the lifetime-timestamp business works fine in the event that a ticket thief chooses to replay the)31 W
7200 52146 MT
(ticket after the ticket has expired.  If the thief can replay the ticket before that . . .)SH
/NewCenturySchlbk-BoldItalic SF
7200 53876 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Uh, well . . . Of course you are right.)SH
/NewCenturySchlbk-BoldItalic SF
7200 55606 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(I think we have run into a major problem.)SH
/NewCenturySchlbk-Italic SF
31182 XM
(She sighs.)SH
7200 57336 MT
(Pause.)SH
/NewCenturySchlbk-BoldItalic SF
7200 59066 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(I guess that means you'll be busy tonight.  Want more coffee?)SH
/NewCenturySchlbk-BoldItalic SF
7200 60796 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Why not.)SH
/NewCenturySchlbk-Italic SF
7200 62526 MT
(The two head for the coffee machine.)SH
11 /NewCenturySchlbk-Bold AF
11790 66552 MT
(Scene IV)SH
10 /NewCenturySchlbk-Italic AF
7200 68282 MT
(The next morning in Euripides' office.  Athena knocks on the door.)SH
/NewCenturySchlbk-BoldItalic SF
7200 70012 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(You've got rings under your eyes this morning.)SH
/NewCenturySchlbk-BoldItalic SF
7200 71742 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Well, you know.  Another one of those long nights.)SH
/NewCenturySchlbk-Bold SF
30313 75600 MT
(7)SH
ES
%%Page: 8 9
BS
0 SI
10 /NewCenturySchlbk-BoldItalic AF
7200 7937 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Have you solved the replay problem?)SH
/NewCenturySchlbk-BoldItalic SF
7200 9667 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(I think so.)SH
/NewCenturySchlbk-BoldItalic SF
7200 11397 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Have a seat.)SH
/NewCenturySchlbk-Italic SF
7200 13127 MT
(She does.)SH
/NewCenturySchlbk-BoldItalic SF
7200 14857 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11624 XM
(As usual, I feel compelled to restate)
142 W( the problem.  Tickets are reusable within a limited)141 W
7200 16093 MT
(timespan, say eight hours.  If someone steals your tickets and chooses to replay)
129 W( them before they)130 W
7200 17329 MT
(expire, we can't do anything to stop them.)SH
/NewCenturySchlbk-BoldItalic SF
7200 19059 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(That's the problem.)SH
/NewCenturySchlbk-BoldItalic SF
7200 20789 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(We could beat the problem if we designed the tickets so they couldn't be reusable.)SH
/NewCenturySchlbk-BoldItalic SF
7200 22519 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12933 XM
(But then you would have to get a new)
116 W( ticket every time you wanted to use a network)115 W
7200 23755 MT
(service.)SH
/NewCenturySchlbk-BoldItalic SF
7200 25485 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11756 XM
(Right. That)
826 W( is a clumsy solution at best.  \050Pause.\051)
274 W( Ah,)
827 W( how do I proceed with my)275 W
7200 26721 MT
(argument? \050She ponders for a moment.\051)SH
7200 28451 MT
(All right, I'm going to restate the problem again, this time in the form of a requirement.  A)
46 W( network)45 W
7200 29687 MT
(service must be able to prove that the person)
64 W( using a ticket is the same person to whom that ticket)65 W
7200 30923 MT
(was issued.)SH
7200 32653 MT
(Let me trace the authentication process again and see if I can tease out)
199 W( an appropriate way to)198 W
7200 33889 MT
(illustrate my solution to this problem.)SH
7200 35619 MT
(I want to use a certain network service.  I)
123 W( access that service by starting a client program on my)124 W
7200 36855 MT
(workstation. The)
658 W( client sends three things to the service machine--)
190 W( my name, my workstation's)189 W
7200 38091 MT
(network address, and the appropriate service ticket.)SH
7200 39821 MT
(The ticket contains the name of the)
57 W( person it was issued to and the address of the workstation that)58 W
7200 41057 MT
(person was using when he or she acquired the ticket.)
26 W( It)
329 W( also contains an expiration date in the form)25 W
7200 42293 MT
(of a)
188 W( lifespan and a timestamp.  All this information has been encrypted in the service's Charon)189 W
7200 43529 MT
(password.)SH
7200 45259 MT
(Our current authentication scheme relies on the following tests:)SH
/Symbol SF
9242 46730 MT
(\267)SH
/NewCenturySchlbk-Roman SF
9980 XM
(Can the service decrypt the ticket?)SH
/Symbol SF
9242 48543 MT
(\267)SH
/NewCenturySchlbk-Roman SF
9980 XM
(Has the ticket expired?)SH
/Symbol SF
9242 50356 MT
(\267)SH
/NewCenturySchlbk-Roman SF
9980 XM
(Do the name)
282 W( and workstation address specified in the ticket match the name and)281 W
9980 51498 MT
(address of the person who sent the ticket?)SH
7200 53228 MT
(What do these tests prove?  The first test proves that the)
159 W( ticket either did or did not come from)160 W
7200 54464 MT
(Charon. If)
456 W( the ticket cannot be)
89 W( decrypted, it did not come from the real Charon.  The real Charon)88 W
7200 55700 MT
(would have encrypted the ticket with the service's password.  Charon and the service are the)
106 W( only)107 W
7200 56936 MT
(two entities that know the service's password.  If the ticket)
54 W( decrypts successfully, the service knows)53 W
7200 58172 MT
(that it came from the real Charon.  This test prevents folks from building fake Charon tickets.)SH
7200 59902 MT
(The second test checks the ticket's)
52 W( lifespan and timestamp.  If it has expired, the service rejects the)53 W
7200 61138 MT
(ticket. This)
278 W( test stops people from using old tickets, tickets that perhaps were stolen.)SH
7200 62868 MT
(The third)
12 W( test checks the ticket-user's name and address against the name and address of the person)11 W
7200 64104 MT
(specified in the ticket.  If the test fails, the ticket-user has obtained \050perhaps)
1 W( surreptitiously\051 another)2 W
7200 65340 MT
(person's ticket.  The ticket is of course rejected.)SH
7200 67070 MT
(If the names and addresses do match, what has)
146 W( the test proved?  Nothing.  Scallywags can steal)145 W
7200 68306 MT
(tickets from the)
SH( network, change their workstation addresses and usernames appropriately, and rifle)1 W
7200 69542 MT
(other folks resources. As I pointed out yesterday, tickets can be replayed as long as they)
156 W( haven't)155 W
7200 70778 MT
(expired. They)
292 W( can be replayed because)
7 W( a service cannot determine that the person sending the ticket)8 W
/NewCenturySchlbk-Bold SF
30313 75600 MT
(8)SH
ES
%%Page: 9 10
BS
0 SI
10 /NewCenturySchlbk-Roman AF
7200 7937 MT
(is actually the ticket's legitimate owner.)SH
7200 9667 MT
(The service cannot make this determination because it does not share a secret with the user.  Look)68 W
7200 10903 MT
(at it this way.  If I'm on watch)
42 W( at Elsinore, you know, the castle in)43 W
/NewCenturySchlbk-Italic SF
38649 XM
(Hamlet)SH
/NewCenturySchlbk-Roman SF
(, and you are supposed to)43 W
7200 12139 MT
(relieve me, I'm not supposed to let you take my place unless you can provide the correct password.)86 W
7200 13375 MT
(That's the case where)
146 W( the two of us share a secret.  And it's probably a secret that someone else)147 W
7200 14611 MT
(made up for everyone who stands on watch.)SH
7200 16341 MT
(So I was thinking last night,)
125 W( why not have Charon make up a password for the legitimate ticket-)124 W
7200 17577 MT
(owner to share with the service?  Charon gives a copy of this SESSION KEY to the service, and a)103 W
7200 18813 MT
(copy to the user.  When the service)
7 W( receives a ticket from a user, it can use the session key to test the)6 W
7200 20049 MT
(user's identity.)SH
/NewCenturySchlbk-BoldItalic SF
7200 21779 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Wait a second.  How is Charon going to give both parties the session key?)SH
/NewCenturySchlbk-BoldItalic SF
7200 23509 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(The ticket-owner gets the session key as part of the reply from Charon. Like this:)SH
/NewCenturySchlbk-Italic SF
7200 25239 MT
(She scrawls the following on a chalkboard:)SH
/Courier-Bold SF
7800 27501 MT
(CHARON REPLY  -  [sessionkey|ticket])SH
/NewCenturySchlbk-Roman SF
7200 29369 MT
(The service's copy)
118 W( of the session key comes inside the ticket, and the service gets the key when it)119 W
7200 30605 MT
(decrypts the ticket.  So the ticket looks like this:)SH
/Courier-Bold SF
7800 32867 MT
(TICKET -  {sessionkey:username:address:servicename:lifespan:timestamp})SH
/NewCenturySchlbk-Roman SF
7200 34735 MT
(When you want to get to a)
462 W( service, the client program you start builds what I call an)461 W
7200 35971 MT
(AUTHENTICATOR. The)
546 W( authenticator contains your name and your workstation's address.  The)134 W
7200 37207 MT
(client encrypts this information)
59 W( with the session key, the copy of the session key you received when)58 W
7200 38443 MT
(you requestesed the ticket.)SH
/Courier-Bold SF
8400 40705 MT
(AUTHENTICATOR - {username:address} encrypted with session key)SH
/NewCenturySchlbk-Roman SF
7200 43704 MT
(After building the authenticator,)
62 W( the client sends it and the ticket to the service.  The ticket cannot)63 W
7200 44940 MT
(decrypt the authenticator yet because it doesn't have the session key.  That)
91 W( key is in the ticket, so)90 W
7200 46176 MT
(the service first decrypts the ticket.)SH
7200 47906 MT
(After decrypting the ticket, the service ends up with the the following information:)SH
/Symbol SF
9242 49377 MT
(\267)SH
/NewCenturySchlbk-Roman SF
9980 XM
(The ticket's lifespan and timestamp;)SH
/Symbol SF
9242 51190 MT
(\267)SH
/NewCenturySchlbk-Roman SF
9980 XM
(The ticket-owner's name;)SH
/Symbol SF
9242 53003 MT
(\267)SH
/NewCenturySchlbk-Roman SF
9980 XM
(The ticket-owner's network address;)SH
/Symbol SF
9242 54816 MT
(\267)SH
/NewCenturySchlbk-Roman SF
9980 XM
(The session key.)SH
7200 56546 MT
(The service checks to see if the ticket has expired.  If all is well in that regard, the service)
39 W( next uses)40 W
7200 57782 MT
(the session key to)
51 W( decrypt the authenticator.  If the decryption proceeds without a hitch, the service)50 W
7200 59018 MT
(ends up with a username and a network address.  The service tests this)
153 W( information against the)154 W
7200 60254 MT
(name and address found in the ticket, AND the name and address of the)
47 W( person who sent the ticket)46 W
7200 61490 MT
(and authenticator.  If everything matches, the)
235 W( service has determined that the ticket-sender is)236 W
7200 62726 MT
(indeed the ticket's real owner.)SH
/NewCenturySchlbk-Italic SF
7200 64456 MT
(Athena pauses, clears her throat, drinks some coffee.)SH
/NewCenturySchlbk-Roman SF
7200 66186 MT
(I think the session key-authenticator business takes care of the replay problem.)SH
/NewCenturySchlbk-BoldItalic SF
7200 67916 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
13211 XM
(Maybe. But)
394 W( I wonder . . .  To break this version of the system, I)
58 W( must have the proper)57 W
7200 69152 MT
(authenticator for the service.)SH
/NewCenturySchlbk-BoldItalic SF
7200 70882 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11522 XM
(No. You)
358 W( must have the authenticator AND the ticket for)
40 W( the service.  The authenticator is)41 W
/NewCenturySchlbk-Bold SF
30313 75600 MT
(9)SH
ES
%%Page: 10 11
BS
0 SI
10 /NewCenturySchlbk-Roman AF
7200 7937 MT
(worthless without the ticket because the service)
249 W( cannot decrypt the authenticator without first)248 W
7200 9173 MT
(having the appropriate session key, and the service cannnot get the appropriate)
36 W( session key without)37 W
7200 10409 MT
(first decrypting the ticket.)SH
/NewCenturySchlbk-BoldItalic SF
7200 12139 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12972 XM
(Okay, I understand that, but didn't you)
155 W( say that when a client program contacts the)154 W
7200 13375 MT
(server, it sends the ticket and matching authenticator together?)SH
/NewCenturySchlbk-BoldItalic SF
7200 15105 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Yes, I guess I said that.)SH
/NewCenturySchlbk-BoldItalic SF
7200 16835 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
13184 XM
(If that's what actually)
367 W( happens, what prevents me from stealing the ticket and)368 W
7200 18071 MT
(authenticator at the same)
29 W( time?  I'm sure I could write a program to do the job.  If I've got the ticket)28 W
7200 19307 MT
(and its authenticator, I believe I can use the two)
23 W( as long as the ticket has not expired.  I just have to)24 W
7200 20543 MT
(change my workstation address and username appropriately.  True?)SH
/NewCenturySchlbk-BoldItalic SF
7200 22273 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(\050)SH
/NewCenturySchlbk-Italic SF
(Biting her lip)SH
/NewCenturySchlbk-Roman SF
(\051 True.  How dispiriting.)SH
/NewCenturySchlbk-BoldItalic SF
7200 24003 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12837 XM
(Wait, wait, wait!  This isn't such)
20 W( a big deal.  Tickets are reusable as long as they haven't)19 W
7200 25239 MT
(expired, but that doesn't mean that authenticators have to be)
190 W( reusable.  Suppose we design the)191 W
7200 26475 MT
(system so that authenticators can only be used once.  Does that buy us anything?)SH
/NewCenturySchlbk-BoldItalic SF
7200 28205 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11593 XM
(Well, it might.  Let's see, the client program builds the authenticator, then)
111 W( sends it with)110 W
7200 29441 MT
(the ticket to the service.  You copy both ticket and authenticator as they)
48 W( move from my workstation)49 W
7200 30677 MT
(to the server.  But the ticket and authenticator arrive at the server before you)
43 W( can send your copies.)42 W
7200 31913 MT
(If the authenticator can only be used once, your copy of it is no good, and you lose when you)
29 W( attempt)30 W
7200 33149 MT
(to replay your ticket and authenticator.)SH
7200 34879 MT
(Well, that's a relief.)
161 W( So)
598 W( all we have to do is invent a way to make the authenticator a one-time)160 W
7200 36115 MT
(usable thing.)SH
/NewCenturySchlbk-BoldItalic SF
7200 37845 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
13195 XM
(No problem.  Let's just put a lifespan and timestamp on)
378 W( them.  Suppose each)379 W
7200 39081 MT
(authenticator has a)
141 W( lifespan of a couple of minutes.  When you want to use a service, your client)140 W
7200 40317 MT
(program builds the)
1 W( authenticator, stamps it with the current time, then sends it and the ticket to the)2 W
7200 41553 MT
(server.)SH
7200 43283 MT
(The server receives the ticket and authenticator and goes about its business.)
212 W( When)
701 W( the server)211 W
7200 44519 MT
(decrypts the authenticator, it checks the authenticator's)
523 W( lifespan and timestamp.  If the)524 W
7200 45755 MT
(authenticator hasn't expired,)
435 W( and everything else checks properly, the server considers you)434 W
7200 46991 MT
(authenticated.)SH
7200 48721 MT
(Suppose I copied the athenticator and ticket as they)
181 W( crossed the network.  I have to change my)182 W
7200 49957 MT
(workstation's network address and my username,)
109 W( and I have to do this all in a couple of minutes.)108 W
7200 51193 MT
(That's a pretty tall order.  In fact I don't think it's possible.  Unless . . .)SH
7200 52923 MT
(Well, here's)
130 W( a potential problem.  Suppose that instead of copying the ticket and authenticator as)131 W
7200 54159 MT
(they travel from your)
256 W( workstation to the server, I copy original ticket packet that comes from)255 W
7200 55395 MT
(Charon, the packet you receive when you ask Charon to give you a ticket.)SH
7200 57125 MT
(This packet, as I recall, has)
87 W( two copies of the session key in it: one for you and one for the service.)88 W
7200 58361 MT
(The one for the service is)
36 W( hidden in the ticket and I can't get to it, but what about the other one, the)35 W
7200 59597 MT
(one you use to build authenticators?)SH
7200 61327 MT
(If I can get that copy of)
2 W( the session key, I can build my own authenticators, and if I can build my own)3 W
7200 62563 MT
(authenticators, I can break the system.)SH
/NewCenturySchlbk-BoldItalic SF
7200 64293 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11660 XM
(That's something I thought about last night, but then I traced the)
178 W( process of acquiring)177 W
7200 65529 MT
(tickets and found that it wasn't possible to steal authenticators that way.)SH
7200 67259 MT
(You sit down at a workstation and use the)115 W
/NewCenturySchlbk-Italic SF
28050 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
30633 XM
(program to get your ticket-granting ticket.)116 W
/NewCenturySchlbk-Italic SF
51626 XM
(Kinit)SH
/NewCenturySchlbk-Roman SF
7200 68495 MT
(asks for your username, and after you enter it,)SH
/NewCenturySchlbk-Italic SF
29047 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
31514 XM
(forwards the name to Charon.)SH
7200 70225 MT
(Charon uses your name to look up your password,)
44 W( then proceeds to build a ticket-granting ticket for)43 W
7200 71461 MT
(you. As)
692 W( part of this process, Charon creates a session key that you)
207 W( will share with the ticket-)208 W
/NewCenturySchlbk-Bold SF
30081 75600 MT
(10)SH
ES
%%Page: 11 12
BS
0 SI
10 /NewCenturySchlbk-Roman AF
7200 7937 MT
(granting service.  Charon puts)
61 W( a copy of the session key in the ticket-granting ticket, and puts your)60 W
7200 9173 MT
(copy in the the ticket packet that you are about to receive.  But before it sends you)
162 W( this packet,)163 W
7200 10409 MT
(Charon encrypts the whole thing with your password.)SH
7200 12139 MT
(Charon sends the packet across the)
93 W( network.  Someone can copy the packet as it goes by, but they)92 W
7200 13375 MT
(can't do anything with it because it has been encrypted with your password.  Specifically, no one)
23 W( can)24 W
7200 14611 MT
(steal the ticket-granting session key.)SH
/NewCenturySchlbk-Italic SF
7200 16341 MT
(Kinit)SH
/NewCenturySchlbk-Roman SF
9928 XM
(receives the ticket packet and prompts you for a password, which you enter.)
76 W( If)
429 W( you enter the)75 W
7200 17577 MT
(correct password,)SH
/NewCenturySchlbk-Italic SF
15552 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
18019 XM
(can decrypt the packet and give you your copy of the session key.)SH
7200 19307 MT
(Now that you've taken care of the)148 W
/NewCenturySchlbk-Italic SF
24044 XM
(kinit)SH
/NewCenturySchlbk-Roman SF
26659 XM
(business, you want to get your mail.)
148 W( You)
575 W( start the mail)149 W
7200 20543 MT
(client program.  This program)
180 W( looks for a mail service ticket and doesn't find one \050after all, you)179 W
7200 21779 MT
(haven't tried to get)
70 W( your mail yet\051.  The client must use the ticket-granting ticket to ask the ticket-)71 W
7200 23015 MT
(granting service for a mail service ticket.)SH
7200 24745 MT
(The client)
19 W( builds an authenticator for the ticket-granting transaction and encrypts the authenticator)18 W
7200 25981 MT
(with your copy of the ticket-granting session)
81 W( key.  The client then sends Charon the authenticator,)82 W
7200 27217 MT
(the ticket-granting ticket, your name, your workstation's address, and the name of the mail service.)SH
7200 28947 MT
(The ticket-granting service receives this stuff and runs through the authentication checks.)
281 W( If)839 W
7200 30183 MT
(everything checks properly, the ticket-granting service ends up)
30 W( with a copy of the session key that it)31 W
7200 31419 MT
(shares with you.  Now the ticket-granting)
105 W( service builds you a mail service ticket, and during this)104 W
7200 32655 MT
(process, creates a new session key for you to share with the mail service.)SH
7200 34385 MT
(The ticket-granting service now prepares a ticket packet to send back to your workstation.)
181 W( The)641 W
7200 35621 MT
(packet contains the ticket and your copy of the mail)
145 W( service session key.  But before it sends the)144 W
7200 36857 MT
(packet, the ticket-granting service encrypts the packet)
189 W( with its copy of the TICKET-GRANTING)190 W
7200 38093 MT
(session key.  That done, the packet is sent on its way.)SH
7200 39823 MT
(So here comes the mail)
19 W( service ticket packet, loping across the network.  Suppose some network ogre)18 W
7200 41059 MT
(copies it as it goes by.  The)
184 W( ogre is out of luck because the packet is encrypted with the ticket-)185 W
7200 42295 MT
(granting session key; you and the)
118 W( ticket-granting service are the only entities that know this key.)117 W
7200 43531 MT
(Since the ogre)
85 W( cannot decrypt the mail ticket packet, the ogre cannot discover the MAIL SESSION)86 W
7200 44767 MT
(KEY. Without)
726 W( this session key, the ogre cannot use any of)
224 W( the mail service tickets you might)223 W
7200 46003 MT
(subsequently send across the network.)SH
7200 47733 MT
(So I think we're safe.  What do you think?)SH
/NewCenturySchlbk-BoldItalic SF
7200 49463 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Perhaps.)SH
/NewCenturySchlbk-BoldItalic SF
7200 51193 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Perhaps! Is)
278 W( that all you can say!)SH
/NewCenturySchlbk-BoldItalic SF
7200 52923 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12838 XM
(\050)SH
/NewCenturySchlbk-Italic SF
(laughing)SH
/NewCenturySchlbk-Roman SF
(\051 Don't get upset.  You should)
21 W( know my ways by now.  I guess it is mean of me,)22 W
7200 54159 MT
(and you up half the night.)SH
/NewCenturySchlbk-BoldItalic SF
7200 55889 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Pthhhhh!)SH
/NewCenturySchlbk-BoldItalic SF
7200 57619 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
13094 XM
(All right, three-quarters of the night.)
277 W( Actually,)
830 W( the system is beginning to sound)276 W
7200 58855 MT
(acceptible. This)
432 W( session key business solves a problem that I thought of last)
77 W( night:  the problem of)78 W
7200 60091 MT
(mutual authentication.)SH
/NewCenturySchlbk-Italic SF
7200 61821 MT
(Pause.)SH
/NewCenturySchlbk-Roman SF
7200 63551 MT
(Mind if I talk for a minute?)SH
/NewCenturySchlbk-BoldItalic SF
7200 65281 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(\050)SH
/NewCenturySchlbk-Italic SF
(A trifle coldly)SH
/NewCenturySchlbk-Roman SF
(\051 Be my guest.)SH
/NewCenturySchlbk-BoldItalic SF
7200 67011 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12934 XM
(You are so)
117 W( kind.)116 W
/NewCenturySchlbk-Italic SF
21164 XM
(Euripides clears his throat.)116 W
/NewCenturySchlbk-Roman SF
34842 XM
(Last night, while visions of session keys)116 W
7200 68247 MT
(and authenticators danced in your head, I was trying to find new problems with the system, and I)93 W
7200 69483 MT
(found one that I thought was pretty serious.  I'll illustrate it by way of the following scenario.)SH
7200 71213 MT
(Suppose you are sick of your current job and have determined that it is in your)
23 W( best interest to move)22 W
/NewCenturySchlbk-Bold SF
30137 75600 MT
(11)SH
ES
%%Page: 12 13
BS
0 SI
10 /NewCenturySchlbk-Roman AF
7200 7937 MT
(on. You)
489 W( want to print your resume on the company's wizz-bang laser printer so that headhunters)106 W
7200 9173 MT
(and potential employers can take note of your classiness.)SH
7200 10903 MT
(So you enter the printing command, and direct it)
25 W( to send the resume to the appropriate print server.)24 W
7200 12139 MT
(The command gets the proper service ticket, if you don't already have it, then)
132 W( sends the ticket in)133 W
7200 13375 MT
(your name to the appropriate print server.  At)
32 W( least that's where you think it's headed.  You don't in)31 W
7200 14611 MT
(fact know that the request is headed for the right print server.)SH
7200 16341 MT
(Suppose that some unscrupulous hacker--say it's)
106 W( your boss--has screwed system around so that he)107 W
7200 17577 MT
(redirects your request and its ticket to the print server in his office.  His print)
186 W( service program)185 W
7200 18813 MT
(doesn't care about the ticket or its contents.  It throws away the ticket and sends a message)
49 W( to your)50 W
7200 20049 MT
(workstation indicating that the ticket passed muster, and that)
156 W( the server is ready and willing to)155 W
7200 21285 MT
(print your job.  The printing command sends the job to the fraudulant print server and the)
94 W( enemy)95 W
7200 22521 MT
(ends up with your resume.)SH
7200 24251 MT
(I'll state the problem by way of contrast.)
191 W( Without)
659 W( session keys and authenticators, Charon can)190 W
7200 25487 MT
(protect its servers from false users, but it cannot protect its users from false)
115 W( servers.  The system)116 W
7200 26723 MT
(needs a way for client programs to authenticate the server)
108 W( before sending sensitive information to)107 W
7200 27959 MT
(the service.  The system must allow for MUTUAL AUTHENTICATION.)SH
7200 29689 MT
(But the session key solves this problem as long as you design your client programs properly.  Back to)10 W
7200 30925 MT
(the print server scenario.  I want a print client program that makes sure the service it's sending)
18 W( jobs)17 W
7200 32161 MT
(to is the legitimate service.)SH
7200 33891 MT
(Here's what such a program does.)
30 W( I)
340 W( enter the printing command and give it a filename, the name of)31 W
7200 35127 MT
(my resume.  Assume that I have a print service ticket and session key.)
35 W( The)
347 W( client program uses the)34 W
7200 36363 MT
(session key to)
183 W( build an authenticator, then sends the authenticator and ticket to the "supposed")184 W
7200 37599 MT
(print server.  The client DOES NOT send the resume yet; it waits for a response from the service.)SH
7200 39329 MT
(The real service receives the ticket and authenticator, decrypts the ticket and extracts the session)113 W
7200 40565 MT
(key, then uses the session key to decrypt the authenticator.  This done, the service runs all)
180 W( the)181 W
7200 41801 MT
(appropriate authentication tests.)SH
7200 43531 MT
(Assume the tests confirm my identity.  Now the server prepares a reply packet)
70 W( so that it can prove)69 W
7200 44767 MT
(its identity to the client program.  It uses its copy of)
9 W( the session key to encrypt the reply packet, then)10 W
7200 46003 MT
(sends the packet to the waiting client.)SH
7200 47733 MT
(The client receives the packet and attempts to decrypt it with my copy of the session key.  If)
135 W( the)134 W
7200 48969 MT
(packet decrypts properly and yields the correct server response message,)
90 W( my client program knows)91 W
7200 50205 MT
(that the server that encrypted)
48 W( the packet is the real server.  Now the client sends the resume job to)47 W
7200 51441 MT
(the print service.)SH
7200 53171 MT
(Suppose my boss screwed around the system so that his print server poses)
97 W( as the one I want.  My)98 W
7200 54407 MT
(client sends the authenticator and ticket to the "print service" and waits for a response.)
106 W( The)
489 W( fake)105 W
7200 55643 MT
(print service cannot generate the correct response because)
99 W( it cannot decrypt the ticket and get the)100 W
7200 56879 MT
(session key.  My client will not)
73 W( send the job unless it receives the correct response.  Eventually the)72 W
7200 58115 MT
(client gives up waiting and exits.  My print job does not get completed, but at least)
81 W( my resume did)82 W
7200 59351 MT
(not end up on the desk of the enemy.)SH
7200 61081 MT
(You know, I think we have a solid basis on which to implement the Charon Authentication System.)SH
/NewCenturySchlbk-BoldItalic SF
7200 62811 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Perhaps. Anyway,)
278 W( I don't like the name "Charon.")SH
/NewCenturySchlbk-BoldItalic SF
7200 64541 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(You don't?  Since when?)SH
/NewCenturySchlbk-BoldItalic SF
7200 66271 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11512 XM
(I've never liked it, because the)
30 W( name doesn't make sense.  I was talking to my Uncle Hades)29 W
7200 67507 MT
(about it the other day, and he suggested another name, the name of his three-headed watch dog.)SH
/NewCenturySchlbk-BoldItalic SF
7200 69237 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Oh, you mean "Cerberus.")SH
/NewCenturySchlbk-BoldItalic SF
7200 70967 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11482 XM
(Bite your tongue Rip!  "Cerberus" indeed . . .)SH
/NewCenturySchlbk-Bold SF
30081 75600 MT
(12)SH
ES
%%Page: 13 14
BS
0 SI
10 /NewCenturySchlbk-BoldItalic AF
7200 7937 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12817 XM
(Er, isn't that the name?)SH
/NewCenturySchlbk-BoldItalic SF
7200 9667 MT
(Athena:)SH
/NewCenturySchlbk-Roman SF
11535 XM
(Yeah, if you happen to be a Roman!  I'm)
53 W( a Greek goddess, he's a Greek watch dog, and his)54 W
7200 10903 MT
(name is "Kerberos," "Kerberos" with a K.)SH
/NewCenturySchlbk-BoldItalic SF
7200 12633 MT
(Euripides:)SH
/NewCenturySchlbk-Roman SF
12872 XM
(Okay, okay, don't throw thunderbolts.  I'll buy)
55 W( the name.  Actually, it has a nice ring to)54 W
7200 13869 MT
(it. Adios)
278 W( Charon and hello to Kerberos.)SH
/NewCenturySchlbk-Bold SF
30081 75600 MT
(13)SH
ES
%%Trailer
%%Pages: 14
%%DocumentFonts: NewCenturySchlbk-Roman NewCenturySchlbk-Bold NewCenturySchlbk-Italic Symbol NewCenturySchlbk-BoldItalic Courier-Bold