Which of the following is a trusted, third party authentication protocol that was developed under Project Athena at MIT?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT.
Kerberos is a network authentication protocol.
It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
A free implementation of this protocol is available from the Massachusetts Institute of Technology.
Kerberos is available in many commercial products as well.
The Internet is an insecure place.
Many of the protocols used in the Internet do not provide any security.
Tools to "sniff" passwords off of the network are in common use by systems crackers.
Thus, applications which send an unencrypted password over the network are extremely vulnerable.
Worse yet, other client/ server applications rely on the client program to be "honest" about the identity of the user who is using it.
Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.
Some sites attempt to use firewalls to solve their network security problems.
Unfortunately, firewalls assume that "the bad guys" are on the outside, which is often a very bad assumption.
Most of the really damaging incidents of computer crime are carried out by insiders.
Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet.
(After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network --- and powered off!) In many places, these restrictions are simply unrealistic and unacceptable.
Kerberos was created by MIT as a solution to these network security problems.
The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection.
After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.
Kerberos is freely available from MIT, under a copyright permission notice very similar to the one used for the BSD operating and X11 Windowing system.
MIT provides Kerberos in source form, so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy.
In addition, for those who prefer to rely on a professional supported product, Kerberos is available as a product from many different vendors.
In summary, Kerberos is a solution to your network security problems.
It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise.
We hope you find Kerberos as useful as it has been to us.
At MIT, Kerberos has been invaluable to our Information/Technology architecture.
KryptoKnight is a Peer to Peer authentication protocol incorporated into the NetSP product from IBM.
SESAME is an authentication and access control protocol, that also supports communication confidentiality and integrity.It provides public key based authentication along with the Kerberos style authentication, that uses symmetric key cryptography.Sesame supports the Kerberos protocol and adds some security extensions like public key based authentication and an ECMA-style Privilege Attribute Service.The complete Sesame protocol is a two step process.
In the first step, the client successfully authenticates itself to the Authentication Server and obtains a ticket that can be presented to the Privilege Attribute Server.In the second step, the initiator obtains proof of his access rights in the form of Privilege Attributes Certificate (PAC)
The PAC is a specific form of Access Control Certificate as defined in the ECMA-219 document.
This document describes the extensions to Kerberos for public key based authentication as adopted in Sesame.
SESAME, KryptoKnight, and NetSP never took off and the protocols are no longer commonly used.
References: http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#whatis and Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 40.
The correct answer is A. Kerberos.
Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. It is used to authenticate users and services in a networked environment. Kerberos provides strong authentication, confidentiality, and integrity, which are essential in securing network communications.
Kerberos uses a client/server model to provide authentication services. The Kerberos authentication process involves the following steps:
Authentication request: The client sends an authentication request to the Kerberos server.
Ticket-granting ticket (TGT) request: The Kerberos server responds to the client with a ticket-granting ticket (TGT), which contains a session key encrypted with the client's password.
TGT validation: The client decrypts the TGT using its password and sends it back to the Kerberos server for validation.
Service ticket request: Once the TGT is validated, the client sends a service ticket request to the Kerberos server for access to a specific service.
Service ticket validation: The Kerberos server validates the service ticket and sends it back to the client, encrypted with the session key.
Service request: The client sends the encrypted service ticket to the service server to request access to the service.
Service access: The service server decrypts the service ticket using the session key and grants access to the client.
Kerberos has become a widely used authentication protocol in many operating systems, including Windows, macOS, and Linux. It is considered a secure and reliable authentication method, and is often used in enterprise environments to control access to resources and services.
SESAME, KryptoKnight, and NetSP are also authentication protocols, but they were not developed under Project Athena at MIT. SESAME was developed at INRIA in France, KryptoKnight was developed at Bell Labs in the United States, and NetSP was developed at Nokia in Finland.