DATE: Thursday , November 29, 2001
TIME: Noon - 1 pm
PLACE: Wean Hall 8220

Peter Honeyman
University of Michigan

Integrating Kerberos and PKI with Junk Keys

Kerberos, a widely used network authentication mechanism, is integrated into numerous applications, such as UNIX and Windows login, AFS, Telnet, and SSH. Yet, the web relies on SSL and an associated public key infrastructure to establish authenticated and secure communications. In this talk I will describe the design, implementation, and performance of KX.509, which gives web surfers controlled access to services protected by Kerberos.

On the browser side, KX.509 provides a single sign-on that produces both Kerberos and public key credentials -- junk keys -- which are used for SSL client authentication. A web server plugin records a transcript of the client handshake, which an external service translates back into Kerberos credentials. The effect is to delegate limited Kerberos credentials to a web server thread over an SSL connection, while avoiding the (potentially dangerous) practice of shipping live Kerberos tickets.

Performance measurements show that the overhead of credential translation is amortized effectively over a session.

Peter Honeyman is Scientific Director of the Center for Information Technology Integration and Adjunct Professor of Electrical Engineering and Computer Science. He holds the B.G.S. (with distinction) from the
University of Michigan and the M.S.E., M.A., and Ph.D. degrees from Princeton University, where his research was in database theory. He has been a Member of Technical Staff at Bell Labs and Assistant Professor of Computer Science at Princeton University.

Honeyman has been instrumental in several software projects, including Honey DanBer UUCP, PathAlias, MacNFS, Disconnected AFS, and Webcard. His research focus is on middleware, with an emphasis on security, distributed file systems, and mobile computing. He is the author of dozens of journal and conference papers and serves regularly on conference organizing committees. Honeyman is Treasurer of the USENIX Association, Co-Vice Chair of IFIP TC 8.8, and a member of AAAS and EFF.

For Further Seminar Info: