Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!saturn!fouts@lemming.
From: fouts@lemming. (Marty Fouts)
Newsgroups: comp.os.research
Subject: Re: Non-secure workstations (long) (Was: The NeXT Problem)
Message-ID: <5214@saturn.ucsc.edu>
Date: 20 Oct 88 16:27:23 GMT
Sender: usenet@saturn.ucsc.edu
Organization: NASA Ames Research Center, Moffet Field, CA
Lines: 53
Approved: comp-os-research@jupiter.ucsc.edu


In article <5187@saturn.ucsc.edu> wyatt%cfa@husc6.harvard.edu (Bill Wyatt) writes:

   > 
   > [...]
   > Anyway, authentication in a hostile network is at best a currently
   > unsolved problem, and at worse an unsolvable problem.

   Not true, at least if you allow *some* machines to be trusted.
   Check out MIT/Athena's `Kerberos' network authentication system,
   which involves having trusted (and presumably physically secure)
   systems act as authenticators for other systems, which can be as
   physically insecure as you like.

I vaugely remember reading about work aimed at beating such a system,
but I don't have a reference handy.  However, in a truely hostile
environment the underlying assumption of hostility makes the idea of
trusting *some* machines seem rather silly.  What systems like
Kerberos do (besides giving their users a false sense of security) is
change the problem from faking one user to faking both the user and
the authentication system.

One of the reasons why public-key based signature systems haven't been
widely received is because of their need to depend on a repository
that everybody trusts.  (Another is that not enough users see the need
for such a system, so they aren't yet commercially viable.)

The problem with using even a trusted authentication server is
that before I believe that you are the authentication server, you have
to prove you are the authentication server in the presence of the
possibility that someone else will pretend to be the authentication
server, or attempt to cause me to believe you are not.  In a
nonhostile environment the problem is trivial, but without hostility
not worth solving.

In a hostile environment it appears doable, if you are willing to make
assumptions along the lines of "OK, Kings-X, nobody cheat while I set
up an authentication server, and nobody pretend to be the
authentication server.  Done.  Go ahead cheat now, if you can."

Kerberos increases my confidence that you are the authentication
server but it doesn't guarentee that you are.  If I'm willing to
accept the level of confidence that it provides, than I can claim to
be 'reasonably secure' or 'adequately secure' for my needs.  It still
doesn't make me 'secure.'

Marty

--
+-+-+-+     I don't know who I am, why should you?     +-+-+-+
   |        fouts@lemming.nas.nasa.gov                    |
   |        ...!ames!orville!fouts                        |
   |        Never attribute to malice what can be         |
+-+-+-+     explained by incompetence.                 +-+-+-+