[Page 400] 14.1 Kerberos | Motivation Kerberos Version 4 Kerberos Version 5 | 14.2 X.509 Authentication Service | Certificates Authentication Procedures X.509 Version 3 | 14.3 Public-Key Infrastructure | PKIX Management Functions PKIX Management Protocols | 14.4 Recommended Reading and Web Sites | 14.5 Key Terms, Review Questions, and Problems | Key Terms Review Questions Problems | Appendix 14A Kerberos Encryption Techniques | Password-to-Key Transformation Propagating Cipher Block Chaining Mode | [Page 401]We cannot enter into alliance with neighboring princes until we are acquainted with their designs. The Art of War, Sun Tzu Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a trusted third-part authentication service that enables clients and servers to establish authenticated communication. X.509 defines the format for public-key certificates. This format is widely used in a variety of applications. A public key infrastructure (PKI) is defined as the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. Typically, PKI implementations make use of X.509 certificates. |
This chapter examines some of the authentication functions that have been developed to support application-level authentication and digital signatures. We begin by looking at one of the earliest and also one of the most widely used services: Kerberos. Next, we examine the X.509 directory authentication service. This standard is important as part of the directory service that it supports, but is also a basic building block used in other standards, such as S/MIME, discussed in Chapter 15. Finally, this chapter examines the concept of a public-key infrastructure (PKI). |