“Typhon: um serviço de autenticação e autorização tolerante a intrusões”
Master’s thesis, Faculty of Sciences, University of Lisbon, Aug. 2010
Abstract: The Kerberos v5 standard specifies how the clients and services of a distributed system may mutually authenticate through the use of a centralized authentication service. If this service fails, by crash or in an arbitrary way (e.g., software bug, hardware problem, intrusion), the clients and services that depend on it are not able to authenticate between themselves. This work presents an authentication and authorization service that complies with RFC 4120 (Kerberos v5), and that uses Byzantine-fault-tolerant state machine replication and secure components to make the service more resilient. These secure components guarantee that clients’ and services’ secret keys are kept private even in the presence of intrusions. During the course of this work it was used the BFT-SMaRt library in order to implement the state machine replication. This work was also dedicated in part to introduce a new functionality in the library, which is a state transfer protocol. The evaluation results show that the proposed service has similar latency and throughput values to the ones of a well known Kerberos implementation, and also show expected values of latency in the state transfer protocol for states different sizes. Finally, as far as we know, this work is the first to present an autententication and authorization service which is intrusion tolerant while still respecting the Kerberos v5 specification.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)