MIT launches Kerberos Consortium

MIT on September 27 announced the launch of the Kerberos Consortium, embarking on an ambitious mission to create a universal authentication platform to protect the world’s computer networks.

MIT also announced that Centrify Corporation, the Financial Services Technology Consortium, Google, Stanford University, Sun Microsystems, TeamF1, and the University of Michigan are founding sponsors of the Consortium. The Consortium also will receive generous support from Apple.

Kerberos is a network authentication protocol, originally developed for MIT’s Project Athena in the 1980s. Over the past two decades, it has grown to become the most widely deployed system for authentication and authorization in modern computer networks. However, it is currently mostly available only in large corporate networks. Kerberos’ ability to require strong mutual authentication has enormous potential to protect consumers doing business on the public Internet from phishing and other types of attacks.

“By establishing the Kerberos Consortium, MIT seeks to permit Kerberos to continue to grow and develop as a stable and universal ’single sign-on’ mechanism for the users of modern computer networks,” said Stephen Buckley, executive director of the Kerberos Consortium. “The Consortium will provide a mechanism to permit greater industry participation in the funding and development of Kerberos, and thus allow it to evolve into the universal ’single sign-on mechanism’ users need but do not yet have.”

“We foresee a day when Kerberos-based authentication and authorization will be as ubiquitous as TCP/IP-based networking itself,” said Sam Hartman, chief technologist for the Kerberos Consortium. “We want to make Kerberos more useful and available than ever before.”

As an example, Hartman noted that if Kerberos were available on mobile devices, it would be more attractive in the health care industry as a mechanism for securing privacy of health records. If made available for consumers, it could make electronic commerce less susceptible to phishing and identity theft.

“We see a number of our customers asking for open source, stable and interoperable single-sign on technology, based on the Kerberos protocol” said Kathy Jenks, Director, Sun Microsystems. “The MIT Kerberos Consortium is an outstanding way to address our customers’ requirements, and a continuation of the work we have been doing within the Kerberos community over the last several years.”

“The bright future for Kerberos depends on our ability to standardize the technologies layered above Kerberos -- hence the need for an organization like the Kerberos Consortium,” said Clifford Neuman, director of the USC Center for Computer Systems Security, and the original principal designer of Kerberos. “I am delighted to see industry, academia, and the business community coming together to promote the growth of Kerberos into new areas.”

The Consortium will perform software development and the documentation activities necessary to achieve its goal of ubiquitous support for Kerberos-based single sign-on solutions across all aspects of the world’s communication infrastructure.

A primary objective of the Consortium is to implement the solutions it promotes in the form of open source reference implementations that can be used by Consortium members within their products and organizations without licensing fees.