 |
Clifford Neuman
For Kerberos co-author, security hasn't lost its allure
|
|
|
| |
IN A JOURNEY that began 20 years ago when he was
a student at the Massachusetts Institute of
Technology and led to his current job researching
authentication at the University of Southern
California, Clifford Neuman has always approached
problem-solving with a wide scope in mind.
That type of forethought led Neuman to become one
of the principal authors of Kerberos, an MIT-created
network authentication protocol that offers real-time
authentication for client and server applications
through secret-key cryptography. Commercially
successful, Kerberos is deployed by Microsoft on its
Windows 2000 and XP platforms; Microsoft also has
plans to use it to protect its Passport authentication
mechanism and its highly anticipated .Net Web
services push.
Although the future of Kerberos is bright, Neuman
still has numerous technology suggestions to bolster the policy and
authentication functions of the open-networks security protocol even further,
proving that the drive to innovate is difficult to satisfy.
"Ten years ago, explaining some of these things would be difficult," Neuman
says. "I started off solving one problem at a time. You want to make sure as
you're designing that piece that you have a broader view in mind so it will fit
into a broader picture down the road -- even if you cannot at the time
describe what that broader architecture is."
Neuman, currently associate division director of the computer networks
division at the Information Sciences Institute at USC, helped create the initial
design of Kerberos. Understanding that curious and determined MIT students
would likely bypass access blocks on machines physically under their control,
he set out to apply cryptography and systems engineering to securely identify
users on open networks through a private channel.
"We wanted to make sure no one went designing a system under a false
assumption to rely on security from the end-machine that the user is coming
[from]. We chose to make a 'super' user password on all these machines
publicly known. That forced us to design the security of the system as a
whole for Project Athena in a manner that was not intended for the integrity
of the end-machines," Neuman says.
Offered freely to commercial vendors and the IT industry for study, and
originally based on the Needham-Schroeder authentication protocol, Kerberos
has been revamped in multiple versions and OS deployments. Despite its
advances, Neuman feels that much more work must be done to better
standardize Kerberos' authorization component and enforce policy
management along a distributed system.
"I see policy as being probably one of the least-understood aspects of
security today, but one that is going to be more and more critical as we move
toward a more integrated model," Neuman says.
"My views on security have changed a little bit in the sense that, for someone
whose claim to fame is doing an authentication service, now it doesn't make
any bit of different as far as the application is served. In future directions,
what applications are concerned about for security is who is accessing
[them]. It is whether what was just requested should be allowed and
performed. It really boils down to authorization."
Correction
In this article, we misquoted Neuman in two instances. He said they designed
the security of the system as a whole for Project Athena in a manner that
was not dependent on the integrity of the end-machines. Also, he said that in
the future, applications will not be concerned about who is accessing them.
John Crawford - Intel's processor pioneer strikes gold again
Mike Lazaridis - BlackBerry genius shares simple secret of success: Listen to your customers
Andy Mendelsohn - Breaking new ground is old hat for Oracle's long-time visionary database developer
Dave Moellenhoff - ASP founder predicts the end of software as we know it
Larry Page and Sergey Brin - The Internet's most famous pair of Ph.D.s are still striving to make data more accessible
Clifford Neuman - For Kerberos co-author, security hasn't lost its allure
Ray Ozzie - Notes inventor envisions peer-to-peer technology supplanting e-mail
Vivek Ranadivé - Real-time computing pioneer is taking his message to the enterprise masses
Dave Winer - SOAP co-author strives for simplicity and drives decentralization
Mark Lucovsky - The brains behind HailStorm sees Web services as a hub for simplifying busy lives
Back to 2002 Technology Innovators
|
ADVERTISEMENT
|
|
 |
Profile |
|
 |
| |
|
|
|
| Clifford Neuman - The Kerberos co-author continues to research authentication technologies. |
| |
| • |
Current position - Associate division director, Information Sciences Institute |
| |
| • |
Age - 38 |
| |
| • |
Technology prediction - "Information access on the Internet is moving
toward direct interaction with databases managed by vendors and
business partners. ... Policy-management technologies will become a
critical issue." |
| |
|
|
|
Related Links |
|
| |
|
|
|
| • |
Hall of fame 2002 - Several industry icons join InfoWorld's Innovators Hall of Fame |
| |
| • |
Ones to Watch 2002 - These up-and-comers are developing the technologies that will matter most in the coming months |
| |
| • |
Where are they now? - Since the 2000 Ones to Watch were named, many dot-coms imploded and the economy
soured. How have these technological talents fared? |
| |
|
|
|
|
|
NEWS 
