MIT Kerberos Consortium Plans Software Upgrade

Kerberos, a 20-year-old computer security technology with MIT roots, is about to be turbocharged for the mobile Internet era.

Officials at Massachusetts Institute of Technology, where the Kerberos network authentication protocol was born in the 1980s, are set to launch the MIT Kerberos Consortium Thursday morning at the institute’s Stata Center.

The consortium will seek to extend the reach of Kerberos, which is used by tens of millions of people worldwide but is little known outside the information technology field, to devices like cellphones and hand-held computers and to consumers toggling between Web sites and applications on the public Internet.

“We’re certainly going to raise the profile of Kerberos among people who are thinking about how to solve security problems,” said Sam Hartman, chief technologist for the new Kerberos consortium.

Kerberos, which is named after the three-headed dog guarding the gates of Hades in Greek mythology, was originally designed by MIT researchers Cliff Neuman and Ted Tso as part of Project Athena, one of the early academic experiments in distributed computing. That project, funded by IBM Corp. and Digital Equipment Corp., installed terminals across the MIT campus on which students could get access to their files and schoolwork over a network. It was one of the precursors of today’s public Internet.

The researchers fashioned the Kerberos authentication system to guard against pranksters breaking into one another’s files.

Two decades later, with the emergence of interconnected systems and tactics like phishing to bait computer users to part with personal data, the need for effective authentication may be greater than ever.

“There’s more money in breaking into things today, and there are more things you can break into,” said Hartman. “Those two things are driving the security problem.”

Today, Kerberos is an open-source software application, meaning that its code is released without charge to all takers.

It is installed on systems ranging from Windows and Unix servers in corporate data centers to Macintosh computers in research labs to embedded devices like cable television modems. It is both a set of instructions, known as a protocol, and a software package that prompts employees for user names and passwords to get access to networks at businesses and organizations.

But at a time of rising concern about network hackers and proliferating mobile devices, there is demand for more robust versions of Kerberos that allow not only deskbound employees but also rovers such as medical professionals and stock traders to conduct business securely, said Stephen Buckley, the consortium’s executive director.

Buckley said the consortium will ask its sponsors, which range from companies like Sun Microsystems Inc. and Google Inc. to schools like Stanford University and the University of Michigan, for funding to increase the Kerberos staff, which develops new applications and supports clients, to 14 from its current four employees. They have been working out of MIT’s information technology department.

Kerberos works on computer networks alongside other authentication technologies, like smart cards and password systems. Buckley said the aim of the consortium is not to compete with those other security systems for profit but to improve security for all.

“What we want to do is make Kerberos the universal authentication system for the world’s computer networks,” he said. “We want it to be useful, robust, and free, to interoperate in better ways.”