Kerberos is a widely used standard protocol according to RFC4120. Kerberos uses a central Kerberos server that authenticates users and grants access to devices by issuing tickets to the users. Since Kerberos uses a central server, Kerberos is well suited for enterprise scenarios where all resources are owned and controlled by the enterprise and central Kerberos server is trusted since the server is operated by the enterprise itself usually in its own premises. However, the upcoming use of cloud services has the disadvantage that an implementation of a Kerberos server in the cloud can not be fully trusted. In this case the authentication services are being run on the premises of a potentially untrusted third party, i.e. the cloud service provider. Therefore the secret credentials needed for authentication cannot be stored in the cloud without violating privacy and further it cannot be ensured that the servers do not reduce their functionality to grant access to anyone.
Conventional methods for authentication in the cloud like in the non-patent literature of Bertino, Elisa, et al. “Privacy-preserving digital identity management for cloud computing”, Data Engineering 32.1 (2009) use distributed servers and are based on the assumption that at most one of the servers is compromised.
Further in the non-patent literature of Moni Naor, et al. “Distributed Pseudo-Random Functions and KDCs”, EUROCRYPT 1999 and Yanjiang et al. “A Practical Password-Based Two-Server Authentication and Key Exchange System”, IEEE Transactions on Dependable and Secure Computing, April 2006 non-practical, complicated generic protocols are provided implementing proprietary and simple functions or protocols which have only theoretical value.
In the non-patent literature of Yan Huang, David Evans, Jonathan Katz, Lior Malka: Faster Secure Two-Party Computation Using Garbled Circuits, USENIX Security Symposium 2011 a fast multi-party AES encryption circuit is proposed yet not practical.