IMPLEMENTATION OF A SECURITY SERVICE PROVIDER FOR INTRANETS
Main Article Content
Abstract
Among the many branches of security, authentication and confidentiality are very important to be provided. This work studies authentication focusing on the authentication systems supported by Windows 2000 family, especially Kerberos. As a result of this study, some unconvincing points are found along with others that are considered as weaknesses, such as being subject to offline
dictionary attacks and the lack of perfect forward secrecy. Hence, some protocols (for authentication and key agreement) are chosen to build an authentication system that takes into consideration the observations on Windows 2000 systems. Based on this system, a security service provider is developed. The proposed provider isolates the developer from the complexity of the underlying system.
Article Details
How to Cite
Publication Dates
References
[BM91] S. M. Bellovin and M. Merritt, “Limitations of the Kerberos Authentication System”, Proceedings of the Winter 1991 Usenix Conference, pp. 253-267, Dallas, January, 1991.
[Bos00] W. Boswell, “Inside Windows 2000 Server”, New Riders, 2000.
[KT03] K. Kasslin and A. Tikkanen, “Attacks on Kerberos V in a Windows 2000 Environment”, Research project for Helsinki University of Technology, 2003.
[Kwo01] T. Kwon, “Authentication and key agreement via memorable passwords”, Proceedings Network and Distributed System Security Symposium, San Diego, California, February 7-9, 2001.
[MOV96] A. Menezes, P. van Oorschot, and S. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 1996.
[Mic99a] Microsoft Corporation, “The Security Support Provider Interface”, Windows 2000 White Paper, March, 1999.
[Mic99b] Microsoft Corporation, “Windows 2000 Kerberos Authentication”, Windows 2000 White Paper, 1999.
[Mic00] Microsoft Corporation, “Windows 2000 Certificate Services”, Windows 2000 White Paper, 2000.
[MNS+87] S. Miller, C. Neuman, J. Schiller, and J. Saltzer, “Kerberos Authentication and Authorization System”, M.I.T. Project Athena, Cambridge, Massachusetts, December 21, 1987.
[TJ01] C. Todd and N. L. Johnson, “Hack Proofing Windows 2000 Server”, Syngress Publishing, 2001.
[Wu99] T. Wu, “A Real-World Analysis of Kerberos Password Security”, Proceedings of the 1999 Internet Society Network and Distributed System Security Symposium, San Diego, CA, February, 1999.