ADDING PERFECT FORWARD SECRECY TO KERBEROS

Article Sidebar

download
Published: Apr 1, 2010
DOI: https://doi.org/10.31026/j.eng.2010.01.16
Keywords:
Public Key, Forward Secrecy, Authentication, Diffie-Hellman, Security

Main Article Content

Wameedh Nazar Flayyih

Abstract

Kerberos system is a powerful and widely implemented authentication system. Despite this fact it has several problems such as the vulnerability to dictionary attacks which is solved with the use of public key cryptography. Also an important security feature that is not found in Kerberos is perfect forward secrecy. In this work the lack of this feature is investigated in Kerberos in its original version. Also a public key based modification to Kerberos is presented and it is shown that it lacks the prefect forward secrecy too. Then some extensions are proposed to achieve this feature. The extensions are based on public key concepts (Diffie-Hellman) with the condition of keeping the password based authentication; this requires little modifications to the original Kerberos. Four extensions are proposed; two of them modify the (Client-Authentication Server) exchange achieving conditional perfect forward secrecy, while the remaining two modify the Client-Server exchange achieving perfect forward secrecy but with increased overhead and delay.

Article Details

How to Cite
“ADDING PERFECT FORWARD SECRECY TO KERBEROS” (2010) Journal of Engineering, 16(01), pp. 4593–4605. doi:10.31026/j.eng.2010.01.16.
Issue
Vol. 16 No. 01 (2010): Journal of Engineering
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

 
 

How to Cite

“ADDING PERFECT FORWARD SECRECY TO KERBEROS” (2010) Journal of Engineering, 16(01), pp. 4593–4605. doi:10.31026/j.eng.2010.01.16.
Crossref
Scopus
Google Scholar
Europe PMC

Publication Dates

References

Cervesato, I., Jaggard, A. D., Scedrov, A., Tsay, J.-K. and Walstad, C., 2008, “Breaking and Fixing Public-Key Kerberos”, Information and Computation, Volume 206, Issue 2-4, Pages 402-424.

 Diffie, W. and Hellman, M.E., November 1976, “New Directions in Cryptography”. IEEE Transactions on Information Theory, Vol. IT-22, No. 6, pp. 644-654.

 Menezes, A., van Oorschot, P., and Vanstone, S., 1996, “Handbook of Applied Cryptography”, CRC Press.

 Miller, S., Neuman, C., Schiller, J., and Saltzer, J., December 21, 1987. “Kerberos Authentication and Authorization System”, M.I.T. Project Athena, Cambridge, Massachusetts.

 Ozkan, M., 2003, “High-speed ECC based Kerberos Authentication Protocol for Wireless Applications”, Global Telecommunications Conference. GLOBECOM '03. IEEE, vol. 3, pp. 1440-1444.

 Sirbu, M., and Chuang, J., 1997, “Distributed Authentication in Kerberos Using Public Key Cryptography”. Symposium on Network and Distributed System Security. San Diego, California: IEEE Computer Society Press..

 William E., 2008, "A New Hash Competition", IEEE Security and Privacy, vol. 6, no. 3, pp. 60-62.

Wu, T., February, 1999, “A Real-World Analysis of Kerberos Password Security”, Proceedings of the 1999 Internet Society Network and Distributed System Security Symposium, San Diego, CA.

 Zhu, L., and Tung, B., 2006, “Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)”. IETF RFC: 4556.

 Zhu, L., Jaganathan, K., and Lauter, K., 2008, “Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)”, IETF RFC: 5349.

Similar Articles

You may also start an advanced similarity search for this article.