ADDING PERFECT FORWARD SECRECY TO KERBEROS
Main Article Content
Abstract
Kerberos system is a powerful and widely implemented authentication system. Despite this fact it has several problems such as the vulnerability to dictionary attacks which is solved with the use of public key cryptography. Also an important security feature that is not found in Kerberos is perfect forward secrecy. In this work the lack of this feature is investigated in Kerberos in its original version. Also a public key based modification to Kerberos is presented and it is shown that it lacks the prefect forward secrecy too. Then some extensions are proposed to achieve this feature. The extensions are based on public key concepts (Diffie-Hellman) with the condition of keeping the password based authentication; this requires little modifications to the original Kerberos. Four extensions are proposed; two of them modify the (Client-Authentication Server) exchange achieving conditional perfect forward secrecy, while the remaining two modify the Client-Server exchange achieving perfect forward secrecy but with increased overhead and delay.
Article Details
How to Cite
Publication Dates
References
Cervesato, I., Jaggard, A. D., Scedrov, A., Tsay, J.-K. and Walstad, C., 2008, “Breaking and Fixing Public-Key Kerberos”, Information and Computation, Volume 206, Issue 2-4, Pages 402-424.
Diffie, W. and Hellman, M.E., November 1976, “New Directions in Cryptography”. IEEE Transactions on Information Theory, Vol. IT-22, No. 6, pp. 644-654.
Menezes, A., van Oorschot, P., and Vanstone, S., 1996, “Handbook of Applied Cryptography”, CRC Press.
Miller, S., Neuman, C., Schiller, J., and Saltzer, J., December 21, 1987. “Kerberos Authentication and Authorization System”, M.I.T. Project Athena, Cambridge, Massachusetts.
Ozkan, M., 2003, “High-speed ECC based Kerberos Authentication Protocol for Wireless Applications”, Global Telecommunications Conference. GLOBECOM '03. IEEE, vol. 3, pp. 1440-1444.
Sirbu, M., and Chuang, J., 1997, “Distributed Authentication in Kerberos Using Public Key Cryptography”. Symposium on Network and Distributed System Security. San Diego, California: IEEE Computer Society Press..
William E., 2008, "A New Hash Competition", IEEE Security and Privacy, vol. 6, no. 3, pp. 60-62.
Wu, T., February, 1999, “A Real-World Analysis of Kerberos Password Security”, Proceedings of the 1999 Internet Society Network and Distributed System Security Symposium, San Diego, CA.
Zhu, L., and Tung, B., 2006, “Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)”. IETF RFC: 4556.
Zhu, L., Jaganathan, K., and Lauter, K., 2008, “Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)”, IETF RFC: 5349.