Performance of Public-Key-Enabled Kerberos Authentication in Large Networks
نویسندگان
چکیده
Several proposals have been made to public-keyenable various stages of the secret-key-based Kerberos network authentication protocol. The computational requirements of public key cryptography are much higher than those of secret key cryptography, and the substitution of public key encryption algorithms for secret key algorithms impacts performance. This paper uses closed, class-switching queuing models to demonstrate the quantitative performance differences between PKCROSS and PKTAPP—two proposals for public-key-enabling Kerberos. Our analysis shows that, while PKTAPP is more efficient for authenticating to a single server, PKCROSS outperforms the simpler protocol if there are two or more remote servers per remote realm. This heuristic can be used to guide a high-level protocol that combines both methods of authentication to improve performance.
منابع مشابه
Kerberos Authentication System – A Public Key Extension
Kerberos has become a mature, reliable, secure network authentication protocol. Kerberos is based on secret key encryption technology. It is the native network authentication protocol in the Microsoft Windows 2000 operating system and may be a candidate for use as a general-purpose authentication protocol for large user communities on the Internet. Several proposals have been developed that add...
متن کاملXKDCP: An Inter-KDC Protocol for Dependable Kerberos Cross-Realm Operations
The wide popularity of Kerberos made it the de-facto standard for authentication in enterprise networks. Moreover, the lightweight nature of Kerberos makes it a candidate of choice for securing network communications in emerging non-enterprise information systems such as industrial control networks, building automation and intelligent transportation systems. Many of these potential applications...
متن کاملDistributed Authentication in Kerberos Using Public Key Cryptography
In this work we describe a method for fully distributed authentication using public key cryptography within the Kerberos ticket framework. By distributing most of the authentication workload away from the trusted intermediary and to the communicating parties, significant enhancements to security and scalability can be achieved as compared to Kerberos V5. Privacy of Kerberos clients is also enha...
متن کاملA Survey of Kerberos V and Public-Key Kerberos Security
Kerberos was initially developed at MIT as a part of Project Athena and in these days it is widely deployed single sign-on protocol that is developed to authenticate clients to multiple networked services. Furthermore, Cross-realm authentication is a useful and interesting component of Kerberos aimed at enabling secure access to services astride organizational boundaries. Also, Kerberos has con...
متن کاملA Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography
Kerberos is an authentication protocol in which client and server can mutually authenticate to each other across an insecure network connection, to ensure data integrity of the message and privacy of channel communications. In this paper, a new novel is proposed to improve Kerberos authentication protocol by using Secret Image. This proposed modification in Kerberos will be modified to yield be...
متن کامل