Browse > Article

Study on a Secure Authentication and Authorization Protocol based on Kerberos  

김은환 (숭실대학교 전산원 인터넷 정보통신학과)
김명희 (숭실대학교 컴퓨터학)
전문석 (숭실대학교 정보과학대학)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.29, no.5C, 2004 , pp. 737-749 More about this Journal
Abstract
Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.
Keywords
Authentication; Authorization; Kerberos; Delegation; Proxy Privilege Server;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Public Key Cryptography for Initial Authentication in Kerberos /
[ B.Tung;C.Neuman;M.Hur;A.Medvinsky;S.Medvinsky;J.Wray;J.Trostle ] / draft-ietf-cat-kerberos-pk-init-15.txt.
2 PKINIT 기반 새로운 커브로스 인증 메커니즘의 설계 /
[ 김철현;정일용 ] / 정보과학회 논문지   과학기술학회마을
3 An Architecture for Practical Delegation in a Distributed System /
[ M.Gasser;E.McDermott ] / IEEE Symposium on Security and Privacy
4 The Evolution of the Kerberos Authentication System In Distributed Open Systems /
[ John T.Kohl;B.Clifford Neuman;Theodore Y.T'so ] / IEEE Computer Society Press
5 공개키를 이용한 커버로스 기반의 강력한 인증 메커니즘 설계 /
[ 김은환;전문석 ] / 정보보호학회논문지   과학기술학회마을
6 /
[ W.Stallings ] / Network Security Essentials applications and standard
7 SESAME V2 Public Key and Authorization Extensions to Kerberos /
[ P.V.McMahon ] / Proceedings of the 1995 Symposium on Network and Distributed System Security
8 The Kerberos Network Authentication Service (V5) /
[ J.Kohl;C.Neuman ] / RFC 1510
9 Extending to Support Practical Delegation /
[ Marlena E.Erdos;Joseph N.Pato ] / Proceedings of the PSRG Workshop on Network and Distributed System Security
10 A Secure European System for Applications in a Multi-vendor Environment(The SESAME Project) /
[ T.T.Parker ] / Proceedings of the 14th American National Security Conference
11 Proxy-Based Authorization and Accounting for Distributed system /
[ B.Clifford Neuman ] / Proceedings of the 13th International Conference on Distributed Computing systems
12 Public Key Cryptography for Cross-Realm Authentication in Kerberos /
[ B.Tung;B.C.Neuman;M.Hur;A.Medvinsky;S.Medvinsky ] / draft-ietf-cat-kerberos-pk-cross-0.8.txt.
13 /
[ Alfred J.Menezes;Paul C.van Oorschot;Scott A.Vanstone ] / Handbook of applied Cryptography
14 Distributed Authentication in Kerberos Using Public Key Cryptography /
[ Marvin A.Sirbu;John Chung I Chuang ] / Proc. 1997 Symposium on Network and Distributed System Security
15 Performance of Public Key-Enabled Kerberos Authentication in Large Networks /
[ A.Harbitter;D.Menasce ] / Proc. 2001 IEEE Symposium on Security and Privacy
16 Kerberos: An Authentication Service for Open Network System /
[ J.Steiner;C.Neuman;J.Schiller ] / Proc. of the Winter 1998 Usenix Conference
17 A Flexible Distributed Authorization Protocol /
[ Jonathan T.Trostle;B.clifford Neuman ] / Internet Society 1996 Symposium on Network and Distributed System Security
18 /
[] /