Browse > Article
http://dx.doi.org/10.13089/JKIISC.2005.15.3.53

A study on Kerberos Authentication mechanism  

Kim Cheol-hyun (Hongseong Ploytechnic College)
Lee Yon-Sik (Kunsan National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.15, no.3, 2005 , pp. 53-64 More about this Journal
Abstract
In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Croup. Also proposed Authentication Mechanism for reusability of Ticket that after Ticket's Lifetime is ended, message exchange that Local Client receives Remote Server's service. Since my suggestion to regional services are not described in Kerberos, authentication between regions can be performed via PKINIT(Public Key Cryptography for Initial Authentication) presented by IETF(Internet Engineering Task Force) CAT working group. The new protocol is better than the authentication mechanism proposed by IETF CAT Working group in terms of communication complexity and mechanism according to simplified Ticket issue processing.
Keywords
Kerberos; PKINIT;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B.Tung,C.Neuman, M. Hur, A. Medvinsky, S. Medvinsky, J. Wray, J. Trostle, 'Public Key Cryptography for Initial Authentication in Kerberos'. draft-ietf-cat-kerberos-pk-init-15.txt
2 K. Hornstein, J.Altman,'Distributing Kerberos KDC and Realm InformZation with DNS'.draft-ietf-krb-wg-krb- dns-locate-02.txt
3 P. Mockapetris, 'DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION', RFC1035, November 1987
4 김철현, 이여진, 정일용, 'The design of an Efficient Kerberos Authentication Mechanism Associated With Directory Systems', GCC2003, pp.721-728, 2003
5 J. Kohl, C. Neuman, 'The Kerberos Network Authentication Service (V5)', draft-ietf-cat-kerberos-revisions- 10.txt
6 김철현, 신광철, 정진옥, 'The Design of an Optimun Kerberos Mechanism Modeling with Resuability of Ticket', ICIS 2002, pp.231-237, 2002
7 J. G. Steiner, B. C. Neuman, and J. I. Schiller, ' Kerberos: An Authentication Service for Open Network System,' pp. 191-202 in Usenix Conference Proceedings, Dallas, texas (Feb, 1988)
8 K.Raeburn,'Encryption and Checksum Specifications for Kerberos 5',draftietf-krb-wg-crypto-00.txt
9 김철현, 신광철, 김창원,'X.509 인터넷 공개키 기반구조에서 Kerberod인증에 관한 연구', 한국컴퓨터산업교육학회, pp.641-652, 2002
10 김철현, 정일용, 'An Efficient Kerberos Authentication Mechanism Associated With X.509 and DNS', IEICE 2002, pp.1384-1389, 2002
11 M. Hur, J. Salowey, ' Kerberos Cipher Suites in Transport Layer Security (TLS)', draft-ietf-tls-kerb-01.txt
12 B.C.Neuman, Theodore Ts'o. Kerberos, 'An Authentication Service for computer Networks', IEEE Communications, 32(9): 33-38.September 1994   DOI   ScienceOn
13 IETF Draft, 'Internet X.509 Public Key Infrastructure Certificate and CRL profile,' 1998
14 김철현,정일용,'X.509와DNS이용한 분산인증 알고리즘의 설계',한국정보처리학회추계학술 발표논문집,pp.1169-1172, 2000
15 B. Tung, B.C. Neuman, M. Hur, A. Medvinsky, S. Medvinsky 'Public Key Cryptography for Cross-Realm Authentication in Kerberos'. draft-ietf-cat-kerberos-pk-cross-08.txt
16 A. Gulbrandsen, P. Vixie, ' A DNS RR for specifying the location of services (DNS SRV)', RFC2052, October 1996
17 김철현, '공개키 기반구조하에서 Kerberos인증 메커니즘의 설계', 조선대학교 석사학위논문,1999
18 A. Medvinsky, M. Hur, S. Medvin sky, C. Neuman. 'Public Key Utilizing Tickets for Application Servers (PKTAPP)'
19 K. Hornstein, J.Altman,'Distributing Kerberos KDC and Realm Information with DNS'.draft-ietf-krb-wg-krb- dns-locate-02.txt
20 신광철, '공개키 기반구조의 Kerberos의 관한 연구', 성균관대 박사 논문, 2003.[20] 신광철, '공개키 기반구조의 Kerberos의 관한연구', 성균관대 박사 논문, 2003