Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2003.10C.3.287

Design of a effective Authorization Mechanism based on Kerberos  

Kim, Eun-Hwan (숭실대학교 전자계산원)
Jun, Moon-Seog (숭실대학교 컴퓨터학부)
Publication Information
The KIPS Transactions:PartC / v.10C, no.3, 2003 , pp. 287-294 More about this Journal
Abstract
Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.
Keywords
Authorization; Authentication; Kerberos; Delegation; Proxy Privilege Server;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 J. Kohl and C. Neuman, 'The Kerberos Network Authentication Service(V5),' RFC 1510, September, 1993
2 Marlena E. Erdos, and Joseph N. Pato, 'Extending the OSF DCE Authorization System to Support Practical Delegation,' Proceedings of the PSRG Workshop on Network and Distributed System Security, pp.93-100, Feb., 1993
3 J. Steiner, C. Neuman, J. Schiller, 'Kerberos: An Authentication Service for Open Network System,' Proc.of the Winter 1988 Usenix Conference, Feb., 1988
4 W. Stallings, 'Network Security Essentials applications and standard,' Prentice hall, 2000
5 T. T. Parker, 'A Secure European System for Applications in a Multi-vendor Environment(The SESAME Project),' Proceedings of the 14th American National Security Conference, 1991
6 P. V. McMahon, 'SESAME V2 Public Key and Authorization Extensions to Kerberos,' Proceedings of the 1995 Symposium on Network and Distributed System Security, 1991
7 김철현, 정일용, 'PKINIT 기반 새로운 커브로스 인증 메커니즘의 설계,' 정보과학회논문지, 제28권 제1호, Mar. 2001   과학기술학회마을
8 B. Clifford Neuman, 'Proxy-Based Authorization and Accounting for Distributed system,' Proceedings of the 13th International Conference on Distributed Computing systems, pp. 283-291, 1993   DOI
9 M. Gasser and E. McDermott, 'An Architecture for Practical Delegation in a Distributed System,' IEEE Symposium on Security and Privacy, pp.20-30, 1999   DOI
10 http://web.mit.edu/kerberos/www/
11 김은환, 전문석, '공개키를 이용한 커버로스 기반의 강력한 인증 매커니즘 설계,' 정보보호학회논문지, 제12권 제2호, April, 2002   과학기술학회마을
12 신광철, 정진욱, '네트윅 환경에서 안전한 Kerberos 인증 메커니즘에 관한 연구,' 정보보호학회논문지, 제12권 제2호, April, 2002   과학기술학회마을
13 유정각, 이건희, 이상하, 김동규, 'PKI기반에서 X.509 인증서를 사용한 권한 위임,' 정보보호학회 종합 학술발표회논문집, 제11권 제1호, Nov., 2001   과학기술학회마을
14 Jonathan T. Trostle,, B. Clifford Neuman, 'A Flexible Distributed Authorization Protocol,' Internet Society 1996 Symposium on Network and Distributed System Security, pp.43-52, May, 1996