• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.123-133
• /
• 2002

In Network Environment, Kerberos certification mechanism to require Kerberos server in other area unconditionally belief. Also, Kerberos server in cooperation area must be share server of other area and secret key. To solve these two problems, this paper proposed safe security mechanism of doing to ably IETF CAT's PKINIT/PKCROSS a1gorithm with Public Key Infrastructure and use Directory System and service between realms do trust and prove each Kerberos trust center base. Also, Although Kerberos server of each area must be foreknowing each server's secret key and public key, Obtain through Trust center and acquire each area's public key and common symmetric key, Application server excluded process that must register key in Key Distribution Center.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.281-284
• /
• 2005

Kerberos is system that offer authorization in internet and authentication service. Can speak that put each server between client and user in distributed environment and is security system of symmetry height encryption base that offer authentication base mutually. Kerberos authentication is based entirely on the knowledge of passwords that are stored on the Kerberos Server. A user proves her identity to the Kerberos Server by demonstrating Knowledge of the key. The fact that the Kerberos Server has access to the user's decrypted password is a rwsult of the fact that Kerberos does not use public key cryptogrphy. It is a serious disadvantage of the Kerbercs System. The Server must be physically secure to prevent an attacker from stealing the Kerberos Server and learning all of the user passwords. Kerberos was designend so that the server can be stateless. The Kerberos Server simply answers requests from users and issues tickets. This study focused on designing a SIP procy for interworking with AAA server with respect to user authentication and Kerberos System. Kerberos is security system of encryption base that offer certification function mutually between client application element and server application element in distributed network environment. Kerberos provides service necessary to control whether is going to approve also so that certain client may access to certain server. This paper does Credit-Control Server's function in AAA system of Diameter base so that can include Accounting information that is connected to Rating inside certification information message in Rating process with Kerberos system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2245-2248
• /
• 2003

본 논문에서는 Kerberos 인증 메커니즘과 Kerberos에 공개키기반의 환경을 결합시킨 PKINIT, PKTAPP, PKCROSS을 비교 분석하였다. 각 인증 메커니즘에서 키 교환을 위환 비밀키 및 공개키의 암 복호화, 서명 및 서명검증 등의 횟수를 분석하고 이를 기반으로 실제 인증에 소요되는 연산시간을 비교하였다. 분석 방법 및 견과를 다양한 환경에 적용한 적절한 인증 메커니즘을 선택하는데 활용할 수 있으며, 특히 모바일과 같은 연산능력이 제한되는 환경에 적합한 인증 기법 개발에 적용시키고자 한다.

• Review of KIISC
• /
• v.7 no.3
• /
• pp.131-142
• /
• 1997

본 고에서는 현재 분산환경에서의 인증 메커니즘으로 널리 고려되고 있는 Kerberos 인증 방식의 초기 버전인 Kerberos V.4 와 개선된 버전인 V.5 그리고 공개키 암호를 도입하여 Kerberos 를 개선한 Yaksha 인증 메카니즘을 소개하고자 한다. 또한 분산 환경에서의 대표적인 두 방식을 비교 분석하여 보았다.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.435-441
• /
• 2013

This paper review about kerberos security authentication scheme and policy for big data service. It analyzed problem for security technology based on Hadoop framework in big data service environment. Also when it consider applying problem of kerberos security authentication system, it analyzed deployment policy in center of main contents, which is occurred in commercial business. About the related applied Kerberos policy in US, it is researched about application such as cross platform interoperability support, automated Kerberos set up, integration issue, OPT authentication, SSO, ID, and so on.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.5
• /
• pp.641-652
• /
• 2002

In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Group. Bid to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/DNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. By efficient TGT (Ticket Granting Ticket) exchange and reusability of ticket, A Design of Kerberos system that have effect and simplification of certification formality that reduce overload on communication.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.3
• /
• pp.57-66
• /
• 2006

In this paper. proposes Multi_Kerberos certification mechanism that improve certification service of based on PKINIT that made public in IETF CAT Working Group. This paper proposed to a certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, to get public key from DNS server by chain (CertPath) between realms by certification and key exchange way that provide service between realms applying X.509, DS/DNS of based on PKINIT, in order to provide regional services. This paper proposed mechanism that support efficient certification service about cross realm including key management. the path generation and construction of Certificate using Validation Server, and recovery of Session Key. A Design of Multi_Kerberos system that have effects simplify of certification formality that reduce procedures on communication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.53-64
• /
• 2005

In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Croup. Also proposed Authentication Mechanism for reusability of Ticket that after Ticket's Lifetime is ended, message exchange that Local Client receives Remote Server's service. Since my suggestion to regional services are not described in Kerberos, authentication between regions can be performed via PKINIT(Public Key Cryptography for Initial Authentication) presented by IETF(Internet Engineering Task Force) CAT working group. The new protocol is better than the authentication mechanism proposed by IETF CAT Working group in terms of communication complexity and mechanism according to simplified Ticket issue processing.

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• v.3 no.1
• /
• pp.17-29
• /
• 1999

The reliable authentication of a communicating party and a network component is an essential factor to achieve the security in a computer network. The Kerberos Authentication Services has been the most successful solution which is widely used today but its requirement for synchronized clocks has been a serious limitation to use it. In this paper we presented an extended Kerberos method which avoids the synchronization requirement for a single-time ticket user. We modified the Kerberos protocol minimally by replacing the synchronization requirement with the challenge-response method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.95-104
• /
• 1997

In this paper, we introduce Kerberos and Yaksha of an authentication scheme and propose an effectively interactive authentication scheme which improved on Kerberos and Yaksha with the public key cryptosystem in distributed systems. Also, we compare and analyse a representative Kerberos and Yakaha authentication scheme with it.