• Title/Summary/Keyword: PKINIT

Search Result 12, Processing Time 0.019 seconds

A study on advanced Kerberos Authentication between Realms based on PKINIT (PKINIT기반의 향상된 Kerberos 인증에 관한 연구)

  • 신광철;정진욱
    • Journal of the Korea Computer Industry Society
    • /
    • v.2 no.12
    • /
    • pp.1541-1548
    • /
    • 2001
  • In this paper, We propose a new Kerberos certification mechanism that improve certification service based on PKINIT that announce in IETF CAT Working Group. Certification between area connected by chain through PKINIT that use X.509 and DS/DNS mutually for service. In order to provide regional services used private key and public key, X.509 of PKINIT is employed on session part and Kerberos's private key on actual authentication part. New mechanism be reduced communication overload doing to simplify certification formality between Client and remote KDC by KDC's certificate use to get ticket in remote sacred ground and remote KDC's reaffirmation process omitted.

  • PDF

A Study on Multi_Kerberos Authentication Mechanism based on Certificate (인증서기반의 Multi_Kerberos 인증시스템에 관한 연구)

  • Shin, Kwang-Cheul;Cho, Sung-Je
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.3
    • /
    • pp.57-66
    • /
    • 2006
  • In this paper. proposes Multi_Kerberos certification mechanism that improve certification service of based on PKINIT that made public in IETF CAT Working Group. This paper proposed to a certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, to get public key from DNS server by chain (CertPath) between realms by certification and key exchange way that provide service between realms applying X.509, DS/DNS of based on PKINIT, in order to provide regional services. This paper proposed mechanism that support efficient certification service about cross realm including key management. the path generation and construction of Certificate using Validation Server, and recovery of Session Key. A Design of Multi_Kerberos system that have effects simplify of certification formality that reduce procedures on communication.

  • PDF

A study on an Efficient Kerberos Authentication based on X.509 (X.509 인터넷 공개키 기반구조에서 Kerberos 인증에 관한 연구)

  • 김철현;신광철;김창원
    • Journal of the Korea Computer Industry Society
    • /
    • v.3 no.5
    • /
    • pp.641-652
    • /
    • 2002
  • In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Group. Bid to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/DNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. By efficient TGT (Ticket Granting Ticket) exchange and reusability of ticket, A Design of Kerberos system that have effect and simplification of certification formality that reduce overload on communication.

  • PDF

A study on Kerberos Authentication and Key Exchange based on PKINIT (PKINIT기반의 Kerberos 인증과 키 교환에 관한 연구)

  • Sin, Gwang-Cheol;Jeong, Il-Yong;Jeong, Jin-Uk
    • The KIPS Transactions:PartC
    • /
    • v.9C no.3
    • /
    • pp.313-322
    • /
    • 2002
  • In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Ggroup. Did to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/BNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos' symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. Excluded random number ($K_{rand}$) generation and duplex encryption progress to confirm Client. A Design of Kerberos system that have effect and simplification of certification formality that reduce Overload on communication.

A Study on Public Key Cryptographic Authentication System Providing Key Distribution and Recovery in the Initial Authentication (초기인증에서 키 분배 및 복구를 지원하는 공개키 암호 인증시스템에 관한 연구)

  • Shin Kwang-Cheul;Cho Sung-Je
    • Journal of Internet Computing and Services
    • /
    • v.7 no.3
    • /
    • pp.83-91
    • /
    • 2006
  • In this paper, we improved a cryptography system model based on the secure initial authentication public key with PKINIT of authentication and key recovery protocol. It is applied to all fields of cryptography system using certificate. This study presents two mechanisms to authenticate between member users. The first mechanism is initial authentication and distribution of session key by public key cryptography based on certificate between entity and server, and the second mechanism is a key recovery support protocol considering loss of session key in the secure communication between application servers.

  • PDF

A study on Kerberos Authentication mechanism (Kerberos 인증메커니즘에 관한 연구)

  • Kim Cheol-hyun;Lee Yon-Sik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.3
    • /
    • pp.53-64
    • /
    • 2005
  • In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Croup. Also proposed Authentication Mechanism for reusability of Ticket that after Ticket's Lifetime is ended, message exchange that Local Client receives Remote Server's service. Since my suggestion to regional services are not described in Kerberos, authentication between regions can be performed via PKINIT(Public Key Cryptography for Initial Authentication) presented by IETF(Internet Engineering Task Force) CAT working group. The new protocol is better than the authentication mechanism proposed by IETF CAT Working group in terms of communication complexity and mechanism according to simplified Ticket issue processing.

A Study on Secure Kerberos Authentication using Trusted Authority in Network Structure (네트웍 환경에서 안전한 Kerberos 인증 메커니즘에 관한 연구)

  • 신광철;정진욱
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.2
    • /
    • pp.123-133
    • /
    • 2002
  • In Network Environment, Kerberos certification mechanism to require Kerberos server in other area unconditionally belief. Also, Kerberos server in cooperation area must be share server of other area and secret key. To solve these two problems, this paper proposed safe security mechanism of doing to ably IETF CAT's PKINIT/PKCROSS a1gorithm with Public Key Infrastructure and use Directory System and service between realms do trust and prove each Kerberos trust center base. Also, Although Kerberos server of each area must be foreknowing each server's secret key and public key, Obtain through Trust center and acquire each area's public key and common symmetric key, Application server excluded process that must register key in Key Distribution Center.

Design of a New Kerberos Authentication Mechanism based on PKINIT (PKINIT 기반 새로운 커브로스 인증 메커니즘의 설계)

  • Kim, Cheol-Hyeon;Jeong, Il-Yong
    • Journal of KIISE:Information Networking
    • /
    • v.28 no.1
    • /
    • pp.136-142
    • /
    • 2001
  • 본논문에서는 X.509와 DNS를 연관하여 새로운 Kerberos 인증 메카니즘을 제안한다. Ker-beros에서는 영역간의 서비스에 대하여 언급을 하지 않았기 때문에 영역간 인증은 X.509와 DNS(Domain Name System)를 사용하여 키관리 방식을 갖고 있는데 Kerberos는 공통키에 기반을 두고 있는 반면에 X.509는 공개키 방식에 기반을 두고 있다. 따라서 본 논문에서는 이들을 상호 연동시키기 위해 연결 세션은 DS를 이용하였고 실제적인 인증을 위해서는 Kerberos를 적용하였다. 새로운 프로토콜은 통신복잡도와 관점에서 고찰하면 IETF CAT 작업반에서 제안한 인증 메커니즘보다 개선되었다.

  • PDF

A study on an Efficient Kerberos Authentication based on X.509 (X.509 공개키 기반구조에서 Kerberos 인증에 관한 연구)

  • Kim, Cheol-Hyun;Kim, Young-Ja
    • Annual Conference of KIPS
    • /
    • 2002.11b
    • /
    • pp.1177-1180
    • /
    • 2002
  • 본 논문에서는 IETF CAT Working Group에서 발표한 PKINIT기반의 인증서비스를 향상시킨 Kerberos 인증 메커니즘을 제안한다. PKINIT기반의 X.509, DS/DNS를 적용하여 영역간의 서비스를 제공하는 인증과 키 교환방식으로 DNS를 통해 외부영역의 위치를 탐색하고 X.509 디렉토리 인증 시스템을 적용, 영역간 인증은 DNS 서버로부터 공개키를 획득하여 다른 영역을 인증하도록 하였다. 영역간 인증과 키 교환은 Kerberos의 관용키 암호방식을 사용하고 세션 연결은 X.509 공개키 방식에 기반을 두고 있다. 효율적인 TGT(티켓승인 티켓) 교환과 통신상의 Overload를 감소시키는 효과와 인증절차의 간소화를 가지는 Kerberos시스템을 설계하였다.

  • PDF

Comparison and Analysis of Kerberos and Kerberos-like Authentication Mechanisms (Kerberos 및 Kerberos 유사 인증 기법의 비교분석)

  • Hwang, Sung-Wook;Cho, Kyung-San
    • Annual Conference of KIPS
    • /
    • 2003.05c
    • /
    • pp.2245-2248
    • /
    • 2003
  • 본 논문에서는 Kerberos 인증 메커니즘과 Kerberos에 공개키기반의 환경을 결합시킨 PKINIT, PKTAPP, PKCROSS을 비교 분석하였다. 각 인증 메커니즘에서 키 교환을 위환 비밀키 및 공개키의 암 복호화, 서명 및 서명검증 등의 횟수를 분석하고 이를 기반으로 실제 인증에 소요되는 연산시간을 비교하였다. 분석 방법 및 견과를 다양한 환경에 적용한 적절한 인증 메커니즘을 선택하는데 활용할 수 있으며, 특히 모바일과 같은 연산능력이 제한되는 환경에 적합한 인증 기법 개발에 적용시키고자 한다.

  • PDF