Professor Jens-Peter KapsFarhana S. MunneeECE 646 Project SpecificationsFall 2007Professor Jens-Peter KapsKerberos Using Public Key CryptographyFarhana S. MunneeAnirudh JonnavitulaIntroduction and Motivation: Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Secure authentication is the most important achievement of the Kerberos protocol. Kerberos rely on Key Distribution Centers (KDC) as trusted intermediaries when authenticating clients and servers. Kerberos protocol has several advantages. First of all it is combined with authorization mechanism. Kerberos protocol combines all network entities that include authentication server, authorization server, application server and client etc. Another advantage is it can support bi-directional authentication, server and user both can authenticate each other. One of the major limitations in Kerberos scalability is that it relies on secret key encryption and KDC must remember every user’s secret key. If an unauthorized individual gains even read-only access to the key distribution center’s database, the secrecy of user keys is violated and the security of the key distribution center is compromised. Implementing public key cryptography within Kerberos will improve scalability and security throughout the network. In this project we will analyze the performance of Kerberos protocol after adding public key encryption and we will also compare different proposals.Description of problems/hypotheses to be investigated: There are few proposals published on public key extensions for Kerberos as Internet-Drafts. We will compare the performance of the following proposals: Public key cryptography for Initial Authentication in Kerberos (PKINIT). Public key cryptography for Cross-Realm Authentication in Kerberos (PKCROSS). Public key Utilizing Tickets for Application Servers (PKTAPP). Public key based Kerberos for Distributed Authentication (PKDA). A tentative list of question you will be seeking an answer to: How can we improve Kerberos protocol? How can Kerberos authentication protocol support Public Key Cryptography (PKC)? What are the performance impacts of PKINIT, PKCROSS, PKTAPP and PKDA in Kerberos?Project Schedule: General workflow and schedule-Task Name Start date End dateInitial project choice and reference list 09/10/07 09/19/07Group building finished and final project choice 09/26/07 09/26/07Create project specifications 09/27/07 10/03/07Meet with the Instructor 10/11/07 10/11/07Read all the references thoroughly 09/27/07 10/10/07Create first progress report and meet with Instructor 10/10/07 10/19/07Create second progress report 10/20/07 11/12/07Draft project report 11/13/07 12/01/07Meet with the Instructor 12/03/07 12/03/07Final project report 12/05/07 12/05/07Project review 12/06/07 12/14/07Project presentation 12/19/07 12/19/07 A tentative table of contents of the final report: Abstract Introduction Principle and authentication process of Kerberos Proposals to add Public key cryptography to Kerberos Performances analysis Previous research Conclusion and future recommendation List of references List areas where the specification can change depending on the progress of the project:Depending upon the progress of project and data availability few proposals/protocols may be added or removed.References:[1] Performance of public-key-enabled Kerberos authentication in large networksHarbitter, A.H.; Menasce, D.A. Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, 2001,p 170-83[2] ‘Cryptography and Network Security: Principles and Practices’ By William Stallings, Prentice Hall; Fourth Edition, 2005.[3] Misplaced trust: Kerberos 4 session keysDole, B. (Sun Microsyst., Mountain View, CA, USA); Lodin, S.; Spafford, E. Source: Proceedings. 1997 Symposium on Network and Distributed System Security (Cat. No.97TB100100), 1997, p 60-70[4] Distributed authentication in Kerberos using public key cryptographySirbu, Marvin A. (Carnegie Mellon Univ); Chuang, John Chung-I Source: Proceedings of the Annual Internet Society (ISOC) Symposium on Network and Distributed System Security, 1997, p 134-141[5] Public-key cryptography extensions into Kerberos Downnard, Ian (Naval Research Laboratory) Source: IEEE Potentials, v 21, n 5, DEC/JAN, 2002, p 30-34.[6] Authentication for distributed systemsWoo, Thomas Y. C. (Univ of Texas, Austin, TX, USA); Lam, Simon S. Source: Computer, v 25, n 1, Jan, 1992, p 39-52[7] Research and realization of authentication technique based on OTP and KerberosCheng, Xiao-Rong (School of Computer Science and Technology, North China Electric Power University); Feng, Qi-Yuan; Dong, Chao; Zhang, Ming-Quan[8] Massachusetts Institute of Technology, Kerberos: The Network Authentication Protocol. <http://web.mit.edu/kerberos/www/>, 2000.[9] Performance analysis of the Kerberos protocol in a distributed environmentEl-Hadidi, M.T.; Hegazi, N.H.; Aslan, H.K.;Computers and Communications, 1997. Proceedings., Second IEEE Symposium on1-3 July 1997 Page(s):235 - 239 Digital Object Identifier
View Full Document
Unlocking...