An Authentication Protocol Based on Kerberos 5

We introduce some modiflcations to the widely deployed Kerberos authentication protocol. The principle’s secretkey will be independent of the user password to overcome the weak passwords chosen by the network principal that are susceptible to password guessing attacks, the main drawback of the Kerberos protocol. Instead, the Kerberos Distribution Center saves a proflle for every instance in its realm to generate the principle’s secret-key by hashing the proflle, and encrypting the output digest. Besides, the lifetime of the secret-key is controlled using the system clock. Triple-Des is used for encryption, SHA-256 for hashing, and Blum Blum Shub for random number generation.

[1]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[2]  Nitin,et al.  Security Analysis and Implementation of JUIT—Image Based Authentication System Using Kerberos Protocol , 2008, Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008).

[3]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2002, Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications.

[4]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[5]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[6]  Virendra Kumar,et al.  Provable-Security Analysis of Authenticated Encryption in Kerberos , 2007, IACR Cryptol. ePrint Arch..

[7]  Sam Hartman,et al.  The Perils of Unauthenticated Encryption: Kerberos Version 4 , 2004, NDSS.

[8]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[9]  Andre Scedrov,et al.  A formal analysis of ome properties of kerberos 5 using MSR , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[10]  O. M. Erdem High-speed ECC based Kerberos authentication protocol for wireless applications , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[11]  John T. Kohl The use of Encryption in Kerberos for Network Authentication , 1989, CRYPTO.

[12]  Hiroshi Esaki,et al.  Applying Kerberos to the communication environment for information appliances , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[13]  Virgil D. Gligor,et al.  On message integrity in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[15]  Chris McDonald,et al.  Kerberos Assisted Authentication in Mobile Ad-hoc Networks , 2004, ACSC.

[16]  Kenneth Raeburn,et al.  Advanced Encryption Standard (AES) Encryption for Kerberos 5 , 2005, RFC.

[17]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[18]  Kenneth Raeburn,et al.  Encryption and Checksum Specifications for Kerberos 5 , 2005, RFC.

[19]  Elvinia Riccobene,et al.  Formal Analysis of the Kerberos Authentication System , 1997, J. Univers. Comput. Sci..

[20]  Thomas D. Wu A Real-World Analysis of Kerberos Password Security , 1999, NDSS.