Improved Kerberos Security Protocol Evaluation using Modified BAN Logic

Online communication offers organizations greater efficiency. However, online processes increase the threat level during message transfer. This necessitates researchers to develop and improve security protocols in order to enhance the security of communication lines. There are many evaluation tools such as BAN Logic to evaluate how secure authentication protocols' messages are. Despite the evaluation and acceptance of many authentication protocols, online communications remain insecure. We propose three approaches in order to increase the authenticity level; firstly, we propose to add the user's physical location as a new authentication factor into Kerberos protocol and call it N-Kerberos protocol. Secondly, we propose a new BAN logic based evaluation tool (N-BAN) to evaluate the N-Kerberos protocol. Finally, we validate the new form of Kerberos (N-Kerberos) using the new form of BAN (N-BAN) logic.

[1]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[2]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  A. Mukhamedov Full agreement in BAN kerberos , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[4]  Jon Postel,et al.  Time Protocol , 1983, RFC.

[5]  Zoran A. Salcic,et al.  A Comparison of Accuracy Using a GPS and a Low-Cost DGPS , 2006, IEEE Transactions on Instrumentation and Measurement.

[6]  Taylor Yu The Kerberos Network Authentication Service (Version 5) , 2007 .

[7]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[8]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[9]  Andreas J. Schmid,et al.  Positioning Accuracy Improvement With Differential Correlation , 2009, IEEE Journal of Selected Topics in Signal Processing.

[10]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[11]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[12]  Yue Wang,et al.  Security Analysis of the Kerberos Protocol Using BAN Logic , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[13]  Tomohiro Hase,et al.  Improvement of the positioning accuracy of a software-based GPS receiver using a 32-bit embedded microprocessor , 2000, 2000 Digest of Technical Papers. International Conference on Consumer Electronics. Nineteenth in the Series (Cat. No.00CH37102).

[14]  Jolyon Clulow,et al.  The Design and Analysis of Cryptographic Application Programming Interfaces for Security Devices , 2003 .

[15]  Diomidis Spinellis,et al.  Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification , 1999, Comput. Commun..

[16]  Jean-Jacques Quisquater,et al.  Montgomery Exponentiation with no Final Subtractions: Improved Results , 2000, CHES.

[17]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[18]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[19]  J. Ikonen,et al.  Accuracy and time to first fix using consumer-grade GPS receivers , 2008, 2008 16th International Conference on Software, Telecommunications and Computer Networks.

[20]  Ralph R. Swick,et al.  Workstation Services and Kerberos Authentication at Project Athena , 1989 .

[21]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation and Analysis , 1992, RFC.

[22]  Kemal Bicakci,et al.  One-Time Passwords: Security Analysis Using BAN Logic and Integrating with Smartcard Authentication , 2003, ISCIS.

[23]  Jerome H. Saltzer,et al.  Kerberos authentication and authorization system , 1987 .

[24]  Bogdan M. Wilamowski,et al.  The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[25]  John Fagan,et al.  Countermeasures for GPS Signal Spoofing , 2005 .

[26]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[27]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[28]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.