Abstract
Kerberos has revolved over the past 20 years. Kerberos and its variants have been extensively used in a variety of commuting systems since 1999. Among them, there have been several techniques and protocols to integrate public key cryptography into Kerberos. Public-Key Cross Realm Authentication in Kerberos (PKCROSS) is one of these protocols. It has been proposed to simplify the administrative burden of maintaining cross-realm keys so that it improves the scalability of Kerberos in large multi-realm networks. Public Key Utilizing Tickets for Application Servers (PKTAPP) is another protocol that has been suggested to improve the scalability issue of PKCROSS. Performance evaluation is a fundamental consideration in the design of security protocols. But, the performance of these two protocols has been poorly understood in a large-scale network. In this paper, we present an efficient way to study the performance of PKCROSS and PKTAPP. Our thorough performance analysis of these two protocols shows that PKTAPP does not scale better than PKCROSS. In this paper, we report our recent results of when PKCROSS still outperforms than PKTAPP in multiple remote realms.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Amir, Y., Kim, Y., Nita-Rotaru, C., Tsudik, G.: On the performance of group key agreement protocols. ACM Transactions on Information and Systems Security (TISSEC) 7(3), 1–32 (2004)
Amir, Y., Kim, Y., Nita-Rotaru, C., Schultz, J., Stanton, J., Tsudik, G.: Secure group communication using robust contributory key agreement. IEEE Transactions on Parallel and Distributed Systems 15(5), 468–480 (2004)
Al-Janabi, S.: Public-Key Cryptography Enabled Kerberos Authentication. In: Developments in E-systems Engineering, DeSE (2011)
Altman, J.: NIST PKI 2006: Integrating PKI and Kerberos (2007), http://www.secure-endpoints.com/talks/nist-pki-06-kerberos.pdf
Altman, J.: Personal communication (2007)
Barry, D.: Web Services and Service-Oriented Architecture: Your Road Map to Emerging IT. Morgan Kaufmann (2003)
Bruell, S., Balbo, G.: Computerational Algorithms for Closed Queueing Netowrks. In: Denning, P.J. (ed.) Science Library. Elsevier North Holland, Inc., New York (1980)
Buckley, S.: MIT Kerberos Consortium Proposal to Sponsors (2008), http://www.kerberos.org/join/overview.pdf
CITI. kx509 and KCA (2006), http://www.citi.umich.edu/projects/kerb_pki/
Dai, W.: Crypto++ 3.1 benchmarks (2007), http://www.eskimo.com/~weidai/benchmark.html
Davis, D.: Kerberos plus RSA for world wide web security. In: Proceedings of the First USENIX UNIX Workshop on Electronic Commerce, New York City, New York (July 1995)
Davis, D.: Compliance defects in public-key cryptography. In: Proceedings of the Sixth USENIX UNIX Security Symposium (USENIX Security 1996), San Jose, California (July 1996)
Dongara, P., Vijaykumar, T.N.: Accelerating private-key cryptography via multithreading on symmetric multiprocessors. In: Proc. IEEE Int’l Symp. Performance Analysis of Systems and Software (ISPASS 2003), pp. 58–69. IEEE Press (2003)
Doster, W., Watts, M., Hyde, D.: The KX.509 Protocol (2001), http://www.citi.umich.edu/techreports/reports/citi-tr-01-2.pdf
Garman, J.: Kerberos: The Definitive Guide. O’Reilly (2003)
Kirsal, Y., Gemikonakli, O.: Further Improvements to the Kerberos Timed Authentication Protocol. In: Sobh, T., Elleithy, K., Mahmood, A., Karim, M. (eds.) Novel Algorithms and Techniques In Telecommunications, Automation and Industrial Electronics. Springer (2008)
Liang, W., Wang, W.: A Quantitative study of authentication and QoS in Wireless IP Networks. In: Proceedings of the 24th IEEE Conference on Computer Communications, INFOCOM (2005)
Hardjono, T.: Kerberos on the Web: Update. MIT Kerberos Consortium (December 2005), http://www.kerberos.org/events/Board-3-30-09/3-hardjono-kerbweb.pdf
Heimdal. PKCROSS for Heimdal (April 2008), http://www.taca.jp/krb-cross-realm/pkcross-heimdal.html
Heimdal. Initial version of PKCROSS Implementation. Heimdal Discussion Mailing List (April 2008), http://www.stacken.kth.se/lists/heimdal-discuss/2008-04/msg00004.html
Harbitter, A., Menasce, D.: Perofrmance of public-key-enabled Kerberos authentication in large networks. In: Proceedings of 2001 IEEE Symposium on Security and Privacy, Oakland, California (2001)
Hur, M., Tung, B., Ryutov, T., Neuman, C., Medvinsky, A., Tsudik, G., Sommerfeld, B.: Public key cryptography for cross-realm authentication in Kerberos (PKCROSS) (May 2001), http://tools.ietf.org/html/draft-ietf-cat-kerberos-pk-cross-07
Kaufman, C.: Internet Key Exchange (IKEv2) Protocol (December 2005), http://www.ietf.org/rfc/rfc4306.txt
Kohl, J., Neuman, C.: RFC 1510: The Kerberos network authentication service, v5 (1993), http://rfc.net/rfc1510.html
KX.509. KX.509 Source (2007), http://kx509.cvs.sourceforge.net/kx509/
Medvinsky, A., Hur, M., Neuman, C.: Public key utilizing tickets for application servers (PKTAPP) (January 1997), http://tools.ietf.org/html/draft-ietf-cat-pktapp-00
The MIT Kerberos Consortium. Proposal for corporate sponsors (2007), http://www.kerberos.org/join/proposal.pdf
Muntz, R., Chandy, K., Baskett, F., Palacios, F.: Open, closed, and mixed networks of queues with different classes of customers. Journal of the ACM (April 1975)
Neuman, B., Tung, B., Way, J., Trostle, J.: Public key cryptography for initial authentication in Kerberos servers (PKINIT 2002) (October 2002), http://ietf.org/internet-drafts/draft-ietf-cat-Kerberos-pk-init-02.txt
Patel, A., Leung, K., Khalil, M., Akhtar, H.: Authentication protocol for mobile IPv6 (2006), http://www.rfc-editor.org/rfc/rfc4285.txt
Pathan, K., Deshmukh, S., Deshmukh, R.: Kerberos Authentication System?A Public Key Extension. International Journal of Recent Trends in Engineering (May 2009)
Sirbu, M., Chuang, J.: Distributed authentication in Kerberos using public key cryptography. In: IEEE Symposium On Network and Distributed System Security, NDSS 1997 (1997)
Steiner, M., Tsudik, G., Waidner, M.: Diffie-Hellman key distribution extended to group communication. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security, CCS 1996 (1996)
Zhu, L., Tung, B.: RFC 4556: Public key cryptography for initial authentication in Kerberos (PKINIT) (June 2006), http://www.ietf.org/rfc/rfc4556.txt
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xiong, K. (2012). The Performance of Public Key-Based Authentication Protocols. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-34601-9_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34600-2
Online ISBN: 978-3-642-34601-9
eBook Packages: Computer ScienceComputer Science (R0)