Improving Kerberos Ticket Acquisition during Application Service Access Control
详细信息 查看全文
- 作者:Fernando Pere?iguez-Garcia (19)
Rafael Marin-Lopez (19)
Antonio F. Skarmeta-Gomez (19) - 关键词:Ticket pre ; distribution ; Kerberos ; Access Control
- 刊名:Lecture Notes in Computer Science
- 出版年:2013
- 出版时间:2013
- 年:2013
- 卷:8058
- 期:1
- 页码:13-23
- 全文大小:636KB
- 参考文献:1. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). IETF RFC 4120 (July 2005)
2. The MIT Kerberos Consortium, kerberos.org" class="a-plus-plus"> http://www.kerberos.org (last access date: May 20, 2013)
3. Information Technology Security: Governance, Strategy, and Practice, http://net.educause.edu/ir/library/pdf/LIVE041.pdf (last access date: May 20, 2013)
4. Marin Lopez, R., Pereniguez Garcia, F., Ohba, Y., Bernal Hidalgo, F., Gomez Skarmeta, A.F.: A Kerberized Architecture for Fast Re-authentication in Heterogeneous Wireless Networks. MONET?15(3), 392-12 (2010)
5. Mishra, A., Shin, M., Petroni, N., Clancy, C., Arbaugh, W.: Proactive Key Distribution Using Neighbor Graphs. IEEE Wireless Communication?11, 26-6 (2004) CrossRef
6. Pack, S., Choi, Y.: Fast Inter-AP Handoff using Predictive-Authentication Scheme in a Public Wireless LAN. In: Proc. of IEEE Networks 2002 (Joint ICN 2002 and ICWLHN 2002) (August 2002)
7. Ohba, Y., Wu, Q., Zorn, G.: Extensible Authentication Protocol (EAP) Early Authentication Problem Statement. IETF RFC 5836 (April 2010)
8. Dantu, R., Clothier, G., Atri, A.: EAP methods for wireless networks. Elsevier Computer Standards & Interfaces?29, 289-01 (2007) CrossRef
9. Marin-Lopez, R., Pereniguez, F., Ohba, Y., Bernal, F., Skarmeta, A.F.: A Transport-Based Architecture for Fast Re-Authentication in Wireless Networks. In: Proc. of IEEE Sarnoff Symposium 2009, Princeton, USA. IEEE Computer Society Press (2009)
10. Project Walkie-Talkie: Vehicular Communication Systems to Enable Safer, Smarter, and Greener Transportation (TIN2011-27543-C03), http://www.grc.upv.es/walkietalkie/index.html
11. Fernandez-Ruiz, P.J., Nieto-Guerra, C., Gómez-Skarmeta, A.F.: Deployment of a Secure Wireless Infrastructure Oriented to Vehicular Networks. In: AINA, pp. 1108-114 (2010)
12. MIT Kerberos Distribution, http://web.mit.edu/Kerberos/ (last access date: May 20, 2013)
13. WIRESHARK, http://www.wireshark.org (last access date: May 20, 2013) - 作者单位:Fernando Pere?iguez-Garcia (19)
Rafael Marin-Lopez (19)
Antonio F. Skarmeta-Gomez (19)
19. Faculty of Computer Science, University of Murcia, Murcia, E-30100, Spain
文摘
Kerberos is one of the most deployed protocols to achieve a controlled access to application services by ensuring a secure authentication and key distribution process. Given its growing popularity, Kerberos is envisaged to become a widespread solution for single sign-on access. For this reason, the evolution of the protocol still continues in order to address new features or challenges which were not considered when initially designed. This paper focuses on the ticket acquisition process and proposes a new mechanism called Kerberos Ticket Pre-distribution that reduces the time required to recover tickets from the Key Distribution Center (KDC). We offer a flexible solution which is able to work in three different modes of operation, depending on what entity (the user, the network or both) controls the pre-distribution process. By employing the extensibility mechanisms available in Kerberos, we maintain interoperability with current implementations without compromising the security and robustness of the protocol. Using an implemented prototype, we evaluate our solution and demonstrate that our proposal significantly improves the standard Kerberos ticket acquisition process.