Skip to main content
SpringerLink
Log in

The Performance of Public Key-Based Authentication Protocols

  • Conference paper
Network and System Security (NSS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7645))

Included in the following conference series:

  • 1272 Accesses

Abstract

Kerberos has revolved over the past 20 years. Kerberos and its variants have been extensively used in a variety of commuting systems since 1999. Among them, there have been several techniques and protocols to integrate public key cryptography into Kerberos. Public-Key Cross Realm Authentication in Kerberos (PKCROSS) is one of these protocols. It has been proposed to simplify the administrative burden of maintaining cross-realm keys so that it improves the scalability of Kerberos in large multi-realm networks. Public Key Utilizing Tickets for Application Servers (PKTAPP) is another protocol that has been suggested to improve the scalability issue of PKCROSS. Performance evaluation is a fundamental consideration in the design of security protocols. But, the performance of these two protocols has been poorly understood in a large-scale network. In this paper, we present an efficient way to study the performance of PKCROSS and PKTAPP. Our thorough performance analysis of these two protocols shows that PKTAPP does not scale better than PKCROSS. In this paper, we report our recent results of when PKCROSS still outperforms than PKTAPP in multiple remote realms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amir, Y., Kim, Y., Nita-Rotaru, C., Tsudik, G.: On the performance of group key agreement protocols. ACM Transactions on Information and Systems Security (TISSEC) 7(3), 1–32 (2004)

    Google Scholar 

  2. Amir, Y., Kim, Y., Nita-Rotaru, C., Schultz, J., Stanton, J., Tsudik, G.: Secure group communication using robust contributory key agreement. IEEE Transactions on Parallel and Distributed Systems 15(5), 468–480 (2004)

    Article  Google Scholar 

  3. Al-Janabi, S.: Public-Key Cryptography Enabled Kerberos Authentication. In: Developments in E-systems Engineering, DeSE (2011)

    Google Scholar 

  4. Altman, J.: NIST PKI 2006: Integrating PKI and Kerberos (2007), http://www.secure-endpoints.com/talks/nist-pki-06-kerberos.pdf

  5. Altman, J.: Personal communication (2007)

    Google Scholar 

  6. Barry, D.: Web Services and Service-Oriented Architecture: Your Road Map to Emerging IT. Morgan Kaufmann (2003)

    Google Scholar 

  7. Bruell, S., Balbo, G.: Computerational Algorithms for Closed Queueing Netowrks. In: Denning, P.J. (ed.) Science Library. Elsevier North Holland, Inc., New York (1980)

    Google Scholar 

  8. Buckley, S.: MIT Kerberos Consortium Proposal to Sponsors (2008), http://www.kerberos.org/join/overview.pdf

  9. CITI. kx509 and KCA (2006), http://www.citi.umich.edu/projects/kerb_pki/

  10. Dai, W.: Crypto++ 3.1 benchmarks (2007), http://www.eskimo.com/~weidai/benchmark.html

  11. Davis, D.: Kerberos plus RSA for world wide web security. In: Proceedings of the First USENIX UNIX Workshop on Electronic Commerce, New York City, New York (July 1995)

    Google Scholar 

  12. Davis, D.: Compliance defects in public-key cryptography. In: Proceedings of the Sixth USENIX UNIX Security Symposium (USENIX Security 1996), San Jose, California (July 1996)

    Google Scholar 

  13. Dongara, P., Vijaykumar, T.N.: Accelerating private-key cryptography via multithreading on symmetric multiprocessors. In: Proc. IEEE Int’l Symp. Performance Analysis of Systems and Software (ISPASS 2003), pp. 58–69. IEEE Press (2003)

    Google Scholar 

  14. Doster, W., Watts, M., Hyde, D.: The KX.509 Protocol (2001), http://www.citi.umich.edu/techreports/reports/citi-tr-01-2.pdf

  15. Garman, J.: Kerberos: The Definitive Guide. O’Reilly (2003)

    Google Scholar 

  16. Kirsal, Y., Gemikonakli, O.: Further Improvements to the Kerberos Timed Authentication Protocol. In: Sobh, T., Elleithy, K., Mahmood, A., Karim, M. (eds.) Novel Algorithms and Techniques In Telecommunications, Automation and Industrial Electronics. Springer (2008)

    Google Scholar 

  17. Liang, W., Wang, W.: A Quantitative study of authentication and QoS in Wireless IP Networks. In: Proceedings of the 24th IEEE Conference on Computer Communications, INFOCOM (2005)

    Google Scholar 

  18. Hardjono, T.: Kerberos on the Web: Update. MIT Kerberos Consortium (December 2005), http://www.kerberos.org/events/Board-3-30-09/3-hardjono-kerbweb.pdf

  19. Heimdal. PKCROSS for Heimdal (April 2008), http://www.taca.jp/krb-cross-realm/pkcross-heimdal.html

  20. Heimdal. Initial version of PKCROSS Implementation. Heimdal Discussion Mailing List (April 2008), http://www.stacken.kth.se/lists/heimdal-discuss/2008-04/msg00004.html

  21. Harbitter, A., Menasce, D.: Perofrmance of public-key-enabled Kerberos authentication in large networks. In: Proceedings of 2001 IEEE Symposium on Security and Privacy, Oakland, California (2001)

    Google Scholar 

  22. Hur, M., Tung, B., Ryutov, T., Neuman, C., Medvinsky, A., Tsudik, G., Sommerfeld, B.: Public key cryptography for cross-realm authentication in Kerberos (PKCROSS) (May 2001), http://tools.ietf.org/html/draft-ietf-cat-kerberos-pk-cross-07

  23. Kaufman, C.: Internet Key Exchange (IKEv2) Protocol (December 2005), http://www.ietf.org/rfc/rfc4306.txt

  24. Kohl, J., Neuman, C.: RFC 1510: The Kerberos network authentication service, v5 (1993), http://rfc.net/rfc1510.html

  25. KX.509. KX.509 Source (2007), http://kx509.cvs.sourceforge.net/kx509/

  26. Medvinsky, A., Hur, M., Neuman, C.: Public key utilizing tickets for application servers (PKTAPP) (January 1997), http://tools.ietf.org/html/draft-ietf-cat-pktapp-00

  27. The MIT Kerberos Consortium. Proposal for corporate sponsors (2007), http://www.kerberos.org/join/proposal.pdf

  28. Muntz, R., Chandy, K., Baskett, F., Palacios, F.: Open, closed, and mixed networks of queues with different classes of customers. Journal of the ACM (April 1975)

    Google Scholar 

  29. Neuman, B., Tung, B., Way, J., Trostle, J.: Public key cryptography for initial authentication in Kerberos servers (PKINIT 2002) (October 2002), http://ietf.org/internet-drafts/draft-ietf-cat-Kerberos-pk-init-02.txt

  30. Patel, A., Leung, K., Khalil, M., Akhtar, H.: Authentication protocol for mobile IPv6 (2006), http://www.rfc-editor.org/rfc/rfc4285.txt

  31. Pathan, K., Deshmukh, S., Deshmukh, R.: Kerberos Authentication System?A Public Key Extension. International Journal of Recent Trends in Engineering (May 2009)

    Google Scholar 

  32. Sirbu, M., Chuang, J.: Distributed authentication in Kerberos using public key cryptography. In: IEEE Symposium On Network and Distributed System Security, NDSS 1997 (1997)

    Google Scholar 

  33. Steiner, M., Tsudik, G., Waidner, M.: Diffie-Hellman key distribution extended to group communication. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security, CCS 1996 (1996)

    Google Scholar 

  34. Zhu, L., Tung, B.: RFC 4556: Public key cryptography for initial authentication in Kerberos (PKINIT) (June 2006), http://www.ietf.org/rfc/rfc4556.txt

Download references

Author information

Authors and Affiliations

  1. College of Computing and Information Sciences, Rochester Institute of Technology, Rochester, NY, 14623, USA

    Kaiqi Xiong

Authors
  1. Kaiqi Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Mathematics and Computer Science, Fujian Normal University, 350108, Fuzhou, Fujian, China

    Li Xu

  2. Department of Computer Science, CERIAS and Cyber Center, Purdue University, 47907-2107, West Lafayette, IN, USA

    Elisa Bertino

  3. School of Computer Science and Software Engineering, University of Wollongong, 2522, Wollongong, NSW, Australia

    Yi Mu

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xiong, K. (2012). The Performance of Public Key-Based Authentication Protocols. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34601-9_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34600-2

  • Online ISBN: 978-3-642-34601-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation