Title :
An improved Kerberos protocol based on Diffie-Hellman-DSA key exchange
Author :
Zhao Hu ; Yuesheng Zhu ; Limin Ma
Author_Institution :
Shenzhen Grad. Sch., Peking Univ., Shenzhen, China
Abstract :
Kerberos is a widely-used network authentication protocol based on a trusted third-party. PKINIT, an enhanced Kerberos protocol which uses PKI mechanism, can prevent the password guessing attack, however, it introduces excessive amount of computational power. To enhance the security performance and computation efficiency of Kerberos, in this paper an improved Kerberos protocol based on Diffie-Hellman-DSA (DH-DSA) key exchange is proposed. Mutual authentication and key exchange between the client and Authentication Server (AS) can be simultaneously achieved with the proposed approach. Our experimental and analysis results have demonstrated that this new protocol can resist the password guessing attack and is more efficient and easily deployed than PKINIT.
Keywords :
cryptographic protocols; message authentication; public key cryptography; trusted computing; DH-DSA key exchange; Diffie-Hellman-DSA key exchange; PKI mechanism; PKINIT; authentication server; computation efficiency; computational power; enhanced Kerberos protocol; mutual authentication; password guessing attack; security performance enhancement; trusted third-party; widely-used network authentication protocol; Authentication; Digital signatures; Protocols; Public key; Servers; Diffie-Hellman-DSA key exchange; Kerberos; PKINIT; authentication; password guessing attack;
Conference_Titel :
Networks (ICON), 2012 18th IEEE International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4673-4521-7
DOI :
10.1109/ICON.2012.6506591
