Performance of public-key-enabled Kerberos authentication in large networks

Author

Harbitter, Alan H. ; Menascé, Daniel A.

fYear

2001

fDate

2001

Firstpage

170

Lastpage

183

Abstract

Several proposals have been made to public-key-enable various stages of the secret-key-based Kerberos network authentication protocol. The computational requirements of public key cryptography are much higher than those of secret key cryptography, and the substitution of public key encryption algorithms for secret key algorithms impacts performance. This paper uses closed, class-switching queuing models to demonstrate the quantitative performance differences between PKCROSS and PKTAPP - two proposals for public-key-enabling Kerberos. Our analysis shows that, while PKTAPP is more efficient for authenticating to a single server, PKCROSS outperforms the simpler protocol if there are two or more remote servers per remote realm. This heuristic can be used to guide a high-level protocol that combines both methods of authentication to improve performance

Keywords

message authentication; network operating systems; protocols; public key cryptography; PKCROSS; PKTAPP; closed class-switching queuing models; high-level protocol; large networks; public key cryptography; public-key-enabled Kerberos authentication; public-key-enabling Kerberos; secret key cryptography; secret-key-based Kerberos network authentication protocol; Authentication; Cryptographic protocols; High performance computing; Intelligent networks; Network servers; Operating systems; Performance analysis; Proposals; Public key; Public key cryptography;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on

Conference_Location

Oakland, CA

ISSN

1081-6011

Print_ISBN

0-7695-1046-9

Type

conf

DOI

10.1109/SECPRI.2001.924297

Filename

924297