An Authentication Protocol to Address the Problem of the Trusted 3rd Party Authentication Protocols
The development of authentication protocols to secure networks, data and resources is one of the main interests in ensuring secure communication in modern world. Kerberos is a widely used computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. This paper presents a general approach for the analysis and verification of authentication properties in Kerberos. The work presented is an attempt to combine Kerberos and Key-Exchange Protocol with the aid of the security protocol compiler, CASPER and the Failures-Divergence Refinement (FDR) in order to minimize the success of attacks against protocol's authentication. FDR is used to generate Communicating Sequential Processes (CSP) definition of the protocol. An authentication protocol has been developed to improve secure authentication in Kerberos.
Unable to display preview. Download preview PDF.
- S. M. Bellovin, and M. Merritt. “Limitations of the Kerberos Authentication System”. USENIX winter 1991, pp.253-268. 1991Google Scholar
- A. W. Roscoe “CSP and Determinism in Security Modelling”. IEEE Symposium on Security and Privacy. pp. 114-127, 1995Google Scholar
- G. Lowe. “CASPER: A Compiler for the Analysis of Security Protocols”. Proceedings of the 10 th Computer Security Foundation Workshop. pp.18-30., 1998Google Scholar
- C. A. Hoare. “Communication Sequence Process”. Prentice- Hall, International Englewood Cliffs. New Jersey. 1985Google Scholar
- A. Mishra and W. A. Arbaugh. “An Initial Security Analysis of the IEEE 802.1X Standard”, White paper, UMIACS-TR-2002-10, February 2002.Google Scholar
- M. R. Needham and M.D. Schroeder. “Using Encryption for Authentication in Large Networks of Computers.” Communication ACM (21) pp.993–999, 1978Google Scholar
- Y. Kirsal, A. Eneh and O. Gemikonakli, “A Solution to the Problem of Trusted Third Party for IEEE 802.11b Networks”. PGNET2005, Liverpool UK, pp.333-339, 2005Google Scholar
- S. Schneider. “Verifying authentication protocols with CSP” 10th Computer Security Foundations Workshop, IEEE. pp.741-758, 1997Google Scholar
-  “Security White Paper Evolution, Requirements, and Options” Available: http://wifiplanet.com/tutorials/articles.php/965471 [Accessed: 27 April 2005]Google Scholar
- A. H. Eneh., O. Gemikonakli and R. Comley. “Security of Electronic Commerce Authentication Protocols in Economically Deprived Communities”, The Fifth Security Conference 2006, Las Vegas, Nevada, April 2006, ISBN: 0-9772107-2-3.Google Scholar