Improvement Public Key Kerberos Using Identity-Based Signcryption

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 150)


Several proposals have been developed that add public key cryptography to various stages of Kerberos to make the protocol work with large user communities and Public Key Infrastructures (PKI). But a man-in-the-middle attack on PKINIT allows an attacker to impersonate Kerberos administrative principals and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys which an Authentication Server (AS) normally generates to encrypt the service requests of this client, hence defeating confidentiality as well. In this paper we provide alternative approach as Public crypto system instead of traditional public key infrastructure. This paper proposed used identity-based signcryption in Kerberos, that is eliminate need to public key certification that used in PKI by used identity of user as public key, and prevent the men-in-the-middle attacker from obtain the authentication key or impersonate Kerberos administrative principals. The identity-based signcryption used to sign and encrypt the message in a same algorithm in order to achieve authentication and confidentiality, also to avoid modified it during transmission.


Kerberos Public key cryptography Identity-based signcryption Man-in-middle-attack 


  1. 1.
    Pathan SK, Deshmukh SN, Deshmukh RR (2009) Kerberos authentication system–a public key extension. Int J Recent Trend Eng 1(2):15–18Google Scholar
  2. 2.
    Wen L, Hai C, Xingjian L, Hong Z (2010) An improved kerberos scheme based on dynamic password. Int J Inf Technol Comput Sci, MECS 2(2):33–39Google Scholar
  3. 3.
    Tung B, Neuman C, Hur M, Medvinsky A, Medvinsky S, Wray J,Trostle J (1997) Public key cryptography for initial authentication in kerberos, RFC 1510.Google Scholar
  4. 4.
    Farhana S Munnee, Jonnavitula A (2007), Kerberos using public key cryptography, GMU-ECE 646Google Scholar
  5. 5.
    Tung B et al (2001) Public key Cryptography for initial authentication in kerberos, draft-ietf-cat-kerberos-pk-init-12.txt, RFC 1510Google Scholar
  6. 6.
    Tung B et al (1998) Public key cryptography for cross-realm authentication in kerberos, draft-ietf-cat-kerberos-pk-cross-04.txt, RFC 1510Google Scholar
  7. 7.
    Medvinsky A, et al (2001) Public key utilizing tickets for application servers (PKTAPP)”, draft-ietf-cat-kerberos-pk-tapp-03.txtGoogle Scholar
  8. 8.
    Cervesato I, Jaggard AD, Scedrov A, Tsay J-K, Walstad C (2007) Breaking and fixing public-key kerberos, pp 311–358Google Scholar
  9. 9.
    Sirbu MA, Chung-I Chuang J (1997) Distributed authentication in kerberos using public key cryptography. In:Symposium on Network and distributed system security, San Diego, CA, 10–11 Feb 1997Google Scholar
  10. 10.
    Shamir A (1984) Identity-based cryptosystems and signature schemes. In: Blakley GR, Chaum D (eds) Advances in cryptology–crypto’84, volume 196 of Lecture Notes in Computer Science. Springer, Berlin, pp 47–53Google Scholar
  11. 11.
    Dent AW, Zheng Y (2010) Practical Signcryption. Springer, BerlinGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.College of Administration and Economic-RamadiAnbar UniversityAnbarIraq

Personalised recommendations