Abstract
The increasing popularity of distributed web has promoted the development of new techniques to support various kinds of applications. However, users are faced with insecurity due to its inherent untrustworthiness. An identity (ID) authentication mechanism was presented. Using Kerberos protocol, Local web and Remote web could authenticate the client. If mutual authentication was required, client could also authenticate Local web and Remote web. Moreover, encryption function in the authentication process adopted Rijndael encryption algorithm of AES (Advanced Encryption Standard). Security analysis proves that this authentication process is no-impersonating and has highly availability, and also shows it is transparent and scalable and resisting attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Seixas, N., Fonseca, J., Vieira, M.: Looking at Web Security Vulnerabilities from the Programming Language Perspective: A Field Study. Software Reliability Engineering 1, 129–135 (2009)
Vieira, M., Antunes, N., Madeira, H.: Using web security scanners to detect vulnerabilities in web services. In: IEEE/IFIP International Conference on dependable systems & networks, vol. 1, pp. 566–571 (2009)
Rehbock, S., Hunt, R.: Trustworthy clients: Extending TNC to web-based environments. Computer Communications 32(5), 1006–1013 (2009)
Basso, A., Sicco, S.: Preventing massive automated access to web resources Computers & Security, vol. 28(3-4), pp. 174–188 (2009)
Yamany, H.F.E.L., Capretz, M.A.M., Allison, D.S.: Intelligent security and access control framework for service-oriented architecture. Information and Software Technology 52(2), 220–236 (2010)
Han, S., Dillon, T., Chang, E.: Secure web services using two-way authentication and three-party key establishment for service delivery. Journal of Systems Architecture 55(4), 233–242 (2009)
Steiner, J.G., Neuman, C., Schiller, J.I.: Kerberos: An Authentication Service for Open Network Systems. In: Proceedings of the 1988 Winter USENIX Conference, pp. 191–202 (February 1988)
Whitman, M.E., Mattord, H.J.: Principles of Information Security, 3rd edn. Thomson Course Technology (2006)
Muda, Z., Mahmod, R., Sulong, M.R.: Key transformation approach for Rijndael security, pp. 290-297 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lai-Cheng, C. (2010). Enhancing Distributed Web Security Based on Kerberos Authentication Service. In: Wang, F.L., Gong, Z., Luo, X., Lei, J. (eds) Web Information Systems and Mining. WISM 2010. Lecture Notes in Computer Science, vol 6318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16515-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-16515-3_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16514-6
Online ISBN: 978-3-642-16515-3
eBook Packages: Computer ScienceComputer Science (R0)