Improving Kerberos Ticket Acquisition during Application Service Access Control

Pereñiguez-Garcia, Fernando; Marin-Lopez, Rafael; Skarmeta-Gomez, Antonio F.

doi:10.1007/978-3-642-40343-9_1

Fernando Pereñiguez-Garcia¹⁹,
Rafael Marin-Lopez¹⁹ &
Antonio F. Skarmeta-Gomez¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8058))

Included in the following conference series:

International Conference on Trust, Privacy and Security in Digital Business

1001 Accesses

Abstract

Kerberos is one of the most deployed protocols to achieve a controlled access to application services by ensuring a secure authentication and key distribution process. Given its growing popularity, Kerberos is envisaged to become a widespread solution for single sign-on access. For this reason, the evolution of the protocol still continues in order to address new features or challenges which were not considered when initially designed. This paper focuses on the ticket acquisition process and proposes a new mechanism called Kerberos Ticket Pre-distribution that reduces the time required to recover tickets from the Key Distribution Center (KDC). We offer a flexible solution which is able to work in three different modes of operation, depending on what entity (the user, the network or both) controls the pre-distribution process. By employing the extensibility mechanisms available in Kerberos, we maintain interoperability with current implementations without compromising the security and robustness of the protocol. Using an implemented prototype, we evaluate our solution and demonstrate that our proposal significantly improves the standard Kerberos ticket acquisition process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 49.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). IETF RFC 4120 (July 2005)
Google Scholar
The MIT Kerberos Consortium, http://www.kerberos.org (last access date: May 20, 2013)
Information Technology Security: Governance, Strategy, and Practice, http://net.educause.edu/ir/library/pdf/LIVE041.pdf (last access date: May 20, 2013)
Marin Lopez, R., Pereniguez Garcia, F., Ohba, Y., Bernal Hidalgo, F., Gomez Skarmeta, A.F.: A Kerberized Architecture for Fast Re-authentication in Heterogeneous Wireless Networks. MONET 15(3), 392–412 (2010)
Google Scholar
Mishra, A., Shin, M., Petroni, N., Clancy, C., Arbaugh, W.: Proactive Key Distribution Using Neighbor Graphs. IEEE Wireless Communication 11, 26–36 (2004)
Article Google Scholar
Pack, S., Choi, Y.: Fast Inter-AP Handoff using Predictive-Authentication Scheme in a Public Wireless LAN. In: Proc. of IEEE Networks 2002 (Joint ICN 2002 and ICWLHN 2002) (August 2002)
Google Scholar
Ohba, Y., Wu, Q., Zorn, G.: Extensible Authentication Protocol (EAP) Early Authentication Problem Statement. IETF RFC 5836 (April 2010)
Google Scholar
Dantu, R., Clothier, G., Atri, A.: EAP methods for wireless networks. Elsevier Computer Standards & Interfaces 29, 289–301 (2007)
Article Google Scholar
Marin-Lopez, R., Pereniguez, F., Ohba, Y., Bernal, F., Skarmeta, A.F.: A Transport-Based Architecture for Fast Re-Authentication in Wireless Networks. In: Proc. of IEEE Sarnoff Symposium 2009, Princeton, USA. IEEE Computer Society Press (2009)
Google Scholar
Project Walkie-Talkie: Vehicular Communication Systems to Enable Safer, Smarter, and Greener Transportation (TIN2011-27543-C03), http://www.grc.upv.es/walkietalkie/index.html
Fernandez-Ruiz, P.J., Nieto-Guerra, C., Gómez-Skarmeta, A.F.: Deployment of a Secure Wireless Infrastructure Oriented to Vehicular Networks. In: AINA, pp. 1108–1114 (2010)
Google Scholar
MIT Kerberos Distribution, http://web.mit.edu/Kerberos/ (last access date: May 20, 2013)
WIRESHARK, http://www.wireshark.org (last access date: May 20, 2013)

Download references

Author information

Authors and Affiliations

Faculty of Computer Science, University of Murcia, Murcia, E-30100, Spain
Fernando Pereñiguez-Garcia, Rafael Marin-Lopez & Antonio F. Skarmeta-Gomez

Authors

Fernando Pereñiguez-Garcia
View author publications
You can also search for this author in PubMed Google Scholar
Rafael Marin-Lopez
View author publications
You can also search for this author in PubMed Google Scholar
Antonio F. Skarmeta-Gomez
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Centre for Security Communications and Network Research, Plymouth University, PL4 8AA, Plymouth, UK
Steven Furnell
Department of Digital Systems, University of Piraeus, 18532, Piraeus, Greece
Costas Lambrinoudakis
Computer Science Department, University of Malaga, Campus de Teatinos s/n, 29071, Malaga, Spain
Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Pereñiguez-Garcia, F., Marin-Lopez, R., Skarmeta-Gomez, A.F. (2013). Improving Kerberos Ticket Acquisition during Application Service Access Control. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2013. Lecture Notes in Computer Science, vol 8058. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40343-9_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-40343-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40342-2
Online ISBN: 978-3-642-40343-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics