Abstract
Kerberos is one of the most deployed protocols to achieve a controlled access to application services by ensuring a secure authentication and key distribution process. Given its growing popularity, Kerberos is envisaged to become a widespread solution for single sign-on access. For this reason, the evolution of the protocol still continues in order to address new features or challenges which were not considered when initially designed. This paper focuses on the ticket acquisition process and proposes a new mechanism called Kerberos Ticket Pre-distribution that reduces the time required to recover tickets from the Key Distribution Center (KDC). We offer a flexible solution which is able to work in three different modes of operation, depending on what entity (the user, the network or both) controls the pre-distribution process. By employing the extensibility mechanisms available in Kerberos, we maintain interoperability with current implementations without compromising the security and robustness of the protocol. Using an implemented prototype, we evaluate our solution and demonstrate that our proposal significantly improves the standard Kerberos ticket acquisition process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). IETF RFC 4120 (July 2005)
The MIT Kerberos Consortium, http://www.kerberos.org (last access date: May 20, 2013)
Information Technology Security: Governance, Strategy, and Practice, http://net.educause.edu/ir/library/pdf/LIVE041.pdf (last access date: May 20, 2013)
Marin Lopez, R., Pereniguez Garcia, F., Ohba, Y., Bernal Hidalgo, F., Gomez Skarmeta, A.F.: A Kerberized Architecture for Fast Re-authentication in Heterogeneous Wireless Networks. MONETĀ 15(3), 392ā412 (2010)
Mishra, A., Shin, M., Petroni, N., Clancy, C., Arbaugh, W.: Proactive Key Distribution Using Neighbor Graphs. IEEE Wireless CommunicationĀ 11, 26ā36 (2004)
Pack, S., Choi, Y.: Fast Inter-AP Handoff using Predictive-Authentication Scheme in a Public Wireless LAN. In: Proc. of IEEE Networks 2002 (Joint ICN 2002 and ICWLHN 2002) (August 2002)
Ohba, Y., Wu, Q., Zorn, G.: Extensible Authentication Protocol (EAP) Early Authentication Problem Statement. IETF RFC 5836 (April 2010)
Dantu, R., Clothier, G., Atri, A.: EAP methods for wireless networks. Elsevier Computer Standards & InterfacesĀ 29, 289ā301 (2007)
Marin-Lopez, R., Pereniguez, F., Ohba, Y., Bernal, F., Skarmeta, A.F.: A Transport-Based Architecture for Fast Re-Authentication in Wireless Networks. In: Proc. of IEEE Sarnoff Symposium 2009, Princeton, USA. IEEE Computer Society Press (2009)
Project Walkie-Talkie: Vehicular Communication Systems to Enable Safer, Smarter, and Greener Transportation (TIN2011-27543-C03), http://www.grc.upv.es/walkietalkie/index.html
Fernandez-Ruiz, P.J., Nieto-Guerra, C., GĆ³mez-Skarmeta, A.F.: Deployment of a Secure Wireless Infrastructure Oriented to Vehicular Networks. In: AINA, pp. 1108ā1114 (2010)
MIT Kerberos Distribution, http://web.mit.edu/Kerberos/ (last access date: May 20, 2013)
WIRESHARK, http://www.wireshark.org (last access date: May 20, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
PereƱiguez-Garcia, F., Marin-Lopez, R., Skarmeta-Gomez, A.F. (2013). Improving Kerberos Ticket Acquisition during Application Service Access Control. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2013. Lecture Notes in Computer Science, vol 8058. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40343-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-40343-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40342-2
Online ISBN: 978-3-642-40343-9
eBook Packages: Computer ScienceComputer Science (R0)