Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Advertisements

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
KERBEROS A NETWORK AUTHENTICATION PROTOCOL Nick Parker CS372 Computer Networks.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Chapter 14 – Authentication Applications
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Components of GIS.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
James Johnson. What is it?  A system of authenticating securely over open networks  Developed by MIT in 1983  Based on Needham-Schroeder Extended to.
Lecture 23 Internet Authentication Applications
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CS470, A.SelcukKerberos1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
70-411: Administering Windows Server 2012
Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Key Management. Given a computer network with n hosts, for each host to be able to communicate with any other host would seem to require as many as n*(n-1)
A Distributive Server Alberto Pareja-Lecaros. Introduction Uses of distributive computing - High powered applications - Ever-expanding server so there’s.
Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Data Acquisition in a PACS Weina Ma Sep 24 th, 2013.
Network Security & Accounting
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Efficient Group Key Management in Wireless LANs Celia Li and Uyen Trang Nguyen Computer Science and Engineering York University.
Introduction to Active Directory
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Advanced Authentication Campus-Booster ID: Copyright © SUPINFO. All rights reserved Kerberos.
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
Active-HDL Server Farm Course 11. All materials updated on: September 30, 2004 Outline 1.Introduction 2.Advantages 3.Requirements 4.Installation 5.Architecture.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
1 Example security systems n Kerberos n Secure shell.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Kerberos is a three-headed dog Available as open source or in supported.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.
Cryptography and Network Security
Kerberos Kerberos is a network authentication protocol and it is designed to provide strong authentication for client server applications. It uses secret.
Kerberos: An Authentication Service for Open Network Systems
Network Security – Kerberos
Presentation transcript:

Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A. Menasce Presented by Rob Elkind

Analyzing the Performance of Authentication Protocols 2 Outline Introduction Kerberos – and extensions Kerberos with Proxy Methodology Simulations – Multiple Realm and Mobile with proxy Conclusion

Analyzing the Performance of Authentication Protocols 3 Introduction Use of new modeling methodology for analyzing authentication protocols –Closed queuing network model Two Kerberos examples will be tested Designed to explicitly model performance new protocol design including asymmetric and symmetric encryption

Analyzing the Performance of Authentication Protocols 4 Kerberos Overview

Analyzing the Performance of Authentication Protocols 5 Kerberos Realms Kerberos realms - networked collection of workstations, servers, and a single master KDC which must: 1. maintain a database of matching user IDs and hashed passwords for registered Kerberos users 2. maintain shared secret keys with each registered application server 3. maintain shared secret keys with remote KDCs in other realms 4. propagate new or changed secret keys and database updates to slave KDCs.

Analyzing the Performance of Authentication Protocols 6 Public Key Cryptography Increase scalability Smaller key shared space ~ n 2 vs. n for n users Improved Security Proposals: –PKINIT (core specification) –PKCROSS –PKTAPP

Analyzing the Performance of Authentication Protocols 7 PKINIT Overview

Analyzing the Performance of Authentication Protocols 8 PKCROSS Overview

Analyzing the Performance of Authentication Protocols 9 PKDA Overview (PKTAPP)

Analyzing the Performance of Authentication Protocols 10 Proxy server with Kerberos Isolate client and server for security purposes Offload processing from mobile host or network IAKERB Charon

Analyzing the Performance of Authentication Protocols 11 Methodology Build model Validate Change parameters Analyze results Add “What ifs”

Analyzing the Performance of Authentication Protocols 12 Modeling Topology multiple-realm

Analyzing the Performance of Authentication Protocols 13 Validation of Model

Analyzing the Performance of Authentication Protocols 14 “What-If” Analyses Vary input parameters to reflect various real world conditions Reflects sensitivity to various operational environments Gives insight into general performance characteristics of the protocol design

Analyzing the Performance of Authentication Protocols 15 Analysis of Public-Key-Enabled Kerberos in Large Networks Compare PKTAPP and PKCROSS Simulate using closed queuing network model Use skeleton software to model real world protocol When is it more efficient to authenticate to a central KDC than to individual application servers?

Analyzing the Performance of Authentication Protocols 16

Analyzing the Performance of Authentication Protocols 17

Analyzing the Performance of Authentication Protocols 18 PKCROSS vs. PKTAPP

Analyzing the Performance of Authentication Protocols 19 “What-Ifs” Results

Analyzing the Performance of Authentication Protocols 20 Analysis Of Public-key-enabled Kerberos In Mobile Computing Environments Reduce the number of public/private key operations performed on the mobile platform. When a proxy is used, maintain the option to preserve the encrypted data stream through the proxy. Retain the standard Kerberos formats for messages sent to the KDC and application server. Preserve the semantics of Kerberos.

Analyzing the Performance of Authentication Protocols 21 M-PKINIT

Analyzing the Performance of Authentication Protocols 22 MP-PKINIT

Analyzing the Performance of Authentication Protocols 23 Modeling Topology M&MP-PKINIT Can use same model as before –Substitute a mobile client for client –Wireless network for LAN –Proxy server for local KDC Adjust branching probabilities to reflect new model paths

Analyzing the Performance of Authentication Protocols 24 Model Results

Analyzing the Performance of Authentication Protocols 25 Model vs. Simulation

Analyzing the Performance of Authentication Protocols 26 “ What-If” Analysis

Analyzing the Performance of Authentication Protocols 27 More “What-Ifs”

Analyzing the Performance of Authentication Protocols 28 Conclusions Closed queuing model with class switching is a useful tool for analyzing performance in security protocols – supports wide range of operating conditions Skeleton implementation is a good way to work with new ideas that may not be operational yet PKCROSS outperforms PKTAPP for authenticating to more than one server Proxy server benefits 2G speeds but not 3G speeds

Analyzing the Performance of Authentication Protocols 29 Thoughts Well written and presented, clear and detailed Good procedural methodology Would be nice to see “What-Ifs” done on the test bed and compared to model as well Skeleton makes assumptions that may alter results when performed with real implementation

Analyzing the Performance of Authentication Protocols 30 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.