Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.

Published byCaren Robertson Modified over 9 years ago

Similar presentations

Presentation on theme: "Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A."— Presentation transcript:

1 Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A. Menasce Presented by Rob Elkind

2 Analyzing the Performance of Authentication Protocols 2 Outline Introduction Kerberos – and extensions Kerberos with Proxy Methodology Simulations – Multiple Realm and Mobile with proxy Conclusion

3 Analyzing the Performance of Authentication Protocols 3 Introduction Use of new modeling methodology for analyzing authentication protocols –Closed queuing network model Two Kerberos examples will be tested Designed to explicitly model performance new protocol design including asymmetric and symmetric encryption

4 Analyzing the Performance of Authentication Protocols 4 Kerberos Overview

5 Analyzing the Performance of Authentication Protocols 5 Kerberos Realms Kerberos realms - networked collection of workstations, servers, and a single master KDC which must: 1. maintain a database of matching user IDs and hashed passwords for registered Kerberos users 2. maintain shared secret keys with each registered application server 3. maintain shared secret keys with remote KDCs in other realms 4. propagate new or changed secret keys and database updates to slave KDCs.

6 Analyzing the Performance of Authentication Protocols 6 Public Key Cryptography Increase scalability Smaller key shared space ~ n 2 vs. n for n users Improved Security Proposals: –PKINIT (core specification) –PKCROSS –PKTAPP

7 Analyzing the Performance of Authentication Protocols 7 PKINIT Overview

8 Analyzing the Performance of Authentication Protocols 8 PKCROSS Overview

9 Analyzing the Performance of Authentication Protocols 9 PKDA Overview (PKTAPP)

10 Analyzing the Performance of Authentication Protocols 10 Proxy server with Kerberos Isolate client and server for security purposes Offload processing from mobile host or network IAKERB Charon

11 Analyzing the Performance of Authentication Protocols 11 Methodology Build model Validate Change parameters Analyze results Add “What ifs”

12 Analyzing the Performance of Authentication Protocols 12 Modeling Topology multiple-realm

13 Analyzing the Performance of Authentication Protocols 13 Validation of Model

14 Analyzing the Performance of Authentication Protocols 14 “What-If” Analyses Vary input parameters to reflect various real world conditions Reflects sensitivity to various operational environments Gives insight into general performance characteristics of the protocol design

15 Analyzing the Performance of Authentication Protocols 15 Analysis of Public-Key-Enabled Kerberos in Large Networks Compare PKTAPP and PKCROSS Simulate using closed queuing network model Use skeleton software to model real world protocol When is it more efficient to authenticate to a central KDC than to individual application servers?

16 Analyzing the Performance of Authentication Protocols 16

17 Analyzing the Performance of Authentication Protocols 17

18 Analyzing the Performance of Authentication Protocols 18 PKCROSS vs. PKTAPP

19 Analyzing the Performance of Authentication Protocols 19 “What-Ifs” Results

20 Analyzing the Performance of Authentication Protocols 20 Analysis Of Public-key-enabled Kerberos In Mobile Computing Environments Reduce the number of public/private key operations performed on the mobile platform. When a proxy is used, maintain the option to preserve the encrypted data stream through the proxy. Retain the standard Kerberos formats for messages sent to the KDC and application server. Preserve the semantics of Kerberos.

21 Analyzing the Performance of Authentication Protocols 21 M-PKINIT

22 Analyzing the Performance of Authentication Protocols 22 MP-PKINIT

23 Analyzing the Performance of Authentication Protocols 23 Modeling Topology M&MP-PKINIT Can use same model as before –Substitute a mobile client for client –Wireless network for LAN –Proxy server for local KDC Adjust branching probabilities to reflect new model paths

24 Analyzing the Performance of Authentication Protocols 24 Model Results

25 Analyzing the Performance of Authentication Protocols 25 Model vs. Simulation

26 Analyzing the Performance of Authentication Protocols 26 “ What-If” Analysis

27 Analyzing the Performance of Authentication Protocols 27 More “What-Ifs”

28 Analyzing the Performance of Authentication Protocols 28 Conclusions Closed queuing model with class switching is a useful tool for analyzing performance in security protocols – supports wide range of operating conditions Skeleton implementation is a good way to work with new ideas that may not be operational yet PKCROSS outperforms PKTAPP for authenticating to more than one server Proxy server benefits 2G speeds but not 3G speeds

29 Analyzing the Performance of Authentication Protocols 29 Thoughts Well written and presented, clear and detailed Good procedural methodology Would be nice to see “What-Ifs” done on the test bed and compared to model as well Skeleton makes assumptions that may alter results when performed with real implementation

30 Analyzing the Performance of Authentication Protocols 30 Questions?

Download ppt "Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
KERBEROS A NETWORK AUTHENTICATION PROTOCOL Nick Parker CS372 Computer Networks.

KERBEROS A NETWORK AUTHENTICATION PROTOCOL Nick Parker CS372 Computer Networks.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Components of GIS.

Components of GIS.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google