The performance of public key-enabled kerberos authentication in mobile computing applications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

The performance of public key-enabled kerberos authentication in mobile computing applications

Full text

Pdf (419 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 8th ACM conference on Computer and Communications Security table of contents

Philadelphia, PA, USA

Session: Mobile Code and Distributed Systems table of contents

Pages: 78 - 85

Year of Publication: 2001

ISBN:1-58113-385-5

Authors

Alan Harbitter	PEC Solutions, Inc., Fairfax, VA
Daniel A. Menascé	George Mason University, Fairfax, VA

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 114, Citation Count: 7

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/501983.501995 What is a DOI?

ABSTRACT

Authenticating mobile computing users can require a significant amount of processing and communications resources-particularly when protocols based on public key encryption are invoked. These resource requirements can result in unacceptable response times for the user. In this paper, we analyze adaptations of the public key-enabled Kerberos network authentication protocol to a mobile platform by measuring the service time of a "skeleton" implementation and constructing a closed queuing network model. Our adaptation of Kerberos introduces a proxy server between the client and the server to mitigate potential performance deficiencies and add functional benefits. Our analysis indicates that assistance from the proxy makes public key Kerberos a viable authentication protocol from a performance perspective. However, as wireless network speeds increase from current 2G levels to the 3G targets, the proxy can become a response time liability. The proxy's role in the protocol, while warranted in current applications, will have to be re-modeled and re-considered as both wireless transmission speeds and proxy processing speeds increase.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Tung, B., et al., Public Key Cryptography for Initial Authentication in Kerberos, 2001: http://www.ietf.org /internet-drafts/draft-ietf-cat-kerberos-pk-init-12.txt.
	2	Bruce Zenel, A general purpose proxy filtering mechanism applied to the mobile environment, Wireless Networks, v.5 n.5, p.391-409, Oct. 1999 [doi>10.1023/A:1019131902063]
	3	Armando Fox , Steven D. Gribble, Security on the move: indirect authentication using Kerberos, Proceedings of the 2nd annual international conference on Mobile computing and networking, p.155-164, November 1996, Rye, New York, United States [doi>10.1145/236387.236439]
	4	Wireless Application Forum, Ltd. 2000, Wireless Application Protocol Wireless Transport Layer Security Specification, WAP-199-WTLS, February 18, 2000.
	5	MIT, Kerberos: The Network Authentication Protocol, 1998, http://web.mit.edu/kerberos/www/.
	6	Charlie Kaufman , Radia Perlman , Mike Speciner, Network security: private communication in a public world, Prentice-Hall, Inc., Upper Saddle River, NJ, 1995
	7	Michael Burrows , Martin Abadi , Roger Needham, A logic of authentication, ACM Transactions on Computer Systems (TOCS), v.8 n.1, p.18-36, Feb. 1990 [doi>10.1145/77648.77649]
	8	Khare, R., W* Effect Considered Harmful, 1999, 4K Associates.
	9	Jormalainen, S. and J. Laine, Security in the WTLS, 1999, Helsinki University of Technology: Helsinki.
	10	DeJesus, E.X., Locking Down the..., in Information Security Magazine. 2000.
	11	Cylink, "Closing the 'Gap in WAP'", 2000.
	12	WAP, Wireless Application Protocl TLS Profile and Tunneling Specification, 2000.
	13	Medvinsky, A., et al., Public Key Utilizing Tickets for Application Servers (PKTAPP), 1997: http://www.ietf.org /internet-drafts/draft-ietf-cat-kerberos-pk-tapp-03.txt.
	14	Hur, M., et al., Public Key Cryptography for Cross-Realm Authentication in Kerberos, 2000: http://www.ietf.org /internet-drafts/draft-ietf-cat-kerberos-pk-cross-06.txt.
	15	Tung, B., et al., Public Key Cryptography for Cross-Realm Authentication in Kerberos, 1998: http://www.internic.net /internet-drafts/draft-ietf-cat-derberos-pk-cross-03.txt.
	16	Daniel A. Menasce , Virgilio Almeida, Capacity Planning for Web Services: metrics, models, and methods, Prentice Hall PTR, Upper Saddle River, NJ, 2001
	17	Personal Communications Industry Association, Market Demand Forecast for Terrestrial Third Generation (IMT-2000) Service for the Peronal Communications Industry Association, 1998.
	18	Taschler, S., Datakey CIP 3.0 Whitepaper, 1997.
	19	Consideration of Smart Cards as the DoD PKI Authentication Device Carrier, 2000, Office of the Secretary of Defense.
	20	Apostolopoulos, G., V. Peris, and D. Saha. Transport Layer Security: How much does it really cost? in IEEE INFOCOM. 1999.
	21	Alan H. Harbitter , Daniel A. Menascé, Performance of Public-Key-Enabled Kerberos Authentication in Large Networks, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.170, May 14-16, 2001
	22	Bruell, S.C. and G. Balbo, Computational Algorithms for Closed Queueing Networks. The Computer Science Library, ed. P.J. Denning. 1980, New York: Elsevier North Holland, Inc.
	23	Daniel A. Menascé , Virgílio A. F. Almeida , Larry W. Dowdy, Capacity planning and performance modeling: from mainframes to client-server systems, Prentice-Hall, Inc., Upper Saddle River, NJ, 1994
	24	Donald Gross , Carl M. Harris, Fundamentals of queueing theory (2nd ed.)., John Wiley & Sons, Inc., New York, NY, 1985
	25	Schweitzer, P.J., A Survey of Mean Value Analysis, its Generalizations, and Applications, for Networks of Queues, 1991, William I. Simon Graduate School of Business Administration, University of Rochester: Rochester, NY.
	26	Xylomenos, G. and G.C. Polyzos, Internet Protocol Performance over Networks with Wireless Links. Mobicom 99, 1999.
	27	Swift, M., et al., Initial and Pass Through Authentication Using Kerberos V5 and the GSS-API (IAKERB), 2001, IETF.

CITED BY 7

	Alan Harbitter , Daniel A. Menascé, A methodology for analyzing the performance of authentication protocols, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.458-491, November 2002
	Wassim Itani , Ayman Kayssi, J2ME application-layer end-to-end security for m-commerce, Journal of Network and Computer Applications, v.27 n.1, p.13-32, January 2004
	Asad Amir Pirzada , Chris McDonald, Kerberos assisted Authentication in Mobile Ad-hoc Networks, Proceedings of the 27th Australasian conference on Computer science, p.41-46, January 01, 2004, Dunedin, New Zealand
	Domenico Cotroneo , Almerindo Graziano , Stefano Russo, Security requirements in service oriented architectures for ubiquitous computing, Proceedings of the 2nd workshop on Middleware for pervasive and ad-hoc computing, p.172-177, October 18-22, 2004, Toronto, Ontario, Canada
	Daniel A. Menascé, Simple analytic modeling of software contention, ACM SIGMETRICS Performance Evaluation Review, v.29 n.4, March 2002
	Georgios Kambourakis , Angelos Rouskas , Stefanos Gritzalis, Performance evaluation of public key-based authentication in future mobile communication systems, EURASIP Journal on Wireless Communications and Networking, v.2004 n.1, p.184-197, 1 August 2004
	G. Kambourakis , I. Maglogiannis , A. Rouskas, PKI-based secure mobile access to electronic health services and data, Technology and Health Care, v.13 n.6, p.511-526, January 2005