{"title":"Performance of public-key-enabled Kerberos authentication in large networks","authors":"Alan Harbitter, D. Menascé","doi":"10.1109/SECPRI.2001.924297","DOIUrl":null,"url":null,"abstract":"Several proposals have been made to public-key-enable various stages of the secret-key-based Kerberos network authentication protocol. The computational requirements of public key cryptography are much higher than those of secret key cryptography, and the substitution of public key encryption algorithms for secret key algorithms impacts performance. This paper uses closed, class-switching queuing models to demonstrate the quantitative performance differences between PKCROSS and PKTAPP - two proposals for public-key-enabling Kerberos. Our analysis shows that, while PKTAPP is more efficient for authenticating to a single server, PKCROSS outperforms the simpler protocol if there are two or more remote servers per remote realm. This heuristic can be used to guide a high-level protocol that combines both methods of authentication to improve performance.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"6 1","pages":"170-183"},"PeriodicalIF":0.0000,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"36","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.2001.924297","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 36
Abstract
Several proposals have been made to public-key-enable various stages of the secret-key-based Kerberos network authentication protocol. The computational requirements of public key cryptography are much higher than those of secret key cryptography, and the substitution of public key encryption algorithms for secret key algorithms impacts performance. This paper uses closed, class-switching queuing models to demonstrate the quantitative performance differences between PKCROSS and PKTAPP - two proposals for public-key-enabling Kerberos. Our analysis shows that, while PKTAPP is more efficient for authenticating to a single server, PKCROSS outperforms the simpler protocol if there are two or more remote servers per remote realm. This heuristic can be used to guide a high-level protocol that combines both methods of authentication to improve performance.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
