A New Mutuel Kerberos Authentication Protocol for Distributed Systems

10.6633/IJNS.201711.19(6).04

Zakariae Tbatou；Ahmed Asimi；Younes Asimi；Yassine Sadqi；Azidine Guezzaz

Authentication ； Cloud Computing ； Cryptographic Primitives ； Diffie Hell-man Model ； Distributed Systems ； Kerberos V5

International Journal of Network Security

19卷6期（2017 / 11 / 01）

889 - 898

英文

In recent years, distributed systems, including cloud computing, are becoming increasingly popular. They are based on traditional security mechanisms that focus on access control policies and the use of cryptographic primitives. However, these mechanisms do not implement some more advanced security properties, including authentication policies. Kerberos V5, the most recent version, is a successful protocol that is designed to authenticate clients to multiple networked services. In this paper we propose a new mutuel Kerberos authentication protocol for distributed systems based upon Kerberos V5 and Diffie Hell- man models. it is composed of three phases: 1) registration phase, based on the Diffie Hellman model, enabling the design and reliable exchange of client's authentication parameters to the authentication server side; 2) communication phase, based upon the two functions S2KexS () and DKexS (), which aims to the exchange of encryption keys and creates a secure the communication channel between client and server of services and 3) renewal phase for updating the client authentication parameters. Our security analysis and performance evaluation demonstrate that our scheme creates a secure channel to a more secure password exchange. Hence, it reduces the chance that a password will be guessed from the parameters stored or exchanged between client and authentication server, which make our proposed protocol efficient against dictionary and brute force attacks. The results proved by the behavior study show the success of our scheme and the easily of implementation.