Performance of public-key-enabled Kerberos authentication in large networks
- 13 November 2002
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Several proposals have been made to public-key-enable various stages of the secret-key-based Kerberos network authentication protocol. The computational requirements of public key cryptography are much higher than those of secret key cryptography, and the substitution of public key encryption algorithms for secret key algorithms impacts performance. This paper uses closed, class-switching queuing models to demonstrate the quantitative performance differences between PKCROSS and PKTAPP-two proposals for public-key-enabling Kerberos. Our analysis shows that, while PKTAPP is more efficient for authenticating to a single server, PKCROSS outperforms the simpler protocol if there are two or more remote servers per remote realm. This heuristic can be used to guide a high-level protocol that combines both methods of authentication to improve performance.Keywords
This publication has 4 references indexed in Scilit:
- Distributed authentication in Kerberos using public key cryptographyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Efficiency testing of ANSI C implementations of round 1 candidate algorithms for the advanced encryption standardPublished by National Institute of Standards and Technology (NIST) ,1999
- The Kerberos Network Authentication Service (V5)Published by RFC Editor ,1993
- Open, Closed, and Mixed Networks of Queues with Different Classes of CustomersJournal of the ACM, 1975