KERBEROS SECURITY EVALUATION

Abstract

Authentication of a person is an important task in many areas of day-to-day life including electronic commerce, system security and access control. We present Kerberos a client\server authentication protocol which can perform a secure communication over unsecured environments (internet). For example an e-bank application the client can log on in domain environment using password (single factor authentication) or a smart card running java card application in combine with PIN and the server is the banking hosted system at the bank. Smart card can enhance the security by storing the cryptographic key to perform dual factor authentication, it also can manage the encryption and decryption of the Kerberos keys on it rather then on the client workstation memory. A common methodology depends on the national standardizations is used to evaluate security of that authentication scenarios of Kerberos protocol.