Communications of the ACM
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Delegation of cryptographic servers for capture-resilient devices
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
An authorization model for a public key management service
ACM Transactions on Information and System Security (TISSEC)
Lessons Learned in Implementing and Deploying Crypto Software
Proceedings of the 11th USENIX Security Symposium
Virtual Software Tokens - A Practical Way to Secure PKI Roaming
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
On the Difficulty of Protecting Private Keys in Software
ISC '02 Proceedings of the 5th International Conference on Information Security
Cert'eM: Certification System Based on Electronic Mail Service Structure
Proceedings of the International Exhibition and Congress on Secure Networking - CQRE (Secure) '99
Design of enterprise-wide secure networked system
WET-ICE '96 Proceedings of the 5th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'96)
A hybrid authentication protocol for large mobile network
Journal of Systems and Software
Automatic generation of two-party computations
Proceedings of the 10th ACM conference on Computer and communications security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Delegation of cryptographic servers for capture-resilient devices
Distributed Computing
Fortifying password authentication in integrated healthcare delivery systems
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Cryptanalysis of a hybrid authentication protocol for large mobile networks
Journal of Systems and Software
Equipping smart devices with public key signatures
ACM Transactions on Internet Technology (TOIT)
Exploiting social networks for threshold signing: attack-resilience vs. availability
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Security Weakness in a Provable Secure Authentication Protocol Given Forward Secure Session Key
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
Robust software tokens: yet another method for securing user's digital identity
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Weak forward security in mediated RSA
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Two birds one stone: signcryption using RSA
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Secure applications of Pedersen's distributed key generation protocol
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
A scalable and secure cryptographic service
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
A provable secure authentication protocol given forward secure session key
APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Traitor tracing schemes for protected software implementations
Proceedings of the 11th annual ACM workshop on Digital rights management
Forward secure password-enabled PKI with instant revocation
EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Ubiquitous authorization scheme based on device profile
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
Can hand-held computers still be better smart cards?
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Towards attack resilient social network based threshold signing
Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Hi-index | 0.02 |
The Kerberos authentication system is based on the trusted third-party Needham-Schroeder (1978) authentication protocol. The system is one of the few industry standards for authentication systems and its use is becoming fairly widespread. The system has some limitations, many of which are traceable to the decision of the Kerberos designers to solely use symmetric key cryptosystems. Using asymmetric (public-key) cryptosystems in an authentication protocol would prevent some of the shortcomings. Several such protocols have been proposed and some have been implemented. However, all these designs are either completely different from the Kerberos system, or require major changes to the basic system. Any attempts to improve Kerberos would do so with only minimal impact to the protocol and the source tree. In this work, we describe Yaksha, a new approach to achieving these goals. Yaksha uses as its building block an RSA (Rivest, Shamir & Adelman, 1978) algorithm variant independently invented by Boyd (1989) and by Ganesan and Yacobi (1994), in which the RSA private key is split into two portions. One portion becomes a user's Yaksha password, and the other the Yaksha server's password for that user. Using this simple but useful primitive, we show how we can blend the Kerberos system with a public-key infrastructure to create Yaksha, a more secure version of Kerberos, with minimal changes to the protocol.