1 / 30

A Methodology for Analyzing the performance of Authentication Protocols

A Methodology for Analyzing the performance of Authentication Protocols. Alan Harbitter Daniel A. Menasce. Presented by Rob Elkind. Outline. Introduction Kerberos – and extensions Kerberos with Proxy Methodology Simulations – Multiple Realm and Mobile with proxy Conclusion.

aelwen
Download Presentation

A Methodology for Analyzing the performance of Authentication Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A. Menasce Presented by Rob Elkind Analyzing the Performance of Authentication Protocols

  2. Outline • Introduction • Kerberos – and extensions • Kerberos with Proxy • Methodology • Simulations – Multiple Realm and Mobile with proxy • Conclusion Analyzing the Performance of Authentication Protocols

  3. Introduction • Use of new modeling methodology for analyzing authentication protocols • Closed queuing network model • Two Kerberos examples will be tested • Designed to explicitly model performance new protocol design including asymmetric and symmetric encryption Analyzing the Performance of Authentication Protocols

  4. Kerberos Overview Analyzing the Performance of Authentication Protocols

  5. Kerberos Realms • Kerberos realms - networked collection of workstations, servers, and a single master KDC which must: • 1. maintain a database of matching user IDs and hashed passwords for registered Kerberos users • 2. maintain shared secret keys with each registered application server • 3. maintain shared secret keys with remote KDCs in other realms • 4. propagate new or changed secret keys and database updates to slave KDCs. Analyzing the Performance of Authentication Protocols

  6. Public Key Cryptography • Increase scalability • Smaller key shared space ~ n2 vs. n for n users • Improved Security • Proposals: • PKINIT (core specification) • PKCROSS • PKTAPP Analyzing the Performance of Authentication Protocols

  7. PKINIT Overview Analyzing the Performance of Authentication Protocols

  8. PKCROSS Overview Analyzing the Performance of Authentication Protocols

  9. PKDA Overview (PKTAPP) Analyzing the Performance of Authentication Protocols

  10. Proxy server with Kerberos • Isolate client and server for security purposes • Offload processing from mobile host or network • IAKERB • Charon Analyzing the Performance of Authentication Protocols

  11. Methodology • Build model • Validate • Change parameters • Analyze results • Add “What ifs” Analyzing the Performance of Authentication Protocols

  12. Modeling Topology multiple-realm Analyzing the Performance of Authentication Protocols

  13. Validation of Model Analyzing the Performance of Authentication Protocols

  14. “What-If” Analyses • Vary input parameters to reflect various real world conditions • Reflects sensitivity to various operational environments • Gives insight into general performance characteristics of the protocol design Analyzing the Performance of Authentication Protocols

  15. Analysis of Public-Key-Enabled Kerberos in Large Networks • Compare PKTAPP and PKCROSS • Simulate using closed queuing network model • Use skeleton software to model real world protocol • When is it more efficient to authenticate to a central KDC than to individual application servers? Analyzing the Performance of Authentication Protocols

  16. Analyzing the Performance of Authentication Protocols

  17. Analyzing the Performance of Authentication Protocols

  18. PKCROSS vs. PKTAPP Analyzing the Performance of Authentication Protocols

  19. “What-Ifs” Results Analyzing the Performance of Authentication Protocols

  20. Analysis Of Public-key-enabled Kerberos InMobile Computing Environments • Reduce the number of public/private key operations performed on the mobile platform. • When a proxy is used, maintain the option to preserve the encrypted data stream through the proxy. • Retain the standard Kerberos formats for messages sent to the KDC and application server. • Preserve the semantics of Kerberos. Analyzing the Performance of Authentication Protocols

  21. M-PKINIT Analyzing the Performance of Authentication Protocols

  22. MP-PKINIT Analyzing the Performance of Authentication Protocols

  23. Modeling Topology M&MP-PKINIT • Can use same model as before • Substitute a mobile client for client • Wireless network for LAN • Proxy server for local KDC • Adjust branching probabilities to reflect new model paths Analyzing the Performance of Authentication Protocols

  24. Model Results Analyzing the Performance of Authentication Protocols

  25. Model vs. Simulation Analyzing the Performance of Authentication Protocols

  26. “What-If” Analysis Analyzing the Performance of Authentication Protocols

  27. More “What-Ifs” Analyzing the Performance of Authentication Protocols

  28. Conclusions • Closed queuing model with class switching is a useful tool for analyzing performance in security protocols – supports wide range of operating conditions • Skeleton implementation is a good way to work with new ideas that may not be operational yet • PKCROSS outperforms PKTAPP for authenticating to more than one server • Proxy server benefits 2G speeds but not 3G speeds Analyzing the Performance of Authentication Protocols

  29. Thoughts • Well written and presented, clear and detailed • Good procedural methodology • Would be nice to see “What-Ifs” done on the test bed and compared to model as well • Skeleton makes assumptions that may alter results when performed with real implementation Analyzing the Performance of Authentication Protocols

  30. Questions? Analyzing the Performance of Authentication Protocols

More Related