Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance...
-
Upload
caren-robertson -
Category
Documents
-
view
221 -
download
0
Transcript of Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance...
![Page 1: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/1.jpg)
Analyzing the Performance of Authentication Protocols
1
A Methodology for Analyzing the performance of Authentication
Protocols
Alan HarbitterDaniel A. Menasce
Presented byRob Elkind
![Page 2: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/2.jpg)
Analyzing the Performance of Authentication Protocols
2
Outline
• Introduction
• Kerberos – and extensions
• Kerberos with Proxy
• Methodology
• Simulations – Multiple Realm and Mobile with proxy
• Conclusion
![Page 3: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/3.jpg)
Analyzing the Performance of Authentication Protocols
3
Introduction
• Use of new modeling methodology for analyzing authentication protocols – Closed queuing network model
• Two Kerberos examples will be tested
• Designed to explicitly model performance new protocol design including asymmetric and symmetric encryption
![Page 4: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/4.jpg)
Analyzing the Performance of Authentication Protocols
4
Kerberos Overview
![Page 5: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/5.jpg)
Analyzing the Performance of Authentication Protocols
5
Kerberos Realms
• Kerberos realms - networked collection of workstations, servers, and a single master KDC which must:
• 1. maintain a database of matching user IDs and hashed passwords for registered Kerberos users
• 2. maintain shared secret keys with each registered application server
• 3. maintain shared secret keys with remote KDCs in other realms
• 4. propagate new or changed secret keys and database updates to slave KDCs.
![Page 6: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/6.jpg)
Analyzing the Performance of Authentication Protocols
6
Public Key Cryptography
• Increase scalability• Smaller key shared space ~ n2 vs. n for n
users• Improved Security• Proposals:
– PKINIT (core specification)– PKCROSS– PKTAPP
![Page 7: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/7.jpg)
Analyzing the Performance of Authentication Protocols
7
PKINIT Overview
![Page 8: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/8.jpg)
Analyzing the Performance of Authentication Protocols
8
PKCROSS Overview
![Page 9: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/9.jpg)
Analyzing the Performance of Authentication Protocols
9
PKDA Overview (PKTAPP)
![Page 10: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/10.jpg)
Analyzing the Performance of Authentication Protocols
10
Proxy server with Kerberos
• Isolate client and server for security purposes
• Offload processing from mobile host or network
• IAKERB
• Charon
![Page 11: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/11.jpg)
Analyzing the Performance of Authentication Protocols
11
Methodology
• Build model
• Validate
• Change parameters
• Analyze results
• Add “What ifs”
![Page 12: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/12.jpg)
Analyzing the Performance of Authentication Protocols
12
Modeling Topology multiple-realm
![Page 13: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/13.jpg)
Analyzing the Performance of Authentication Protocols
13
Validation of Model
![Page 14: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/14.jpg)
Analyzing the Performance of Authentication Protocols
14
“What-If” Analyses
• Vary input parameters to reflect various real world conditions
• Reflects sensitivity to various operational environments
• Gives insight into general performance characteristics of the protocol design
![Page 15: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/15.jpg)
Analyzing the Performance of Authentication Protocols
15
Analysis of Public-Key-Enabled Kerberos in Large Networks
• Compare PKTAPP and PKCROSS• Simulate using closed queuing network
model• Use skeleton software to model real world
protocol• When is it more efficient to authenticate to
a central KDC than to individual application servers?
![Page 16: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/16.jpg)
Analyzing the Performance of Authentication Protocols
16
![Page 17: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/17.jpg)
Analyzing the Performance of Authentication Protocols
17
![Page 18: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/18.jpg)
Analyzing the Performance of Authentication Protocols
18
PKCROSS vs. PKTAPP
![Page 19: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/19.jpg)
Analyzing the Performance of Authentication Protocols
19
“What-Ifs” Results
![Page 20: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/20.jpg)
Analyzing the Performance of Authentication Protocols
20
Analysis Of Public-key-enabled Kerberos InMobile Computing Environments
• Reduce the number of public/private key operations performed on the mobile platform.
• When a proxy is used, maintain the option to preserve the encrypted data stream through the proxy.
• Retain the standard Kerberos formats for messages sent to the KDC and application server.
• Preserve the semantics of Kerberos.
![Page 21: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/21.jpg)
Analyzing the Performance of Authentication Protocols
21
M-PKINIT
![Page 22: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/22.jpg)
Analyzing the Performance of Authentication Protocols
22
MP-PKINIT
![Page 23: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/23.jpg)
Analyzing the Performance of Authentication Protocols
23
Modeling Topology M&MP-PKINIT
• Can use same model as before – Substitute a mobile client for client– Wireless network for LAN– Proxy server for local KDC
• Adjust branching probabilities to reflect new model paths
![Page 24: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/24.jpg)
Analyzing the Performance of Authentication Protocols
24
Model Results
![Page 25: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/25.jpg)
Analyzing the Performance of Authentication Protocols
25
Model vs. Simulation
![Page 26: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/26.jpg)
Analyzing the Performance of Authentication Protocols
26
“What-If” Analysis
![Page 27: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/27.jpg)
Analyzing the Performance of Authentication Protocols
27
More “What-Ifs”
![Page 28: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/28.jpg)
Analyzing the Performance of Authentication Protocols
28
Conclusions
• Closed queuing model with class switching is a useful tool for analyzing performance in security protocols – supports wide range of operating conditions
• Skeleton implementation is a good way to work with new ideas that may not be operational yet
• PKCROSS outperforms PKTAPP for authenticating to more than one server
• Proxy server benefits 2G speeds but not 3G speeds
![Page 29: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/29.jpg)
Analyzing the Performance of Authentication Protocols
29
Thoughts
• Well written and presented, clear and detailed
• Good procedural methodology• Would be nice to see “What-Ifs” done on
the test bed and compared to model as well• Skeleton makes assumptions that may alter
results when performed with real implementation
![Page 30: Analyzing the Performance of Authentication Protocols 1 A Methodology for Analyzing the performance of Authentication Protocols Alan Harbitter Daniel A.](https://reader036.fdocuments.us/reader036/viewer/2022062519/56649cef5503460f949bd8cb/html5/thumbnails/30.jpg)
Analyzing the Performance of Authentication Protocols
30
Questions?