Remote Strong Authentication for Mobile Smart Devices Based on KDC with OTP

El-Shaer, A. M.; Nasser, A. A. A.; Hamdy, N.; Elnatat, D. A.; Abd Allah, M. A.; Ismail, N. A.

doi:10.21608/mjeer.2010.66465

Remote Strong Authentication for Mobile Smart Devices Based on KDC with OTP

Document Type : Original Article

Authors

¹ Alexandria Institute of Engineering and Technology, Alexandria, Egypt

² Arad Academy for Science, Technology and Maritime Transport, Alexandria, Egypt.

³ Arad Academy for Science, Technology and Maritime Transport, Alexandria, Egypt

⁴ * Dept. of Computer Science and Eng., Faculty of Elect., Eng., Minufiya University

⁵ Dept. of Computer Science and Eng., Faculty of Elect., Eng., Minufiya University

10.21608/mjeer.2010.66465

Abstract

Authentication is one of the most crucial modules for any given system. With an increase in the need for secure environments, the authentication modules of systems are moving from traditional one-factor authentication (usually based on a static password) to multi-factor authentication. Two-factor authentication is a popular method being practiced for increasing security that using more than one of the options simultaneously during the authentication process. One-Time Password (OTP) is certainly one of the simplest, stronger and most popular forms of two-factor authentication for securing network access. A simple OTP algorithm can be implemented by any hardware manufacturer or software developer to create interoperable authentication devices and software agents. Kerberos is a popular security mechanism used by systems for network authentication and secure transmission of data. The Kerberos protocol provides a framework authenticating a client using the exchange of pre-authentication data. A key distribution center (KDC) distributes Kerberos tickets to authenticated users.
This paper describes the use of simulated Kerberos framework to carry out OTP authentication. Also, it allows OTP values to be used in the Kerberos pre-authentication in a manner that does not require the user's Kerberos password. In addition, it proposes a model which uses OTP algorithm to work with SIM cards that can send sensitive data over wireless connection in more safe, simple and secure manner with satisfying confidentialityand integrity. It shows that the system is designed to improve security by requesting something the user knows, along with something they have (Two-factor authentication).

References

[1] N.Haller, and R.Atkinson, "On Internet Authentication", RFC 1704, October 1994.

[2] C.Neuman, T.Yu and K.Raeburn, "The Kerberos Network Authentication Service (V5)", RFC 4120 July 2005.

[3] Gray Ian Gaskell, Integrating smart card into Kerberos, PH.D thesis, February 2000, Queensland University of technology.

[4] URL:http://www.ibm.com/developerworks/wireless/library/wi-kerberos/, Oct2003

[5] J.Kohl and C.Neuman, "The Kerberos Network Authentication Service (V5)", RFC 1510 September 1993.

[6] URL:http://download.boulder.ibm.com/ibmdl/pub/software/dw/aix/au-Two factors /au-twofactors-pdf.pdf, Nov. 2008.

[7] N.Haller, et.al, "A One-Time Password System", RFC2289 February 1998.

[8] D.Naccach and O.Ranen, " HOTP: An HMAC-Based One-Time Password Algorithm", RFC4226, December2005.

[9] G.Richards, "OTP Pre-authentication draft-ietf–krb-wg–otp-preauth09 ", Internet-Draft, December5, 2008.

[10] Jason Garman, Kerberos: the Definitive Guide, O'Reilly, United State of American, August 2000.

[11] Kwon T, Song J, “Efficient and Secure Password-Based Authentication Protocols Against Guessing Attacks”, Vol.21, Computer communications, PP.853-861, 1998.

[12] Cheng Xiao-rong, et.al,"Research and Realization of Authentication Technique Based on OTP and Kerberos", Eighth International Conference on High-Performance Computing, Asia-Pacific Region, 409, may 2

[13] Jan De Clercq, Guido Grillenmeier, Microsoft®Windows Security Fundamentals, Elsevier's Oxford, UK, july2006.

[14] Neuman B, Ts’o T, “Kerberos: An Authentication Service for Computer Networks”, IEEE Communication Magazine, 32(9), PP. 33-38.

[15] Anton Chuvakin and Cyrus Peikari, Protect Yourself against Kerberos Attacks, O'Reill, Nov2007.

[16] S.M.Bellovin, M. Merritt and Murray Hill," Limitations of the Kerberos-protocol ", NewJersey07974, vlume20, Issue5, 1990.

[17] Naomaru Itoi, Peter Honeyman,"Smartcard Integration with Kerberos v5", CITICenter for Information Technology Integration, university of Michigan, Dec1988.

[18] B.Kaliski "PKCS #5: Password-Based Cryptography Specification", RFC2898 (PBKDF1), September2000.

[19] R. Rivest,"The MD5 Message-Digest Algorithm"RFC1321, April 1992.

[20] Federal Information Processing Standards (FIPS) Publication 1802, Secure Hash Standard (SHS), U.S. DoC/NIST, August 2002.

[21] Federal Information Processing Standards (FIPS) Publication 197, ADVANCED ENCRYPTION STANDARD (AES), U.S. DoC/NIST, November 2001.