J. Trostle (USA)
key management protocol, Kerberos, authentication
We present requirements for authentication and key distribution in typical wireless scenarios, including fast handoffs and small user devices (e.g. cell phones). We show that Kerberos V5 is inadequate for some wireless scenarios. A new solution, the LKMP protocol, is then presented. We also present a new crossrealm authentication protocol, the LKMP passthrough exchange, and its advantages over existing Needham-Schroeder derived crossrealm protocols. We give a performance analysis of the LKMP protocol, based on our prototype. We include a performance and security comparison to Kerberos V5 including an analysis of some of the performance bottlenecks in Kerberos and the MIT Kerberos implementation in particular. Our results show that Kerberos is significantly under-optimized, and we describe some security improvements.
Important Links:
Go Back