Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(128.88KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Authentication and Authorization Models
More V.N
Pages - 72 - 84     |    Revised - 31-03-2011     |    Published - 04-04-2011
Volume - 5   Issue - 1    |    Publication Date - March / April 2011  Table of Contents
MORE INFORMATION
KEYWORDS
PKI, PMI, Kerberos, An Improved Trust Model, X.509 Standard
ABSTRACT
In computer science distributed systems could be more secured with a distributed trust model based on either PKI or Kerberos. However, it becomes difficult to establish trust relationship across heterogeneous domains due to different actual trust mechanism and security policy as well as the intrinsic flaw of each trust model. Since Internet has been used commonly in information systems technologies, many applications need some security capabilities to protect against threats to the communication of information. Two critical procedures of these capabilities are authentication and authorization. This report presents a strong authentication and authorization model using three standard frameworks. They are PKI, PMI, and Directory. The trust in this approach is enabled by the use of public key infrastructure (PKI) which is applied for client two-factor authentication and secures the infrastructure. We introduce the preventive activity-based authorization policy for dynamic user privilege controls. It helps prevent successive unauthorized requests in a formal manner. At the core, we apply the Multi-Agent System (MAS) concept to facilitate the authentication and the authorization process in order to work with multi-applications and multi-clients more dynamically and efficiently.
CITED BY (1)  
1 Aye, N., Khin, H. S., Win, T. T., KoKo, T., Than, M. Z., Hattori, F., & Kuwabara, K. (2013). Multi-domain public key infrastructure for information security with use of a multi-agent system. In Intelligent Information and Database Systems (pp. 365-374). Springer Berlin Heidelberg.
1 Google Scholar
2 Academic Journals Database
3 CiteSeerX
4 refSeek
5 iSEEK
6 Scribd
7 SlideShare
8 PdfSR
1 Thompson MR, Olson D, Cowles R, Mullen S, Helm M. CA-Based trust model for grid authentication and identity delegation. In: Proc. of the GGF7. 2003.
2 Neuman C. RFC 1510, The Kerberos Network Authentication Service (V5) [S]. 1993.
3 Bellovin S M, Merritt M. Limitation of the Kerberos authentication system [A].Proceedings of the Winter 1991 Usenix Conference [C]. 1991.
4 Guan Zhen-sheng, Publication Key Infrastructure PKI and the applications. Beijing: Publishing House of Electronics Industry. 2008.1
5 Wen Tei-hua, Gu Shi-wen, An improved method of enhancing Kerberos protocol security, Journal of China Institute of Communications, Vol 25 No 6. June 2004, pp. 76-79.
6 Burr W E. Public Key Infrastructure (PKI) Technical Specifications: Part A-Technical Concept of Operations: [WORKING Draft] TWG-98- 59. Federal PKI Technical Working Group. Sep. 1998
7 [X.509] CCITT Recommendation X.509, The Directory: Authentication Framework, 1997
8 Internet X.509 Public Key Infrastructure Certificate and CRL Profile URL: http://search.ietf.org/internet -drafts/draft-ietf-pkix-new-part1-09.txt
9 An Internet Attribute Certificate Profile for Authorization URL: http://search.ietf.org/internet -drafts/draft-ietf-pkix-ac509prof-09.txt
10 X.509 4th edition: Overview of PKI & PMI Frameworks (Entrust, Inc.) URL: http://www.entrust.com/resources/pdf/509_overview.pdf
11 Certificate Revocation in Public Key Infrastructures URL: http://www.sans.org/infosecFAQ/encryption/cert _rev.htm
12 Tips for LDAP users URL: http://www.ymtech.co.kr/ref/java/jnditutorial -may1/ldap/index.html
13 Netscape Directory Server Administration Guide URL: http://home.netscape.com/eng/server/directory/3.0/ag/contents.html
14 S. Chokhani (CygnaCom) & W. Ford (VeriSign, Inc.) Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework URL: http://www.i etf.org/rfc/rfc2527.txt
15 Kerberos and Authentication URL: http://web.mit.edu/kerberos/#what_is
16 Authentication, Authorization and Accounting URL: www.infosectoday.com/Articles/Authentication.html
17 Strong authentication and authorization models URL: www.sans.org/.../strong-authentication-authorization-model-pki-pmi- directory_747
18 Role of PKI URL: www.windowsecurity.com/.../Understanding_the_Role_of_the_PKI.html
19 An X.509 Role-based Privilege Management Infrastructure URL: www.permis.org/files/article1_chadwick.pdf
20 ASTM E2595 - 07 Standard Guide for Privilege Management Infrastructure. URL: http://www.astm.org/Standards/E2595.htm
21 Recommendation X.509 and ISO 9594-8, Information Processing System Open Systems Interconnection - The Directory - Authentication Framework, 1988. URL: http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper075/paper.pdf.
Dr. More V.N
- India
vickymore12@gmail.com