Home   >   CSC-OpenAccess Library   >    Manuscript Information
Authentication and Authorization Models
More V.N
Pages - 72 - 84     |    Revised - 31-03-2011     |    Published - 04-04-2011
Volume - 5   Issue - 1    |    Publication Date - March / April 2011  Table of Contents
PKI, PMI, Kerberos, An Improved Trust Model, X.509 Standard
In computer science distributed systems could be more secured with a distributed trust model based on either PKI or Kerberos. However, it becomes difficult to establish trust relationship across heterogeneous domains due to different actual trust mechanism and security policy as well as the intrinsic flaw of each trust model. Since Internet has been used commonly in information systems technologies, many applications need some security capabilities to protect against threats to the communication of information. Two critical procedures of these capabilities are authentication and authorization. This report presents a strong authentication and authorization model using three standard frameworks. They are PKI, PMI, and Directory. The trust in this approach is enabled by the use of public key infrastructure (PKI) which is applied for client two-factor authentication and secures the infrastructure. We introduce the preventive activity-based authorization policy for dynamic user privilege controls. It helps prevent successive unauthorized requests in a formal manner. At the core, we apply the Multi-Agent System (MAS) concept to facilitate the authentication and the authorization process in order to work with multi-applications and multi-clients more dynamically and efficiently.
CITED BY (1)  
1 Aye, N., Khin, H. S., Win, T. T., KoKo, T., Than, M. Z., Hattori, F., & Kuwabara, K. (2013). Multi-domain public key infrastructure for information security with use of a multi-agent system. In Intelligent Information and Database Systems (pp. 365-374). Springer Berlin Heidelberg.
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 refSeek 
5 iSEEK 
6 Scribd 
7 SlideShare 
8 PdfSR 
An Internet Attribute Certificate Profile for Authorization URL: http://search.ietf.org/internet -drafts/draft-ietf-pkix-ac509prof-09.txt
An X.509 Role-based Privilege Management Infrastructure URL: www.permis.org/files/article1_chadwick.pdf
ASTM E2595 - 07 Standard Guide for Privilege Management Infrastructure. URL: http://www.astm.org/Standards/E2595.htm
Authentication, Authorization and Accounting URL: www.infosectoday.com/Articles/Authentication.html
Bellovin S M, Merritt M. Limitation of the Kerberos authentication system [A].Proceedings of the Winter 1991 Usenix Conference [C]. 1991.
Burr W E. Public Key Infrastructure (PKI) Technical Specifications: Part A-Technical Concept of Operations: [WORKING Draft] TWG-98- 59. Federal PKI Technical Working Group. Sep. 1998
Certificate Revocation in Public Key Infrastructures URL: http://www.sans.org/infosecFAQ/encryption/cert _rev.htm
Guan Zhen-sheng, Publication Key Infrastructure PKI and the applications. Beijing: Publishing House of Electronics Industry. 2008.1
Internet X.509 Public Key Infrastructure Certificate and CRL Profile URL: http://search.ietf.org/internet -drafts/draft-ietf-pkix-new-part1-09.txt
Kerberos and Authentication URL: http://web.mit.edu/kerberos/#what_is
Netscape Directory Server Administration Guide URL: http://home.netscape.com/eng/server/directory/3.0/ag/contents.html
Neuman C. RFC 1510, The Kerberos Network Authentication Service (V5) [S]. 1993.
Recommendation X.509 and ISO 9594-8, Information Processing System Open Systems Interconnection - The Directory - Authentication Framework, 1988. URL: http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper075/paper.pdf.
Role of PKI URL: www.windowsecurity.com/.../Understanding_the_Role_of_the_PKI.html
S. Chokhani (CygnaCom) & W. Ford (VeriSign, Inc.) Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework URL: http://www.i etf.org/rfc/rfc2527.txt
Strong authentication and authorization models URL: www.sans.org/.../strong-authentication-authorization-model-pki-pmi- directory_747
Thompson MR, Olson D, Cowles R, Mullen S, Helm M. CA-Based trust model for grid authentication and identity delegation. In: Proc. of the GGF7. 2003.
Tips for LDAP users URL: http://www.ymtech.co.kr/ref/java/jnditutorial -may1/ldap/index.html
Wen Tei-hua, Gu Shi-wen, An improved method of enhancing Kerberos protocol security, Journal of China Institute of Communications, Vol 25 No 6. June 2004, pp. 76-79.
X.509 4th edition: Overview of PKI & PMI Frameworks (Entrust, Inc.) URL: http://www.entrust.com/resources/pdf/509_overview.pdf
[X.509] CCITT Recommendation X.509, The Directory: Authentication Framework, 1997
Dr. More V.N
- India