Improvement public key Kerberos using identity-based signcryption

Abstract

Several proposals have been developed that add public key cryptography to various stages of Kerberos to make the protocol work with large user communities and Public Key Infrastructures (PKI). But a man-in-the-middle attack on PKINIT allows an attacker to impersonate Kerberos administrative principals and end-servers to a client, hence breaching the authentication guarantees of Kerberos. It also gives the attacker the keys which an Authentication Server (AS) normally generates to encrypt the service requests of this client, hence defeating confidentiality as well. In this paper we provide alternative approach as Public crypto system instead of traditional public key infrastructure. This paper proposed used identity-based signcryption in Kerberos, that is eliminate need to public key certification that used in PKI by used identity of user as public key, and prevent the men-in-the-middle attacker from obtain the authentication key or impersonate Kerberos administrative principals. The identity-based signcryption used to sign and encrypt the message in a same algorithm in order to achieve authentication and confidentiality, also to avoid modified it during transmission. © 2013 Springer Science+Business Media New York.