الفهرس 
INTRODUCTIONOnly 14 pages are availabe for public view
 |  | from | 16 |  |  |
| | | from | 16 | | |
Abstract
ver the centuries, an elaborate set of protocols and mechanisms has been created to deal with information security issues. The technical means to achieve information security in an electronic society are provided through cryptography. The main goals of cryptography are authentication, confidentiality, data integrity, and access control. Protocols play a major role in cryptography and are essential in meeting cryptographic goals. Encryption schemes, hash functions, and random number generation are among the primitives which may be utilized to build a protocol.A cryptographic protocol is a distributed algorithm defined by a sequence of steps precisely specifying the actions required of two or more entities to achieve a specific security objective. <This thesis will focus on cryptographic protocols intended to achieve authentication over the Local Area Networks (LANs). Kerberos is an authentication service developed as part of Project Athena at MIT (Massachusetts Institute of Technology). Kerberos addresses an open distributed environment in which clients at workstations wish to access services on servers distributed throughout the network. Servers should be able to restrict access to authorized clients and to be able to authenticate requests for services. Versions 1 through 3 were internal development versions. 1The two versions of Kerberos that are in common use are Version 4 and 5. Version 5 corrects some of the security deficiencies of version 4 and has been issued as a proposed Internet Standard (RFC 1510, RFC 4120). In this thesis we are trying to overcome the main drawback of the Kerberos protocol that is the vulnerability to password guessing attackssince the long-term key of the network principal is generated from itspassword. Here, we present some modifications to the Kerberos database toapproach our goal. We propose that the KDC (Kerberos distribution Center) will save a profile for every instance in the realm that it manages. Then, the profile will be hashed and the output digest will be encrypted to generate the long-term key of the network principal. Besides, we propose a simple idea to control the lifetime of the principal’s long-term secret key. We append theKDC’s system time to the principal’s profile every predefined period that is the lifetime of the principal’s long-term secret key. Consequently, the input to the hashing algorithm will change and thus the principal’s long-termsecret key will change too. In our implementation we used 3-key Triple-DES (Data Encryption Standards) and AES (Advanced Encryption Standard) as encryption algorithms, SHA-256 (Secure Hash Algorithm) as a hashing algorithm, and
Blum Blum Shub as a random number generator algorithm. By
investigation, we found that by using AES as an encryption algorithm and
SHA-256 as a hashing algorithm; we can get a maximum speed and a
minimum time during the run of the protocol. In our design the lifetime of
the principle’s long-term secret key is 1 week, the lifetime of the TGS
(Ticket Granting Server) ticket (the TGT: the Ticket Granting Ticket) is 1 <day, the lifetime of the application server ticket is 8 hours, and the lifetime of the authenticator is 5 minutes. Moreover, we present our testing LAN (Local Area Networks) elements with different testing scenarios and analyze the testing results to provide practical validation for our proposed protocol. Besides, we provide formal analysis using MSR (Multi-Set Rewriting) formalism to validate the security properties of our proposed protocol by making use of the rank andthe corank functions. Thus, we got a network authentication protocol based on Kerberos 5 suitable for LANs with an added developed improvement that is the immunity to weak passwords chosen by the network principal that are 2susceptible to password guessing attacks with both practical and formal analysis validation.