Applying Kerberos to the communication environment for information appliances

S. Sakane, N. Okabe, K. Kamada, H. Esaki
2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings.  
When IPv6 deploys, each information appliance shall have a global IP address and communicates directly with each other. Some devices may have much lower processing performance than PCs have due to various limitations (e.g. cost, physical size, power consumption). Such devices must have security function, that is confidentiality, integrity and access control, for provision of privacy even with a home networking environment. The information appliances shall move around the global network with the
more » ... al network with the users. In this paper, we assume these devices are used in the home and we describe the methodologies to achieve access control using Kerberos and to deal with changes of IP addresses using modified Kerberos. IPv6 has a security mechanism called "IPsec" for secure communication. In order to use the IPsec, peering communicating devices have to share a symmetric key to maintain the confidentiality and/or the integrity. We also describe a method that these restricted devices can share a symmetric key securely. REALM-a for A REALM-b for B principal CON-a@A Key CON-a@A CON-a VCR principal VCR@A Key VCR@A TV principal TV@A principal TV@B Key TV@A Key TV@B CON-b principal CON-b@B Key CON-b@B network, a new principal and a new secret key which belong to REALM-g is allocated to CON-g. Now, CON-g and TV both belong to REALM-g, so they can initiate a connection to each other. The period in which G can use TV is controlled by setting a expire time on Tickets in REALM-g.
doi:10.1109/saintw.2003.1210159 dblp:conf/saint/SakaneOKE03 fatcat:ybbu2aelmjf2fjgcwwfxych7l4