Extending the Kerberos Protocol for Distributed Data as a Service
Abstract
Whilst much of the research on authentication in peer-to-peer networks focuses on distributed authentication services, in current military systems the use of a centralized authority such as the Kerberos ticketing framework predominates. Kerberos v5 is targeted at giving users access to a specific service with the option of delegating credentials to other authenticated nodes to enable them to act as proxies to access the service. The model does not work in situations in which there are many services distributed across a rapidly changing network, which could respond to a single request. An example of such a distributed set of services is a Gaian Database, where the nodes represent distributed data services and the queries represent the service requests. In this work, we describe an extension to the Kerberos ticketing framework that provides the delegated credentials "on demand" for nodes that can respond to the service request. We describe an implementation of the protocol that is used to enable authenticated policy-based access control using the Gaian Database to access distributed data sources in a military coalition scenario. The approach has been demonstrated in support of a Coalition Warfare Program (CWP) demonstration held at the NATO International Fusion Centre (IFC) at RAF Molesworth, United Kingdom.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 20, 2012
- Accession Number
- ADA565920
Entities
People
- Andrew J. Toth
- Dominic Harries
- Graham Bent
Organizations
- United States Army Research Laboratory