Implementation of A security Service Provider for Intranets

Abstract

Among the many branches of security, authentication and confidentiality are very important to be provided. This work studies authentication focusing on the authentication systems supported by Windows 2000 family, especially Kerberos. As a result of this study, some unconvincing points are found along with others that are considered as weaknesses, such as being subject to offline dictionary attacks and the lack of perfect forward secrecy. Hence, some protocols (for authentication and key agreement) are chosen to build an authentication system that takes into consideration the observations on Windows 2000 systems. Based on this system, a security service provider is developed. The proposed provider isolates the developer from the complexity of the underlying system.