Brian J. d'Auriol, Ph.D.

Student Research Details
Return to d'Auriol's Students Supervised Page


Esther Vanitha Vasa, Communication Timing Attack on the Public Key Management System Kerberos for Distributed Authentication Through the RSA Encryption, Department of Computer Science, The University of Texas at El Paso, December 2003. Advisor: Brian J. d'Auriol

This thesis looks at a communication timing attack on Public key Kerberos for distributed authentication (PKDA). It is based on research carried out at two cryptograhy levels namely, the algorithm level and the protocol level. At the algorithm level, the Rivest Shamir Adleman (RSA) encryption algorithm is studied for weaknesses that may be exploitable in a communication timing attack. A probable communication timing attack scenario is built up. Based on this, a preventive measure for timing attack, called blinding on RSA is also studied. A secure functional model of the RSA is proposed. A mathematical expression for the decryption time, a bit size function and the computation speed of modular reduction algorithm is formulated as these are the major contributing factors for the decryption time. At the protocol level, PKDA is studied. In particular, the public key based Kerberos for initial authentication (PKINIT) based on RSA is studied. The emphasis is again on the communication timing attack. The thesis determines that a communication timing attack may be carried out by an intelligent sniffer at the steps where a public key based request and response are sent. A preventive measure is suggested in this thesis by using, again, the blinding technique.

Last Updated: August 3, 2007