计算机工程2012,Vol.38Issue(23):127-130,136,5.DOI:10.3969/j.issn.1000-3428.2012.23.031
基于无证书密钥协商的Kerberos改进协议
Improved Kerberos Protocol Based on Certificateless Key Agreement
摘要
Abstract
Kerberos authentication protocol is apt to suffer password attack and replay attack, and it needs double bilinear logarithmic operations, double exponent arithmetic and one dot multiplication on elliptic curve. Aiming at vulnerability and large amount of computation of Kerberos authentication protocol, this paper improves it with the help of high-efficient certificateless key agreement. In order to resist masquerade attacks, the certificateless signcryption technology is used between a user and authentication service. Analysis result proves that the improved protocol meets six basic security demands of key agreement. That's to say, it can satisfy with the requirements of known key security, perfect forward security, resisting unknown key sharing security, keys' uncontrollability and temporal known session information security. It can resist password attack, replay attack, intermediary attack and key exposure impersonation attack, and has higher efficiency with only three dot multiplications.关键词
Kerberos协议/无证书公钥密码学/密钥协商/身份认证Key words
Kerberos protocol/ Certificateless Public Key Cryptography(CL-PKC)/ key agreement/ identity authentication分类
信息技术与安全科学引用本文复制引用
王娟,郑淑丽,操漫成,方元康..基于无证书密钥协商的Kerberos改进协议[J].计算机工程,2012,38(23):127-130,136,5.基金项目
国家"863"计划基金资助项目(2009AA010307) (2009AA010307)
国家自然科学基金资助项目(61100034,61170043) (61100034,61170043)
安徽省高等学校自然科学研究基金资助项目(KJ2011B108,KJ2012Z273) (KJ2011B108,KJ2012Z273)
