计算机工程Issue(5):144-148,5.DOI:10.3969/j.issn.1000-3428.2015.05.026
Kerberos协议的安全分析及对策研究
Security Analysis and Strategy Research of Kerberos Protocol
摘要
Abstract
Some improvements are made based on the analysis of the traditional Kerberos protocol’s security. To solve problems of the password guessing attacks and the complexity of symmetric key storage,public key encryption and private key decryption mechanism is presented in this paper. The new methods of combining the message sequence number with the random number is used to help the application server to distinguish the message replayed by the attacker and the message resent by the legal client,so as to solve the problem that the encrypted request message is seized and replayed by the attacker. Also,in view of the problem that the session key is intercepted,the non-volatile memory is adopted on the client and application server to store the key chain and the message list,and message between client and application server is encrypted by the key in the key chain instead of the session key issued by the Ticket Granting Server ( TGS ) , the dynamic key ensures the integrity of the message. Analysis result shows that the improued protocol can improve the security of the system.关键词
Kerberos协议/单点登录/公钥加密/重放攻击/序列号/随机数/密钥链Key words
Kerberos protocol/single sign-on/public key encryption/replay attack/sequence number/random number/key chain分类
信息技术与安全科学引用本文复制引用
杨萍,宁红云..Kerberos协议的安全分析及对策研究[J].计算机工程,2015,(5):144-148,5.基金项目
国家自然科学基金青年基金资助项目(61301140)。 (61301140)
