Kerberos协议的安全分析及对策研究  被引量:3

Security Analysis and Strategy Research of Kerberos Protocol

在线阅读下载全文

作  者:杨萍[1] 宁红云[1] 

机构地区:[1]天津理工大学天津市智能计算及软件新技术重点实验室,天津300384

出  处:《计算机工程》2015年第5期144-148,共5页Computer Engineering

基  金:国家自然科学基金青年基金资助项目(61301140)

摘  要:对传统Kerberos协议的安全性进行分析,提出一种改进协议。利用公钥加密私钥解密体制,解决口令猜测攻击以及对称密钥存储复杂的问题。为避免请求资源的消息被攻击者截获后进行重放,通过增加消息序列号和发送随机数相结合的方法,使应用服务器能够识别出被攻击者重放攻击和客户端重发的消息。在客户端和应用服务器端都采用非易失性存储器来存储密钥链和消息列表,客户端与资源服务器之间的交互数据都使用密钥链中的密钥代替票据授权服务器颁发的会话密钥进行加密,动态密钥保证消息的完整性,使会话密钥不易被截获。分析结果表明,改进协议能有效提高系统的安全性。Some improvements are made based on the analysis of the traditional Kerberos protocol's security. To solve problems of the password guessing attacks and the complexity of symmetric key storage,public key encryption and private key decryption mechanism is presented in this paper. The new methods of combining the message sequence number with the random number is used to help the application server to distinguish the message replayed by the attacker and the message resent by the legal client, so as to solve the problem that the encrypted request message is seized and replayed by the attacker. Also, in view of the problem that the session key is intercepted, the non-volatile memory is adopted on the client and application server to store the key chain and the message list, and message between client and application server is encrypted by the key in the key chain instead of the session key issued by the Ticket Granting Server ( TGS ), the dynamic key ensures the integrity of the message. Analysis result shows that the improued protocol can improve the security of the system.

关 键 词:KERBEROS协议 单点登录 公钥加密 重放攻击 序列号 随机数 密钥链 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象