Based Remote Access Vpn Password System To Improve The Kerberos Authentication Protocol

At the present,many enterprises have set up their internal network. In the internal network,the employee can access the Internet through firewall or proxy,exchange files,work with OA system,etc. The employees need to access the internal network not only in the office,but at home or other cities. The VPN (virtual private network) technology was developed to solve this problem.There are three kinds of VPN (Virtual Private Network),Access VPN,Intranet VPN and Extranet VPN. This dissertation studies Access VPN and its concerned technology. The primary research contents are summarized as follows:1. VPN cryptographical system is concerned with cryptographical technology,authentication technology and VPN implementation protocols. Symmetrical cryptographical algorithms,Non-Symmetrical cryptographical algorithms and Domestic cryptographical algorithms are discussed. Several authentication methods are discussed,and Several VPN implementation protocols that include PPTP/L2TP protocol,IPSec protocol,SOCKS protocol and MPLS protocol are discussed. To implement Access VPN,this dissertation use SOCKS protocol,Kerberos Protocol and domestic cryptographical algorithm.2. This dissertation introduces the theory of Kerberos protocol and points out its limitation. To prevent password-guessing attack,we propose a two-factor Kerberos protocol that combines the user's password and his usb-interface card's serial number to generate the user's private key that was used to authenticate the user's identity.3. This dissertation proposes a CA-based Kerberos protocol,the protocol authenticate the user's identity not by the user's private key,but by the user's certificate. This protocol extends Kerberos ability to authenticate a large amount of users.4. This dissertation introduces SOCKS protocol and GSS-API protocol that are used to implement Access VPN. Furthermore,this dissertation extends SOCKS protocol to enhance its function.5. This dissertation implements an Access VPN cryptographical system and illustrates an application example. Futhermore,there are more research work need to be done,include incorporating with IPSec protocol and firewall technology.