Research On Kerberos Authentication Protocol Integrating Public Key Cryptography

As the basement of the network security, Identity authentication is the technology that someone use it reliably to validate the other end's identity in communication with he. Kerberos is a authentication protocol based on KDC and symmetry key cryptography. It is used suitably in a physical insecurity network. The potential fact holdbacked the Kerberos scalable is its difficulty to construct and maintenance the secret key because of its using symmetry cryptography mechanism, It's also impact Kerberos been using in Internet. Now people had given some proposal integrating public key cryptography in Keberos to improve the Kerberos's performance, but these proposals maintenance the certificates and CRL without using PKI. In analyzing the Kerberos's weakness and insufficiency of integrating Kerberos with PKI This thesis have made some underlying works:(1). A particular analysis had been made in Kerberos's design thinking and base authentication protocol. Also, we pointed out the security and limitation of the Kerberos. We had made a research of the PKI architecture and its certificates hierarchy , management and standardization problems. Meanwhile, an analysis is been worked out on deficiency and limitation of these Kerberos integrating public key cryptography schemes.(2). By using CMS syntax standard to define the high level message format in PKINIT protocol, we can get a Kerberos integrating public key cryptography scheme with highly interoperability. In the scheme we employ the CMS's signed data format and enveloped data format to encoding the public key message transfer in authentication. So the PKINIT-CMS scheme can offer an approach to combine the Kerberos with PKI pellucidly .(3). As authentication request amount increased with centralized Kerberos server and public key cryptography's time complexity, a computing neck bottle maybe occur potentially. So we designed an application server direct authentication scheme in the basement of the Kerberos protocol integrating the public key cryptography. This scheme can shift the Kerberos server's computing overload and centralized vulnerability to the application server and meet certain security environment.In the authentication system designing , we must accord to the practical need and realistic condition to choose an appropriate technology scheme and leave a space for transition and migration in the future.