Research On An Improved Kerberos Algorithm Based On Secure Remote Password And Public Key Cryptography

Kerberos is a very useful protocol for net security in modern net communication, but by hardly analyzing following questions, the bad security of symmetric cryptography, the fact of the small space of user's password, the algorithm of off-line dictionary attack in Kerberos protocol, the limitation of off-line dictionary attack was proved that existed in it, and the improved measure was brought up by upwards analysis. By analyzing the essentiality of digital signature in modern electronic commerce, it made that a new improved Kerberos algorithm based on public key cryptography must be brought up.To overcome the following problems, the limitation of the off-line dictionary attack in Kerberos protocol, the fatalness and complexity of user managed the private key, by analyzing the Secure Remote Password's security, expansionary and the expansibility of other protocol, a new secure password-based algorithm for downloading a private key was brought up which based on Secure Remote Password. And then by downloading a private key, a new improved Kerberos algorithm was brought up which based on public key cryptography and provided digital signature. At last a new improved Kerberos algorithm was brought up which based on Secure Remote Password and public key cryptography, namely Improved SRP-RSA Algorithm or ISRA for short.The security prove of ISRA in off-line password attack, by formally prove, the success off-line password attack was proved that it equaled to the one of hard problem's break, namely the probability of the success attack almost equaled to zero. To explain the practicability of ISRA, after optimizing the implement of ISRA, the time efficient of ISRA was proved that it is acceptable by contrasting the time efficient of ISRA, Kerberos protocol and other improved protocol based on public key cryptography. By analyzing the compatibility of following three aspects, the user's login, the use of smart card, the reconstruction of Kerberos based on ISRA, the practicability and expansibility of ISRA was explained more. At last, a realizable algorithm was proposed for the core numerical computation of ISRA, so the importantly implemental problem of ISRA was resolved.