Improvement And Application Of Kerberos Protocol Based On ECC And USBKEY

In the network Information Age, Remote Access Service (RAS) has become a convenient and efficient mode of getting information resources for people to work, study and entertainment. In an open network environment, it's hoped that the resources in the server is opened to the legal user in the network, and the server can prevent illegal user to peculate or demolish the resources; on the other hand, the legal user must believe that the resources which he received are correct and not juggled by other people. Thus based on these two requirements, in a distributed network, it must provide a mechanism to authenticate the identity of the user.The continuous development of the Internet, but also to speed up the company or enterprise's information construction, information security issues have been increasingly attracted attention. However, a company established in various application systems is not easy, and always step by step, the construction or improvement of which resulted in authentication of each system are independent of each other. In the conventional security model, the user to access multiple applications, the need for multiple login authentication , so the user data will be much duplication and redundancy, system management is also more difficult.Kerberos protocol is based on Client / Server model of a tripartite authentication protocols, applied a three-way approach. It according to a third-party services which also named the key distribution centers to verify the identity of entities, it established a computer key to ensure security between communications. User authentication login only once, we can freely shuttle between multiple applications without having to repeatedly enter a user name and password to determine the identity, Kerberos in the service plays a credible arbiter role. In this paper, the study of elliptic curve cryptosystem (ECC) and USBKEY identity authentication technology, improve the original Kerberos protocol to solve the practical application of the weaker physical authentication, large number of single-key and Network Clock is not synchronized problems. And the improved protocol security logic on a theoretical evidence to prove that the conclusions and system test results have proved the feasibility of improving the agreement.