A Kerberos Cross-realm Authentication Model Based On Trust And Zero-knowledge Proof

From the 70s of the 20th century, we gradually came into the information society and the Internet has been changing the people's lifestyles and the efficiency of people's work with an alarming rate. With the widespread use of distributed computer network, the security of network has become an increasingly important issue. The security of network technology, especially as the first line of defense of the security system, the identity authentication technology, has become an important influence factor in the further development of network. The Kerberos authentication protocol is proposed by MIT in the 80s of the 20th century, which has been widely used. Kerberos authentication protocol includes authentication mode and cross-realm authentication mode. When users need cross-realm authentication, in order to prove their identity to the TGS of other realm, they must submit the ticket which is produced by the TGS of their realm and contains their identity information to the TGS of other realm. So, In the process of tickets'filing and storage, it is possibility that the identity information of users may leak, and users also can not anonymously login. This paper proposes a new improvement for Kerberos cross-realm authentication model based on trust and zero-knowledge proof.This paper takes the Kerberos cross-realm authentication model based on public key cryptography as research key. Firstly, the development status and principle of public key cryptography is introduced. Secondly, the basic concepts and principles of zero-knowledge proof is introduced. Then, the traditional Kerberos authentication model and some improved cross-realm models is introduced, and we analyze the advantages and disadvantages of these models. Finally, based on the ELGamal algorithm, we propose a new improvement for Kerberos cross-realm authentication model based on trust and zero-knowledge proof, in which users can prove their identity without submitting the tickets containing the identity information of users, and discusse the security and advantage issue of the new model in detail.For the shortcoming of varieties of Kerberos cross-realm authentication model , that in the cross-realm authentication process, users should submit the ticket containing their own identity information, the new model uses zero-knowledge proof and can prove users'identity without tickets. It prevents the possibility of leaking user's information and allows user anonymously login. For the shortcoming that zero-knowledge proof needs several rounds of inquiry, which cost large amount of storage, the new model combinestrust value, so the user from the realm that has higher trust value, required less rounds of zero-knowledge proof and less data number, vice verse. It improves the model's certification efficiency and security.