| As the computer network realizing the resources sharing effectively, network information security problem has become particularly prominent. In order to ensure the confidentiality, integrity, availability of the network information, we should pay more attention to network authentication technology. Authentication technology is mainly used to prevent the initiative attacks of the opponents to the system, such as camouflage and tampering etc. In an open environment, the security of all kinds of information system is particularly important.Kerberos authentication is a more widely used recently. Kerberos authentication is based on the third-party authentication protocol, which is a secure, reliable, transparence and expansible authentication system. Kerberos authentication is based on symmetry key cryptography. It provides the method for the two parties of the network communications to authenticate each identity, which do not depend on the system and IP address of the computer. However, due to its own disadvantage, the Kerberos protocol's applications may be greatly hindered. Overview of analysis of its own limitations and weaknesses, we try to improve authentication system to set a relatively secure, reliable and a simple model of identity authentication.In this paper, a novel Kerberos cross-realm authentication scheme based on public key encryption is presented. In order to solve the problems of enormous keys in Kerberos cross-realm authentication and the low security, this paper introduces the intermediary KDC and public key encryption to improve the Kerberos cross-realm authentication system. In this improved scheme, ECC is used, both the intermediary KDC and the related common KDC share each other's public key. Through the analysis of feasibility and security, this scheme makes the system more secure, and the key management and maintenance becomes easier. |
PDF Full Text Request