Kerberos Authentication System Based On Public Key Cryptography

The computer network will realize the resource sharing effectively, but followed with alot of information security problems. How to guarantee the legal user's legal access toresources and protect hackers' attacks has been the mostly content of network security.The network information security technique commonly includes authentication,authorization, audit, data privacy, data integrity and so on. Thereinto, authentication is thebasement of the network security, and other security services all depend on it. Authenticationprotocol and the security and the extension of the system have been the important factors thateffect the network's more development. Kerberos is an authentication protocol based on KDCand symmetry key cryptography. It provides the method for the two parties of the networkcommucations to authenticate each identity, don't rely on the oprating system and IP addressof the host computer, and ensure the network security to a certain extent. However, due to itslocalizations, Kerberos is impacted to be used in Internet.According to the security problem, this paper makes an overall study on userauthentication based on the Kerberos protocol, using the technique of public keycryptography authentication and the theory of elliptic curve cryptography. The primaryresearch contents are summarized as follows:1. Public key cryptography and Kerberos protocal are researched.In this thesis, three safety and effective public key cryptography algorithm are analyzedand compared. It points out the superiority of ECC on security, calculation speed, memorydemand, bandwidth demand, which compared to the traditional public key cryptographyalgorithm such as RSA, ElGamal and so on. Based on the above, it discussed the issue relatedto the elliptic curve cryptography, like elliptic curve mathematic theory, elliptic curve dispersealogarithm, the encryption and decryption of elliptic curve cryptography, public keycryptography system based of elliptic curve and so on.The thesis studies the authentication thought of Kerberos protocal, and take the KerberosV5 as the example, analyzes the authentication processes in a realm and between realms,points out its insufficiency which are the limitation of application environment, thevulnerability of password attack, the difficulty of the key management.2. A new Kerberos protocal model based on public key cryptography is brought forward.In view of Kerberos's insufficiencies, the improvement programs based on the public keycryptography are put forward to dealing with the problems of Kerberos protocal The famousone should be Yaksha algorithm, it is a kind of distortion of RSA. This thesis has analyzed thegood and bad points of Yaksha algorithm applied on Kerberos and proposed that ECC unitedwith Kerberos is a good solution. Thus,based on ECC and unified the public keyinfrastructure(PKI), the thesis improves Kerberos protocal in existence and puts forward howto use public key cryptography to ensure the security of authentication in the authenticationprocess of Kerberos procotal. At the same time, the accuracy and the security of improvementprotocal are proved with BAN logic。3. A new Kerberos authentication system is developed based on the new Kerberosprotocal model.A Kerberos authentication system model based on public key cryptography is establishedand realized and the whole structure of the model is put forward. This model is not modifiedKerberos procotal directly, but set agent software in clients and servers. The agent softwaresimulates the authentication process of the improved Kerberos procotal based on public keycryptography and combines with the old Kerberos procotal, which realizes the double securitysystem. The Kerberos authentication system has inherited the Kerberos protocal,breakthrough in the security and avoided the weakness and the limitation of Kerberos protocalto a certain degree.