| E-mail is one of the most favorite services in Internet. But the running mechanism of E-mail itself exists some leaks, as a result, the leaking and cheating incidents of E-mail information often take place during the process of mail transmitting. Researchers have taken measures to guarantee the security of mail, but there are also some other existing defects in email security authentication technology, such as compatibility issue with certain service or anti-spam technology, security problems, a variety of attacks, higher costs and complex implementation. Identity Authentication is the one very important aspect in the information security theory. And it is one of the important mechanism for network security. When Identity authentication technology is applied to the mail service, it can effectively guarantee the security of the email and control costs, and so on.After analyzing the main identity authentication technology, this paper select the Kerberos protocol as a major part of email security certification technology. This article focuses on the application of Kerberos authentication protocol in the email services, and analysis the problems of Kerberos protocol email security in the application. This article presents some problem in clock synchronization, the password and key storage when the Kerberos protocol is implemented. Attackers can obtain a lot of access by the request to password Server, then they can guess the password by calculation and analysis of the key. There are some problems in timestamp and clock synchronization which make the mail server can be easily deciphered and attacked. Kerberos authentication Center need keep large numbers of shared key, thus, neither the Administration nor the update has a great deal of difficulty. So it needs special granular security protection measures. It will pay a great deal of system cost on the key storage-management issues.In order to modify the problem above, this paper analysis and design a Kerberos authentication system, and apply IP address encryption and complex key security encryption to the system. And this paper proposed the control factor should be added to users'sending authentication information, which could avoide Kerberos against denial of service attacks. In analysis and design implementation of Kerberos protocol in the email security services, progressive analysis method is used in this article. After resolved a problem, according to the later emerging issues, we progressive resolve all problems, until the system security meets the practical requirements. The main frame of this paper is that introducing the Kerberos protocol, the mail transmitting protocol and the theory and technology of the Windows Sockets programming. Based on the rule of Kerberos, this paper designs a authentication system with Kerberos. At the end of this paper, it makes some analysis of the main modules in Kerberos authentication, and concludes the detailed flow and analyzes the security of the running results. |
PDF Full Text Request