Design And Implement The E-mail Service Certification Based On The Kerberos Protocol And DES Encryption Algorithm

As a matter of fact, we rely more and more in our routine work and daily life onemail–the fast, convenient, effective and credible way of information communicationtool. However，we must note that security incidents such as sensitive informationleakage，information fraud and Trojan attack occurs frequently when using email as acommunication tool. Such security incidents have resulted in severe impact on theeffective operation and service of email server and have become serious informationsecurity threats to email user, sometimes they may even cause significant economic loss.Therefore, an in-depth study and research of the vulnerability and threat hiding in emailtransmission is much necessary in order to prevent the occurrence of security incidents.This thesis, through the study of Kerberos protocol and the DES encryptionalgorithm, proposes and describes the design of a new model algorithm of the Kerberosprotocol based on the result of in-depth analysis of e-mail transmission process and theKerberos protocol. The thesis also addresses the way of assuring the effectiveness andsecurity of information in email transmission by applying the new Kerberos protocolmodel into the process of e-mail transmission. In order to achieve the goals of designand implementation, the main work as following:1. Study and analyze the Kerberos protocol content requirements and its realizationapproach. As a result of the study, a new Kerberos algorithm model is proposed intowhich two control factors as time stamp and validity are incorporated to ensure thenon-fraudulent and non-repudiation characteristics of email information.2. Study the realization approach of information encryption and decryption in theKerberos authentication process based on analysis of comparing the advantages anddisadvantages of symmetric encryption algorithm and non-symmetric encryptionalgorithm. In the study, the DES, which has been certified by international securityverification, is selected as the information encryption algorithm of the certificationprocess.3. Study the design of standardization of data input and output format. As a resultof the study, it is proposed that TLV format in ASN.1encoding rules be applied to format all of the data and information requiring encryption to eliminate errors that mayoccur in the encryption and decryption process.4. Simulate the realization processes of the e-mail service certification based onKerberos protocol and DES encryption algorithm, which include processes ofAuthentication stage, Notes authorization stage and E-mail service stage.This thesis final designed a new Kerberos protocol algorithm model, successfullyapplied to the e-mail system for identity authentication and notes authorization, andthrough DES encryption and decryption algorithms for identity authentication andcommunication data encryption and decryption, this thesis has successfully completedthe goal.