| The connection between network communication technology and Internet is more andmore strong. It also brings a range of information security issues. The main content ofnetwork security is becoming how to make sure the safety of users access data and datatransmition.First of all, this paper introduces some basic principles of Cryptography, especially thesymmetric code and public key code. And then, the paper analysis the apply situation of thetwo cryptographic algorithms, and the key distribution. This paper also compares the twokinds of cryptography for their advantages and disadvantages. Furthermore, this paperpresents some related technologies of Cryptography, such as message authentication, hashfunction, digital signature and authentication protocol.Secondly, this paper studies the authentication thinking, working principle, systemorganizational structure and authentication process of Kerberos protocol. After pointing thedeficiency, like the limitation of apply environment, the vulnerability of password attacks, thedifficulties of key management, the paper improves the authentication process of kerberosprotocol by taking Cryptography as basic principle. It also explains the system structure,working principle and the authentication process of the improved Kerberos protocol,including the message exchange process of service authentication, service authorization andapplication service, the basic elements of the message content, the safety performance and thedifferences with the original protocol.At last, this paper bases the above theoretical research, designs and implements thekerberos based software of safe transmission over Internet. The basic function of this softwareis to provide chat function for clients and application servers. In order to ensure the safety ofchat content, the authentication of the software is added by function of selecting encryptionalgorithm of session period. The session key is encrypted by RSA algorithm, cleartext isencrypted by asymmetric encryption algorithm, and implementing message authentication bymessage abstract which generated by SHA algorithm. Therefore the system solves theproblem of key distribution and management, and also ensures the entity of exchanged data.This system can provide authentication services for users. The new kerberos protocol is proved to be improved by actual use. However, the system is still insufficient. For example,the authentication is still use time stamp to prevent replay attacks. Although the improvedprotocol is not perfect, it also can meet the requirement which including reliability, integrity,authenticity and confidentiality of message in information security. And it can preventeffectively illegal eavesdropping, access, modify and replay attacks by attackers. |
PDF Full Text Request