Security Analysis Of Kerberos And Research And Improvement On The Authentication Scheme

In the distributed network environment, most of cross-domain authentications are based on Kerberos, PKI, IBC authentication scheme and so on, and the Kerberos inter-domain and cross-domain authentication mode based on symmetric cryptosystem is one of the typical schemes. The Kerberos protocol is a TCP/IP network security authentication protocol which is based on trusted third party and applied in the open network environment. It provides safety protection measures and control mechanism in the identity authentication before the user accesses to the system, however, at present there are also some limitation, for example, password guessing attacks, key storage, replay attack and the leak of user information, etc. This article launches the research aiming at the above problems.First of all, the safety analysis of the inter-domain authentication model and cross-domain authentication model based on Kerberos was proceeded by simulating attack process. The analysis indicates that in the inter-domain authentication model the client key Kc is very vulnerable to password guessing attack in the case that password strength is low, symmetric key mechanism makes the key storage and management complex, the replay attack is caused by that it is very difficult to guarantee clock synchronization completely, KDC internal interception and KDC database leakage leads to the leakage of the session key between the client and application server, which results in the communication message decrypted. In the cross-domain authentication model, the system initialization process is very complex and each domain authentication server should store and maintain a large number of shared keys, because of that each domain authentication server is prior to exchange the shared secret. In addition, there exists user identity information leakage risk in the process of applying for cross-domain ticket and accessing to the resource.The new Kerberos improvement scheme based on key chain was put forward on the basis of the domain authentication mode of Kerberos. Firstly, asymmetric key mechanism was imported to solve problems of password guessing attacks and the complexity of the storage and management of symmetric key mechanism. Then, the new method of combining the message sequence number with the random number is used to help the application server S to distinguish the message replayed by the attacker and the message resent by the legal client, which also solves the replay attack problem caused by the clock synchronization. When Client sends a new request message, sequence number increases and a new random number generates. Finally, the key-chain mechanism was built, in view of the management of session key and the problem that the communication data between client C and application server S was intercepted and decrypted to clear by the Key Distribution Center(KDC), the non-volatile memory is adopted on client C and application server S to store the key chain and the message list, and message between client C and application server S is encrypted by the key value in the key chain instead of the session key SKC,S issued by the Ticket Granting Server(TGS), the dynamic of the key values is ensured by message sequence numbers, which improves the security of the system.The new cross-domain authentication scheme based on dual key chain mechanism and anonymous information protection mechanism was proposed on the basis of Kerberos cross-domain authentication model. Firstly, the dual key chain mechanism was built to solve the complex problem in system initialization process caused by that each domain authentication server is prior to exchange the shared secret. The dual key chain was stored in nonvolatile memory of authentication server, and the communication message during the authentication servers in different domain is encrypted by the second floor key value in the dual key chain instead of the shared secret key value, which solves the problem of multiple assignment and repetitive storage. Then, the anonymous identity information was used to apply for cross-domain ticket and access to resource, which solves the risk of user identity information leakage, which existes in the cross-domain access process.The theoretical analysis and simulation results show that the improved Kerberos authentication process has higher security, especially in the cross-domain authentication model, which dramatically reduces the complexity of the system initialization process caused by the shared key exchange and avoids the users’ privacy information leakage.