计算机系统应用
計算機繫統應用
계산궤계통응용
APPLICATIONS OF THE COMPUTER SYSTEMS
2015年
5期
257-260
,共4页
身份认证%Kerberos协议%口令攻击%内部攻击%Diffie-Hellman密钥交换协议
身份認證%Kerberos協議%口令攻擊%內部攻擊%Diffie-Hellman密鑰交換協議
신빈인증%Kerberos협의%구령공격%내부공격%Diffie-Hellman밀약교환협의
user authentication%Kerberos protocol%password attack%insider thread%Diffie-Hellman key exchanged algorithm
针对Kerberos协议的弱点和安全性问题,提出了一个基于混合加密机制的Kerberos改进方案,目的是防范口令攻击和内部攻击。给应用服务器和AS服务器分配公钥和私钥,用户与服务器之间的会话密钥由DH密钥交换生成。给出了改进后的 Kerberos 协议的六个步骤,并对安全性进行分析。分析结果表明,新方案能够增强Kerberos协议的安全性,而且比公钥加密机制高效。
針對Kerberos協議的弱點和安全性問題,提齣瞭一箇基于混閤加密機製的Kerberos改進方案,目的是防範口令攻擊和內部攻擊。給應用服務器和AS服務器分配公鑰和私鑰,用戶與服務器之間的會話密鑰由DH密鑰交換生成。給齣瞭改進後的 Kerberos 協議的六箇步驟,併對安全性進行分析。分析結果錶明,新方案能夠增彊Kerberos協議的安全性,而且比公鑰加密機製高效。
침대Kerberos협의적약점화안전성문제,제출료일개기우혼합가밀궤제적Kerberos개진방안,목적시방범구령공격화내부공격。급응용복무기화AS복무기분배공약화사약,용호여복무기지간적회화밀약유DH밀약교환생성。급출료개진후적 Kerberos 협의적륙개보취,병대안전성진행분석。분석결과표명,신방안능구증강Kerberos협의적안전성,이차비공약가밀궤제고효。
Aiming at the vulnerability and security problem of Kerberos protocol, an enhanced scheme of Kerberos protocol based on hybrid cryptosystem is put forward. The aims of the improved scheme are able to defend the password attacks and the insider threads. Public keys and private keys are assigned to the application servers and the AS server, the session key between user and application server is generated by DH key exchanged algorithm. The improved Kerberos protocol is given by six steps and the security is analyzed. Analysis shows that the new scheme can enhance the security of Kerberos and is more efficient than Public key encryption mechanism.
