摘要: 现有Kerberos协议易受密码猜测字典攻击和报文重放攻击。为此,提出一个改进的Kerberos单点登录协议。在认证报文中添加随机数并使用动态密钥,防止密码猜测字典攻击,为每个报文添加一个唯一的序列号,防止报文重放攻击。实验结果证明了改进协议的有 效性。
关键词:
单点登录,
Kerberos协议,
字典攻击,
重放攻击
Abstract: This paper analyzes the problems of the password guessing dictionary attacks and message replay attacks in current Kerberos protocol. An improved single sign-on protocol is proposed. The prevention of password guessing dictionary attacks is achieved by adding a random number and employing a dynamic key in authentication messages. The resistance of replay attacks is realized by marking the message between a client and its corresponding server with a unique serial number. Experimental results show that the improved protocol is valid.
Key words:
single sign-on,
Kerberos protocol,
dictionary attack,
replay attack
中图分类号:
邵叶秦, 陈建平, 顾翔. 改进的Kerberos单点登录协议[J]. 计算机工程, 2011, 37(24): 109-111.
SHAO Xie-Qin, CHEN Jian-Beng, GU Xiang. Improved Kerberos Single Sign-on Protocol[J]. Computer Engineering, 2011, 37(24): 109-111.