摘要： 针对Kerberos域间认证方案中存在的密钥数量庞大和系统安全性脆弱等问题，提出一种可认证的无证书密钥协商协议。该协议通过无证书密码学理论弥补原Kerberos域间认证的缺陷，只需一轮消息交换即可建立安全的域间会话密钥，并提供完善的前向安全性。安全性分析结果表明，改进的协议可以有效解决密钥的管理问题及第三方无举证窃听。

关键词: Kerberos协议, 域间认证, 密钥协商, 无证书密码学

Abstract: In order to solve the problems of enormous keys in Kerberos inter-realm authentication, an authenticated certificateless key agreement protocol is proposed. It can overcome the limitations of original Kerberos authentication. It builds a security inter-realm session key only with one round message exchange, and it provides perfect forward secrecy. Security analysis result shows that the improved protocol can solve key management problem and the interception which can not be proved, and it makes the system more secure.

Key words: Kerberos protocol, inter-realm authentication, key agreement, certificateless cryptography

中图分类号: 

• TP309