Abstract: This paper proposes a novel scheme aiming at security treatments based on Kerberos protocol with Single Sign-On(SOS) in Web environment. In order to avoid authentication server being attacked, a challenge/response mode with Schnorr protocol is adopted. Secure cookies and HTTP session are selected to solve HTTP protocol non-state, and to keep secure sessions between Web servers. Experimental test shows that this project has solid performance, fast response speed, strong resistibility, and possesses better application value and foreground.

Key words: Kerberos protocol, Schnorr protocol, Single Sign-On(SSO), identity authentication, optimized design

摘要： 针对Kerberos认证协议Web环境中进行单点登录存在的安全隐患，基于Schnorr协议的挑战/响应方式，结合Secure Cookies、HttpSession解决Web环境下HTTP协议的无状态性及服务器间的安全会话。实验结果表明，该方案性能稳健，响应速度快，防攻击力强，具有良好的实用价值和应用前景。

关键词: Kerberos协议, Schnorr协议, 单点登录, 身份认证, 优化设计

CLC Number: 

• TP309