Search
E-mail
RSS

Author Login Chief Editor Login Reviewer Login Editor Login Remote Office
Author Login Chief Editor Login Reviewer Login Editor Login Remote Office

Computer Engineering ›› 2011, Vol. 37 ›› Issue (24): 109-111.

• Networks and Communications • Previous Articles     Next Articles

Improved Kerberos Single Sign-on Protocol

SHAO Ye-qin a, CHEN Jian-ping b, GU Xiang b   

  1. (a. Center of Modern Educational Technology; b. School of Computer Science and Technology, Nantong University, Nantong 226019, China)
  • Received:2011-07-01 Online:2011-12-20 Published:2011-12-20

改进的Kerberos单点登录协议

邵叶秦 a,陈建平 b,顾 翔 b   

  1. (南通大学 a. 现代教育技术中心;b. 计算机科学与技术学院,江苏 南通 226019)
  • 作者简介:邵叶秦(1978-),男,实验师,主研方向:网络安全; 陈建平,教授;顾 翔,副教授
  • 基金资助:
    江苏省高校自然科学基金资助项目(08KJB520009);江苏省现代教育技术研究“十一五”规划立项课题基金资助项目(2010-R- 16939, 2010-R-16884)

PDF

Abstract: This paper analyzes the problems of the password guessing dictionary attacks and message replay attacks in current Kerberos protocol. An improved single sign-on protocol is proposed. The prevention of password guessing dictionary attacks is achieved by adding a random number and employing a dynamic key in authentication messages. The resistance of replay attacks is realized by marking the message between a client and its corresponding server with a unique serial number. Experimental results show that the improved protocol is valid.

Key words: single sign-on, Kerberos protocol, dictionary attack, replay attack

摘要: 现有Kerberos协议易受密码猜测字典攻击和报文重放攻击。为此,提出一个改进的Kerberos单点登录协议。在认证报文中添加随机数并使用动态密钥,防止密码猜测字典攻击,为每个报文添加一个唯一的序列号,防止报文重放攻击。实验结果证明了改进协议的有 效性。

关键词: 单点登录, Kerberos协议, 字典攻击, 重放攻击

CLC Number: 

copyright@Editorial Department of Computer Engineering
Address:No. 63, Chengliu Road, Shanghai, 201808
Tel: 021-67092217 
E-mail:ecice06@ecict.com.cn
Powered by Beijing Magtech Co. Ltd,.