Improved Kerberos single sign-on protocol based on certificateless implicit authentication

Computer Engineering and Applications ›› 2013, Vol. 49 ›› Issue (10): 105-108.

Previous Articles Next Articles

Improved Kerberos single sign-on protocol based on certificateless implicit authentication

WANG Juan1，2, ZHENG Shuli2, FANG Yuankang3

1.Mathematics and Computer Science Department, Chizhou College, Chizhou, Anhui 247000, China
2.College of Computer and Information, Hefei University of Technology, Hefei 230009, China
3.College of Information Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016, China

Online:2013-05-15 Published:2013-05-14

无证书隐式认证改进的Kerberos单点登录协议

王娟1，2，郑淑丽2，方元康3

1.池州学院数学与计算机科学系，安徽池州 247000
2.合肥工业大学计算机与信息学院，合肥 230009
3.南京航空航天大学信息科学与技术学院，南京 210016

Abstract

Abstract: In order to solve the problems, such as password-based attack, replay attack, the key escrow, and low efficiency, existing in Kerberos single sign-on protocol, this paper introduces certificateless implicit authentication without logarithmic operation and key agreement protocol to improve it. Meanwhile, robust security of the new protocol can be proved in the random oracle model, and the advantages of the improved Kerberos single sign-on protocol can also be showed. Because the introduced key agreement protocol only needs triple dot multiplications and double hash operations, the computational overhead is lower. Moreover, some problems in the original Kerberos protocol can be solved by adopting implicit authentication. For example, the third party’s interception without solid evidence can be avoided and the attacks of man-in-the-middle can also be overcome efficiently.

Key words: single sign-on, Kerberos protocol, certificateless cryptography, implicit authentication, key agreement

摘要： 针对Kerberos单点登录协议存在的口令攻击、重放攻击、密钥需要托管和效率不高等问题，引入一种无对数运算的无证书隐式认证与密钥协商协议对其进行了改进。在随机预言机模型下证明了新协议的强安全性，分析了改进后Kerberos单点登录协议的优势。引入的密钥协商协议仅需3次点乘运算和2次哈希运算，计算开销较低。采用隐式认证方式，避免了原Kerberos中第三方对信息的无举证窃听，有效克服了中间人攻击。

关键词: 单点登录, Kerberos协议, 无证书密码学, 隐式认证, 密钥协商

WANG Juan1，2, ZHENG Shuli2, FANG Yuankang3. Improved Kerberos single sign-on protocol based on certificateless implicit authentication[J]. Computer Engineering and Applications, 2013, 49(10): 105-108.

王娟1，2，郑淑丽2，方元康3. 无证书隐式认证改进的Kerberos单点登录协议[J]. 计算机工程与应用, 2013, 49(10): 105-108.

[1]	NIU Shufen, YANG Xiyan, LI Zhenbin, WANG Caifen. Hybrid Signcryption Scheme Based on Heterogeneous System [J]. Computer Engineering and Applications, 2019, 55(3): 61-67.
[2]	LI Lei, XU Chungen, XU Lei, ZHAO Zemao. Research on Electronic Medical Record Data Management in Cloud Environment [J]. Computer Engineering and Applications, 2019, 55(15): 135-140.
[3]	LI Xiaowen, LI Yangyang, LEI Xiu. Research and Implementation of Authentication and Key Agreement Process in 5G Client [J]. Computer Engineering and Applications, 2019, 55(11): 35-39.
[4]	XU Guoyu, MIAO Xuna, ZHANG Junfeng, JIANG Tao, MA Xiaofei. Review of implicit authentication for mobile devices [J]. Computer Engineering and Applications, 2018, 54(6): 19-25.
[5]	FANG Liang1, LIU Fengnian2, MIAO Fuyou1. Group key negotiate scheme based on secret sharing [J]. Computer Engineering and Applications, 2018, 54(12): 69-73.
[6]	HE Yefeng. Quantum key agreement protocols immune to collective noise [J]. Computer Engineering and Applications, 2018, 54(10): 26-30.
[7]	DENG Fei1, ZHU Ying2. Novel one-round certificateless group authenticated key agreement protocol [J]. Computer Engineering and Applications, 2017, 53(5): 111-115.
[8]	CHEN Haihong1, LI Junyi2. Novel ID-based group authenticated key agreement scheme [J]. Computer Engineering and Applications, 2017, 53(21): 103-109.
[9]	LI Ming. Novel two-party authenticated key agreement protocol in Wireless Sensor Network [J]. Computer Engineering and Applications, 2016, 52(3): 100-102.
[10]	HU Jianghong1, DU Hongzhen1, ZHANG Jianzhong2. Analysis and improvement of certificateless aggregate signature scheme [J]. Computer Engineering and Applications, 2016, 52(10): 80-84.
[11]	LIAO Junguo, TAN Yongzhou. Bilateral authentication and key agreement protocol based on lightweight CA for wireless mesh networks [J]. Computer Engineering and Applications, 2016, 52(1): 95-99.
[12]	CHEN Hong1, ZHENG Yanyan1, XIAO Zhenjiu1，2. Certificateless-based two-party authenticated key agreement protocol for multiple PKG environment without bilinear pairing [J]. Computer Engineering and Applications, 2015, 51(7): 74-79.
[13]	ZENG Ping, ZHANG Li, HU Ronglei, YANG Yatao, LIU Peihe. Lightweight authenticated key agreement protocol based on ECC for wireless sensor networks [J]. Computer Engineering and Applications, 2014, 50(2): 65-69.
[14]	JIA Zongpu, LI He, SONG Cheng, ZHANG Xiaohong. Efficient certificateless tripartite key agreement protocol [J]. Computer Engineering and Applications, 2014, 50(10): 105-107.
[15]	ZHANG Longxiang. Novel group authenticated key agreement protocol in ternary tree structure [J]. Computer Engineering and Applications, 2013, 49(24): 83-87.

Improved Kerberos single sign-on protocol based on certificateless implicit authentication

无证书隐式认证改进的Kerberos单点登录协议

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics