基于智能卡的Kerberos协议的改进

Improvement of Kerberos Protocol Based on Smartcard

原Kerberos协议在使用上存在口令窃听和时钟同步的问题,本文在分析其局限性的基础上,与智能卡技术相结合,使用智能卡产生的随机数代替时间戳,提出了一种基于智能卡的新的协议。与原协议相比较,该协议解决了口令窃听和时钟同步的问题,更好的保护了用户的秘密信息。通过BAN逻辑分析,证明了改进协议的安全性。

The problems of password wiretapping and clock synchronization existed in the use of original Kerberos protocol. On the basis of analyzing its limitation, a new protocol is proposed,which combines the technology of smartcard and uses nouce to substitute time stamp.Compared to the original protocol,the new one figures out the problems of password wiretapping and clock synchronization and protects secrets of user better.By BAN logic analysis,the security of this new protocol is proved.