摘要
Kerberos协议容易遭受口令攻击和重放攻击,且不能提供数字签名服务。针对这些问题,文中结合公钥密码体制、USB智能卡以及指纹识别技术对Kerberos协议加以改进,改进后的协议能够充分利用公钥密码体制的优点,极大降低密钥管理的风险和难度。此外,相比其他仅使用公钥密码体制的改进方案,本方案由于使用了指纹USBkey,实现了对系统使用者物理身份的认证,并节省了使用或建设认证机构CA的开销,使协议更适用于高安全应用场合。
Kerberos protocol is susceptable to password attack and replay attack,and could not provide services such as digital signature.In light of this,a modified Kerberos protocol based on public-key algorithms,intelligent USBkey and fingerprint identification technology is proposed.The modified protocol can take full advantage of public-key algorithms,greatly reduce the risk and difficulty of key management.In addition,compared with other modified scheme only applying public-key algorithms,this scheme,by applying fingerprint USBkey,could achieve the physical ID authentication of the system users,and also save the overhead of CA construction and use,thus is more suitable for the application with fairly high security requirement.
出处
《通信技术》
2015年第2期232-236,共5页
Communications Technology
