An enhanced Kerberos protocol with non-interactive zero-knowledge proof

被引：3

作者：

Zhu, Yuesheng ^{[1
]}

Ma, Limin ^{[1
]}

Zhang, Jinjiang ^{[1
]}

机构：

[1] Peking Univ, Shenzhen Grad Sch, Commun & Informat Secur Lab, Shenzhen, Peoples R China

来源：

SECURITY AND COMMUNICATION NETWORKS | 2015年 / 8卷 / 06期

关键词：

authentication; Kerberos; password-guessing attacks; PKINIT; zero-knowledge proof;

D O I：

10.1002/sec.1066

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

As one of the most important trusted third-party-based authentication protocols, Kerberos is widely used to provide authentication service in distributed networks. However, it is vulnerable to common brute force password-guessing attacks because of its password-based mechanism. Some enhanced Kerberos protocols based on public key cryptography were proposed as solutions, but they require excessive computation and communication resources. In this paper, a new enhanced Kerberos protocol with non-interactive zero-knowledge proof is proposed, in which the clients and the authentication server can mutually authenticate each other without revealing any information during the authentication process. Our security analysis and experimental results have shown that the proposed scheme can resist password-guessing attacks and is more convenient and efficient than previous schemes. Copyright (C) 2014 John Wiley & Sons, Ltd.

引用

页码：1108 / 1117

页数：10

共 19 条

[1]

Al-Janabi S. T. F., 2011, Proceedings of the 2011 4th International Conference on Developments in e-systems Engineering (DeSE 2011), P209, DOI 10.1109/DeSE.2011.16

[2]

Amin F., 2011, 2011 7th International Conference on Information Assurance and Security (IAS), P308, DOI 10.1109/ISIAS.2011.6122838

[3]

[Anonymous], 2012, FUTURE INFORM TECHNO

[4]

[Anonymous], 1988, P 12 ANN ACM S THEOR, DOI [DOI 10.1145/62212.62222, DOI 10.1145/62212]

[5]

[Anonymous], 2005, RFC 4120

[6]

Cormen T, 2001, INTRO ALGORITHMS, P767

[7]

Dahui Hu, 2010, 2010 IEEE International Conference on Information Theory and Information Security, P274, DOI 10.1109/ICITIS.2010.5689457

[8]

Downnard I, 2002, IEEE POTENTIALS, V21, P30, DOI 10.1109/MP.2002.1166623

[9] EAP-Kerberos II: An Adaptation of Kerberos to EAP for Mutual Authentication [J].

Eum, Sung-Hyun ;

Choi, Hyoung-Kee .

2008 8TH INTERNATIONAL CONFERENCE ON ITS TELECOMMUNICATIONS, PROCEEDINGS, 2008, :78-83

[10] Security Analysis of the Kerberos protocol using BAN logic [J].

Fan, Kai ;

Li, Hui ;

Wang, Yue .

FIFTH INTERNATIONAL CONFERENCE ON INFORMATION ASSURANCE AND SECURITY, VOL 2, PROCEEDINGS, 2009, :467-+

← 1 2 →