基于公钥密码的Kerberos认证协议研究
|
摘要
身份认证是网络安全的基石,是网络通信双方在通信时验证对方身份的技术。Kerberos是基于可信第三方KDC使用对称密钥加密算法的认证协议,适合在一个物理网络并不安全的环境下使用。影响Kerberos可升级的潜在限制因素是它使用对称密钥加密,建立和维护大量共享密钥的难题影响了Kerberos在Internet中的推广应用。目前人们已经提出了很多Kerberos公钥扩展方案来改善了Kerberos系统,但是没有结合PKI来管理证书或者撤销列表。本文针对Kerberos本身上的弱点和与公钥结合上的不足,从Kerberos与公钥结合互操作性上进行研究,主要完成以下工作:
(1).对Kerberos的设计思想,基本认证协议作了详细的探讨,并且分析了协议的安全性和缺陷。对PKI的体系结构以及它在证书层次、证书管理、以及标准化方面做了探讨。并对现有的一些Kerberos公钥扩展方案的设计思想和不足之处进行了分析。
(2).采用了CMS标准来定义PKINIT协议中的高层消息格式可以获得具有高度互操作性的Kerberos公钥扩展方案。在传递的公钥认证相关消息的签名和信封数据部分的格式采用加密消息语法中的SignedData格式和EnvelopedData格式来封装,这样为Kerberos与PKI的透明结合提供了途径。
(3).在Kerberos公钥认证的基础上,考虑到Kerberos服务器在认证请求增多的时候,由于采用了公钥算法,可能会出现的计算性能瓶颈问题。我们设计了一个应用服务器直接认证的方案,该方案可以将Kerberos服务器上的计算负载和集中式风险转移到应用服务器上,以满足不同安全环境的需求。
在身份认证系统的设计中,我们应该根据实际的需求和现实条件,选择当前合适的技术方案,同时为将来的过渡和移植留下空间。
As the basement of the network security, Identity authentication is the technology that someone use it reliably to validate the other end's identity in communication with he. Kerberos is a authentication protocol based on KDC and symmetry key cryptography. It is used suitably in a physical insecurity network. The potential fact holdbacked the Kerberos scalable is its difficulty to construct and maintenance the secret key because of its using symmetry cryptography mechanism, It's also impact Kerberos been using in Internet. Now people had given some proposal integrating public key cryptography in Keberos to improve the Kerberos's performance, but these proposals maintenance the certificates and CRL without using PKI. In analyzing the Kerberos's weakness and insufficiency of integrating Kerberos with PKI This thesis have made some underlying works:
(1). A particular analysis had been made in Kerberos's design thinking and base authentication protocol. Also, we pointed out the security and limitation of the Kerberos. We had made a research of the PKI architecture and its certificates hierarchy , management and standardization problems. Meanwhile, an analysis is been worked out on deficiency and limitation of these Kerberos integrating public key cryptography schemes.
(2). By using CMS syntax standard to define the high level message format in PKINIT protocol, we can get a Kerberos integrating public key cryptography scheme with highly interoperability. In the scheme we employ the CMS's signed data format and enveloped data format to encoding the public key message transfer in authentication. So the PKINIT-CMS scheme can offer an approach to combine the Kerberos with PKI pellucidly .
(3). As authentication request amount increased with centralized Kerberos server and public key cryptography's time complexity, a computing neck bottle maybe occur potentially. So we designed an application server direct authentication scheme in the basement of the Kerberos protocol integrating the public key cryptography. This scheme can shift the Kerberos server's computing overload and centralized vulnerability to the application server and meet certain security environment.
In the authentication system designing , we must accord to the practical need and realistic condition to choose an appropriate technology scheme and leave a space for transition and migration in the future.
(1).对Kerberos的设计思想,基本认证协议作了详细的探讨,并且分析了协议的安全性和缺陷。对PKI的体系结构以及它在证书层次、证书管理、以及标准化方面做了探讨。并对现有的一些Kerberos公钥扩展方案的设计思想和不足之处进行了分析。
(2).采用了CMS标准来定义PKINIT协议中的高层消息格式可以获得具有高度互操作性的Kerberos公钥扩展方案。在传递的公钥认证相关消息的签名和信封数据部分的格式采用加密消息语法中的SignedData格式和EnvelopedData格式来封装,这样为Kerberos与PKI的透明结合提供了途径。
(3).在Kerberos公钥认证的基础上,考虑到Kerberos服务器在认证请求增多的时候,由于采用了公钥算法,可能会出现的计算性能瓶颈问题。我们设计了一个应用服务器直接认证的方案,该方案可以将Kerberos服务器上的计算负载和集中式风险转移到应用服务器上,以满足不同安全环境的需求。
在身份认证系统的设计中,我们应该根据实际的需求和现实条件,选择当前合适的技术方案,同时为将来的过渡和移植留下空间。
As the basement of the network security, Identity authentication is the technology that someone use it reliably to validate the other end's identity in communication with he. Kerberos is a authentication protocol based on KDC and symmetry key cryptography. It is used suitably in a physical insecurity network. The potential fact holdbacked the Kerberos scalable is its difficulty to construct and maintenance the secret key because of its using symmetry cryptography mechanism, It's also impact Kerberos been using in Internet. Now people had given some proposal integrating public key cryptography in Keberos to improve the Kerberos's performance, but these proposals maintenance the certificates and CRL without using PKI. In analyzing the Kerberos's weakness and insufficiency of integrating Kerberos with PKI This thesis have made some underlying works:
(1). A particular analysis had been made in Kerberos's design thinking and base authentication protocol. Also, we pointed out the security and limitation of the Kerberos. We had made a research of the PKI architecture and its certificates hierarchy , management and standardization problems. Meanwhile, an analysis is been worked out on deficiency and limitation of these Kerberos integrating public key cryptography schemes.
(2). By using CMS syntax standard to define the high level message format in PKINIT protocol, we can get a Kerberos integrating public key cryptography scheme with highly interoperability. In the scheme we employ the CMS's signed data format and enveloped data format to encoding the public key message transfer in authentication. So the PKINIT-CMS scheme can offer an approach to combine the Kerberos with PKI pellucidly .
(3). As authentication request amount increased with centralized Kerberos server and public key cryptography's time complexity, a computing neck bottle maybe occur potentially. So we designed an application server direct authentication scheme in the basement of the Kerberos protocol integrating the public key cryptography. This scheme can shift the Kerberos server's computing overload and centralized vulnerability to the application server and meet certain security environment.
In the authentication system designing , we must accord to the practical need and realistic condition to choose an appropriate technology scheme and leave a space for transition and migration in the future.
引文
[1] 樊成丰,林东,网络信息安全&PGP加密.北京:清华大学出版社,1998.
[2] 卢开澄.计算机密码学—计算机网络中的数据保密和安全.北京:清华大学出版社.1998.P1-2.
[3] 龚俭 陆晟 王倩 编著.计算机网络安全导论.南京:东南大学出版社.2000P110-115
[4] Bruce Schneier. Applied Cryptography Protocols, Aglorithms, and Source Code in C. John Wiley&Sons,Inc. 1996. P188-212.
[5] Bruce Schneier. Applied Cryptography Protocols, Aglorithms, and Source Code in C. John Wiley&Sons,Inc. 1996. P225-229.
[6] Diffie,W.and Hellman,M New Directions in Cryptography. IEEE Transinform Theory, 1976,Vol. IT-22(6), P.644-654.
[7] 李中献,詹榜华,杨义先.认证理论与技术发展.电子学报.1999-7.
[8] 金庆华,郭庆平.计算机网络中的认证.交通与计算机.1994-4,17(2).
[9] 叶锡钧,吴国新.一次口令认证技术的分析与改进.计算机工程.2000-9.
[10] 赵战生 冯登国 戴英侠 荆继武.信息安全技术浅谈.北京:科学出版社.1999.
[11] 刘怀宇,李伟琴.浅谈访问控制技术.电子展望与决策.1999-1.
[12] 楚狂.网络安全与防火墙技术.北京:人民邮电出版社.2000
[13] Miller, S., Neuman, C., Schiller, J., and J. Saltzer. "Section E.2.1: Kerberos Authentication and Authorization System," MIT Project Athena. Cambridge, MA. December 1987.
[14] E. Rescorla. Diffie-Hellman Key Agreement Method. June 1999. Request for Comments 2631.
[15] PKCS #3: Diffie-Hellman Key-Agreement Standard. An RSA Laboratories Technical Note. Version 1.4, Revised November 1, 1993.
[16] Brian Tung. Public Key Cryptography for Initial Authentication in Kerberos draft-ietf-cat-kerberos-pk-init-15.txt.
[17] Matthew Hur. Public Key Cryptography for Cross-Realm Authentication in Kerberos draft-ietf-cat-kerberos-pk-cross-08.txt
[18] M. Sirbu, J. Chuang. Distributed Authentication in Kerberos Using Public Key Cryptography Symposium On Network and Distributed System Security. 1997.
[19] J. G. Steiner, B. Clifford Neuman, and J.I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the Winter 1988 Usenix Conference.
February. 1988.
[20] B.C. Neuman, Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks, IEEE Communication. September 1994.
[21] 王新民,崔文孝.分布式计算环境-DCE.黑龙江大学自然科学学报.1999-01-
[22] 白硕.公钥基础设施体系的建设.世界电信.2001-8
[23] Adams.C,Lloyd.S著.冯登国等译.公开密钥基础设施:概念,标准和实施.北京:人民邮电出版社.2001.1.
[24] 李朔京.PKI应用中私钥管理的研究.微型机与应用.2002-01
[25] Wadlow.T.A著 潇湘工作室(译).网络安全要素——应用与标准.北京:人民邮电出版社.2000.
[26] M. Wahl, T. Howes, S. Kille. Lightweight Directory Access Protocol (v3), December 1997. Request for Comments 2251.
[27] 陆松年,蔡亦波,薛质.LDAP与Kerberos系统的集成.计算机工程.2001-02.
[28] 曹桂田 黄令恭.关于对电子邮件安全增强(PEM)机制评述的商榷.上海大学学报:自科版.-1997.P0172-0176
[29] 谢冬青 李超.PEM标准下证书中心构建.通信学报.1999,20(12).P43-48
[30] 潇湘工作室(译).网络安全实施方法.北京:人民邮电出版社.2000
[31] R. Housley, W. Ford, W. Polk, D. Solo. Internet X.509 Public Key Infrastructure, Certificate and CRL Profile. January 1999. Request for Comments 2459.
[32] Intel Architecture Labs. Common Data Security Architecture CDSA. CDSA Developers Conference 2002. 2002.
[33] 李方方,陈雪梅,奚建清.通用数据安全架构(CDSA).工业工程.1999-4.
[34] 王玉柱,吕述望,王挺.Intel的CDSA和Microsoft的CAPI.计算机应用研究.2001-5.
[35] 李新,杨义先.OCSP协议分析和实现.计算机应用.2002-3.
[36] Bellovin S M, Merritt M. Limitation of Kerberos authentication system. Computer Magazine. 1994. 32-38.
[37] Gavin Lowe. An Attack on the Needham-Schroeder Public-Key Authentication Protocol. 1995.
[38] Kohl, J., and C. Neuman. "The Kerberos Network Authentication Service (V5)," RFC 1510. September 1993.
[39] 王铁钢,屈艳.智能IC卡的安全与鉴别技术研究.微处理机.2002-2-.
[40] 曹宁,冯晔.智能卡的发展和应用.微计算机信息(微刑机信息)Vol.13,No.6,1997
[41] PKCS #7: Cryptographic Message Syntax Standard. An RSA Laboratories Technical Note Version 1.5. Revised November 1. 1993.
[42] R. Housley. Cryptographic Message Syntax. draft-ietf-smime-cms-13.txt. April 1999. approved for publication as RFC.
[43] 陈彦学.信息安全理论与务实.北京:中国铁道出版社.2001.P74—81.
[44] ITU-T (formerly CCITT) Information Processing Systems-Open Systems Interconnection-Specification of Abstract Syntax Notation One (ASN.1) Rec. X.680 ISO/IEC 8824-1.
[45] Randall W.Lichota,Hughes. Verifying Cryptographic Protocols for Electronic Commerce. Oakland,California. November 1996.
[46] S. Dusse, P. Hoffman, B. Ramsdell, J. Weinstein. S/MIME Version 2 Certificate Handling,. March 1998. Request for Comments 2312.
[47] 余志东,温钢,张申生.基于S/MIME的安全电子邮件系统.计算机工程.2001-05.
[48] Wadlow.T.A著潇湘工作室(译).网络安全实施方法.北京:人民邮电出版社.2000.
[49] 黄元飞,陈麟,唐三平.信息安全与加密解密核心技术.上海:浦东电子出版社.2001.7.
[2] 卢开澄.计算机密码学—计算机网络中的数据保密和安全.北京:清华大学出版社.1998.P1-2.
[3] 龚俭 陆晟 王倩 编著.计算机网络安全导论.南京:东南大学出版社.2000P110-115
[4] Bruce Schneier. Applied Cryptography Protocols, Aglorithms, and Source Code in C. John Wiley&Sons,Inc. 1996. P188-212.
[5] Bruce Schneier. Applied Cryptography Protocols, Aglorithms, and Source Code in C. John Wiley&Sons,Inc. 1996. P225-229.
[6] Diffie,W.and Hellman,M New Directions in Cryptography. IEEE Transinform Theory, 1976,Vol. IT-22(6), P.644-654.
[7] 李中献,詹榜华,杨义先.认证理论与技术发展.电子学报.1999-7.
[8] 金庆华,郭庆平.计算机网络中的认证.交通与计算机.1994-4,17(2).
[9] 叶锡钧,吴国新.一次口令认证技术的分析与改进.计算机工程.2000-9.
[10] 赵战生 冯登国 戴英侠 荆继武.信息安全技术浅谈.北京:科学出版社.1999.
[11] 刘怀宇,李伟琴.浅谈访问控制技术.电子展望与决策.1999-1.
[12] 楚狂.网络安全与防火墙技术.北京:人民邮电出版社.2000
[13] Miller, S., Neuman, C., Schiller, J., and J. Saltzer. "Section E.2.1: Kerberos Authentication and Authorization System," MIT Project Athena. Cambridge, MA. December 1987.
[14] E. Rescorla. Diffie-Hellman Key Agreement Method. June 1999. Request for Comments 2631.
[15] PKCS #3: Diffie-Hellman Key-Agreement Standard. An RSA Laboratories Technical Note. Version 1.4, Revised November 1, 1993.
[16] Brian Tung. Public Key Cryptography for Initial Authentication in Kerberos draft-ietf-cat-kerberos-pk-init-15.txt.
[17] Matthew Hur. Public Key Cryptography for Cross-Realm Authentication in Kerberos draft-ietf-cat-kerberos-pk-cross-08.txt
[18] M. Sirbu, J. Chuang. Distributed Authentication in Kerberos Using Public Key Cryptography Symposium On Network and Distributed System Security. 1997.
[19] J. G. Steiner, B. Clifford Neuman, and J.I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the Winter 1988 Usenix Conference.
February. 1988.
[20] B.C. Neuman, Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks, IEEE Communication. September 1994.
[21] 王新民,崔文孝.分布式计算环境-DCE.黑龙江大学自然科学学报.1999-01-
[22] 白硕.公钥基础设施体系的建设.世界电信.2001-8
[23] Adams.C,Lloyd.S著.冯登国等译.公开密钥基础设施:概念,标准和实施.北京:人民邮电出版社.2001.1.
[24] 李朔京.PKI应用中私钥管理的研究.微型机与应用.2002-01
[25] Wadlow.T.A著 潇湘工作室(译).网络安全要素——应用与标准.北京:人民邮电出版社.2000.
[26] M. Wahl, T. Howes, S. Kille. Lightweight Directory Access Protocol (v3), December 1997. Request for Comments 2251.
[27] 陆松年,蔡亦波,薛质.LDAP与Kerberos系统的集成.计算机工程.2001-02.
[28] 曹桂田 黄令恭.关于对电子邮件安全增强(PEM)机制评述的商榷.上海大学学报:自科版.-1997.P0172-0176
[29] 谢冬青 李超.PEM标准下证书中心构建.通信学报.1999,20(12).P43-48
[30] 潇湘工作室(译).网络安全实施方法.北京:人民邮电出版社.2000
[31] R. Housley, W. Ford, W. Polk, D. Solo. Internet X.509 Public Key Infrastructure, Certificate and CRL Profile. January 1999. Request for Comments 2459.
[32] Intel Architecture Labs. Common Data Security Architecture CDSA. CDSA Developers Conference 2002. 2002.
[33] 李方方,陈雪梅,奚建清.通用数据安全架构(CDSA).工业工程.1999-4.
[34] 王玉柱,吕述望,王挺.Intel的CDSA和Microsoft的CAPI.计算机应用研究.2001-5.
[35] 李新,杨义先.OCSP协议分析和实现.计算机应用.2002-3.
[36] Bellovin S M, Merritt M. Limitation of Kerberos authentication system. Computer Magazine. 1994. 32-38.
[37] Gavin Lowe. An Attack on the Needham-Schroeder Public-Key Authentication Protocol. 1995.
[38] Kohl, J., and C. Neuman. "The Kerberos Network Authentication Service (V5)," RFC 1510. September 1993.
[39] 王铁钢,屈艳.智能IC卡的安全与鉴别技术研究.微处理机.2002-2-.
[40] 曹宁,冯晔.智能卡的发展和应用.微计算机信息(微刑机信息)Vol.13,No.6,1997
[41] PKCS #7: Cryptographic Message Syntax Standard. An RSA Laboratories Technical Note Version 1.5. Revised November 1. 1993.
[42] R. Housley. Cryptographic Message Syntax. draft-ietf-smime-cms-13.txt. April 1999. approved for publication as RFC.
[43] 陈彦学.信息安全理论与务实.北京:中国铁道出版社.2001.P74—81.
[44] ITU-T (formerly CCITT) Information Processing Systems-Open Systems Interconnection-Specification of Abstract Syntax Notation One (ASN.1) Rec. X.680 ISO/IEC 8824-1.
[45] Randall W.Lichota,Hughes. Verifying Cryptographic Protocols for Electronic Commerce. Oakland,California. November 1996.
[46] S. Dusse, P. Hoffman, B. Ramsdell, J. Weinstein. S/MIME Version 2 Certificate Handling,. March 1998. Request for Comments 2312.
[47] 余志东,温钢,张申生.基于S/MIME的安全电子邮件系统.计算机工程.2001-05.
[48] Wadlow.T.A著潇湘工作室(译).网络安全实施方法.北京:人民邮电出版社.2000.
[49] 黄元飞,陈麟,唐三平.信息安全与加密解密核心技术.上海:浦东电子出版社.2001.7.