This paper analyzes the problems of the password guessing dictionary attacks and message replay attacks in current Kerberos protocol. An improved single sign-on protocol is proposed. The prevention of password guessing dictionary attacks is achieved by adding a random number and employing a dynamic key in authentication messages. The resistance of replay attacks is realized by marking the message between a client and its corresponding server with a unique serial number. Experimental results show that the improved protocol is valid.%现有Kerberos协议易受密码猜测字典攻击和报文重放攻击.为此,提出一个改进的Kerberos单点登录协议.在认证报文中添加随机数并使用动态密钥,防止密码猜测字典攻击,为每个报文添加一个唯一的序列号,防止报文重放攻击.实验结果证明了改进协议的有效性.
展开▼