【作者】 姚传茂；

【导师】 叶震；

【作者基本信息】 合肥工业大学 ， 计算机应用技术， 2003， 硕士

【摘要】 随着Internet的飞速发展，网络安全的地位日益突出。网络的安全措施应是能全方位地针对各种不同的威胁，这样才能确保网络信息的保密性、完整性和可用性。作为安全服务中的一种——实体认证尤为重要。在一个公开的分布式网络环境中，工作站上的用户希望访问分布在网络上的服务器资源。但网络上的资源仅允许授权用户的特定权限的访问，因此，在分布式网络中，必须提供一种机制来对用户的身份进行认证。Kerberos是为TCP／IP网络设计的基于Client／Server模式的三方验证协议，广泛应用于Internet服务的访问，网络中的Kerberos服务起着可信仲裁者的作用。Kerberos基于对称密码体制，可提供安全的客体认证。本文结合Diffie-Hellman公开密钥算法，并分析了Diffie-Hellman算法的中间人攻击，拟对Kerberos协议进行一定的改进，解决Kerberos利用其产生的会话密钥解密通信双方的密文消息，但无从对其举证的问题。更多还原

【Abstract】 Along with the rapid development of Internet,the position of network security is increasingly outstanding. Safety precautions of network should be contrapose all kinds of menace, then can insure the confidentiality, integrality, usability of the network information. As a kind of safety service -- the Identification of entity is more particular importance.In an exoteric distributed network environment, the customer on the work station hope visits to the network resources of distribute in the servers on. But the resources on the network only to the accessing of the particular power of the authorized client, therefore, in distributed network, must provide a kind of mechanism to authenticate Identification of client.Kerberos is three-side indentical protocol for TCP/ IP network designs according to the mode of Client/Server, It is widely used in the accessing the Internet and acts as the reliable arbitrator. Kerberos, which is based on symmetric key crytosystem, provides safe authentication to client. This thesis combines the Diffie-Hellman public key algorithm and analyzes the Man-in-the-middle-attack of Diffie-Hellman, with the purpose to improve the Kerberos protocol, solving the problem of that Kerberos uses the key of conversation to analyze and see the information from two communicating sides, which cannot be confirmed by examples.更多还原