Kerberos authentication system and based on physical unclonable function

A physical and functional technology, applied in the field of Kerberos authentication system based on physical unclonable functions, can solve problems affecting device and system availability, security system crash, key leakage, etc.

Active Publication Date: 2020-09-18
JINLING INST OF TECH
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, traditional authentication and key management mechanisms based on keystores or public key infrastructure are not efficient: on the one hand, attackers may leak keys through physical attacks such as intrusion, semi-intrusion, and side-channe...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Kerberos authentication system and based on physical unclonable function
  • Kerberos authentication system and based on physical unclonable function
  • Kerberos authentication system and based on physical unclonable function

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0066] Such as figure 2 As shown, when the method of the present invention is used for single sign-on SSO, the system includes a client, an application server and a key distribution center KDC, and the key distribution center KDC includes: an authentication server AS, a ticket authorization server TGS, a database DB ;

[0067] Both the client and the application server are equipped with a PUF chip, and the database DB stores a set of stimulus-response pairs of the PUF chip; the device A and device B perform two-way authentication with the key distribution center KDC; the key distribution The central KDC distributes a symmetric session key K between devices A and B A,B .

[0068] The method includes the following steps:

[0069] Step S1: Register the client and the application server with the key distribution center KDC.

[0070] S11: The client and the application server respectively install a physically unclonable function PUF chip;

[0071] S12: The client and the appl...

specific Embodiment 2

[0117] The present invention is applied to the authentication and session of gateway nodes and terminal devices in the Internet of Things, including servers, gateway nodes and terminal devices, wherein, there is only one server, which is the control center of the network; there are several gateway nodes, and the server manages several gateway nodes, each The gateway node manages several terminal devices; when the gateway node is physically connected to the terminal device, it needs to be authenticated and establish a session key.

[0118] Specific steps are as follows:

[0119] Step S1: Register the gateway and the terminal device with the key distribution center KDC.

[0120] S11: Before the network launch, all gateways and terminal devices are installed with a physical unclonable function PUF structure;

[0121] S12: The gateway and the terminal device respectively generate several random numbers as the stimulus set, and input each stimulus into the PUF chip to generate a c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Kerberos authentication system and method based on a physical unclonable function, and the system comprises equipment A, equipment B, and a key distribution center (KDC), wherein the key distribution center KDC comprises an authentication server (AS), a ticket granting server (TGS), and a database (DB). The method comprises the following steps: registering equipment A andequipment B in the KDC; the equipment A requests a ticket granting ticket (TGT) from the AS; the equipment A obtains the TGT; the equipment A requests a service granting ticket from the TGS; the equipment A obtains a service granting ticket (SGT); and the equipment A requests a communication service from the equipment B. According to the method, key leakage caused by physical attacks such as invasion, semi-invasion and side channel attacks of attackers can be prevented, meanwhile, the problems of high public key calculation complexity, low speed and excessive communication bandwidth occupation are solved, and the method is suitable for resource-limited network application.

Description

technical field [0001] The invention belongs to the technical field of information security and cryptographic protocols, and in particular relates to a Kerberos authentication system and method based on physical unclonable functions. Background technique [0002] The Kerberos protocol provides a two-way authentication mechanism between the client and the server or between the server and the server, using the key distribution center KDC as a trusted third party to provide authentication and key distribution services. The system is designed to implement two-way authentication services through symmetric cryptography, that is, both the client and the server can authenticate each other with the help of KDC. It can be used to prevent eavesdropping, prevent replay attacks, protect data integrity, etc. It is a system that uses a symmetric key system for key management. In 1988, Bryant et al. extended Kerberos to use public key encryption for authentication. Additionally, Windows S...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/08H04L9/32H04L29/06
CPCH04L9/083H04L9/0869H04L9/3278H04L63/0435H04L63/0869H04L63/0876
Inventor 柳亚男邱硕董如婵程远阎浩卞志国李晓蓉
Owner JINLING INST OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap