Kerberos security enhancement method based on Intel SGX

A security, safe zone technology, applied in the field of information security, can solve problems such as system security threats

Pending Publication Date: 2021-06-25
BEIJING UNIV OF TECH
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The key is stored in the database. In this way, once the Kerberos database is attacked, the attacker can decrypt the messages in the interaction process, and the security of the system is seriously threatened.
[0017] (2) Operational safety issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Kerberos security enhancement method based on Intel SGX
  • Kerberos security enhancement method based on Intel SGX
  • Kerberos security enhancement method based on Intel SGX

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The purpose of the present invention is to provide a Kerberos security enhancement method and system based on Intel SGX, the overall framework of this scheme is as follows figure 1 As shown, the main flow chart is as figure 2 , image 3 shown. The invention mainly includes three modules: a security initialization module, a key-protected authentication service module, and a key security encapsulation module.

[0054] 1. The security initialization module is mainly to complete the deployment of the user and the main body of the application server and the Kerberos program of the KDC, and complete the relevant configuration. The main steps are as follows:

[0055] (1-1): The user and the application server deploy the Kerberos program, and check whether the program has been tampered with after the deployment is complete.

[0056] (1-2) The user configures the program, enters the user password and generates a user key for Kerberos authentication.

[0057] (1-3): The adm...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Kerberos security enhancement method based on Intel SGX. The method comprises the following steps: (1) security initialization of a Kerberos authentication system; (2) security execution of the authentication service of the KDC key distribution center. (3) secure storage of the key after the authentication service is ended. By introducing Intel SGX hardware and a trusted spatial mechanism of SGX, a safe KDC key distribution center master key storage and use environment in the Kerberos identity authentication system is constructed. The method comprises three modules: a key security initialization module; a key security operation module; and a secret key security storage module. The main key is a long-term key only held by the KDC and is used for encrypting authentication information, so that a secure execution environment is needed, the method can ensure the storage and operation security, and ensures that the bill information cannot be decrypted even if an attacker eavesdrops the information, thereby ensuring the transmission and verification security of the bill.

Description

technical field [0001] This method involves information security, Kerberos identity authentication, Intel SGX technology Background technique [0002] The Kerberos protocol is an important trusted third-party authentication protocol in a distributed network. It is widely used in various mainstream operating systems and cloud computing, big data, Internet of Things and other scenarios. The Kerberos protocol was originally developed by Massachusetts Institute of Technology in the late 1980s. Developed by the Institute of Technology, its design goal is to provide effective authentication services for client / server applications through a key system. Kerberos is suitable for distributed computing on public networks, using encryption technology and distributed database technology. With the development of computer networks, security issues have become increasingly prominent. The identity authentication mechanism is the foundation of network security and the first barrier of commun...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L9/32H04L9/06H04L29/06
CPCH04L9/083H04L9/3297H04L9/321H04L9/0631H04L9/0643H04L9/0866H04L9/088H04L63/10H04L63/0807H04L2212/00
Inventor 王冠苗艺雪
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap