Improvement of Kerberos protocol based on dynamic password and “One-time public key”

We begin with overviews of the existing defects of the current Kerberos protocol and the shortage of the current improvement, and then we focus on the new method of the dynamic password and public key. On the basis of the original Kerberos protocol, firstly, we propose the usage of the Diffie-Hellman algorithm, and put the password in the token, then take the key which has added the dynamic factor as the sharing key between Client and AS, this improvement can fundamentally solve the password guessing attack. Secondly, we use the method of the ElGamal algorithm. For one thing, it will generate a new public key in each authentication, and put the new public key as the secret key of the information transmission between client and resource server, this method basically guarantees security of the information transmission; For another we use the random number, which is associated with the public key, to take the place of the time-stamp to prevent replay attack, it puts the random number and our key together to increase the ability of preventing replay attack. Finally, we analyze the example of the improvement which has been carried out. And the results show that the improved Kerberos protocol can ensure the security of the information and password.