摘要
为了解决Kerberos协议缺乏对计算机网络终端的保护的问题,引入可信计算技术对协议进行安全加固,加入对客户端完整性的验证,将数字签名引入传统的票据中,以保证客户端的完整性和密钥的安全性;在Linux下搭建可信计算平台,通过调用TPM功能,实现Kerberos协议的可信安全加固方案。验证平台表明,使用可信计算平台技术对Kerberos协议进行安全加固是切实可行的。
In order to solve the problem of that Kerberos protocol is lack of protection of network terminal. The technology of trusted computing is proposed to insure the security of Kerberos protocol. The digital signature and the validation of the integrated of client is introduced to ensure the integrity of the client and key safety. The trusted computing platform is set up on Linux system. And the trusted security reinforce scheme of Kerberos protocol is implemented by invoking TPM function. Validation show that the scheme of reinforcement of the Kerberos protocol is feasible by using trusted computing platform technology.
出处
《计算机工程与设计》
CSCD
北大核心
2013年第6期1946-1950,共5页
Computer Engineering and Design
基金
国家863高技术研究发展计划基金项目(8632007AA01Z438200)
国家自然科学基金面上项目(61173190)
陕西师范大学研究生培养创新基金项目(2012CXS054)
关键词
可信计算
可信平台模块
数字签名
完整性度量
签名密钥
trusted computing
trusted platform module
digital signature
integrity measurement
signing keys
