Q. Li, X. Zou, H. Lin, Z. Liu, and X. Niu (PRC)
Kerberos, Network Security, Iris Authentication, Secret Sharing, Error Correction Coding
Kerberos is a commonly used distributed network authentication protocol. Both Windows 2000 and Windows XP adopted Kerberos as their default authentication method. But in the practical application, it still suffers from the password guessing attacks, along with other password related problems, such as no connection to the valid user, forgotten and stolen, etc. In this paper, a solution is proposed to overcome these problems by using a smartcard-based iris key authentication algorithm to replace the password authentication module of Kerberos. Iris key authentication algorithm binds a valid user’s iris template and his key monolithically. Secret sharing, error correcting coding and iris authentication are combined to guarantee that the key can be retrieved exactly only when a matching iris is available, but neither the iris template nor the key can be derived from the iris key independently. Integrating the iris key authentication algorithm with smartcard technique can improve the security, usability and maintainability of Kerberos system. The experiment results show that the scheme is feasible and secure.
Important Links:
Go Back
