Abstract:
In order to improve the security of Intranet, application boundary security devices must be set. In order to access resources in different application areas on Internet in a security way,authentication is the first key step. Kerberos is an authentication protocol that is widely used. It is applied in application boundary security devices such as socks5. But there exists some limitation. In the processing of authentication between application boundary security devices, the object authenticated by application boundary security device at resource realm is not client which requests the resource, but application boundary security device at principal realm. So the object audited by application boundary security device at resource realm isn't the really one. A new inter-realm authentication protocol and a new identity-passing protocol based on Kerberos v5 inter-realm authentication protocol are presented in this paper. The proposed protocols can not only supply the security audit for user's access requests at application boundary security devices but also improve the efficiency of communication system because it needs only two connections between realms and the connection is setup not by subjects and objects but by application boundary security device. The proposed scheme can solve the problem of security information transferring between enterprise networks which will expand its application boundary including current enterprise network.