Security Protocol and Scheme for Inter-Realm Information Accessing

Peng Shuanghe; Han Zhen; Shen Changxiang

Journal of Computer Research and Development > 2005 > 42(9): 1587-1593.

Peng Shuanghe, Han Zhen, Shen Changxiang. Security Protocol and Scheme for Inter-Realm Information Accessing[J]. Journal of Computer Research and Development, 2005, 42(9): 1587-1593.

Citation:

Peng Shuanghe, Han Zhen, Shen Changxiang. Security Protocol and Scheme for Inter-Realm Information Accessing[J]. Journal of Computer Research and Development, 2005, 42(9): 1587-1593.

Citation:

Peng Shuanghe, Han Zhen, Shen Changxiang. Security Protocol and Scheme for Inter-Realm Information Accessing[J]. Journal of Computer Research and Development, 2005, 42(9): 1587-1593.

PDF (380 KB)

Security Protocol and Scheme for Inter-Realm Information Accessing

1(School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044) 2(Institute of Naval Computer Technology, Beijing 100841) 3(Beijing Institute of Mechanical Technology, Beijing 100085)

More Information

Published Date: September 14, 2005

Graphical Abstract

Abstract

Abstract

In order to improve the security of Intranet, application boundary security devices must be set. In order to access resources in different application areas on Internet in a security way,authentication is the first key step. Kerberos is an authentication protocol that is widely used. It is applied in application boundary security devices such as socks5. But there exists some limitation. In the processing of authentication between application boundary security devices, the object authenticated by application boundary security device at resource realm is not client which requests the resource, but application boundary security device at principal realm. So the object audited by application boundary security device at resource realm isn't the really one. A new inter-realm authentication protocol and a new identity-passing protocol based on Kerberos v5 inter-realm authentication protocol are presented in this paper. The proposed protocols can not only supply the security audit for user's access requests at application boundary security devices but also improve the efficiency of communication system because it needs only two connections between realms and the connection is setup not by subjects and objects but by application boundary security device. The proposed scheme can solve the problem of security information transferring between enterprise networks which will expand its application boundary including current enterprise network.
- Kerberos authentication,
- application boundary,
- inter-realm authentication,
- identity passing

FullText(HTML)

References (0)

[1]	Han Xixian, Li Jianzhong, and Gao Hong. PAA: An Efficient Approximate Aggregation Algorithm on Massive Data[J]. Journal of Computer Research and Development, 2014, 51(1): 41-53.
[2]	Fan Wenbin, Guo Longjiang, Li Jinbao, and Ren Meirui. MPMC: An Algorithm for Data Aggregation Scheduling in Multi-Channel and Multi-Power Wireless Sensor Networks[J]. Journal of Computer Research and Development, 2012, 49(7): 1568-1578.
[3]	Yin Dan, Gao Hong, and Zou Zhaonian. A Novel Efficient Graph Aggregation Algorithm[J]. Journal of Computer Research and Development, 2011, 48(10): 1831-1841.
[4]	An Mingyuan, Sun Xiuming, Sun Ninghui. Dynamic Data-Partitioned Online Aggregation[J]. Journal of Computer Research and Development, 2010, 47(11): 1928-1935.
[5]	Zhou Xun, Li Jianzhong, and Shi Shengfei. Distributed Aggregations for Two Queries over Uncertain Data[J]. Journal of Computer Research and Development, 2010, 47(5): 762-771.
[6]	Wang Yongli, Xu Hongbing, Dong Yisheng, Qian Jiangbo, Liu Xuejun. Algorithms for Incremental Aggregation over Distributed Data Stream[J]. Journal of Computer Research and Development, 2006, 43(3): 509-515.
[7]	Chen Xiqian, Wang Zhanchang, Cao Xiukun, Chi Zhongxian. An Efficient Indexing Scheme for Range Aggregate Queries in Spatial Data Warehouse[J]. Journal of Computer Research and Development, 2006, 43(1): 75-80.
[8]	Liang Zuopeng, Hu Kongfa, Dong Yisheng, Chen Ling. An Improved Dimension Hierarchy Aggregate Cube Storage Structure for Data Warehouses[J]. Journal of Computer Research and Development, 2005, 42(8): 1362-1368.
[9]	Song Yuqing, Zhu Yuquan, Sun Zhihui, Yang Hebiao. An Algorithm and Its Updating Algorithm Based on Frequent Pattern Tree for Mining Constrained Maximum Frequent Itemsets[J]. Journal of Computer Research and Development, 2005, 42(5): 777-783.
[10]	Cao Qiang and Xie Changsheng. Applying Aggregate I/O to Improve Performance of Network Storage[J]. Journal of Computer Research and Development, 2005, 42(4): 544-550.