Improved Kerberos protocol based on sliding window and its formal analysis

Abstract

Aiming at the problem that the time stamp mechanism in the Kerberos protocol cannot effectively resist replay attacks, this paper proposes an improved kerberos protocol based on the sequence number and sliding window mechanism. The authentication server and the application server maintain a sliding window with a sequence number to determine the replay of the client's request message. Considering the impact of message reordering and long jump rearrangement, a fault-tolerant shift mechanism is added to the server to increase the window Flexibility. We give the specific process of the improved kerberos protocol, and use the BAN logic to formally analyze the improved protocol to verify the security and reliability of the protocol.