计算机科学

计算机科学 ›› 2017, Vol. 44 ›› Issue (1): 155-158.doi: 10.11896/j.issn.1002-137X.2017.01.030

• 信息安全 • 上一篇    下一篇

基于PKI体系的跨域密钥协商协议

魏振宇,芦翔,史庭俊   

  1. 扬州大学信息工程学院 扬州225009,中国科学院信息工程研究所 北京100000,扬州大学信息工程学院 扬州225009
  • 出版日期:2018-11-13 发布日期:2018-11-13
  • 基金资助:
    本文受国家高技术研究发展计划(2013AA011102),中国科学院战略性先导科技专项课题(Y2W0031102)资助

Cross-domain PKI-based Key Agreement Protocol

WEI Zhen-yu, LU Xiang and SHI Ting-jun   

  • Online:2018-11-13 Published:2018-11-13

PDF (PC)

660

摘要: 基于口令的跨域密钥协商协议和Kerberos协议无法抵抗口令猜测攻击,在金融、航天等通信安全需求高的场所,需要一种更有效的协议来保证通信安全。给出一种新的基于PKI体系的跨域密钥协商协议,采用公钥算法保证数据传输的安全,结合使用Diffie-Hellman协议生成会话密钥。协议有效地解决了利用预置共享密钥参与加/解密实施中间人攻击,以及Kerberos弱口令导致的攻击者可以实施口令猜测攻击的问题。跨域通信的公钥信息仅存储在各自域认证服务器,域内用户不需要配置跨域服务器的公钥信息,降低了配置复杂度、域内用户和域认证服务器之间密钥管理的复杂性,同时提高了域服务器鉴别身份的能力和信息机密性,使其免疫多种攻击,具有良好的前向安全性和扩展性。

关键词: 密钥协商,共享密钥,Diffie-Hellman协议,机密性

Abstract: It has been proven that security risks exist in most of the password-based cross-domain authentication and key agreement protocols or Kerberos protocol.It is necessary to propose a more effective protocol to ensure the communi-cating security in the area of finance and aerospace,which require high level communicating security.This paper proposed a cross-domain PKI-based key agreement protocol.This protocol can efficiently solve the key exposure problem in which the password guessing and man-in-the-middle attack is enabled.This problem is resulted from using share-key encryption and decryption to assure the security of data transmission or Kerberos weak passwords.To solve this pro-blem,this protocol adopts the public key algorithm and uses the Diffie-Hellman protocol to create the session key.Meanwhile,this protocol makes users get rid of repetitive configuration of the cross-domain server public key information,which reduces the complexity of the configuration and the key management between users and servers.Besides,this protocol improves the ability to identify authenticity and the information confidentiality,and is immune to multiple attacking ways.This protocol also has forward security and good expansibility.

Key words: Key agreement,Share key,Diffie-Hellman protocol,Confidentiality

[1] MANNAN M,OORSCHOT P C V.A Protocol for Secure Public Instant Messaging [M].Financial Cryptography and Data Security,2006:20-35.
[2] CAO T,QUAN T,ZHANG B,et al.Crypt analysis of Some Client-to-Client Password-Authenticated Key Exchange Protocols[C]∥2010 3rd IEEE International Conference on Proceedings of the Broadband Network and Multimedia Technology (IC-BNMT).2010:654-658.
[3] YAO Y,WANG X,SUN X.A Cross Heterogeneous DomainAuthentication Model Based on PKI[C]∥International Symposium on Proceedings of the Parallel Architectures,Algorithms and Programming.2011:325-329.
[4] ZHANG Jiao,ZHANG Yu-jun,ZHANG Han-wen,et al.A Fast Inter-Domain Authentication Method Combining Trust Mechanism in Mobil IPv6 Networks[J] .Journal of Computer Research and Development,2008:45(6):951-959.(in Chinese) 张娇,张玉军,张瀚文,等.结合信任机制的移动IPv6网络快速跨域认证方法[J].计算机研究与发展,2008,45(6):951-959.
[5] BYUN J W,JEONG I R,LEE D H,et al.Password-Authenticated Key Exchange between Clients with Different Passwords [C]∥Information and Communications Security,International Conference,ICICS 2002.Singapore,2002:134-146
[6] KIM J,KIM S,KWAK J,et al.Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between C-lients with Different Passwords[C]∥Computational Science and Its Applications,ICCSA 2004.Springer Berlin Heidelberg,2004:895-902.
[7] YOON E J,YOO K Y, et al.A secure password-authenticated key exchange between clients with different passwords[C]∥Proceedings of the 2006 International Conference on Advanced Web and Network Technologies,and Applications.Springer-Verlag,2006:659-663.
[8] LIU Xiu-mei,ZHOU Fu-cai,CHANG Gui-ran.A Verifier-Based Key Exchange Protocol in Cross-Realm Setting[C]∥International Conference on Networks Security, Wireless Communications and Trusted Computing.2009:5560-5563.
[9] FENG D G,XU J.A New Client-to-Client Password-Authen-ticated Key Agreement Protocol[C]∥Coding and Cryptology,Second International Workshop,IWCC 2009.2009:63-76
[10] YONEYAMA K.Cross-Realm Password-Based Server AidedKey Exchange [C]∥Proceedings of the 11th International Conference on Information Security Applications.2010:322-336.
[11] XU J,ZHU W T,JIN W T.A Generic Framework For Con-structing Cross-Realm C2c-Paka Protocols Based on The Smart Card [J].Concurrency and Computation:Practice and Experience,2010,23(12):1386-1398.
[12] CHUANG P J,LIAO Y P.Efficient and Secure Cross-RealmClient-to-Client Password-Authenticated Key Exchange[C]∥Proceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.2012:701-708.
[13] CHEN L,LIM H W,YANG G.Cross-domain password-based authenticated key exchange revisited[C]∥Proceedings of the INFOCOM,2013 Proceedings IEEE.2012:1052-1060.
[14] YIN Yin,BAO L.Secure Cross-Realm C2C-PAKE Protocol[M].Information Security and Privacy,2006:392-406.
[15] BYUN J W,LEE D H,LIM J I.EC2C-PAKA:An efficientclient-to-client password-authenticated key agreement [J].Information Sciences:an International Journal,2007,177(19):3995-3401.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发