计算机科学 ›› 2017, Vol. 44 ›› Issue (1): 155-158.doi: 10.11896/j.issn.1002-137X.2017.01.030
魏振宇,芦翔,史庭俊
WEI Zhen-yu, LU Xiang and SHI Ting-jun
摘要: 基于口令的跨域密钥协商协议和Kerberos协议无法抵抗口令猜测攻击,在金融、航天等通信安全需求高的场所,需要一种更有效的协议来保证通信安全。给出一种新的基于PKI体系的跨域密钥协商协议,采用公钥算法保证数据传输的安全,结合使用Diffie-Hellman协议生成会话密钥。协议有效地解决了利用预置共享密钥参与加/解密实施中间人攻击,以及Kerberos弱口令导致的攻击者可以实施口令猜测攻击的问题。跨域通信的公钥信息仅存储在各自域认证服务器,域内用户不需要配置跨域服务器的公钥信息,降低了配置复杂度、域内用户和域认证服务器之间密钥管理的复杂性,同时提高了域服务器鉴别身份的能力和信息机密性,使其免疫多种攻击,具有良好的前向安全性和扩展性。
[1] MANNAN M,OORSCHOT P C V.A Protocol for Secure Public Instant Messaging [M].Financial Cryptography and Data Security,2006:20-35. [2] CAO T,QUAN T,ZHANG B,et al.Crypt analysis of Some Client-to-Client Password-Authenticated Key Exchange Protocols[C]∥2010 3rd IEEE International Conference on Proceedings of the Broadband Network and Multimedia Technology (IC-BNMT).2010:654-658. [3] YAO Y,WANG X,SUN X.A Cross Heterogeneous DomainAuthentication Model Based on PKI[C]∥International Symposium on Proceedings of the Parallel Architectures,Algorithms and Programming.2011:325-329. [4] ZHANG Jiao,ZHANG Yu-jun,ZHANG Han-wen,et al.A Fast Inter-Domain Authentication Method Combining Trust Mechanism in Mobil IPv6 Networks[J] .Journal of Computer Research and Development,2008:45(6):951-959.(in Chinese) 张娇,张玉军,张瀚文,等.结合信任机制的移动IPv6网络快速跨域认证方法[J].计算机研究与发展,2008,45(6):951-959. [5] BYUN J W,JEONG I R,LEE D H,et al.Password-Authenticated Key Exchange between Clients with Different Passwords [C]∥Information and Communications Security,International Conference,ICICS 2002.Singapore,2002:134-146 [6] KIM J,KIM S,KWAK J,et al.Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between C-lients with Different Passwords[C]∥Computational Science and Its Applications,ICCSA 2004.Springer Berlin Heidelberg,2004:895-902. [7] YOON E J,YOO K Y, et al.A secure password-authenticated key exchange between clients with different passwords[C]∥Proceedings of the 2006 International Conference on Advanced Web and Network Technologies,and Applications.Springer-Verlag,2006:659-663. [8] LIU Xiu-mei,ZHOU Fu-cai,CHANG Gui-ran.A Verifier-Based Key Exchange Protocol in Cross-Realm Setting[C]∥International Conference on Networks Security, Wireless Communications and Trusted Computing.2009:5560-5563. [9] FENG D G,XU J.A New Client-to-Client Password-Authen-ticated Key Agreement Protocol[C]∥Coding and Cryptology,Second International Workshop,IWCC 2009.2009:63-76 [10] YONEYAMA K.Cross-Realm Password-Based Server AidedKey Exchange [C]∥Proceedings of the 11th International Conference on Information Security Applications.2010:322-336. [11] XU J,ZHU W T,JIN W T.A Generic Framework For Con-structing Cross-Realm C2c-Paka Protocols Based on The Smart Card [J].Concurrency and Computation:Practice and Experience,2010,23(12):1386-1398. [12] CHUANG P J,LIAO Y P.Efficient and Secure Cross-RealmClient-to-Client Password-Authenticated Key Exchange[C]∥Proceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.2012:701-708. [13] CHEN L,LIM H W,YANG G.Cross-domain password-based authenticated key exchange revisited[C]∥Proceedings of the INFOCOM,2013 Proceedings IEEE.2012:1052-1060. [14] YIN Yin,BAO L.Secure Cross-Realm C2C-PAKE Protocol[M].Information Security and Privacy,2006:392-406. [15] BYUN J W,LEE D H,LIM J I.EC2C-PAKA:An efficientclient-to-client password-authenticated key agreement [J].Information Sciences:an International Journal,2007,177(19):3995-3401. |
No related articles found! |
|