共查询到20条相似文献,搜索用时 0 毫秒
1.
Certificateless one-round key exchange(CL-ORKE) protocols enable each participant to share a common key with only one round of communica-tion which greatly save... 相似文献
2.
In most password-authenticated key exchange systems there is a single server
storing password verification data. To
provide some resilience against server compromise, this data typically
takes the form of a one-way function of the
password (and possibly a salt, or other public values)
rather than the password itself.
However, if the server is compromised, this
password verification data can be used to perform an off-line
dictionary attack on the user's password.
In this paper we propose an efficient
password-authenticated key exchange system involving a set of
servers with known public keys,
in which a certain threshold of servers must participate in
the authentication of a user, and in which the compromise of
any fewer than that threshold of servers does not allow an attacker to
perform an off-line dictionary attack. We prove our
system is secure in the random oracle model under the
Decision Diffie-Hellman assumption
against an attacker that may eavesdrop on, insert, delete, or modify
messages between the user
and servers, and that compromises fewer than that threshold of servers. 相似文献
3.
We show a general framework for constructing password-based authenticated key-exchange protocols with optimal round complexity—one message per party, sent simultaneously—in the standard model, assuming the existence of a common reference string. When our framework is instantiated using bilinear-map-based cryptosystems, the resulting protocol is also (reasonably) efficient. Somewhat surprisingly, our framework can be adapted to give protocols in the standard model that are universally composable while still using only one (simultaneous) round. 相似文献
4.
To date, the only non-group structure that has been suitably
employed as the key space for Diffie-Hellman-type cryptographic key
exchange is the infrastructure of a real quadratic (number or
function) field. We present an implementation of a Diffie-Hellman-type protocol based on real quadratic number field arithmetic
that
provides a significant improvement in performance over previous
versions of this scheme. This dramatic speed-up is achieved by
replacing the ordinary multiplication and reduction procedures for
reduced ideals by a new version of the NUCOMP algorithm due to Shanks. 相似文献
5.
6.
1 INTRODUCTIONThe key in electronic commerce is authentication and digital signature. Diffie-Hellman first proposed the key exchange mechanism with which two parties can establish one shared secret key using public discussion only [1]. The basic Diffie-He… 相似文献
7.
8.
基于CPK的可证安全组群密钥交换协议 总被引:1,自引:0,他引:1
CPK组合公钥密码体制无需证书来保证公钥的真实性,克服了用户私钥完全由密钥管理中心生成的问题。丈中基于CPK设计了一个高效常数轮的组群密钥交挟协议,并且协议在CDH假设下可证安全和具有完美的前向安全性。该协议只需两轮通信即可协商一个组群会话密钥,无论在通信以及计算方面均很高效。此外该协议提供了一个设计组群密钥交换协议的方法,大部分的秘密共享体制均可直接应用于该协议。 相似文献
9.
10.
Recently, Harn proposed one digital signature scheme for Diffie-Hellman key exchange system. In this paper, we point out at first that there is a weakness in Harn's system and then we propose two modified schemes to avoid this weakness. 相似文献
11.
12.
In this paper we formally define proof systems for functions and develop an example of such a proof with a constant number
of rounds, which we modify (at no extra communication cost) into an identification scheme with secret key exchange for subsequent
conventional encryption. Implemented on a standard 32-bit chip or similar, the whole protocol, which involves mutual identification
of two users, exchange of a random common secret key, and verification of certificates for the public keys (RSA, 512 bits)
takes less than 3/4 second.
Received 1 July 1989 and revised 15 January 1996 相似文献
13.
本文针对两个证明者之间可证明安全的基于位置密钥交换协议展开研究.首次将基于位置密钥交换分为P2V(Prover-to-Verifier)模式和P2P(Prover-to-Prover)模式,并给出P2P模式下基于位置密钥交换的安全定义.随后,在1维空间下设计了可证明安全的基于位置P2P密钥交换协议P2PKE1,并以此为基础构造了d(1≤d≤3)维空间下基于位置P2P密钥交换协议P2PKEd.同时,分别提出了具有密钥确认性质的基于位置P2P密钥交换协议P2PKEd-c和无密钥托管的基于位置P2P密钥交换协议P2PKEd-e.最后,从安全性和效率两方面对所设计的协议进行了讨论. 相似文献
14.
Scalable Protocols for Authenticated Group Key Exchange 总被引:1,自引:0,他引:1
We consider the problem of authenticated group key exchange among n parties communicating over an insecure public network.
A number of solutions to this problem have been proposed; however, all prior provably secure solutions do not scale well and,
in particular, require O(n) rounds. Our main contribution is the first scalable protocol for this problem along with a rigorous
proof of security in the standard model under the DDH assumption; our protocol uses a constant number of rounds and requires
only O(1) "full" modular exponentiations per user. Toward this goal (and adapting work of Bellare, Canetti, and Krawczyk),
we first present an efficient compiler that transforms any group key-exchange protocol secure against a passive eavesdropper
to an authenticated protocol which is secure against an active adversary who controls all communication in the network. This
compiler adds only one round and O(1) communication (per user) to the original scheme. We then prove secure—against a passive
adversary—a variant of the two-round group key-exchange protocol of Burmester and Desmedt. Applying our compiler to this protocol
results in a provably secure three-round protocol for authenticated group key exchange which also achieves forward secrecy. 相似文献
15.
IKE协议的安全性分析 总被引:1,自引:0,他引:1
在简略介绍IKE协议RFC2409工作机制的基础上,对协议现有的安全问题进行了分析,并针对协议阶段1中主模式与积极模式下身份保护存在的问题提出了协议修改建议,对阶段1中安全联盟建立的可靠性进行了探讨以加强协议抵御DoS攻击的能力。 相似文献
16.
分析了密钥交换协议的特点,提出了一种基于属性的密钥交换协议,能够更灵活地控制不同用户参与密钥交换的权限,该协议基于Sahai-Waters ABE体制,只需要一轮消息通信。研究了密钥交换协议的安全需求,应用"敌手-挑战者"游戏,提出了基于属性密钥交换协议的语义安全性定义,进一步在标准模型中证明了协议的安全性。 相似文献
17.
网络用户的身份鉴别和密钥交换问题是网络安全的核心问题,目前最常见的鉴别密钥交换协议为基于口令的鉴别密钥交换(PAKE)协议。论文讨论了PAKE协议的设计目的、基本模式及其安全需求,并给出了双方模式和三方模式PAKE协议的交互过程,为网络安全协议的设计提供了参考。 相似文献
18.
鉴于量子密码在密钥分配方面取得的巨大成功,人们也在尝试利用量子性质来设计其他各类密码协议。匿名认证密钥交换就是一类尚缺乏实用化量子实现途径的密码任务。为此,该文提出一个基于量子不经意密钥传输的量子匿名认证密钥交换协议。它在满足用户匿名性和实现用户与服务器双向认证的前提下,为双方建立了一个安全的会话密钥。该协议的安全性基于量子力学原理,可以对抗量子计算的攻击。此外,该协议中服务器的攻击行为要么无法奏效,要么能够与外部窃听区分开(从而被认定为欺骗),因此服务器通常不敢冒着名誉受损的风险来实施欺骗。 相似文献
19.
To achieve privacy and authentication simultaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications . In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications . 相似文献
20.
Internet密钥交换协议是IPSec协议体系中的重要组成部分,它为IPSec提供了协商安全参数的机制。本文首先分析了IKE在IPSec安全协议体系中的位置及作用,之后详细介绍了它实现协商的机制,并对IKE的实施提出了一种解决方案,最后对IKE的应用前景进行了一定的探讨。 相似文献