共查询到20条相似文献,搜索用时 109 毫秒
1.
针对Diffie-Hellman密钥交换协议和ECDH密钥协商协议的缺陷,给出了一种改进后的可认证密钥协商协议。该协议具有等献性、密钥不可控、密钥确认、完美前向安全以及抗已知密钥攻击等安全特性。跟以往的密钥协商协议相比,其管理简单、开销较低、安全性高、扩展性较好且实现了身份认证,以较低的计算成本和较高的运算效率实现了通信双方安全的会话密钥协商与密钥验证,能够较好地适用于大规模网络的端到端密钥管理。 相似文献
2.
3.
一种故障容忍的可证安全组密钥协商协议 总被引:1,自引:0,他引:1
对Burmester等人提出的非认证组密钥协商协议的安全性进行了深入分析,指出该协议不能抵抗内部恶意节点发起的密钥协商阻断攻击和密钥控制攻击.提出了一种故障容忍的组密钥协商(FT-GKA)协议,FT-GKA协议在密钥协商过程中加入了消息正确性的认证机制,该机制利用数字签名技术检测组内恶意节点,并在驱逐恶意节点后保证组内诚实节点能计算出正确的会话密钥,解决了Burmester等人提出协议中存在的内部恶意节点攻击问题.并证明提出的协议在DDH假设下能抵抗敌手的被动攻击,在DL假设和随机预言模型下能够抵抗内部恶意节点发起的密钥协商阻断攻击和密钥控制攻击.理论分析与实验测试表明,提出的协议具有较高的通信轮效率和较低的计算开销. 相似文献
4.
5.
密钥交换的SAKA协议存在三大安全缺陷.为克服这些缺陷,人们提出了改进的Lin协议、E-SAKA协议和改进的E-SAKA协议.通过分析发现E-SAKA协议及其改进算法仍然会受到密钥猜测攻击,并且E-SAKA协议中攻击者能获得会话密钥.进一步提出了一个基于Lin协议的改进协议,并论证此协议在防止中间人攻击和解决SAKA协议的三大缺陷的同时,能有效抵挡在线猜测攻击. 相似文献
6.
可信计算环境下的Canetti-Krawczyk模型 总被引:1,自引:0,他引:1
在可信环境下,我们对密钥协商协议的形式化方法—Canetti-Krawczyk(CK)模型进行研究,对该模型中定义的攻击者三种攻击能力重新进行分析.发现在可信环境下,如果用户的签名/验证公私钥对是由TPM生成的,则CK模型中的攻击者只有一种攻击能力:会话密钥查询(session-key query);否则攻击者有两种攻击能力:会话密钥查询和一种新的攻击能力—长期私钥攻陷攻击(long-term private key corruption).另外,TPM克服了CK模型中基于加密算法认证器的安全缺陷.在此基础上,我们提出了可信环境下的CK模型—CKTC.之后,通过一个使用CKTC模型进行密钥协商的例子可以看出该模型简化了可信环境下密钥协商协议的设计与分析.另外,通过分析我们发现:为了提高密钥协商协议的安全性,不同国家应该根据各自的需要在TPM内部增加对称加解密模块;用户的签名/验证公私钥对也尽可能由TPM来生成. 相似文献
7.
针对传统跨域密钥协商协议安全性不足问题,提出一种新的跨域量子密钥协商协议。在无证书密钥协商体系下,采用量子密钥协商与经典密码算法结合的方案,提高了协议适应现有通信网络架构的能力。密钥协商过程使用三粒子量子隐形传态,利用量子态不可克隆定理保障协商过程中密钥的安全性。与其他方案相比,本协议具有较高的量子比特效率,并且可以抵抗中间人攻击、重放攻击等多种内部和外部攻击手段。 相似文献
8.
认证密钥协商协议能够为不安全网络中的通信双方提供安全的会话密钥,但是,大多数的认证密钥协商协议并没有考虑保护用户隐私.论文关注网络服务中用户的隐私属性,特别是匿名性和可否认性,规范了增强用户隐私的认证密钥协商协议应满足的安全需求,即双向认证、密钥控制、密钥确认、会话密钥保密、已知会话密钥安全、会话密钥前向安全、用户身份匿名、用户身份前向匿名、不可关联和可否认,并基于椭圆曲线密码系统设计了一个满足安全需求的隐私增强认证密钥协商协议. 相似文献
9.
10.
11.
Jia-Lun Tsai 《电信纪事》2011,66(11-12):663-669
An authenticated group key agreement protocol allows a group of parties to authenticate each other and then determine a group key via an insecure network environment. In 2009, Lee et al. first adopted bilinear pairings to propose a new nonauthenticated group key agreement protocol and then extend it to an authenticated group key agreement protocol. This paper points out that the authenticated protocol of Lee et al. is vulnerable to an impersonation attack such that any adversary can masquerade as a legal node to determine a group key with the other legal nodes and the powerful node. This paper shall employ the short signature scheme of Zhang et al. to propose a new authenticated group key agreement protocol. The short signature scheme of Zhang et al. is proven to be secure against the adaptive chosen-message attacks in the random oracle model, so the proposed protocol can withstand the possible attacks. Besides, compared with the authenticated protocol of Lee et al., the proposed protocol is more secure and efficient. 相似文献
12.
Wang Changji Yang Bo Wu Jianping 《电子科学学刊(英文版)》2005,22(5):485-489
In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations. 相似文献
13.
The three-party authenticated key agree-ment protocol is a significant cryptographic mechanism for secure communication,which encourages two entities to authenticate each other and generate a shared session key with the assistance of a trusted party (remote server) via a public channel.Recently,Wang et al.put forward a three-party key agreement protocol with user anonymity and alleged that their protocol is able to resist all kinds of attacks and provide multifarious security features in Computer Engineering & Science,No.3,2018.Unfortunately,we show that Wang et al.'s protocol is vulnerable to the password guessing attack and fails to satisfy user anonymity and perfect secrecy.To solve the aforementioned problems,a lightweight chaotic map-based Three-party authenticated key agreement protocol(short for TAKAP) is proposed,which not only could provide privacy protection but also resist a wide variety of security attacks.Furthermore,it is formally proved under Burrows-Abadi-Needham (BAN) logic.Simultaneously,the performance analysis in this paper demonstrates that the proposed TAKAP protocol is more secure and efficient compared with other relevant protocols. 相似文献
14.
Zi‐Yao Cheng Yun Liu Chin‐Chen Chang Cheng Guo 《International Journal of Communication Systems》2013,26(2):259-275
A fault‐tolerant group key agreement is an essential infrastructure for Internet communication among all involved participants; it can establish a secure session key no matter how many malicious participants exit simultaneously in an effort to disrupt the key agreement process. Recently, Zhao et al. proposed an efficient fault‐tolerant group key agreement protocol named efficient group key agreement that can resist denial‐of‐service attacks, reply attacks, man‐in‐middle attacks, and common modulus attacks; it can also preserve forward secrecy with lower computational cost than previous protocols. We show that it is still vulnerable to active attacks by malicious participants and modify the corresponding security weakness adaptively. Furthermore, we propose an efficient fault‐tolerant group key agreement based on a binary tree structure and enhance it to a dynamic setting where participants can leave or join the group arbitrarily according to their preferences with instant session key refreshment. Additionally, our session key refreshment is based on secure key updating to protect forward/backward confidentiality and is resistant to active/passive attacks. The performance analysis shows that our proposed protocol has lower computational cost and little additional communication cost exploiting dynamic setting. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
15.
Su Mi Lee Dong Hoon Lee 《Communications Letters, IEEE》2006,10(8):638-639
Recently, Jung (2006), proposed an efficient group key agreement protocol over authenticated channel. In this letter, we present a critique of the protocol. In particular, we show that Jung's protocol is vulnerable to attacks of malicious insiders. 相似文献
16.
In SAC'05, Strangio proposed protocol ECKE- 1 as an efficient elliptic curve Diffie-Hellman two-party key agreement protocol using public key authentication. In this letter, we show that protocol ECKE-1 is vulnerable to key-compromise impersonation attacks. We also present an improved protocol - ECKE-1N, which can withstand such attacks. The new protocol's performance is comparable to the well-known MQV protocol and maintains the same remarkable list of security properties. 相似文献
17.
改进新密钥交换协议及其形式化分析 总被引:4,自引:0,他引:4
Diffie-Hellman协议不具有认证功能且不能抵抗中间人攻击。Seo等人提了一种简单的算法(SAKA)协议可以抵抗中间人攻击且运算简单,但是SAKA协议也存在不足。另有人提出了Lin协议、E-SAKA协议等。分析上述协议可看出存在不足。于是提出改进的新密钥交换协议。它具有SAKA及其改进协议优点的同时可以避免SAKA及其改进协议的缺陷。并给出该协议的BAN逻辑形式分析。 相似文献
18.
19.
在无证书公钥密码体制下对一种多方可认证密钥协商方案进行了分析,指出该方案无法抵抗合法用户的扮演攻击和口令偶尔泄露导致的危机。分析了该方案存在漏洞的原因,并在此基础上给出一个改进的密钥协商方案。新方案引入密钥种子和口令进化机制解决了上述问题,同时消除了冗余消息,降低了用户占用的带宽。分析表明新方案的安全性更强。 相似文献