| 两个三方口令密钥交换协议的安全性分析 |
| |
| 引用本文: | 邓少锋,邓帆,李益发.两个三方口令密钥交换协议的安全性分析[J].计算机工程与应用,2011,47(10):101-105. |
| |
| 作者姓名: | 邓少锋 邓帆 李益发 |
| |
| 作者单位: | 信息工程大学,信息工程学院,郑州,450002 |
| |
| 摘 要: | 首先对两个基于验证元的三方口令密钥交换协议进行了安全性分析,指出它们都是不安全的。其中,LZC协议不能抵抗服务器泄露攻击、未知密钥共享攻击、内部人攻击和不可发现字典攻击;LWZ协议不能抵抗未知密钥攻击、内部人攻击和重放攻击。对LWZ协议进行了改进,以弥补原LWZ协议的安全漏洞。最后,在DDH假设下,给出了改进协议(NLWZ协议)的安全性证明。与已有协议相比,NLWZ协议降低了计算和通信开销,其潜在的实用性更强。
|
| 关 键 词: | 三方密钥交换 基于口令验证 基于验证元 双线性对 |
| 修稿时间: | |
Security analysis of two password-authenticated key exchange protocol for three-party |
| |
| DENG Shaofeng,DENG Fan,LI Yifa.Security analysis of two password-authenticated key exchange protocol for three-party[J].Computer Engineering and Applications,2011,47(10):101-105. |
| |
| Authors: | DENG Shaofeng DENG Fan LI Yifa |
| |
| Affiliation: | Institute of Information Engineering,Information Engineering University,Zhengzhou 450002,China |
| |
| Abstract: | This paper first presents the security analysis of two verifier-based password-authenticated key exchange protocols for three-party and points out that they are both insecure.Thereinto,the LZC protocol can not resist server compromise attack,unknown key-share attack,insider attack and undetectable on-line dictionary attack;the LWZ protocol can not resist unknown key-share attack,insider attack and replay attack.Then,this paper gives an improvement of the LWZ protocol to gain a new protocol—NLWZ protocol.Lastly,under the DDH assumption,the detailed security proof of NLWZ protocol is presented.Compared with previous protocols,NLWZ protocol has lower communication and computation,so it can have higher potential application. |
| |
| Keywords: | key exchange for three-party password-based authentication verifier-based bilinear pairs |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
|
