首页 | 本学科首页   官方微博 | 高级检索  
     

SRP协议及其安全改进
引用本文:高良涛,杜洁.SRP协议及其安全改进[J].计算机工程与设计,2003,24(5):65-67.
作者姓名:高良涛  杜洁
作者单位:1. 中科院计算机网络信息中心,北京,100080;河南省平顶山市广播电视大学,河南,平顶山,467000
2. 河南省平顶山市广播电视大学,河南,平顶山,467000
摘    要:SRP(安全远程密码协议)是一种安全的新型密码鉴别和密钥交换协议。由于采用了鉴别符而不是密码的明文等价,攻击者即使得到了鉴别符数据库也难以破坏系统的安全性。同时,协议也提供了完善的向前保密性(PFS),能抵抗主动或者被动的字典攻击。但是SRP未充分考虑到协议信息被篡改的情况,如果对此不做改进,系统将无法抵抗主动式拒绝服务攻击。因此提出了一种改进措施,提高了SRP协议对技主动式拒绝服务攻击的能力。

关 键 词:SRP协议  安全远程密码协议  信息鉴别  通信协议  计算机网络  网络安全
文章编号:1000-7024(2003)05-0065-03

Secure remote password protocol and its security improvements
GAO Liang-tao,DU Jie.Secure remote password protocol and its security improvements[J].Computer Engineering and Design,2003,24(5):65-67.
Authors:GAO Liang-tao  DU Jie
Abstract:SRP (the secure remote password protocol) is a new secure password authentication and key-exchange protocol. By using verifier but not plaintext-equivalent to the password itself, SRP prevents an attacker who captures the password database from easy compromising the security of the system. SRP and it also offers perfect forward secrecy and resists active or passive dictionary attacks. But SRP does not adequately consider the case that protocol information can be tampered. The system will suffer from active DoS attacks until SRP is improved. This paper presents an improvement on enhancing SRP's resistance to active DoS attacks.
Keywords:secure remote password protocol  perfect forward secrecy  denial of service  zero-knowledge proof  asymmetric key exchange  
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号