| 增强TLS 1.3中Early data安全性的协议 |
| |
| 引用本文: | 张兴隆,程庆丰,马建峰. 增强TLS 1.3中Early data安全性的协议[J]. 网络与信息安全学报, 2017, 3(12): 22-30. DOI: 10.11959/j.issn.2096-109x.2017.00224 |
| |
| 作者姓名: | 张兴隆 程庆丰 马建峰 |
| |
| 作者单位: | 1. 信息工程大学,河南 郑州 450004;2. 西安电子科技大学计算机学院,陕西 西安 710071 |
| |
| 基金项目: | 国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016007);密码科学技术国家重点实验室开放课题基金资助项目(MMKFKT201514) |
| |
| 摘 要: | 将新型0-RTT密钥交换协议思想借鉴到TLS 1.3会话重用阶段,构建rFSOPKE协议,改进了Early data的加密和传输过程。rFSOPKE协议可以在Ticket有效期内保护Early data的前向安全性并使其抵抗重放攻击。与改进前Early data的发送过程相比,本协议大幅增强了Early data的安全性。在实现效率方面,由于在发送Early data时增加了本协议的计算和传输开销,所以实现效率有所降低。但是本协议可以根据应用场景的不同嵌入适合的算法,所以可以选择更加高效的算法提高协议实现速度。
|
| 关 键 词: | 0-RTT Earlydata 前向安全 重放攻击 rFSOPKE |
Protocol to enhance the security of Early data in TLS 1.3 |
| |
| Xing-long ZHANG,Qing-feng CHENG,Jian-feng MA. Protocol to enhance the security of Early data in TLS 1.3[J]. Chinese Journal of Network and Information Security, 2017, 3(12): 22-30. DOI: 10.11959/j.issn.2096-109x.2017.00224 |
| |
| Authors: | Xing-long ZHANG Qing-feng CHENG Jian-feng MA |
| |
| Affiliation: | 1. Information Engineering University,Zhengzhou 450004,China;2. College of Computer Science,Xidian University,Xi’an 710071,China |
| |
| Abstract: | The new 0-RTT Internet key exchange was drawn on the TLS 1.3 session resumption phase,the rFSOPKE protocol was constructed,and the Early data encryption and transmission process were improved.The rFSOPKE protocol can protect the forward security of Early data and protect it from replay attacks during the validity period of the Ticket.Compared with the previous Early data transmission process,rFSOPKE greatly enhanced the security of Early data.Due to the increase in the calculation and transmission overhead of this protocol when sending Early data,the efficiency of the protocol is reduced.However,rFSOPKE can embed the appropriate algorithm according to the different application environment,so more efficient algorithms should be chosen to improve the protocol implementation speed. |
| |
| Keywords: | 0-RTT Early data forward security replay attack rFSOPKE |
|
| 点击此处可从《网络与信息安全学报》浏览原始摘要信息 |
|
点击此处可从《网络与信息安全学报》下载免费的PDF全文 |
