首页 | 本学科首页   官方微博 | 高级检索  
     

改进的三方口令认证密钥交换协议
引用本文:曹琛,高宇航. 改进的三方口令认证密钥交换协议[J]. 计算机工程与应用, 2010, 46(16): 88-90. DOI: 10.3778/j.issn.1002-8331.2010.16.025
作者姓名:曹琛  高宇航
作者单位:中国矿业大学 计算机科学与技术学院,江苏 徐州 221116
摘    要:基于三方的口令认证密钥交换(3PAKE)协议是客户通过与可信服务器共享一个口令验证元,在两客户进行通信时通过此可信服务器进行会话密钥的建立与共享,从而进行通信。首先对李文敏等人提出的协议进行安全性分析,发现该协议易受离线字典攻击和服务器泄露攻击。提出了一个改进协议,该协议能够提供双向认证、会话密钥机密性和前向安全性,能够有效抵抗多种攻击,包括离线字典攻击和服务器泄露攻击。

关 键 词:口令认证  离线字典攻击  服务器泄露攻击
收稿时间:2009-10-14
修稿时间:2010-1-22 

Improved three-party password-authenticated key exchange protocol
CAO Chen,GAO Yu-hang. Improved three-party password-authenticated key exchange protocol[J]. Computer Engineering and Applications, 2010, 46(16): 88-90. DOI: 10.3778/j.issn.1002-8331.2010.16.025
Authors:CAO Chen  GAO Yu-hang
Affiliation:School of Computer Science and Technology,China University of Mining and Technology,Xuzhou,Jiangsu 221116,China
Abstract:In Three-party Password Authenticated Key Exchange(3PAKE) protocols,clients are allowed to share a password verifier with a trusted server.Then,two clients can communicate with each other through the trusted server to build and share the session key.According to the security analyses of Li et al.'s protocol,it suffers from the offline dictionary attack and server compromise attack.This paper proposes an improved protocol which can provide mutual authentication,secure session key and forward security.The improved protocol is also secure to several attacks,including offline dictionary attack and server leaked attack.
Keywords:password authentication  offline dictionary attack  server leaked attack
本文献已被 维普 万方数据 等数据库收录!
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号