共查询到15条相似文献,搜索用时 140 毫秒
1.
基于三方的口令认证密钥交换(3PAKE)协议是客户通过与可信服务器共享一个口令验证元,在两客户进行通信时通过此可信服务器进行会话密钥的建立与共享,从而进行通信。首先对李文敏等人提出的协议进行安全性分析,发现该协议易受离线字典攻击和服务器泄露攻击。提出了一个改进协议,该协议能够提供双向认证、会话密钥机密性和前向安全性,能够有效抵抗多种攻击,包括离线字典攻击和服务器泄露攻击。 相似文献
2.
姜云杰 《计算机光盘软件与应用》2010,(7):106-106,110
基于口令认证的三方密钥交换协议(3PAKE)是通信双方在认证服务器的帮助下能在公开非安全的信道上协商并建立一个共享会话密钥。虽然目前有不少该方面的研究,但多数后来被证实易受攻击。本文给合以往的研究,提出一个不需服务器公钥体系的简单的基于口令认证的三方密钥交换协议。本文的协议不仅能抵抗各种攻击,而且计算成本和通信成本都比较低。 相似文献
3.
4.
结合自验证公钥密码学和口令构造了一个用户可以直接通信的跨域口令认证密钥协商协议。域服务器通过口令认证实现对域内用户的认证, 并与对方域服务器一起协助用户完成认证和密钥协商。该过程中, 域服务器不能获取关于会话密钥的任何信息, 且各参与方之间能够实现相互认证。与同类协议相比, 该协议需要较小的计算和通信代价, 并能抵抗字典攻击和未知会话密钥共享攻击。 相似文献
5.
6.
多服务器环境下的身份认证协议实现了用户只需要一次注册即可跟多个服务器实现交互认证,基于二次剩余构造了一个注册中心在线的多服务器环境下身份认证协议。该协议中,注册中心参与实现对用户的认证并协助用户和服务器建立后继通信的会话密钥,并且服务器之间是可以相互区分的。协议能够抵抗字典攻击、口令泄露模仿攻击常见攻击,同时能够实现相互认证,以及前向安全、已知会话密钥安全和无密钥控制等会话密钥的安全属性。 相似文献
7.
张晓敏 《网络安全技术与应用》2011,(3):11-13
加密密钥交换协议(EKE)的目的是利用安全性低的口令协商安全性高的密钥,进而利用密钥对以后的通信进行加密或身份认证,从而实现安全通信.基于验证元的EKE是针对服务器泄露攻击问题提出的.本文基于椭圆曲线密码系统的特点,给出了一个基于验证元的3EKE,该协议中,服务器通过口令实现对用户的认证;协议能够抵抗服务器泄露等攻击,... 相似文献
8.
9.
10.
张晓敏 《网络安全技术与应用》2012,(8):21-24
跨域端到端口令认证密钥协商协议(C2C-PAKA)的主要目的是使分布在不同域中持有不同口令的两个客户端可以在各自服务器的协助下实现相互认证并协商出共同的会话密钥。本文中,我们基于椭圆曲线上的离散对数问题,在直接通信架构下给出一个跨域的口令认证的密钥协商协议。该协议中,诚实的服务器是不能获取任何关于会话密钥的值。各参与方之间能够实现相互认证。与同类协议比较,该协议具有较小的通信负担和计算负担,更易于实现。此外,协议还能够抵抗字典攻击、口令泄露模仿攻击和未知会话密钥共享攻击等通用攻击类型,同时能够实现前向安全、无密钥控制和已知会话密钥安全等安全属性。 相似文献
11.
首先对两个基于验证元的三方口令密钥交换协议进行了安全性分析,指出它们都是不安全的。其中,LZC协议不能抵抗服务器泄露攻击、未知密钥共享攻击、内部人攻击和不可发现字典攻击;LWZ协议不能抵抗未知密钥攻击、内部人攻击和重放攻击。对LWZ协议进行了改进,以弥补原LWZ协议的安全漏洞。最后,在DDH假设下,给出了改进协议(NLWZ协议)的安全性证明。与已有协议相比,NLWZ协议降低了计算和通信开销,其潜在的实用性更强。 相似文献
12.
《Computer Standards & Interfaces》2007,29(5):513-520
In the last few years, researchers have extensively studied the password-authenticated key exchange (PAKE) in the three-party setting. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. Some verifier-based PAKE schemes in the three-party setting have been suggested to solve the server compromise problem. Unfortunately, the protocols are vulnerable to an off-line dictionary attack. In this paper, we present an efficient verifier-based PAKE protocol for three-parties that is secure against known-key attacks and provides forward secrecy. To the best of our knowledge, the proposed protocol is the first secure three-party verifier-based PAKE protocol in the literature. 相似文献
13.
Philip MacKenzie Sarvar Patel Ram Swaminathan 《International Journal of Information Security》2010,9(6):387-410
There have been many proposals in recent years for password-authenticated key exchange protocols, i.e., protocols in which
two parties who share only a short secret password perform a key exchange authenticated with the password. However, the only
ones that have been proven secured against offline dictionary attacks were based on Diffie–Hellman key exchange. We examine
how to design a secure password-authenticated key exchange protocol based on RSA. In this paper, we first look at the OKE
and protected-OKE protocols (both RSA-based) and show that they are insecure. Then we show how to modify the OKE protocol
to obtain a password-authenticated key exchange protocol that can be proven secure (in the random oracle model). This protocol
is very practical; in fact, it requires about the same amount of computation as the Diffie–Hellman-based protocols. Finally,
we present an augmented protocol that is resilient to server compromise, meaning (informally) that an attacker who compromises
a server would not be able to impersonate a client, at least not without running an offline dictionary attack against that
client’s password. 相似文献
14.
Provably secure three-party password authenticated key exchange protocol in the standard model 总被引:1,自引:0,他引:1
Jun-Han YangAuthor Vitae Tian-Jie CaoAuthor Vitae 《Journal of Systems and Software》2012,85(2):340-350
Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security. 相似文献
15.
Cryptanalysis of simple three-party key exchange protocol 总被引:1,自引:0,他引:1
Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in Journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. 相似文献