共查询到18条相似文献,搜索用时 218 毫秒
1.
椭圆曲线密码体制逐渐应用于各种安全协议中.分析了DH密钥交换协议不能抵抗中间人攻击得弱点,基于椭圆曲线离散对数难解性,利用椭圆曲线密码体制的数字签名方案,提出了基于身份认证的密钥交换协议.安全性分析表明,该协议提供身份认证、密钥认证性、密钥的可知安全性、前向保密性,并有效能够防止中间人攻击和重放攻击.把椭圆曲线密码应用于密钥交换协议的认证过程,能有效提高密钥交换协议的安全性和实用性. 相似文献
2.
3.
身份认证是密钥交换协议的重要组成部分。文章以Internet密钥交换协议IKE为基础,介绍了密钥交换协议中的身份认证,并提出了一些改进方案,以提高密钥协商的效率。讨论了身份保护的作用,以及在密钥交换协议中应如何实现身份保护,来保护参与者的身份。 相似文献
4.
身份认证是密钥交换协议的重要组成部分.文章以Internet密钥交换协议IKE为基础,介绍了密钥交换协议中的身份认证,并提出了一些改进方案,以提高密钥协商的效率.讨论了身份保护的作用,以及在密钥交换协议中应如何实现身份保护,来保护参与者的身份. 相似文献
5.
椭圆曲线密码体制以其密钥短、安全强度高、速度快等优越性被广泛用于进行构建数字签名和用户身份认证方案.同样,它也可以用来构建密钥交换协议.Diffie-Hellman密钥协商协议对来自中间人的攻击是脆弱的.基于椭圆曲线离散对数难解性, 利用椭圆曲线密码体制的数字签名方案,提出了基于身份认证的密钥协商协议.该协议提供身份认证、密钥确认、完美前向安全性, 并能够防止中间人攻击. 相似文献
6.
7.
提出一种基于身份认证的密钥交换新方案,其安全性是同时基于离散对数和大整数分解难问题的。在进行密钥交换时,该方案能同时实现通信双方的身份认证和交换密钥的一致性认证,有效地抵抗冒名者的中间攻击和入侵者的重放攻击,提高了密钥交换的安全性和可靠性。特别是,该方案的交换密钥具有随机性,克服了Diffie-Hellman方案中交换密钥固定不变的弱点;通信双方一旦发现当前交换密钥泄露,可生成一个新的交换密钥,而不需修改系统的任何公开数据和用户的密钥。 相似文献
8.
基于SOAP和SRP-6协议的认证与密钥交换方案 总被引:1,自引:0,他引:1
SRP(Secure Remote Password)是一种基于密码的强认证协议。本文分析了SRP协议的密钥交换机制,提出了一种基于SOPA和SRP-6协议的密钥交换与认证方案SRP-over-SOAP,并将该方案用于Web Service,实现了服务器和客户机间的双向身份认证。据我们所知,该方案是第一个将SOAP用于SRP-6协议的方案。 相似文献
9.
10.
本文深入的对IKE协议的相关知识、交换原理以及安全性进行了分析与研究,并对基于预共享密钥认证的IKE主模式交换协议的工作原理及结构进行了阐述,针对基于预共享密钥认证的IKE主模式协议存在的不足提出了协议的进一步改进方案.重点分析了在IKE实现过程中,"中间人"攻击的原理并提出了防范"中间人"攻击的连锁协议与身份认证相结合的思想. 相似文献
11.
Considering the low-power computing capability of mobile devices, the security scheme design is a nontrivial challenge. The identity (ID)-based public-key system with bilinear pairings defined on elliptic curves offers a flexible approach to achieve simplifying the certificate management. In the past, many user authentication schemes with bilinear pairings have been proposed. In 2009, Goriparthi et al. also proposed a new user authentication scheme for mobile client–server environment. However, these schemes do not provide mutual authentication and key exchange between the client and the server that are necessary for mobile wireless networks. In this paper, we present a new user authentication and key exchange protocol using bilinear pairings for mobile client–server environment. As compared with the recently proposed pairing-based user authentication schemes, our protocol provides both mutual authentication and key exchange. Performance analysis is made to show that our presented protocol is well suited for mobile client–server environment. Security analysis is given to demonstrate that our proposed protocol is provably secure against previous attacks. 相似文献
12.
13.
Password-authenticated group key exchange protocols allow that a group of participants who share a human-memorable (short) password can obtain a common session key in a secure way over public networks. In this paper, we design a compiler, which transforms any basic group key exchange protocol (which is only resistant against benign adversaries) into a password-authenticated group key exchange protocol. We prove that the new protocol outputted by the compiler is secure in the random-oracle and ideal-cipher models if the underlying group key exchange protocol is secure. Our compiler is practical since it only needs four more additional rounds of communications, which means that the new protocol still holds constant-round property if the original one is a constant-round scheme. 相似文献
14.
目前很多企业内部业务系统需要实现和银行系统的无缝连接,比如使用企业系统查询银行账户的余额、在线支付等等。为了实现以上目标,本文提出一种新型网银适配器的设计方案,并由此设计了一种全新的WYSP通讯协议满足适配器的通讯需求。实践证明该方案能够很好地满足设计要求,具备强大的扩展性,具有广阔的应用价值。 相似文献
15.
For an ID-based key exchange (KE) protocol, KGS forward secrecy is about the protection of previously established session keys after the master secret key of the Key Generation Server (KGS) is compromised. This is the strongest notion of forward secrecy that one can provide for an ID-based KE protocol. Among all the comparable protocols, there are only a few of them that provide this level of forward secrecy, and all of these protocols require expensive bilinear pairing operations and map-to-point hash operations that may not be suitable for implementation on low-power devices such as sensors. In this paper, we propose a new ID-based KE protocol which does not need any pairing or map-to-point hash operations. It also supports the strongest KGS forward secrecy. On its performance, we show that it is faster than previously proposed protocols in this category. Our protocol is a signature-based one, in which the signature scheme is a variant of a scheme proposed by Bellare et al. in Eurocrypt 2004. We show that the variant we proposed is secure, and also requires either less storage space or runtime computation than the original scheme. 相似文献
16.
17.
18.
针对远程医疗信息系统(TMIS)的实时应用场景,提出了一种安全高效的基于扩展混沌映射的切比雪夫多服务器认证协议。该方案使用随机数和注册中心的私钥为用户/应用服务器的身份加密,有效地支持用户和应用服务器的撤销和重新注册。同时,还利用“模糊验证因子”技术避免离线密码猜测攻击,利用“honeywords”技术有效避免在线密码猜测攻击。该方案在公共信道上传输的与用户身份相关的信息均使用随机数或随机数的计算结果进行加密,因此可以为用户提供强匿名性。通过BAN逻辑证明该协议可以实现用户和服务器的安全相互认证;同时,使用非正式安全证明该协议可以抵抗多种已知攻击。 相似文献