共查询到19条相似文献,搜索用时 109 毫秒
1.
目前大部分基于身份的三方认证密钥协商协议都存在安全缺陷,文中在Xu等人提出的加密方案的基础上,设计了一种基于身份的三方认证密钥协商协议.该协议的安全性建立在BDDH假设基础上,经安全性分析,协议具有已知密钥安全,PKG前向安全,并能抵抗未知密钥共享攻击和密钥泄露伪装攻击,因此该协议是一个安全的三方密钥协商协议. 相似文献
2.
3.
针对Diffie-Hellman密钥交换协议和ECDH密钥协商协议的缺陷,给出了一种改进后的可认证密钥协商协议。该协议具有等献性、密钥不可控、密钥确认、完美前向安全以及抗已知密钥攻击等安全特性。跟以往的密钥协商协议相比,其管理简单、开销较低、安全性高、扩展性较好且实现了身份认证,以较低的计算成本和较高的运算效率实现了通信双方安全的会话密钥协商与密钥验证,能够较好地适用于大规模网络的端到端密钥管理。 相似文献
4.
认证密钥协商协议能够为不安全网络中的通信双方提供安全的会话密钥,但是,大多数的认证密钥协商协议并没有考虑保护用户隐私.论文关注网络服务中用户的隐私属性,特别是匿名性和可否认性,规范了增强用户隐私的认证密钥协商协议应满足的安全需求,即双向认证、密钥控制、密钥确认、会话密钥保密、已知会话密钥安全、会话密钥前向安全、用户身份匿名、用户身份前向匿名、不可关联和可否认,并基于椭圆曲线密码系统设计了一个满足安全需求的隐私增强认证密钥协商协议. 相似文献
5.
一种故障容忍的可证安全组密钥协商协议 总被引:1,自引:0,他引:1
对Burmester等人提出的非认证组密钥协商协议的安全性进行了深入分析,指出该协议不能抵抗内部恶意节点发起的密钥协商阻断攻击和密钥控制攻击.提出了一种故障容忍的组密钥协商(FT-GKA)协议,FT-GKA协议在密钥协商过程中加入了消息正确性的认证机制,该机制利用数字签名技术检测组内恶意节点,并在驱逐恶意节点后保证组内诚实节点能计算出正确的会话密钥,解决了Burmester等人提出协议中存在的内部恶意节点攻击问题.并证明提出的协议在DDH假设下能抵抗敌手的被动攻击,在DL假设和随机预言模型下能够抵抗内部恶意节点发起的密钥协商阻断攻击和密钥控制攻击.理论分析与实验测试表明,提出的协议具有较高的通信轮效率和较低的计算开销. 相似文献
6.
基于层级化身份的可证明安全的认证密钥协商协议 总被引:1,自引:0,他引:1
目前基于身份的认证密钥协商协议均以单个私钥生成器(PKG)为可信第三方,但这种系统结构难以满足身份分层注册与认证需求。该文以基于层级化身份的加密(HIBE)系统为基础重构了私钥的组成元素,并利用椭圆曲线乘法循环群上的双线性映射提出一个基于层级化身份的认证密钥协商协议,为隶属于不同层级的云实体提供了安全的会话密钥协商机制。基于CDH(Computational Diffie-Hellman)与GDH(Gap Diffie-Hellman)假设,该文证明了新协议在eCK模型下具有已知密钥安全性、前向安全性和PKG前向安全性,并且能够抵抗基于密钥泄露的伪装攻击。 相似文献
7.
8.
9.
移动Ad hoc网络是一种资源有限的移动多跳无线网络。在网络中构建组密钥协商协议时应尽可能地减少资源开销。文中在基于身份的网络安全环境下,设计了一种基于环状结构的组密钥协商协议。该协议采用椭圆曲线上的双线性配对,仅通过单轮通信完成组密钥协商。经过分析,该协议具有等献性,已知密钥安全,无密钥控制等安全属性,适用于Ad hoc网络。 相似文献
10.
对基于口令的标准模型下可证明安全的认证密钥协商协议进行安全分析,指出该协议易受反射攻击.同时给出了一个改进方案,该方案不仅弥补了原方案的缺陷,而且改善了协议的性能.最后,基于DDH假设,在标准模型下证明了协议的安全性.结果表明,改进后的协议还具有完美前向安全特性. 相似文献
11.
In the post quantum era, public key cryptographic scheme based on lattice is considered to be the most promising cryptosystem that can resist quantum computer attacks. However, there are still few efficient key agreement protocols based on lattice up to now. To solve this issue, an improved key agreement protocol with post quantum security is proposed. Firstly, by analyzing the Wess-Zumino model + ( WZM + ) key agreement protocol based on small integer solution (SIS) hard problem, it is found that there are fatal defects in the protocol that cannot resist man-in-the-middle attack. Then based on the bilateral inhomogeneous small integer solution (Bi-ISIS) problem, a mutual authenticated key agreement (AKA) protocol with key confirmation is proposed and designed. Compared with Diffie-Hellman (DH) protocol, WZM + key agreement protocol, and the AKA agreement based on the ideal lattice protocol, the improved protocol satisfies the provable security under the extend Canetti-Krawczyk (eCK) model and can resist man-in-the-middle attack, replay attack and quantum computing attack. 相似文献
12.
McCullagh-Barreto key agreement protocol and its variant achieve perfect forward security and key generation center (KGC) forward security, but provide no resistance to key compromise impersonation attack (KCI attack). In this paper, we give a formal treatment of key compromise impersonation (KCI) attack and define the security notion against it. Then an variant of McCullagh-Barreto protocol is presented with only one more Hash operation. The improved protocol preserves perfect forward security and KGC forward security, and furthermore is proved to be secure against KCI attack under k-Gap-BCAA1 assumption. 相似文献
13.
Key agreement protocol is an important cryptographic primitive, which allows 2 parties to establish a secure session in an open network environment. A various of key agreement protocols were proposed. Nowadays, there still exists some other security flaws waiting to be solved. Owing to reduce the computational and communication costs and improve the security, chaotic map has been studied in‐depth and treated as a good solution. Recently, Liu et al proposed a chaos‐based 2‐party key agreement protocol and demonstrated that it can defend denial‐of‐service attack and replay attack. We found, however, it cannot resist off‐line password‐guessing attack, and it also has some other security flaws. In this paper, we propose an improved chaos‐based 2‐party key agreement protocol. The results prove that the protocol can solve the threats of off‐line password‐guessing attack and other security flaws in the security proof section. What is more, performance analysis shows that the computational cost of the improved protocol is lower than Liu et al protocol. 相似文献
14.
Wang Changji Yang Bo Wu Jianping 《电子科学学刊(英文版)》2005,22(5):485-489
In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations. 相似文献
15.
Denial of Service (DoS) attack, especially Distributed Denial of Service (DDoS) attack, is one of
the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the
conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoSresistant
secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively. 相似文献
16.
Hao proposed the YAK as a robust key agreement based on public‐key authentication, and the author claimed that the YAK protocol withstands all known attacks and therefore is secure against an extremely strong adversary. However, Toorani showed the security flaws in the YAK protocol. This paper shows that the YAK protocol cannot withstand the known key security attack, and its consequences lead us to introduce a new key compromise impersonation attack, where an adversary is allowed to reveal both the shared static secret key between two‐party participation and the ephemeral private key of the initiator party in order to mount this attack. In addition, we present a new security model that covers these attacks against an extremely strong adversary. Moreover, we propose an improved YAK protocol to remedy these attacks and the previous attacks mentioned by Toorani on the YAK protocol, and the proposed protocol uses a verification mechanism in its block design that provides entity authentication and key confirmation. Meanwhile, we show that the proposed protocol is secure in the proposed formal security model under the gap Diffie‐Hellman assumption and the random oracle assumption. Moreover, we verify the security of the proposed protocol and YAK protocol by using an automatic verification method such as the Scyther tool, and the verification result shows that the security claims of the proposed protocol are proven, in contrast to those of the YAK protocol, which are not proven. The security and performance comparisons show that the improved YAK protocol outperforms previous related protocols. 相似文献
17.
Two-party certificateless authenticated key agreement(CL-AKA) protocol is a hot topic in the field of wireless communication security. An improved two-party CL-AKA protocol with enhanced security is proposed,which is of provable security and unforgeability in the extended Canetti-Krawczyk (eCK) security model based on the hardness assumption of the computational Diffie Hellman (CDH) problem. Compared with other similar protocols, it is more efficient and can satisfy security properties such as free of the centralized management of certificate and key, free of bilinear pairings, two-party authentication, resistant to unknown key-share attack, key compromise impersonation attacks, the man-in-the-middle-attack of key generation center (KGC), etc. These properties make the proposed protocol have better performance and adaptability for military communication. 相似文献
18.
Yuh‐Min Tseng 《International Journal of Network Management》2005,15(3):193-202
Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial‐of‐service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource‐exhaustion attack on a server is one kind of denial‐of‐service attack. In this article we address the resource‐exhaustion problem in authentication and key agreement protocols. The resource‐exhaustion attack consists of both the CPU‐exhaustion attack and the storage‐exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU‐exhaustion attack and the storage‐exhaustion attack. However, their protocol is time‐consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose–Matsuura protocol to reduce the computation cost. Both the Hirose–Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a DoS/DDoS attack. However, they reduce the effect of such an attack and thus make it more difficult for the attack to succeed. Copyright © 2005 John Wiley & Sons, Ltd. 相似文献
19.
WSN key recovery attack based on symmetric matrix decomposition 总被引:1,自引:0,他引:1
The key protocol is one of the crucial technologies to ensure the security for wireless sensor network(WSN).Parakh,et al.proposed a key agreement for WSN based on matrix decomposition.However,the study revealed that the protocol had security risks.A key recovery attack scheme against this protocol was proposed by using the properties of symmetric matrix and permutation matrix.Based on intercepting the row and column vector of the node,elementary transformation was performed to construct a linear algebraic attack algorithm and the equivalent key was obtained.The computational complexity is O(N6).Experimental results show that the method can recover the equivalent key of the above protocol within the polynomial computational complexity and the memory consumption is within an acceptable range.In addition,an improved scheme for key agreement was proposed to resist the linear algebraic attack by using a random disturbance matrix,and the correctness and security analysis were also carried out. 相似文献